Add tests for localauth interface

Create a test module, program, and script to exercise the
krb5_aname_to_localname and krb5_k5userok functions as well as the
localauth pluggable interface.

ticket: 7583

4 files changed, 223 insertions, 0 deletions

diff --git a/src/plugins/localauth/test/Makefile.in b/src/plugins/localauth/test/Makefile.in
new file mode 100644
index 000000000..fd1d65653
--- /dev/null
+++ b/src/plugins/localauth/test/Makefile.in
@@ -0,0 +1,29 @@
+mydir=plugins$(S)localauth$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+LIBBASE=localauth_test
+LIBMAJOR=0
+LIBMINOR=0
+SO_EXT=.so
+RELDIR=../plugins/localauth/test
+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=$(SUPPORT_LIB) $(LIBS)
+
+SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_RDIRS=$(KRB5_LIBDIR)
+STOBJLISTS=OBJS.ST
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix:: all-libs
+install-unix::
+clean-unix:: clean-libs clean-libobjs
+
+clean::
+	$(RM) lib$(LIBBASE)$(SO_EXT)
+
+@libnover_frag@
+@libobj_frag@
diff --git a/src/plugins/localauth/test/deps b/src/plugins/localauth/test/deps
new file mode 100644
index 000000000..872c3bcd2
--- /dev/null
+++ b/src/plugins/localauth/test/deps
@@ -0,0 +1,23 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/localauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  main.c
diff --git a/src/plugins/localauth/test/localauth_test.exports b/src/plugins/localauth/test/localauth_test.exports
new file mode 100644
index 000000000..63c1396cb
--- /dev/null
+++ b/src/plugins/localauth/test/localauth_test.exports
@@ -0,0 +1,2 @@
+localauth_test1_initvt
+localauth_test2_initvt
diff --git a/src/plugins/localauth/test/main.c b/src/plugins/localauth/test/main.c
new file mode 100644
index 000000000..9e96900bc
--- /dev/null
+++ b/src/plugins/localauth/test/main.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/localauth/test/main.c - test modules for localauth interface */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This file implements two testing localauth modules, each implementing
+ * clearly recognizable behavior for the localauth test script. */
+
+#include "k5-int.h"
+#include <krb5/localauth_plugin.h>
+
+struct krb5_localauth_moddata_st {
+    int a;
+    int b;
+};
+
+static krb5_error_code
+init_test(krb5_context context, krb5_localauth_moddata *data_out)
+{
+    krb5_localauth_moddata d;
+
+    *data_out = NULL;
+    d = malloc(sizeof(*d));
+    if (d == NULL)
+        return ENOMEM;
+    d->a = 3;
+    d->b = 4;
+    *data_out = d;
+    return 0;
+}
+
+static void
+fini_test(krb5_context context, krb5_localauth_moddata data)
+{
+    assert(data->a == 3);
+    assert(data->b == 4);
+    free(data);
+}
+
+static krb5_error_code
+an2ln_test(krb5_context context, krb5_localauth_moddata data, const char *type,
+           const char *residual, krb5_const_principal aname, char **lname_out)
+{
+    krb5_error_code ret;
+    char *lname = NULL;
+
+    *lname_out = NULL;
+    if (data != NULL) {
+        assert(data->a == 3);
+        assert(data->b == 4);
+    }
+    if (type == NULL) {
+        /* Map any three-component test/___/___ principal to its realm name. */
+        if (aname->length == 3 && data_eq_string(aname->data[0], "test")) {
+            lname = k5memdup0(aname->realm.data, aname->realm.length, &ret);
+            if (lname == NULL)
+                return ret;
+        }
+    } else if (strcmp(type, "TYPEA") == 0) {
+        /* Map any two-component principal to its second component. */
+        if (aname->length == 2) {
+            lname = k5memdup0(aname->data[1].data, aname->data[1].length,
+                              &ret);
+            if (lname == NULL)
+                return ret;
+        }
+    } else {
+        assert(strcmp(type, "TYPEB") == 0);
+        /* Map to the residual string. */
+        lname = strdup(residual == NULL ? "(null)" : residual);
+        if (lname == NULL)
+            return ENOMEM;
+    }
+    if (lname == NULL)
+        return KRB5_LNAME_NOTRANS;
+    *lname_out = lname;
+    return 0;
+}
+
+static krb5_error_code
+userok_test(krb5_context context, krb5_localauth_moddata data,
+            krb5_const_principal aname, const char *lname)
+{
+    if (data != NULL) {
+        assert(data->a == 3);
+        assert(data->b == 4);
+    }
+
+    /* Return success if the number of components in the principal is equal to
+     * the length of the local name. */
+    if ((size_t)aname->length == strlen(lname))
+        return 0;
+
+    /* Pass control down if the first component is "pass". */
+    if (aname->length >= 1 && data_eq_string(aname->data[0], "pass"))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Otherwise reject. */
+    return EPERM;
+}
+
+static void
+freestr(krb5_context context, krb5_localauth_moddata data, char *str)
+{
+    free(str);
+}
+
+krb5_error_code
+localauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+krb5_error_code
+localauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+
+krb5_error_code
+localauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->init = init_test;
+    vt->fini = fini_test;
+    vt->name = "test1";
+    vt->an2ln = an2ln_test;
+    vt->userok = userok_test;
+    vt->free_string = freestr;
+    return 0;
+}
+
+krb5_error_code
+localauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+    static const char *types[] = { "TYPEA", "TYPEB", NULL };
+
+    vt->name = "test2";
+    vt->an2ln_types = types;
+    vt->an2ln = an2ln_test;
+    vt->free_string = freestr;
+    return 0;
+}