partial rewrite of the ASN.1 encoders

Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2008-10-25 07:03:11 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2008-10-25 07:03:11 +0000
commit: 2637c91329faa84bd91a343f07bfbe2810a39833 (patch)
tree: 825cbc69bfa090eae2849162b1728ec200f8b5c7 /src/tests
parent: 887c33561e4731da0238c14420a277f0609680c9 (diff)
3 files changed, 229 insertions, 15 deletions
diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in
index 0542ea9d3..fb72bbe63 100644
--- a/src/tests/asn.1/Makefile.in
+++ b/src/tests/asn.1/Makefile.in
@@ -29,7 +29,7 @@ krb5_decode_test: $(DECOBJS) $(KRB5_BASE_DEPLIBS)
 t_trval: t_trval.o
 	$(CC) -o t_trval $(ALL_CFLAGS) t_trval.o
 
-check:: check-encode check-decode
+check:: check-encode check-encode-trval check-decode
 
 check-decode: krb5_decode_test
 	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
@@ -50,22 +50,22 @@ expected_trval.out: trval_reference.out ldap_trval.out
 	  cat $(srcdir)/trval_reference.out > expected_trval.out; \
 	fi
 
-check-encode: krb5_encode_test expected_encode.out expected_trval.out
-	$(RM) test.out
+check-encode: krb5_encode_test expected_encode.out
 	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_encode_test > test.out
 	cmp test.out expected_encode.out
+
+check-encode-trval: krb5_encode_test expected_trval.out
 	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
-		$(RUN_SETUP) $(VALGRIND) ./krb5_encode_test -t > test.out
-	cmp test.out expected_trval.out
-	$(RM) test.out	
+		$(RUN_SETUP) $(VALGRIND) ./krb5_encode_test -t > trval.out
+	cmp trval.out expected_trval.out
 
 install::
 
 clean::
-	rm -f *~ *.o krb5_encode_test krb5_decode_test test.out trval t_trval expected_encode.out expected_trval.out
+	rm -f *~ *.o krb5_encode_test krb5_decode_test test.out trval t_trval expected_encode.out expected_trval.out trval.out
 
 
 ################ Dependencies ################
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
index c6dab46c2..ed056703c 100644
--- a/src/tests/asn.1/krb5_encode_test.c
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -467,7 +467,7 @@ main(argc, argv)
 	krb5_authdata **ad;
 	setup(ad,authorization_data,"authorization_data",ktest_make_sample_authorization_data);
 
-	retval = encode_krb5_authdata((const krb5_authdata**)ad,&(code));
+	retval = encode_krb5_authdata(ad,&(code));
 	if (retval) {
 	    com_err("encoding authorization_data",retval,"");
 	    exit(1);
@@ -502,7 +502,7 @@ main(argc, argv)
 	krb5_pa_data **pa;
     
 	setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array);
-	retval = encode_krb5_padata_sequence((const krb5_pa_data**)pa,&(code));
+	retval = encode_krb5_padata_sequence(pa,&(code));
 	if (retval) {
 	    com_err("encoding padata_sequence",retval,"");
 	    exit(1);
@@ -518,7 +518,7 @@ main(argc, argv)
 	krb5_pa_data **pa;
     
 	setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array);
-	retval = encode_krb5_padata_sequence((const krb5_pa_data**)pa,&(code));
+	retval = encode_krb5_padata_sequence(pa,&(code));
 	if (retval) {
 	    com_err("encoding padata_sequence(empty)",retval,"");
 	    exit(1);
@@ -550,7 +550,7 @@ main(argc, argv)
     
 	setup(info,krb5_etype_info_entry **,"etype_info",
 	      ktest_make_sample_etype_info);
-	retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code));
+	retval = encode_krb5_etype_info(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info",retval,"");
 	    exit(1);
@@ -559,7 +559,7 @@ main(argc, argv)
 	ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
 	ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
 
-	retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code));
+	retval = encode_krb5_etype_info(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info (only 1)",retval,"");
 	    exit(1);
@@ -568,7 +568,7 @@ main(argc, argv)
 
 	ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
     
-	retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code));
+	retval = encode_krb5_etype_info(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info (no info)",retval,"");
 	    exit(1);
@@ -584,7 +584,7 @@ main(argc, argv)
     
 	setup(info,krb5_etype_info_entry **,"etype_info2",
 	      ktest_make_sample_etype_info2);
-	retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code));
+	retval = encode_krb5_etype_info2(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info",retval,"");
 	    exit(1);
@@ -593,7 +593,7 @@ main(argc, argv)
 	ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
 	ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
 
-	retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code));
+	retval = encode_krb5_etype_info2(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info (only 1)",retval,"");
 	    exit(1);
diff --git a/src/tests/dejagnu/krb-standalone/simple.exp b/src/tests/dejagnu/krb-standalone/simple.exp
new file mode 100644
index 000000000..7f2763c78
--- /dev/null
+++ b/src/tests/dejagnu/krb-standalone/simple.exp
@@ -0,0 +1,214 @@
+# Test for the simple clients
+# This is a DejaGnu test script.
+# This script tests that krb-safe and krb-priv messages work.
+
+# This mostly just calls procedures in test/dejagnu/config/default.exp.
+
+if ![info exists KLIST] {
+    set KLIST [findfile $objdir/../../clients/klist/klist]
+}
+
+if ![info exists KDESTROY] {
+    set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+if ![info exists SIM_SERVER] {
+    set SIM_SERVER [findfile $objdir/../../appl/simple/server/sim_server]
+}
+if ![info exists SIM_CLIENT] {
+    set SIM_CLIENT [findfile $objdir/../../appl/simple/client/sim_client]
+}
+
+# Set up the Kerberos files and environment.
+if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+    return
+}
+
+# Initialize the Kerberos database.  The argument tells
+# setup_kerberos_db that it is being called from here.
+if ![setup_kerberos_db 0] {
+    return
+}
+
+proc start_sim_server_daemon { } {
+    global spawn_id
+    global sim_server_pid
+    global sim_server_spawn_id
+    global SIM_SERVER
+    global T_INETD
+    global tmppwd
+    global portbase
+
+    # Start the sim_server
+    spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
+    set sim_server_pid [exp_pid]
+    set sim_server_spawn_id $spawn_id
+
+    verbose "sim_server_spawn is $sim_server_spawn_id" 1
+
+    # Give sim_server some time to start
+    sleep 2
+
+    return 1
+}
+
+
+proc stop_sim_server_daemon { } {
+    global sim_server_pid
+    global sim_server_spawn_id
+
+    if [info exists sim_server_pid] {
+	catch "close -i $sim_server_spawn_id"
+	catch "exec kill $sim_server_pid"
+	wait -i $sim_server_spawn_id
+	unset sim_server_pid
+    }
+
+    return 1
+}
+
+proc stop_check_sim_server_daemon { } {
+    global sim_server_spawn_id
+    global sim_server_pid
+
+    # Check the exit status of sim_server - should exit here
+    set status_list [wait -i $sim_server_spawn_id]
+    verbose "wait -i $sim_server_spawn_id returned $status_list (sim_server)"
+    catch "close -i $sim_server_spawn_id"
+    if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
+	send_log "exit status: $status_list\n"
+	verbose "exit status: $status_list"
+	fail "sim_server"
+    } else {
+	pass "sim_server"
+    }
+    # In either case the server shutdown
+    unset sim_server_pid
+}
+
+proc test_sim_client { msg } {
+    global REALMNAME
+    global SIM_CLIENT
+    global hostname
+    global spawn_id
+    global portbase
+    global sim_server_spawn_id
+
+    # Test the client
+    spawn $SIM_CLIENT -p [expr 8 + $portbase] $hostname
+    verbose "sim_client_spawn is  $spawn_id" 1
+
+    expect {
+	"Sent checksummed message: " {
+		verbose "received safe message"
+	}
+	timeout {
+		fail $msg 
+		return 0
+	}
+	eof {
+		fail $msg 
+		return 0
+	}	
+     }
+
+    expect {
+	"Sent encrypted message: " {
+		verbose "received private message"
+	}
+	eof {
+		fail $msg 
+		return 0
+	    }
+    }
+    expect {
+        "\r" { }
+    }
+
+    expect {
+	-i $sim_server_spawn_id
+	"Safe message is: 'hi there!'" { }
+	timeout {
+	    fail $msg
+	    return 0
+	}
+	eof {
+	    fail $msg
+	    return 0
+	}
+    }
+
+    expect {
+	-i $sim_server_spawn_id
+	"Decrypted message is: 'hi there!'" { }
+	timeout {
+	    fail $msg
+	    return 0
+	}
+	eof {
+	    fail $msg
+	    return 0
+	}
+    }
+
+    if ![check_exit_status "simple"] {
+	return 0
+    }
+
+    return 1
+}
+# We are about to start up a couple of daemon processes.  We do all
+# the rest of the tests inside a proc, so that we can easily kill the
+# processes when the procedure ends.
+
+proc doit { } {
+    global hostname
+    global KEY
+    global sim_server_pid
+    global sim_server_spawn_id
+
+    # Start up the kerberos and kadmind daemons.
+    if ![start_kerberos_daemons 0] {
+	return
+    }
+
+    # Use kadmin to add an host key.
+    if ![add_random_key sample/$hostname 1] {
+	return
+    }
+
+    # Use ksrvutil to create a srvtab entry for sample
+    if ![setup_srvtab 1 sample] {
+	return
+    }
+
+    # Use kinit to get a ticket.
+    if ![kinit krbtest/admin adminpass$KEY 1] {
+	return
+    }
+
+    if ![start_sim_server_daemon] {
+	return 
+    }
+
+    if ![test_sim_client sim_client] {
+	return
+    }
+    
+    pass "simple - standalone"
+
+    stop_check_sim_server_daemon
+    return
+}
+
+set status [catch doit msg]
+
+stop_sim_server_daemon
+
+stop_kerberos_daemons
+
+if { $status != 0 } {
+    send_error "ERROR: error in simple.exp\n"
+    send_error "$msg\n"
+    exit 1
+}
author	Ken Raeburn <raeburn@mit.edu>	2008-10-25 07:03:11 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2008-10-25 07:03:11 +0000
commit	2637c91329faa84bd91a343f07bfbe2810a39833 (patch)
tree	825cbc69bfa090eae2849162b1728ec200f8b5c7 /src/tests
parent	887c33561e4731da0238c14420a277f0609680c9 (diff)