summaryrefslogtreecommitdiffstats
path: root/src/tests/gssapi
Commit message (Collapse)AuthorAgeFilesLines
* Fix dependencies in tests/gssapiNickolai Zeldovich2013-03-031-3/+3
| | | | | | | | | Use $(COMMON_DEPS) instead of $(COMMON_DEPLIBS) for dependencies; the latter appears to be a typo. Fixes build when using "make -j". ticket: 7587 (new) target_version: 1.11.2 tags: pullup
* Add missing .gitignore entries and clean rulesGreg Hudson2013-02-271-1/+1
| | | | ticket: 7585
* make dependGreg Hudson2013-01-101-1/+1
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Rename ccache configuration macrosZhanna Tsitkov2013-01-091-4/+4
| | | | | KRB5_CONF_ prefix should be used for the krb5/kdc.conf parameters. Use KRB5_CC_CONF_ prefix for cache configuration variables.
* Fix gss_str_to_oid and gss_oid_to_str edge casesGreg Hudson2013-01-012-2/+228
| | | | | | | | | | | | | Neither function correctly handled OIDs whose second arc exceeds 47 (theoretically possible if the first arc is 2). gss_str_to_oid had additional problems: it used scanf, it didn't consistently protect against read overrun if the input buffer wasn't null-terminated, and it could get confused by + or - characters in the first two arcs. Fix gss_oid_to_str and rewrite gss_str_to_oid. Also add a test program. ticket: 7524 (new)
* Simplify k5test.py environmentsGreg Hudson2012-12-205-123/+110
| | | | | | | | | | | | | | The initial k5test.py design, copied from the dejagnu suite, is to create config files and environments for four expected roles: client, server, master, and slave. This approach exaggerates the complexity of the common case, where the configurations don't need to vary, and limits us to having just one slave for kprop/iprop tests. Instead, create just one configuration by default, and add a special_env() method which sets up a differently configured environment for the few test cases which need one. The run_as_*() methods are collapsed into just run(), which accepts an optional argument for the environment returned by special_env().
* make dependTom Yu2012-10-151-18/+38
|
* Fix t_s4u2proxy_krb5 cleanupGreg Hudson2012-09-241-1/+3
| | | | | | | Unlike most GSS test programs, t_s4u2proxy_krb5 uses a cleanup handler, so we have to be careful to initialize everything we clean up--particularly service2_name, which is initialized after a possible goto. Also, remember to release acceptor_name.
* Resolve verifier cred in accept_sec_contextGreg Hudson2012-09-212-20/+19
| | | | | | | | | If the verifier cred handle is of type GSS_C_BOTH, we need to resolve the initiator part of it in order to create a s4u2proxy delegated credential handle. (If it's of type GSS_C_ACCEPT, kg_resolve_cred won't do anything beyond locking and validating the credential.) ticket: 7356
* Add tests for gss_inquire_mechs_for_nameGreg Hudson2012-09-175-10/+92
|
* Avoid multiply defining OIDs in tests/gssapiTom Yu2012-09-141-6/+6
| | | | | | Declarations of gss_OID_desc mech_krb5, etc. in tests/gssapi/common.h can result in multiple definitions when the test programs are linked. Prefix the declarations with "extern" to prevent this.
* Tidy up GSSAPI test programsGreg Hudson2012-09-1321-2186/+937
| | | | | | | | Factor out some common functions used by multiple test programs. Use a common argument format for importing names (p:princname, h:hostbasedname, or u:username) and adjust the Python tests to match it. Use more consistent conventions in test programs and fix some coding style issues. Normalize how the test programs are built.
* Add tests for GSS cred export and importGreg Hudson2012-09-113-4/+272
| | | | ticket: 7354
* Run "make depend"Tom Yu2012-08-231-0/+8
|
* Fix minor Makefile.in typos for make dependTom Yu2012-08-231-1/+1
| | | | | Fix minor typos in lib/krb5/krb/Makefile.in and tests/gssapi/Makefile.in so that "make depend" will work.
* Silence a gcc warning in t_export_nameGreg Hudson2012-08-121-1/+1
| | | | | | gcc warnings that nametype may be used uninitialized, presumably failing to deduce that usage() never returns. Initialize nametype to make it build.
* Add test coverage for gss_export_nameGreg Hudson2012-08-113-5/+191
| | | | | Exercise gss_export_name and importing of exported name tokens in t_gssapi.py.
* Fix nitpicky bugs in t_inq_credGreg Hudson2012-08-111-6/+6
|
* Add tests for gss_inquire_credGreg Hudson2012-08-103-3/+221
| | | | | | | | | Now that we're doing a kind of deferred credential acquisition for krb5, the behavior of gss_inquire_cred is a bit more subtle because (per RFC 2743 section 2.1.4) we have to choose a credential cache or acceptor name sooner than we would otherwise do so. Add a C program to invoke gss_acquire_cred/gss_inquire_cred and some Python tests using it.
* Add basic test for credstore extentionsSimo Sorce2012-07-203-3/+175
|
* Automatically create DIR ccache directoriesGreg Hudson2012-07-111-1/+0
| | | | | | | | If the directory for a DIR ccache doesn't exist yet, try to create it (but not its parents) with mode 700. Exercise this in test scripts by not pre-creating directories. ticket: 7196 (new)
* Add client keytab initiation supportGreg Hudson2012-07-025-2/+292
| | | | | | | | | Support acquiring GSSAPI krb5 credentials by fetching initial credentials using the client keytab. Credentials obtained this way will be stored in the default ccache or collection, and will be refreshed when they are halfway to expiring. ticket: 7189 (new)
* Fail from gss_acquire_cred if we have no credsGreg Hudson2012-06-151-0/+7
| | | | | | | | If a caller tries to acquire krb5 initiator creds with no desired name and we have no credentials in the cache collection, fail from gss_acquire_cred intead of deferring until gss_init_sec_context. ticket: 7160
* Fail from gss_acquire_cred if we have no keytabGreg Hudson2012-06-031-0/+7
| | | | | | | | If a caller tries to acquire krb5 acceptor creds with no desired name and we have no keytab keys, fail from gss_acquire_cred instead of deferring until gss_accept_sec_context. ticket: 7159 (new)
* Flip the default of start_kadmind in k5test.pyGreg Hudson2012-04-263-6/+6
| | | | | | | Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
* Dump attributes differently in t_saslnameGreg Hudson2012-02-031-10/+32
| | | | | | | | Dump the known attributes only once, before iterating over the mechanisms, and display the short and long desc as well as the names when doing so. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25667 dc483132-0cff-0310-8789-dd5450dbe970
* Add automated tests for S4U2Self and S4U2ProxyGreg Hudson2011-12-075-9/+347
| | | | | | | | | These tests mainly exercise the client-side GSSAPI code for S4U2Self and S4U2Proxy. They also exercise the KDC code for S4U2Self, but only the denial logic for S4U2Proxy since the DB2 back end doesn't support constrained delegation currently. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25531 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of periods in Python test success messagesGreg Hudson2011-11-032-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25432 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-176-81/+81
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* * New implementation to map a gss name to localnameSam Hartman2011-09-211-1/+4
| | | | | | | | | | | | | | | | * Write gss_pname_to_uid in terms of gss_localname; suppress on win32 * Add test for gss_pname_to_uid indirectly testing gss_localname * gss_localname is the SPI, not gss_pname_to_uid * fix some const gss_OID->gss_const_oid Signed-off-by: Sam Hartman <hartmans@painless-security.com> gss_localname: map gss name to localname git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25222 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_ccselect bugsGreg Hudson2011-09-062-4/+3
| | | | | | | initiator_cred wasn't initialized if no second arg was given. t_ccselect wasn't removed on make clean. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss-krb5 use cache collectionGreg Hudson2011-09-054-8/+307
| | | | | | | | | | | | | | | | For default credentials, defer ccache resolution until we need the information. If this happens in init_sec_context when we have the target principal in hand, use krb5_cc_select() to pick a cache. If the target principal is not known, use the default cache. For credentials with a specified principal, use krb5_cc_cache_match() to find the cache. If no cache is found and a password is specified, create a new cache within the collection to hold the new credentials, if the default cache type supports a collection. ticket: 6958 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-042-7/+7
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* make-dependKen Raeburn2011-08-201-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108 dc483132-0cff-0310-8789-dd5450dbe970
* Add automated tests for krb5_gss_import_credGreg Hudson2011-07-203-10/+195
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25022 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-095-5/+0
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* On make clean remove test programs and object files. In lib/krb5/krbEzra Peisach2011-03-061-1/+2
| | | | | | make depend as a test program was missed from the source list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-073-5/+260
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-051-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-1/+1
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-062-4/+194
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
* Fix type errors in t_gssextsGreg Hudson2010-10-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24412 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate K&R-style function definition headers in t_gssexts.c, andGreg Hudson2010-10-021-18/+10
| | | | | | reformat other definitions according to coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24411 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_krb5_import_credGreg Hudson2010-09-271-23/+81
| | | | | | | | | | | | Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
* Run Python tests as individual rule commands (friendlier to make -k)Greg Hudson2010-04-241-2/+1
| | | | | | | | | instead of in a loop. Build runenv.py as part of make fake-install; it's harmless if Python is unavailable. Import runenv later in k5test so that we get a beter error message if make fake-install hasn't been run. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23932 dc483132-0cff-0310-8789-dd5450dbe970
* Include t_spengno.o in list of OBJS so make clean will removeEzra Peisach2010-03-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831 dc483132-0cff-0310-8789-dd5450dbe970
* Add a Python test to run t_spnegoGreg Hudson2010-03-052-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23771 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a double-free in the t_spnego test program resulting from overlyGreg Hudson2010-03-051-3/+0
| | | | | | careless cutting and pasting. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_set_neg_mechsGreg Hudson2010-02-102-2/+269
| | | | | | | | | | | | | | | | | Implement gss_set_neg_mechs in SPNEGO by intersecting the provided mech set with the mechanisms available in the union credential. As we now need space to hold the mech set, the SPNEGO credential is now a structure and not just a mechglue credential. t_spnego.c is a test program which exercises the new logic. Like the other GSSAPI tests, it is not run as part of "make check" at this time. ticket: 6658 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23715 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-04 22:36:15 +0000