summaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* Eliminate K&R-style function definition headers in t_gssexts.c, andGreg Hudson2010-10-021-18/+10
| | | | | | reformat other definitions according to coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24411 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-302-10/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24393 dc483132-0cff-0310-8789-dd5450dbe970
* Automated tests for kadm5_hook pluginSam Hartman2010-09-292-0/+25
| | | | | | Include a k5test Python test and test plugin for the kadm5_hook interface. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24376 dc483132-0cff-0310-8789-dd5450dbe970
* kpasswd: if a credential cache is present, use FASTSam Hartman2010-09-271-1/+2
| | | | | | | | | | | | | | | | If a credentials cache is available, use it as an armor cache to enable FAST negotiation for kpasswd. This requires an attacker to attack both the user's long-term key for the old password as well as the ticket used for the armor cache in order to attack the password change. Depending on how the armor ticket is obtained, this may provide limited value. However, it provides users an easy option if they are concerned about their current password. Users can kinit with one principal to help protect changing the password of another principal. * krb5_get_init_creds_opt_set_fast_ccache: new API to set fast ccache based on a krb5_ccache object rather than a resolvable string * kpasswd: always open the current credential cache even if not needed for determining the principal. If the cache has tickets, use it as an armor cache. * tests/dejagnu/krb-standalone/kadmin.exp: Arrange to test new code path ticket: 6786 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24359 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_krb5_import_credGreg Hudson2010-09-271-23/+81
| | | | | | | | | | | | Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
* kinit: add KDB keytab supportSam Hartman2010-09-151-0/+5
| | | | | | | | | | | | | | | | | This implements http://k5wiki.kerberos.org/Projects/What_does_God_need_with_a_password. If the KDB keytab is selected by command line options, then kinit will register the KDB keytab and open the database. This permits an administrator to obtain tickets as a user without knowing that user's password. As a result kinit links against libkadm5srv and libkdb5. Discussion is ongoing about whether this is desirable or about whether two versions of kinit are required. ticket: 6779 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24316 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-085-30/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* Merge the camellia-ccm branch to trunk. Since there are no IANAGreg Hudson2010-09-071-0/+26
| | | | | | | | | assignments for Camellia-CCM enctypes or cksumtypes yet, they are disabled in a default build. They can be made available by defining (via CPPFLAGS) local-use enctype numbers for the enctypes and cksumtypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks in kdb5_verifyEzra Peisach2010-09-041-0/+2
| | | | | | | | Minor leaks. Just cleaning up code. ticket: 6771 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24291 dc483132-0cff-0310-8789-dd5450dbe970
* Add simple automated tests for account lockout supportGreg Hudson2010-08-292-0/+49
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24269 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-062-88/+48
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-022-4/+10
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-022-5/+5
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-075-45/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Add IAKERB mechanism and gss_acquire_cred_with_passwordGreg Hudson2010-04-309-0/+143
| | | | | | | | | | | | | | Merge branches/iakerb to trunk. Includes the following: * New IAKERB mechanism. * New gss_acquire_cred_with_password mechglue function. * ASN.1 encoders and decoders for IAKERB structures (with tests). * New shortcuts in gss-sample client and server. * Tests to exercise SPNEGO and IAKERB using gss-sample application. ticket: 6712 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23960 dc483132-0cff-0310-8789-dd5450dbe970
* Add a sentinel line to sim_server after the socket is ready, and useGreg Hudson2010-04-241-2/+4
| | | | | | it in simple.exp in the dejagnu test suite instead of sleeping. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23936 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the use of tail -f in the dejagnu test suite. Instead, useGreg Hudson2010-04-241-139/+7
| | | | | | | the sentinel lines printed by krb5kdc and kadmind to detect when the listening sockets are ready. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23935 dc483132-0cff-0310-8789-dd5450dbe970
* Add a sentinel to the sample gss-server after the socket is ready, andGreg Hudson2010-04-241-1/+5
| | | | | | use it in gssapi.exp in the dejagnu test suite instead of sleeping. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23934 dc483132-0cff-0310-8789-dd5450dbe970
* Run Python tests as individual rule commands (friendlier to make -k)Greg Hudson2010-04-242-3/+5
| | | | | | | | | instead of in a loop. Build runenv.py as part of make fake-install; it's harmless if Python is unavailable. Import runenv later in k5test so that we get a beter error message if make fake-install hasn't been run. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23932 dc483132-0cff-0310-8789-dd5450dbe970
* In the kdc5_hammer test program, simplify the cleanup logic ofGreg Hudson2010-04-211-19/+10
| | | | | | | | get_server_key. Fixes a memory leak where the result of krb5_get_credentials() didn't get freed if krb5_mk_req_extended() failed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23919 dc483132-0cff-0310-8789-dd5450dbe970
* In t_inetd, zero out l_inaddr before filling it in, as is relativelyGreg Hudson2010-04-211-0/+2
| | | | | | common in networking code. Silences a Coverity defect. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23916 dc483132-0cff-0310-8789-dd5450dbe970
* Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggeredTom Yu2010-04-202-0/+39
| | | | | | | | | | | | | | by ticket renewal. Add a test case. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490 Thanks to Joel Johnson and Brian Almeida for the reports. ticket: 6702 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23912 dc483132-0cff-0310-8789-dd5450dbe970
* Build runenv.py, holding environment variable settings required forTom Yu2010-04-161-6/+2
| | | | | | | | running programs out of the build tree during python-based tests. Also updates shilb.conf to set RUN_VARS to make it easier to generate this sort of thing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23905 dc483132-0cff-0310-8789-dd5450dbe970
* Always pass -W option to kdb5_util create in testingKen Raeburn2010-03-273-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
* Include t_spengno.o in list of OBJS so make clean will removeEzra Peisach2010-03-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831 dc483132-0cff-0310-8789-dd5450dbe970
* Set up KRB5_RUN_ENV for pytests, so that Python-based tests can runTom Yu2010-03-151-1/+1
| | | | | | without first running "make install". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23805 dc483132-0cff-0310-8789-dd5450dbe970
* Make python test start_in_inetd functionEzra Peisach2010-03-072-1/+4
| | | | | | | | | util/k5test.py: Fix incorrect variable used tests/dejagnu/t_inetd.c: Flush stdout after outputting "Ready!" tests/dejagnu/Makefile.in: Always compile t_inetd - even in runtest is not present git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23773 dc483132-0cff-0310-8789-dd5450dbe970
* Add a Python test to run t_spnegoGreg Hudson2010-03-052-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23771 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a double-free in the t_spnego test program resulting from overlyGreg Hudson2010-03-051-3/+0
| | | | | | careless cutting and pasting. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23769 dc483132-0cff-0310-8789-dd5450dbe970
* Add a message parameter to k5test's success(), to briefly indicate theGreg Hudson2010-03-052-3/+3
| | | | | | scope of test scripts. Only displayed when verbose is set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23768 dc483132-0cff-0310-8789-dd5450dbe970
* Python test frameworkGreg Hudson2010-03-043-0/+83
| | | | | | | | | | | | Add a framework for writing tests in Python. Documentation is in the initial docstring of util/k5test.py. Inaugurate the framework with two test scripts, t_general.py and t_anonypkinit.py, which together test the same operations as standalone.exp from the dejagnu test suite. ticket: 6672 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23763 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some more test suite cruft:Greg Hudson2010-02-281-14/+5
| | | | | | | | | | | | | * localhostname from get_hostname was unused. * database_name is no longer used except (misleadingly) in kdb5_util output. * admin_database_name and admin_database_lockfile are no longer used. * default_domain is only used for v4->v5 principal conversion, which isn't tested. * libkadm5's init-v2.exp had a copy of get_hostname; domain and localhostname from it were unused. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some more dejagnu test suite cruft:Greg Hudson2010-02-221-26/+0
| | | | | | | * check_date was only used by the application tests. * touch was never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23745 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused cruft in the dejagnu test suite's default.exp:Greg Hudson2010-02-221-471/+3
| | | | | | | | | | | | | * RLOGIN, RLOGIN_FLAGS, ROOT_PROMPT, ROOT_SHELL, check_k5login, restore_kerberos_env, setup_root_shell, setup_root_shell_noremote, setup_wrapper: No longer used now that the applications are in a separate tree. * v4_compatible_enctype: No longer used with krb4 support gone. * tail1, krb_exit: Apparently never used. * KERBEROS_SERVER: Added long ago in r5686 and removed shortly after in r5695, but the test suite support for it never got excised. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23744 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_set_neg_mechsGreg Hudson2010-02-102-2/+269
| | | | | | | | | | | | | | | | | Implement gss_set_neg_mechs in SPNEGO by intersecting the provided mech set with the mechanisms available in the union credential. As we now need space to hold the mech set, the SPNEGO credential is now a structure and not just a mechglue credential. t_spnego.c is a test program which exercises the new logic. Like the other GSSAPI tests, it is not run as part of "make check" at this time. ticket: 6658 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23715 dc483132-0cff-0310-8789-dd5450dbe970
* In kinit_anonymous, fail out if we receive a password request fromGreg Hudson2010-01-191-1/+11
| | | | | | kinit, instead of hanging. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23661 dc483132-0cff-0310-8789-dd5450dbe970
* (memory leak)Ezra Peisach2010-01-101-2/+0
| | | | | | ktest_make_sample_ad_signedpath_data: Do not initialize client field twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23624 dc483132-0cff-0310-8789-dd5450dbe970
* Revert change to Makefile.in that ended up not being neededSam Hartman2010-01-071-6/+1
| | | | | | ticket: 6624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23605 dc483132-0cff-0310-8789-dd5450dbe970
* automated tests for anonymous pkinitSam Hartman2010-01-076-1/+120
| | | | | | | | | | | | | Implement tests for anonymous pkinit. A certificate and private key are checked in; these tests will stop working in 2023. Note that r23602 needs to be pulled up before this ticket. ticket: 6624 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23604 dc483132-0cff-0310-8789-dd5450dbe970
* Use a distinct pass/fail string for kinit_fast so its failures can beGreg Hudson2010-01-071-3/+3
| | | | | | distinguished from kinit's. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23601 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-052-22/+45
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Test FAST authentication during each passSam Hartman2010-01-043-7/+62
| | | | | | | Because a new principal is added to the database, the iprop test expected output is updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_supported_enctypes does nothing; eradicate mentions thereofTom Yu2010-01-041-27/+0
| | | | | | | | | kdc_supported_enctypes does nothing. Remove all mention of it from documentation and test suites. ticket: 6620 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-031-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Remove old 'full' arg to KDC that should've gone away with '-4'Ken Raeburn2010-01-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23569 dc483132-0cff-0310-8789-dd5450dbe970
* Test -P options to kdc and kadmind to write out a pid file. Verify contents of Ezra Peisach2010-01-021-2/+35
| | | | | | pid file match pid of executable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23566 dc483132-0cff-0310-8789-dd5450dbe970
* Free tinfo at end - so program runs with new memory leaksEzra Peisach2009-12-311-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23559 dc483132-0cff-0310-8789-dd5450dbe970
* format %p wants void*Ken Raeburn2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23552 dc483132-0cff-0310-8789-dd5450dbe970
* Add dejagnu test suite support for finding the preauth modules in theGreg Hudson2009-12-282-0/+3
| | | | | | | fake install. Not yet tested, except to verify that it doesn't break the existing test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23532 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 21:13:49 +0000