f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Unit tests - exercise the krb5 child
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Jakub Hrozek <jhrozek@redhat.com>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Copyright (C) 2012 Red Hat
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek This program is free software; you can redistribute it and/or modify
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek it under the terms of the GNU General Public License as published by
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the Free Software Foundation; either version 3 of the License, or
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (at your option) any later version.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek This program is distributed in the hope that it will be useful,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek GNU General Public License for more details.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek You should have received a copy of the GNU General Public License
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek/* Interfaces being tested */
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek#define KRB5_CHILD_TEST_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error)
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); \
f232789430a080384188d5da89b19d874cf17513Jakub Hrozeksetup_krb5_child_test(TALLOC_CTX *mem_ctx, struct krb5_child_test_ctx **_ctx)
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ctx = talloc_zero(mem_ctx, struct krb5_child_test_ctx);
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595Lukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE, "Could not init tevent context\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek struct krb5_ctx *ctx = (struct krb5_ctx *) memctx;
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekstatic struct krb5_ctx *
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekcreate_dummy_krb5_ctx(TALLOC_CTX *mem_ctx, const char *realm)
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx = talloc_zero(mem_ctx, struct krb5_ctx);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Invalid Regular Expression pattern at position %d. "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "(Error: %d [%s])\n", errpos, errval, errstr);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek talloc_set_destructor((TALLOC_CTX *) krb5_ctx, re_destructor);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* Kerberos options */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx->opts = talloc_zero_array(krb5_ctx, struct dp_option, KRB5_OPTS);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for (i = 0; i < KRB5_OPTS; i++) {
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx->opts[i].opt_name = default_krb5_opts[i].opt_name;
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx->opts[i].type = default_krb5_opts[i].type;
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek krb5_ctx->opts[i].def_val = default_krb5_opts[i].def_val;
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ret = dp_opt_set_string(krb5_ctx->opts, KRB5_REALM, realm);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekstatic struct pam_data *
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekcreate_dummy_pam_data(TALLOC_CTX *mem_ctx, const char *user,
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik ret = sss_authtok_set_password(pd->authtok, password, 0);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik (void)sss_authtok_get_password(pd->authtok, &authtok, &authtok_len);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Authtok [%s] len [%d]\n",
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekcreate_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek const char *ccname, const char *ccname_template,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* The top level child request */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kr = talloc_zero(mem_ctx, struct krb5child_req);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* The Kerberos context */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kr->krb5_ctx = create_dummy_krb5_ctx(kr, realm);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* PAM Data structure */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kr->pd = create_dummy_pam_data(kr, user, password);
964628ab89229e9266adc5f4f8a26222734788b7Sumit Bose ret = krb5_get_simple_upn(kr, kr->krb5_ctx, NULL, kr->pd->user, NULL,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "krb5_get_simple_upn failed.\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* Override options with what was provided by the user */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL,
f8ddfa0e57477b8aa398273cb85b1db42582ceadMichal Zidek ret = dp_opt_set_int(kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT, timeout);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set value for krb5_auth_timeout\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "ccname [%s] uid [%llu] gid [%llu]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "ccname [%s] uid [%u] gid [%u]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "create_ccache_dir failed.\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek struct krb5_child_test_ctx *ctx = tevent_req_callback_data(req,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ret = handle_child_recv(req, ctx, &ctx->buf, &ctx->len);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill);
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret);
5dc9860a9f0aa626687281eed62c8af1986c2b99Rambaldi#endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekprint_creds(krb5_context kcontext, krb5_creds *cred, const char *defname)
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_unparse_name(kcontext, cred->client, &name);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_unparse_name(kcontext, cred->server, &sname);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek printf("\t\tValid from\t"); printtime(cred->times.starttime);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek printf("\n\t\tValid until\t"); printtime(cred->times.endtime);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_cc_get_principal(kcontext, cache, &princ);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_unparse_name(kcontext, princ, &defname);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek printf("\nTicket cache: %s:%s\nDefault principal: %s\n\n",
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek kret = krb5_cc_start_seq_get(kcontext, cache, &cur);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek while (!(kret = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
6fcbc4eaf94b9772dd7c6a6c40763387365ee4f6Stephen Gallagher kret = krb5_cc_end_seq_get(kcontext, cache, &cur);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "password", 'w', POPT_ARG_STRING, &pc_passwd, 0,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "ask-password", 'W', POPT_ARG_NONE, NULL, 'W',
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "ccname", 'c', POPT_ARG_STRING, &pc_ccname, 0,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek "Force usage of a certain credential cache", NULL },
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "ccname-template", 't', POPT_ARG_STRING, &pc_ccname_tp, 0,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek "Specify the credential cache template", NULL },
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "keep-ccache", 'k', POPT_ARG_NONE, NULL, 'k',
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek "Do not delete the ccache when the tool finishes", NULL },
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek { "timeout", '\0', POPT_ARG_INT, &pc_timeout, 0,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek "The timeout for the child, in seconds", NULL },
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek pc = poptGetContext(NULL, argc, argv, long_options, 0);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Unexpected option\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Please specify the user\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Please specify the realm\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Password was not provided or asked for\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Both ccname and ccname template specified, "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "will prefer ccname\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ctx->kr = create_dummy_req(ctx, pc_user, password ? password : pc_passwd,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek pc_realm, pc_ccname, pc_ccname_tp, pc_timeout);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Cannot create Kerberos request\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek req = handle_child_send(ctx, ctx->ev, ctx->kr);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Cannot create child request\n");
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ret = parse_krb5_child_response(ctx, ctx->buf, ctx->len,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Could not parse child response\n");