This is an automated email from the git hooks/post-receive script.
simo pushed a commit to branch master
in repository gssproxy.
commit 7edc8bd684749a59cb96149562ddf30e530aad0e
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri Dec 9 18:36:47 2016 +0000
Add test for cred store extensions
Currently, these are ccache-only.
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
Reviewed-by: Simo Sorce <simo(a)redhat.com>
---
proxy/tests/Makefile.am | 8 +++++
proxy/tests/t_cred_store.c | 86 +++++++++++++++++++++++++++++++++++++++++++++
proxy/tests/t_cred_store.py | 40 +++++++++++++++++++++
3 files changed, 134 insertions(+)
diff --git a/proxy/tests/Makefile.am b/proxy/tests/Makefile.am
index d3fd56c..ee0e4e3 100644
--- a/proxy/tests/Makefile.am
+++ b/proxy/tests/Makefile.am
@@ -13,6 +13,13 @@ t_accept_SOURCES = \
t_accept_LDADD = \
$(GSSAPI_LIBS)
+t_cred_store_SOURCES = \
+ t_utils.c \
+ t_cred_store.c
+
+t_cred_store_LDADD = \
+ $(GSSAPI_LIBS)
+
t_impersonate_SOURCES = \
t_utils.c \
t_impersonate.c
@@ -29,6 +36,7 @@ t_init_LDADD = \
check_PROGRAMS = \
t_acquire \
+ t_cred_store \
t_impersonate \
t_accept \
t_init
diff --git a/proxy/tests/t_cred_store.c b/proxy/tests/t_cred_store.c
new file mode 100644
index 0000000..1c6e861
--- /dev/null
+++ b/proxy/tests/t_cred_store.c
@@ -0,0 +1,86 @@
+/* Copyright (C) 2016 the GSS-PROXY contributors; see COPYING for license */
+
+#include "t_utils.h"
+#include <unistd.h>
+
+int main(int argc, const char *argv[])
+{
+ uint32_t major, minor;
+ gss_key_value_set_desc store = {};
+ int ret = -1;
+ gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
+ gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) };
+
+ if (argc != 3) {
+ DEBUG("Usage: %s source_ccache dest_ccache\n", argv[0]);
+ goto done;
+ }
+
+ store.elements = calloc(1, sizeof(struct gss_key_value_element_struct));
+ if (!store.elements) {
+ DEBUG("calloc failed\n");
+ goto done;
+ }
+ store.count = 1;
+ store.elements[0].key = "ccache";
+
+ /* Acquire initial cred handle from store */
+ store.elements[0].value = argv[1];
+ major = gss_acquire_cred_from(&minor,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ &oid_set,
+ GSS_C_INITIATE,
+ &store,
+ &cred_handle,
+ NULL,
+ NULL);
+ if (major != GSS_S_COMPLETE) {
+ DEBUG("gss_acquire_cred_from() failed\n");
+ t_log_failure(GSS_C_NO_OID, major, minor);
+ goto done;
+ }
+
+ /* Test storing credentials */
+ store.elements[0].value = argv[2];
+ major = gss_store_cred_into(&minor,
+ cred_handle,
+ GSS_C_INITIATE,
+ GSS_C_NO_OID,
+ 1,
+ 1,
+ &store,
+ NULL,
+ NULL);
+ if (major != GSS_S_COMPLETE) {
+ DEBUG("gss_store_cred_into() failed\n");
+ t_log_failure(GSS_C_NO_OID, major, minor);
+ goto done;
+ }
+
+ /* Test that we can actually manipulate the stored credentials */
+ gss_release_cred(&minor, &cred_handle);
+ cred_handle = GSS_C_NO_CREDENTIAL;
+ major = gss_acquire_cred_from(&minor,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ &oid_set,
+ GSS_C_INITIATE,
+ &store,
+ &cred_handle,
+ NULL,
+ NULL);
+ if (major != GSS_S_COMPLETE) {
+ DEBUG("second gss_acquire_cred_from() failed\n");
+ t_log_failure(GSS_C_NO_OID, major, minor);
+ goto done;
+ }
+
+ ret = 0;
+done:
+ if (store.elements) {
+ free(store.elements);
+ }
+ gss_release_cred(&minor, &cred_handle);
+ return ret;
+}
diff --git a/proxy/tests/t_cred_store.py b/proxy/tests/t_cred_store.py
new file mode 100644
index 0000000..fa0856c
--- /dev/null
+++ b/proxy/tests/t_cred_store.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+# Copyright (C) 2016 - GSS-Proxy contributors; see COPYING for the license.
+
+from testlib import *
+
+def run(testdir, env, conf):
+ print("Testing cred store extensions...", file=sys.stderr)
+ logfile = conf["logfile"]
+
+ ccache = "FILE:" + os.path.join(testdir, "t" +
conf["prefix"] +
+ "_cred_store.ccache")
+ testenv = {"KRB5CCNAME": ccache}
+ testenv.update(env)
+ usr_keytab = os.path.join(testdir, USR_KTNAME)
+ ksetup = subprocess.Popen(["kinit", "-kt", usr_keytab,
USR_NAME],
+ stdout=logfile, stderr=logfile,
+ env=testenv, preexec_fn=os.setsid)
+ ksetup.wait()
+ if ksetup.returncode != 0:
+ raise ValueError("Kinit %s failed" % USR_NAME)
+
+ testenv = {"KRB5_TRACE": os.path.join(testdir,
+ "t" + conf["prefix"] +
".trace"),
+ "GSS_USE_PROXY": "yes",
+ "GSSPROXY_BEHAVIOR": "REMOTE_FIRST"}
+ testenv.update(env)
+ temp_ccache = "FILE:" + os.path.join(testdir, "t" +
conf["prefix"] +
+ "_temp.ccache")
+ cmd = ["./tests/t_cred_store", ccache, temp_ccache]
+ print("[COMMAND]\n%s\n[ENVIRONMENT]\n%s\n" % (cmd, testenv), file=logfile)
+ logfile.flush()
+
+ p1 = subprocess.Popen(cmd, stderr=subprocess.STDOUT, stdout=logfile,
+ env=testenv, preexec_fn=os.setsid)
+ try:
+ p1.wait()
+ except subprocess.TimeoutExpired:
+ # p1.returncode is set to None here
+ pass
+ print_return(p1.returncode, "Cred store", False)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.