[gssproxy] 07/09: Add test for cred store extensions

This is an automated email from the git hooks/post-receive script. simo pushed a commit to branch master in repository gssproxy. commit 7edc8bd684749a59cb96149562ddf30e530aad0e Author: Robbie Harwood <rharwood(a)redhat.com&gt; Date: Fri Dec 9 18:36:47 2016 +0000 Add test for cred store extensions Currently, these are ccache-only. Signed-off-by: Robbie Harwood <rharwood(a)redhat.com&gt; Reviewed-by: Simo Sorce <simo(a)redhat.com&gt; --- proxy/tests/Makefile.am | 8 +++++ proxy/tests/t_cred_store.c | 86 +++++++++++++++++++++++++++++++++++++++++++++ proxy/tests/t_cred_store.py | 40 +++++++++++++++++++++ 3 files changed, 134 insertions(+) diff --git a/proxy/tests/Makefile.am b/proxy/tests/Makefile.am index d3fd56c..ee0e4e3 100644 --- a/proxy/tests/Makefile.am +++ b/proxy/tests/Makefile.am @@ -13,6 +13,13 @@ t_accept_SOURCES = \ t_accept_LDADD = \ $(GSSAPI_LIBS) +t_cred_store_SOURCES = \ + t_utils.c \ + t_cred_store.c + +t_cred_store_LDADD = \ + $(GSSAPI_LIBS) + t_impersonate_SOURCES = \ t_utils.c \ t_impersonate.c @@ -29,6 +36,7 @@ t_init_LDADD = \ check_PROGRAMS = \ t_acquire \ + t_cred_store \ t_impersonate \ t_accept \ t_init diff --git a/proxy/tests/t_cred_store.c b/proxy/tests/t_cred_store.c new file mode 100644 index 0000000..1c6e861 --- /dev/null +++ b/proxy/tests/t_cred_store.c @@ -0,0 +1,86 @@ +/* Copyright (C) 2016 the GSS-PROXY contributors; see COPYING for license */ + +#include "t_utils.h" +#include <unistd.h> + +int main(int argc, const char *argv[]) +{ + uint32_t major, minor; + gss_key_value_set_desc store = {}; + int ret = -1; + gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; + gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) }; + + if (argc != 3) { + DEBUG("Usage: %s source_ccache dest_ccache\n", argv[0]); + goto done; + } + + store.elements = calloc(1, sizeof(struct gss_key_value_element_struct)); + if (!store.elements) { + DEBUG("calloc failed\n"); + goto done; + } + store.count = 1; + store.elements[0].key = "ccache"; + + /* Acquire initial cred handle from store */ + store.elements[0].value = argv[1]; + major = gss_acquire_cred_from(&minor, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + &oid_set, + GSS_C_INITIATE, + &store, + &cred_handle, + NULL, + NULL); + if (major != GSS_S_COMPLETE) { + DEBUG("gss_acquire_cred_from() failed\n"); + t_log_failure(GSS_C_NO_OID, major, minor); + goto done; + } + + /* Test storing credentials */ + store.elements[0].value = argv[2]; + major = gss_store_cred_into(&minor, + cred_handle, + GSS_C_INITIATE, + GSS_C_NO_OID, + 1, + 1, + &store, + NULL, + NULL); + if (major != GSS_S_COMPLETE) { + DEBUG("gss_store_cred_into() failed\n"); + t_log_failure(GSS_C_NO_OID, major, minor); + goto done; + } + + /* Test that we can actually manipulate the stored credentials */ + gss_release_cred(&minor, &cred_handle); + cred_handle = GSS_C_NO_CREDENTIAL; + major = gss_acquire_cred_from(&minor, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + &oid_set, + GSS_C_INITIATE, + &store, + &cred_handle, + NULL, + NULL); + if (major != GSS_S_COMPLETE) { + DEBUG("second gss_acquire_cred_from() failed\n"); + t_log_failure(GSS_C_NO_OID, major, minor); + goto done; + } + + ret = 0; +done: + if (store.elements) { + free(store.elements); + } + gss_release_cred(&minor, &cred_handle); + return ret; +} diff --git a/proxy/tests/t_cred_store.py b/proxy/tests/t_cred_store.py new file mode 100644 index 0000000..fa0856c --- /dev/null +++ b/proxy/tests/t_cred_store.py @@ -0,0 +1,40 @@ +#!/usr/bin/python3 +# Copyright (C) 2016 - GSS-Proxy contributors; see COPYING for the license. + +from testlib import * + +def run(testdir, env, conf): + print("Testing cred store extensions...", file=sys.stderr) + logfile = conf["logfile"] + + ccache = "FILE:" + os.path.join(testdir, "t" + conf["prefix"] + + "_cred_store.ccache") + testenv = {"KRB5CCNAME": ccache} + testenv.update(env) + usr_keytab = os.path.join(testdir, USR_KTNAME) + ksetup = subprocess.Popen(["kinit", "-kt", usr_keytab, USR_NAME], + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) + ksetup.wait() + if ksetup.returncode != 0: + raise ValueError("Kinit %s failed" % USR_NAME) + + testenv = {"KRB5_TRACE": os.path.join(testdir, + "t" + conf["prefix"] + ".trace"), + "GSS_USE_PROXY": "yes", + "GSSPROXY_BEHAVIOR": "REMOTE_FIRST"} + testenv.update(env) + temp_ccache = "FILE:" + os.path.join(testdir, "t" + conf["prefix"] + + "_temp.ccache") + cmd = ["./tests/t_cred_store", ccache, temp_ccache] + print("[COMMAND]\n%s\n[ENVIRONMENT]\n%s\n" % (cmd, testenv), file=logfile) + logfile.flush() + + p1 = subprocess.Popen(cmd, stderr=subprocess.STDOUT, stdout=logfile, + env=testenv, preexec_fn=os.setsid) + try: + p1.wait() + except subprocess.TimeoutExpired: + # p1.returncode is set to None here + pass + print_return(p1.returncode, "Cred store", False) -- To stop receiving notification emails like this one, please contact the administrator of this repository.