search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gssapi/mech: -Wcalloc-transposed args
[heimdal.git] / lib / krb5 / test_cc.c
blob0ca582eaaca6e27f1090a76fb7e63336f03e060b
1 /*
2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32
33 /*
34 * If this test fails with
35 *
36 * krb5_cc_gen_new: KEYRING: Key has been revoked
37 *
38 * then run
39 *
40 * keyctl new_session
41 */
42
43 #include "krb5_locl.h"
44 #include <getarg.h>
45 #include <err.h>
46
47 #ifdef HAVE_KEYUTILS_H
48 #include <keyutils.h>
49 #endif
50
51 static const char *unlink_this;
52 static const char *unlink_this2;
53 static char *tmpdir;
54 static int debug_flag = 0;
55 static int version_flag = 0;
56 static int help_flag = 0;
57
58 #define TEST_CC_TEMPLATE "%{TEMP}/krb5-cc-test-XXXXXX"
59
60 static void
61 cleanup(void)
62 {
63 char *s = NULL;
64
65 if (asprintf(&s, "%s/cc", tmpdir) > -1 && s != NULL)
66 unlink(s);
67 free(s);
68
69 if (asprintf(&s, "%s/scc", tmpdir) > -1 && s != NULL)
70 unlink(s);
71 free(s);
72
73 if (asprintf(&s, "%s/cccol/foobar+lha@H5L.SE", tmpdir) > -1 && s != NULL)
74 unlink(s);
75 free(s);
76
77 if (asprintf(&s, "%s/cccol/foobar+lha@SU.SE", tmpdir) > -1 && s != NULL)
78 unlink(s);
79 free(s);
80
81 if (asprintf(&s, "%s/cccol/foobar", tmpdir) > -1 && s != NULL)
82 unlink(s);
83 free(s);
84
85 if (asprintf(&s, "%s/cccol", tmpdir) > -1 && s != NULL)
86 rmdir(s);
87 free(s);
88
89 if (asprintf(&s, "%s/dcc/tkt.lha@H5L.SE", tmpdir) > -1 && s != NULL)
90 unlink(s);
91 free(s);
92
93 if (asprintf(&s, "%s/dcc/tkt.lha@SU.SE", tmpdir) > -1 && s != NULL)
94 unlink(s);
95 free(s);
96
97 if (asprintf(&s, "%s/dcc/tkt", tmpdir) > -1 && s != NULL)
98 unlink(s);
99 free(s);
100
101 if (asprintf(&s, "%s/dcc/primary", tmpdir) > -1 && s != NULL)
102 unlink(s);
103 free(s);
104
105 if (asprintf(&s, "%s/dcc", tmpdir) > -1 && s != NULL)
106 rmdir(s);
107 free(s);
108
109 if (unlink_this)
110 unlink(unlink_this);
111 unlink_this = NULL;
112 if (unlink_this2)
113 unlink(unlink_this2);
114 unlink_this2 = NULL;
115
116 rmdir(tmpdir);
117 }
118
119 static void
120 make_dir(krb5_context context)
121 {
122 krb5_error_code ret;
123 char *template = NULL;
124 char *dcc = NULL;
125
126 ret = _krb5_expand_path_tokens(context, TEST_CC_TEMPLATE, 1, &template);
127 if (ret)
128 krb5_err(context, 1, ret, "_krb5_expand_path_tokens(%s) failed",
129 TEST_CC_TEMPLATE);
130 if ((tmpdir = mkdtemp(template)) == NULL)
131 krb5_err(context, 1, errno, "mkdtemp(%s) failed", template);
132 if (asprintf(&dcc, "%s/dcc", tmpdir) == -1 || dcc == NULL)
133 krb5_err(context, 1, errno, "asprintf failed");
134 free(dcc);
135 atexit(cleanup);
136 }
137
138 static void
139 test_default_name(krb5_context context)
140 {
141 krb5_error_code ret;
142 const char *p;
143 char *test_cc_name = NULL;
144 const char *p3;
145 char *p1, *p2;
146 char *exp_test_cc_name;
147
148 if (asprintf(&test_cc_name, "%s/cc", tmpdir) == -1 || test_cc_name == NULL)
149 krb5_err(context, 1, errno, "out of memory");
150
151 /* Convert slashes to backslashes */
152 ret = _krb5_expand_path_tokens(context, test_cc_name, 1,
153 &exp_test_cc_name);
154 if (ret)
155 krb5_err(context, 1, ret, "_krb5_expand_path_tokens(%s) failed",
156 test_cc_name);
157 free(test_cc_name);
158 test_cc_name = NULL;
159
160 p = krb5_cc_default_name(context);
161 if (p == NULL)
162 krb5_errx (context, 1, "krb5_cc_default_name 1 failed");
163 p1 = estrdup(p);
164
165 ret = krb5_cc_set_default_name(context, NULL);
166 if (ret)
167 krb5_err(context, 1, ret, "krb5_cc_set_default_name(NULL) failed");
168
169 p = krb5_cc_default_name(context);
170 if (p == NULL)
171 krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
172 p2 = estrdup(p);
173
174 if (strcmp(p1, p2) != 0)
175 krb5_errx (context, 1, "krb5_cc_default_name no longer same");
176
177 ret = krb5_cc_set_default_name(context, exp_test_cc_name);
178 if (ret)
179 krb5_err(context, 1, ret, "krb5_cc_set_default_name(%s) failed",
180 exp_test_cc_name);
181
182 p = krb5_cc_default_name(context);
183 if (p == NULL)
184 krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
185
186 if (strncmp(p, "FILE:", sizeof("FILE:") - 1) == 0)
187 p3 = p + sizeof("FILE:") - 1;
188 else
189 p3 = p;
190
191 if (strcmp(exp_test_cc_name, p3) != 0) {
192 #ifdef WIN32
193 krb5_warnx(context, 1,
194 "krb5_cc_default_name() returned %s; expected %s",
195 p, exp_test_cc_name);
196 #else
197 krb5_errx(context, 1,
198 "krb5_cc_default_name() returned %s; expected %s",
199 p, exp_test_cc_name);
200 #endif
201 }
202
203 free(exp_test_cc_name);
204 free(p1);
205 free(p2);
206 }
207
208 /*
209 * Check that a closed cc still keeps it data and that it's no longer
210 * there when it's destroyed.
211 */
212
213 static void
214 test_mcache(krb5_context context)
215 {
216 krb5_error_code ret;
217 krb5_ccache id, id2;
218 const char *nc, *tc;
219 char *c;
220 krb5_principal p, p2;
221
222 ret = krb5_parse_name(context, "lha@SU.SE", &p);
223 if (ret)
224 krb5_err(context, 1, ret, "krb5_parse_name");
225
226 ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id);
227 if (ret)
228 krb5_err(context, 1, ret, "krb5_cc_new_unique");
229
230 ret = krb5_cc_initialize(context, id, p);
231 if (ret)
232 krb5_err(context, 1, ret, "krb5_cc_initialize");
233
234 nc = krb5_cc_get_name(context, id);
235 if (nc == NULL)
236 krb5_errx(context, 1, "krb5_cc_get_name");
237
238 tc = krb5_cc_get_type(context, id);
239 if (tc == NULL)
240 krb5_errx(context, 1, "krb5_cc_get_name");
241
242 if (asprintf(&c, "%s:%s", tc, nc) < 0 || c == NULL)
243 errx(1, "malloc");
244
245 krb5_cc_close(context, id);
246
247 ret = krb5_cc_resolve(context, c, &id2);
248 if (ret)
249 krb5_err(context, 1, ret, "krb5_cc_resolve");
250
251 ret = krb5_cc_get_principal(context, id2, &p2);
252 if (ret)
253 krb5_err(context, 1, ret, "krb5_cc_get_principal");
254
255 if (krb5_principal_compare(context, p, p2) == FALSE)
256 krb5_errx(context, 1, "p != p2");
257
258 krb5_cc_destroy(context, id2);
259 krb5_free_principal(context, p);
260 krb5_free_principal(context, p2);
261
262 ret = krb5_cc_resolve(context, c, &id2);
263 if (ret)
264 krb5_err(context, 1, ret, "krb5_cc_resolve");
265
266 ret = krb5_cc_get_principal(context, id2, &p2);
267 if (ret == 0)
268 krb5_errx(context, 1, "krb5_cc_get_principal");
269
270 krb5_cc_destroy(context, id2);
271 free(c);
272 }
273
274 /*
275 * Test that init works on a destroyed cc.
276 */
277
278 static void
279 test_init_vs_destroy(krb5_context context, const char *type)
280 {
281 krb5_error_code ret;
282 krb5_ccache id, id2;
283 krb5_principal p, p2;
284 char *n = NULL;
285
286 ret = krb5_parse_name(context, "lha@SU.SE", &p);
287 if (ret)
288 krb5_err(context, 1, ret, "krb5_parse_name");
289
290 ret = krb5_cc_new_unique(context, type, NULL, &id);
291 if (ret)
292 krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", type);
293
294 if (asprintf(&n, "%s:%s",
295 krb5_cc_get_type(context, id),
296 krb5_cc_get_name(context, id)) < 0 || n == NULL)
297 errx(1, "malloc");
298
299 if (strcmp(krb5_cc_get_type(context, id), "FILE") == 0)
300 unlink_this = krb5_cc_get_name(context, id);
301
302 ret = krb5_cc_resolve(context, n, &id2);
303 free(n);
304 if (ret)
305 krb5_err(context, 1, ret, "krb5_cc_resolve");
306
307 krb5_cc_destroy(context, id);
308
309 ret = krb5_cc_initialize(context, id2, p);
310 if (ret)
311 krb5_err(context, 1, ret, "krb5_cc_initialize");
312
313 ret = krb5_cc_get_principal(context, id2, &p2);
314 if (ret)
315 krb5_err(context, 1, ret, "krb5_cc_get_principal");
316
317 krb5_cc_destroy(context, id2);
318 unlink_this = NULL;
319 krb5_free_principal(context, p);
320 krb5_free_principal(context, p2);
321 }
322
323 static void
324 test_cache_remove(krb5_context context, const char *type)
325 {
326 krb5_error_code ret;
327 krb5_ccache id;
328 krb5_principal p;
329 krb5_creds cred, found;
330
331 ret = krb5_parse_name(context, "lha@SU.SE", &p);
332 if (ret)
333 krb5_err(context, 1, ret, "krb5_parse_name");
334
335 ret = krb5_cc_new_unique(context, type, NULL, &id);
336 if (ret)
337 krb5_err(context, 1, ret, "krb5_cc_gen_new: %s", type);
338
339 if (strcmp(krb5_cc_get_type(context, id), "FILE") == 0)
340 unlink_this = krb5_cc_get_name(context, id);
341
342 ret = krb5_cc_initialize(context, id, p);
343 if (ret)
344 krb5_err(context, 1, ret, "krb5_cc_initialize");
345
346 /* */
347 memset(&cred, 0, sizeof(cred));
348 ret = krb5_parse_name(context, "krbtgt/SU.SE@SU.SE", &cred.server);
349 if (ret)
350 krb5_err(context, 1, ret, "krb5_parse_name");
351 ret = krb5_parse_name(context, "lha@SU.SE", &cred.client);
352 if (ret)
353 krb5_err(context, 1, ret, "krb5_parse_name");
354 cred.times.endtime = time(NULL) + 300;
355
356 ret = krb5_cc_store_cred(context, id, &cred);
357 if (ret)
358 krb5_err(context, 1, ret, "krb5_cc_store_cred");
359
360 ret = krb5_cc_remove_cred(context, id, 0, &cred);
361 if (ret)
362 krb5_err(context, 1, ret, "krb5_cc_remove_cred");
363
364 memset(&found, 0, sizeof(found));
365 ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_MATCH_TIMES,
366 &cred, &found);
367 if (ret == 0)
368 krb5_err(context, 1, ret, "krb5_cc_remove_cred didn't");
369
370 ret = krb5_cc_destroy(context, id);
371 if (ret)
372 krb5_err(context, 1, ret, "krb5_cc_destroy");
373 unlink_this = NULL;
374
375 krb5_free_principal(context, p);
376 krb5_free_principal(context, cred.server);
377 krb5_free_principal(context, cred.client);
378 }
379
380 static void
381 test_mcc_default(void)
382 {
383 krb5_context context;
384 krb5_error_code ret;
385 krb5_ccache id, id2;
386 int i;
387
388 for (i = 0; i < 10; i++) {
389
390 ret = krb5_init_context(&context);
391 if (ret)
392 krb5_err(context, 1, ret, "krb5_init_context");
393
394 ret = krb5_cc_set_default_name(context, "MEMORY:foo");
395 if (ret)
396 krb5_err(context, 1, ret, "krb5_cc_set_default_name");
397
398 ret = krb5_cc_default(context, &id);
399 if (ret)
400 krb5_err(context, 1, ret, "krb5_cc_default");
401
402 ret = krb5_cc_default(context, &id2);
403 if (ret)
404 krb5_err(context, 1, ret, "krb5_cc_default");
405
406 ret = krb5_cc_close(context, id);
407 if (ret)
408 krb5_err(context, 1, ret, "krb5_cc_close");
409
410 ret = krb5_cc_close(context, id2);
411 if (ret)
412 krb5_err(context, 1, ret, "krb5_cc_close");
413
414 krb5_free_context(context);
415 }
416 }
417
418 struct {
419 char *str;
420 int fail;
421 char *res;
422 } cc_names[] = {
423 { "foo", 0, "foo" },
424 { "foo%}", 0, "foo%}" },
425 { "%{uid}", 0, NULL },
426 { "%{euid}", 0, NULL },
427 { "%{username}", 0, NULL },
428 { "foo%{null}", 0, "foo" },
429 { "foo%{null}bar", 0, "foobar" },
430 { "%{", 1, NULL },
431 { "%{foo %{", 1, NULL },
432 { "%{{", 1, NULL },
433 { "%{{}", 1, NULL },
434 { "%{nulll}", 1, NULL },
435 { "%{does not exist}", 1, NULL },
436 { "%{}", 1, NULL },
437 #ifdef WIN32
438 { "%{APPDATA}", 0, NULL },
439 { "%{COMMON_APPDATA}", 0, NULL},
440 { "%{LOCAL_APPDATA}", 0, NULL},
441 { "%{SYSTEM}", 0, NULL},
442 { "%{WINDOWS}", 0, NULL},
443 { "%{TEMP}", 0, NULL},
444 { "%{USERID}", 0, NULL},
445 { "%{uid}", 0, NULL},
446 { "%{USERCONFIG}", 0, NULL},
447 { "%{COMMONCONFIG}", 0, NULL},
448 { "%{LIBDIR}", 0, NULL},
449 { "%{BINDIR}", 0, NULL},
450 { "%{LIBEXEC}", 0, NULL},
451 { "%{SBINDIR}", 0, NULL},
452 #endif
453 };
454
455 static void
456 test_def_cc_name(krb5_context context)
457 {
458 krb5_error_code ret;
459 char *str;
460 int i;
461
462 for (i = 0; i < sizeof(cc_names)/sizeof(cc_names[0]); i++) {
463 ret = _krb5_expand_default_cc_name(context, cc_names[i].str, &str);
464 if (ret) {
465 if (cc_names[i].fail == 0)
466 krb5_errx(context, 1, "test %d \"%s\" failed",
467 i, cc_names[i].str);
468 } else {
469 if (cc_names[i].fail)
470 krb5_errx(context, 1, "test %d \"%s\" was successful",
471 i, cc_names[i].str);
472 if (cc_names[i].res && strcmp(cc_names[i].res, str) != 0)
473 krb5_errx(context, 1, "test %d %s != %s",
474 i, cc_names[i].res, str);
475 if (debug_flag)
476 printf("%s => %s\n", cc_names[i].str, str);
477 free(str);
478 }
479 }
480 }
481
482 static void
483 test_cache_find(krb5_context context, const char *principal, int find)
484 {
485 krb5_principal client;
486 krb5_error_code ret;
487 krb5_ccache id = NULL;
488
489 ret = krb5_parse_name(context, principal, &client);
490 if (ret)
491 krb5_err(context, 1, ret, "parse_name for %s failed", principal);
492
493 ret = krb5_cc_cache_match(context, client, &id);
494 if (ret && find)
495 krb5_err(context, 1, ret, "cc_cache_match for %s failed", principal);
496 if (ret == 0 && !find)
497 krb5_err(context, 1, ret, "cc_cache_match for %s found", principal);
498
499 if (id)
500 krb5_cc_close(context, id);
501 krb5_free_principal(context, client);
502 }
503
504
505 static void
506 test_cache_iter(krb5_context context, const char *type, int destroy)
507 {
508 krb5_cc_cache_cursor cursor;
509 krb5_error_code ret;
510 krb5_ccache id;
511
512 ret = krb5_cc_cache_get_first (context, type, &cursor);
513 if (ret == KRB5_CC_NOSUPP)
514 return;
515 else if (ret)
516 krb5_err(context, 1, ret, "krb5_cc_cache_get_first(%s)", type);
517
518
519 while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
520 krb5_principal principal;
521 char *name;
522
523 heim_assert(id != NULL, "credentials cache is non-NULL");
524 if (debug_flag)
525 printf("name: %s\n", krb5_cc_get_name(context, id));
526 ret = krb5_cc_get_principal(context, id, &principal);
527 if (ret == 0) {
528 ret = krb5_unparse_name(context, principal, &name);
529 if (ret == 0) {
530 if (debug_flag)
531 printf("\tprincipal: %s\n", name);
532 free(name);
533 }
534 krb5_free_principal(context, principal);
535 }
536 if (destroy)
537 krb5_cc_destroy(context, id);
538 else
539 krb5_cc_close(context, id);
540 }
541
542 krb5_cc_cache_end_seq_get(context, cursor);
543 }
544
545 static void
546 test_cache_iter_all(krb5_context context)
547 {
548 krb5_cccol_cursor cursor;
549 krb5_error_code ret;
550 krb5_ccache id;
551
552 ret = krb5_cccol_cursor_new (context, &cursor);
553 if (ret)
554 krb5_err(context, 1, ret, "krb5_cccol_cursor_new");
555
556
557 while ((ret = krb5_cccol_cursor_next (context, cursor, &id)) == 0 && id != NULL) {
558 krb5_principal principal;
559 char *name;
560
561 if (debug_flag)
562 printf("name: %s\n", krb5_cc_get_name(context, id));
563 ret = krb5_cc_get_principal(context, id, &principal);
564 if (ret == 0) {
565 ret = krb5_unparse_name(context, principal, &name);
566 if (ret == 0) {
567 if (debug_flag)
568 printf("\tprincipal: %s\n", name);
569 free(name);
570 }
571 krb5_free_principal(context, principal);
572 }
573 krb5_cc_close(context, id);
574 }
575
576 krb5_cccol_cursor_free(context, &cursor);
577 }
578
579
580 static void
581 test_copy(krb5_context context, const char *from, const char *to)
582 {
583 krb5_ccache fromid, toid;
584 krb5_error_code ret;
585 krb5_principal p, p2;
586
587 ret = krb5_parse_name(context, "lha@SU.SE", &p);
588 if (ret)
589 krb5_err(context, 1, ret, "krb5_parse_name");
590
591 ret = krb5_cc_new_unique(context, from, NULL, &fromid);
592 if (ret)
593 krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", from);
594
595 if (strcmp(krb5_cc_get_type(context, fromid), "FILE") == 0)
596 unlink_this = krb5_cc_get_name(context, fromid);
597
598 ret = krb5_cc_initialize(context, fromid, p);
599 if (ret)
600 krb5_err(context, 1, ret, "krb5_cc_initialize");
601
602 ret = krb5_cc_new_unique(context, to, NULL, &toid);
603 if (ret)
604 krb5_err(context, 1, ret, "krb5_cc_gen_new: %s", to);
605
606 if (strcmp(krb5_cc_get_type(context, toid), "FILE") == 0)
607 unlink_this2 = krb5_cc_get_name(context, toid);
608
609 ret = krb5_cc_copy_cache(context, fromid, toid);
610 if (ret)
611 krb5_err(context, 1, ret, "krb5_cc_copy_cache");
612
613 ret = krb5_cc_get_principal(context, toid, &p2);
614 if (ret)
615 krb5_err(context, 1, ret, "krb5_cc_get_principal");
616
617 if (krb5_principal_compare(context, p, p2) == FALSE)
618 krb5_errx(context, 1, "p != p2");
619
620 krb5_free_principal(context, p);
621 krb5_free_principal(context, p2);
622
623 krb5_cc_destroy(context, fromid);
624 krb5_cc_destroy(context, toid);
625 unlink_this = unlink_this2 = NULL;
626 }
627
628 static void
629 test_move(krb5_context context, const char *type)
630 {
631 const krb5_cc_ops *ops;
632 krb5_ccache fromid, toid;
633 krb5_error_code ret;
634 krb5_principal p, p2;
635 krb5_creds cred, tocred;
636
637 ops = krb5_cc_get_prefix_ops(context, type);
638 if (ops == NULL)
639 return;
640
641 ret = krb5_cc_new_unique(context, type, NULL, &fromid);
642 if (ret == KRB5_CC_NOSUPP)
643 return;
644 else if (ret)
645 krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", type);
646
647 ret = krb5_parse_name(context, "lha@SU.SE", &p);
648 if (ret)
649 krb5_err(context, 1, ret, "krb5_parse_name");
650
651 ret = krb5_cc_initialize(context, fromid, p);
652 if (ret)
653 krb5_err(context, 1, ret, "krb5_cc_initialize");
654
655 memset(&cred, 0, sizeof(cred));
656 ret = krb5_parse_name(context, "krbtgt/SU.SE@SU.SE", &cred.server);
657 if (ret)
658 krb5_err(context, 1, ret, "krb5_parse_name");
659 ret = krb5_parse_name(context, "lha@SU.SE", &cred.client);
660 if (ret)
661 krb5_err(context, 1, ret, "krb5_parse_name");
662
663 ret = krb5_cc_store_cred(context, fromid, &cred);
664 if (ret)
665 krb5_err(context, 1, ret, "krb5_cc_store_cred");
666
667
668 ret = krb5_cc_new_unique(context, type, NULL, &toid);
669 if (ret)
670 krb5_err(context, 1, ret, "krb5_cc_new_unique");
671
672 ret = krb5_cc_move(context, fromid, toid);
673 if (ret)
674 krb5_err(context, 1, ret, "krb5_cc_move");
675
676 ret = krb5_cc_get_principal(context, toid, &p2);
677 if (ret)
678 krb5_err(context, 1, ret, "krb5_cc_get_principal");
679
680 if (krb5_principal_compare(context, p, p2) == FALSE)
681 krb5_errx(context, 1, "p != p2");
682
683 ret = krb5_cc_retrieve_cred(context, toid, 0, &cred, &tocred);
684 if (ret)
685 krb5_errx(context, 1, "move failed");
686 krb5_free_cred_contents(context, &cred);
687 krb5_free_cred_contents(context, &tocred);
688
689 krb5_free_principal(context, p);
690 krb5_free_principal(context, p2);
691 krb5_cc_destroy(context, toid);
692 }
693
694
695 static void
696 test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops)
697 {
698 const krb5_cc_ops *o;
699
700 o = krb5_cc_get_prefix_ops(context, name);
701 if (o == NULL)
702 krb5_errx(context, 1, "found no match for prefix '%s'", name);
703 if (strcmp(o->prefix, ops->prefix) != 0)
704 krb5_errx(context, 1, "ops for prefix '%s' is not "
705 "the expected %s != %s", name, o->prefix, ops->prefix);
706 }
707
708 static void
709 test_cc_config(krb5_context context, const char *cc_type,
710 const char *cc_name, size_t count)
711 {
712 krb5_error_code ret;
713 krb5_principal p;
714 krb5_ccache id;
715 unsigned int i;
716
717 ret = krb5_cc_new_unique(context, cc_type, cc_name, &id);
718 if (ret)
719 krb5_err(context, 1, ret, "krb5_cc_new_unique");
720
721 ret = krb5_parse_name(context, "lha@SU.SE", &p);
722 if (ret)
723 krb5_err(context, 1, ret, "krb5_parse_name");
724
725 ret = krb5_cc_initialize(context, id, p);
726 if (ret)
727 krb5_err(context, 1, ret, "krb5_cc_initialize");
728
729 for (i = 0; i < count; i++) {
730 krb5_data data, data2;
731 const char *name = "foo";
732 krb5_principal p1 = NULL;
733
734 if (i & 1)
735 p1 = p;
736
737 data.data = rk_UNCONST(name);
738 data.length = strlen(name);
739
740 /*
741 * Because of how krb5_cc_set_config() this will also test
742 * krb5_cc_remove_cred().
743 */
744 ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data);
745 if (ret)
746 krb5_errx(context, 1, "krb5_cc_set_config: add");
747
748 ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
749 if (ret)
750 krb5_errx(context, 1, "krb5_cc_get_config: first");
751
752 if (data.length != data2.length ||
753 memcmp(data.data, data2.data, data.length) != 0)
754 krb5_errx(context, 1, "krb5_cc_get_config: did not fetch what was set");
755
756 krb5_data_free(&data2);
757
758 data.data = rk_UNCONST("bar");
759 data.length = strlen("bar");
760
761 ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data);
762 if (ret)
763 krb5_errx(context, 1, "krb5_cc_set_config: add -second");
764
765 ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
766 if (ret)
767 krb5_errx(context, 1, "krb5_cc_get_config: second");
768
769 if (data.length != data2.length ||
770 memcmp(data.data, data2.data, data.length) != 0)
771 krb5_errx(context, 1, "krb5_cc_get_config: replace failed");
772
773 krb5_data_free(&data2);
774
775 ret = krb5_cc_set_config(context, id, p1, "FriendlyName", NULL);
776 if (ret)
777 krb5_errx(context, 1, "krb5_cc_set_config: delete");
778
779 ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
780 if (ret == 0)
781 krb5_errx(context, 1, "krb5_cc_get_config: non-existant");
782
783 if (data2.length)
784 krb5_errx(context, 1, "krb5_cc_get_config: delete failed");
785 }
786
787 krb5_cc_destroy(context, id);
788 krb5_free_principal(context, p);
789 }
790
791 static krb5_error_code
792 test_cccol(krb5_context context, const char *def_cccol, const char **what)
793 {
794 krb5_cc_cache_cursor cursor;
795 krb5_error_code ret;
796 krb5_principal p1, p2;
797 krb5_ccache id, id1, id2;
798 krb5_creds cred1, cred2;
799 size_t match1 = 0;
800 size_t match2 = 0;
801
802 memset(&cred1, 0, sizeof(cred1));
803 memset(&cred2, 0, sizeof(cred2));
804
805 *what = "krb5_parse_name";
806 ret = krb5_parse_name(context, "krbtgt/SU.SE@SU.SE", &cred1.server);
807 if (ret) return ret;
808 ret = krb5_parse_name(context, "lha@SU.SE", &cred1.client);
809 if (ret) return ret;
810 ret = krb5_parse_name(context, "krbtgt/H5L.SE@H5L.SE", &cred2.server);
811 if (ret) return ret;
812 ret = krb5_parse_name(context, "lha@H5L.SE", &cred2.client);
813 if (ret) return ret;
814 *what = "krb5_cc_set_default_name";
815 ret = krb5_cc_set_default_name(context, def_cccol);
816 if (ret) return ret;
817 *what = "krb5_cc_default";
818 ret = krb5_cc_default(context, &id1);
819 if (ret) return ret;
820 *what = "krb5_cc_initialize";
821 ret = krb5_cc_initialize(context, id1, cred1.client);
822 if (ret) return ret;
823 *what = "krb5_cc_store_cred";
824 ret = krb5_cc_store_cred(context, id1, &cred1);
825 if (ret) return ret;
826 *what = "krb5_cc_resolve";
827 ret = krb5_cc_resolve_for(context, NULL, def_cccol, cred2.client, &id2);
828 if (ret) return ret;
829 *what = "krb5_cc_initialize";
830 ret = krb5_cc_initialize(context, id2, cred2.client);
831 if (ret) return ret;
832 *what = "krb5_cc_store_cred";
833 ret = krb5_cc_store_cred(context, id2, &cred2);
834 if (ret) return ret;
835
836 krb5_cc_close(context, id1);
837 krb5_cc_close(context, id2);
838 id1 = id2 = NULL;
839
840 *what = "krb5_cc_default";
841 ret = krb5_cc_default(context, &id1);
842 if (ret) return ret;
843 *what = "krb5_cc_resolve";
844 ret = krb5_cc_resolve_for(context, NULL, def_cccol, cred2.client, &id2);
845 if (ret) return ret;
846
847 *what = "krb5_cc_get_principal";
848 ret = krb5_cc_get_principal(context, id1, &p1);
849 if (ret) return ret;
850 ret = krb5_cc_get_principal(context, id2, &p2);
851 if (ret) return ret;
852
853 if (!krb5_principal_compare(context, p1, cred1.client)) {
854 char *u1 = NULL;
855 char *u2 = NULL;
856
857 (void) krb5_unparse_name(context, p1, &u1);
858 (void) krb5_unparse_name(context, cred1.client, &u2);
859 warnx("Inconsistent principals for ccaches in %s: %s vs %s "
860 "(expected lha@SU.SE)", def_cccol, u1, u2);
861 return EINVAL;
862 }
863 if (!krb5_principal_compare(context, p2, cred2.client)) {
864 char *u1 = NULL;
865 char *u2 = NULL;
866
867 (void) krb5_unparse_name(context, p2, &u1);
868 (void) krb5_unparse_name(context, cred2.client, &u2);
869 warnx("Inconsistent principals for ccaches in %s: %s and %s "
870 "(expected lha@H5L.SE)", def_cccol, u1, u2);
871 return EINVAL;
872 }
873 krb5_free_principal(context, p1);
874 krb5_free_principal(context, p2);
875
876 *what = "krb5_cc_cache_get_first";
877 ret = krb5_cc_cache_get_first(context, NULL, &cursor);
878 if (ret) return ret;
879 *what = "krb5_cc_cache_next";
880 while (krb5_cc_cache_next(context, cursor, &id) == 0) {
881 krb5_principal p;
882
883 *what = "krb5_cc_get_principal";
884 ret = krb5_cc_get_principal(context, id, &p);
885 if (ret) return ret;
886 if (krb5_principal_compare(context, p, cred1.client))
887 match1++;
888 else if (krb5_principal_compare(context, p, cred2.client))
889 match2++;
890 krb5_free_principal(context, p);
891 krb5_cc_close(context, id);
892 }
893 (void) krb5_cc_cache_end_seq_get(context, cursor);
894
895 *what = "cccol iteration inconsistency";
896 if (match1 != 1 || match2 != 1)
897 return EINVAL;
898
899 krb5_cc_close(context, id1);
900 krb5_cc_close(context, id2);
901
902 krb5_free_cred_contents(context, &cred1);
903 krb5_free_cred_contents(context, &cred2);
904
905 return 0;
906 }
907
908 static void
909 test_cccol_dcache(krb5_context context)
910 {
911 krb5_error_code ret;
912 char *dcc = NULL;
913 const char *what;
914
915 if (asprintf(&dcc, "DIR:%s/dcc", tmpdir) == -1 || dcc == NULL)
916 krb5_err(context, 1, errno, "asprintf");
917
918 ret = test_cccol(context, dcc, &what);
919 free(dcc);
920 if (ret)
921 krb5_err(context, 1, ret, "%s", what);
922 }
923
924 static void
925 test_cccol_scache(krb5_context context)
926 {
927 krb5_error_code ret;
928 char *scache = NULL;
929 const char *what;
930 int fd;
931
932 if (asprintf(&scache, "SCC:%s/scache", tmpdir) == -1 || scache == NULL)
933 krb5_err(context, 1, errno, "asprintf");
934 if ((fd = open(scache + sizeof("SCC:") - 1, O_CREAT | O_RDWR, 0600)) == -1)
935 krb5_err(context, 1, errno, "open(%s)", scache + sizeof("SCC:") - 1);
936 (void) close(fd);
937
938 ret = test_cccol(context, scache, &what);
939 (void) unlink(scache + sizeof("SCC:") - 1);
940 free(scache);
941 if (ret)
942 krb5_err(context, 1, ret, "%s", what);
943 }
944
945
946 static struct getargs args[] = {
947 {"debug", 'd', arg_flag, &debug_flag,
948 "turn on debuggin", NULL },
949 {"version", 0, arg_flag, &version_flag,
950 "print version", NULL },
951 {"help", 0, arg_flag, &help_flag,
952 NULL, NULL }
953 };
954
955 static void
956 usage (int ret)
957 {
958 arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
959 exit (ret);
960 }
961
962 int
963 main(int argc, char **argv)
964 {
965 krb5_context context;
966 krb5_error_code ret;
967 int optidx = 0;
968 krb5_ccache id1, id2;
969
970 setprogname(argv[0]);
971
972 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
973 usage(1);
974
975 if (help_flag)
976 usage (0);
977
978 if(version_flag){
979 print_version(NULL);
980 exit(0);
981 }
982
983 argc -= optidx;
984 argv += optidx;
985
986 ret = krb5_init_context(&context);
987 if (ret)
988 errx (1, "krb5_init_context failed: %d", ret);
989
990 make_dir(context);
991
992 test_cache_remove(context, krb5_cc_type_file);
993 test_cache_remove(context, krb5_cc_type_memory);
994 #ifdef USE_SQLITE
995 test_cache_remove(context, krb5_cc_type_scc);
996 #endif
997 #ifdef HAVE_KEYUTILS_H
998 keyctl_join_session_keyring(NULL);
999 test_cache_remove(context, krb5_cc_type_keyring);
1000 #endif
1001
1002 test_default_name(context);
1003 test_mcache(context);
1004 /*
1005 * XXX Make sure to set default ccache names for each cc type!
1006 * Otherwise we clobber the user's ccaches.
1007 */
1008 test_init_vs_destroy(context, krb5_cc_type_memory);
1009 test_init_vs_destroy(context, krb5_cc_type_file);
1010 #if 0
1011 test_init_vs_destroy(context, krb5_cc_type_api);
1012 #endif
1013 /*
1014 * Cleanup so we can check that the permissions on the directory created by
1015 * scc are correct.
1016 */
1017 cleanup();
1018 test_init_vs_destroy(context, krb5_cc_type_scc);
1019
1020 #if defined(S_IRWXG) && defined(S_IRWXO)
1021 {
1022 struct stat st;
1023
1024 if (stat(tmpdir, &st) == 0) {
1025 if ((st.st_mode & S_IRWXG) ||
1026 (st.st_mode & S_IRWXO))
1027 krb5_errx(context, 1,
1028 "SQLite3 ccache dir perms wrong: %d", st.st_mode);
1029 }
1030 }
1031 #endif
1032 test_init_vs_destroy(context, krb5_cc_type_dcc);
1033 #ifdef HAVE_KEYUTILS_H
1034 test_init_vs_destroy(context, krb5_cc_type_keyring);
1035 #endif
1036 test_mcc_default();
1037 test_def_cc_name(context);
1038
1039 test_cache_iter_all(context);
1040
1041 test_cache_iter(context, krb5_cc_type_memory, 0);
1042 {
1043 krb5_principal p;
1044 krb5_cc_new_unique(context, krb5_cc_type_memory, "bar", &id1);
1045 krb5_cc_new_unique(context, krb5_cc_type_memory, "baz", &id2);
1046 krb5_parse_name(context, "lha@SU.SE", &p);
1047 krb5_cc_initialize(context, id1, p);
1048 krb5_free_principal(context, p);
1049 }
1050
1051 test_cache_find(context, "lha@SU.SE", 1);
1052 test_cache_find(context, "hulabundulahotentot@SU.SE", 0);
1053
1054 /*
1055 * XXX We should compose and krb5_cc_set_default_name() a default ccache
1056 * for each cc type that we test with test_cache_iter(), and we should do
1057 * that inside test_cache_iter().
1058 *
1059 * Alternatively we should remove test_cache_iter() in favor of
1060 * test_cccol(), which is a much more complete test.
1061 */
1062 test_cache_iter(context, krb5_cc_type_memory, 0);
1063 test_cache_iter(context, krb5_cc_type_memory, 1);
1064 test_cache_iter(context, krb5_cc_type_memory, 0);
1065 test_cache_iter(context, krb5_cc_type_file, 0);
1066 test_cache_iter(context, krb5_cc_type_api, 0);
1067 test_cache_iter(context, krb5_cc_type_scc, 0);
1068 test_cache_iter(context, krb5_cc_type_scc, 1);
1069 #if 0
1070 test_cache_iter(context, krb5_cc_type_dcc, 0);
1071 test_cache_iter(context, krb5_cc_type_dcc, 1);
1072 #endif
1073 #ifdef HAVE_KEYUTILS_H
1074 test_cache_iter(context, krb5_cc_type_keyring, 0);
1075 test_cache_iter(context, krb5_cc_type_keyring, 1);
1076 #endif
1077
1078 test_copy(context, krb5_cc_type_file, krb5_cc_type_file);
1079 test_copy(context, krb5_cc_type_memory, krb5_cc_type_memory);
1080 test_copy(context, krb5_cc_type_file, krb5_cc_type_memory);
1081 test_copy(context, krb5_cc_type_memory, krb5_cc_type_file);
1082 test_copy(context, krb5_cc_type_scc, krb5_cc_type_file);
1083 test_copy(context, krb5_cc_type_file, krb5_cc_type_scc);
1084 test_copy(context, krb5_cc_type_scc, krb5_cc_type_memory);
1085 test_copy(context, krb5_cc_type_memory, krb5_cc_type_scc);
1086 #if 0
1087 test_copy(context, krb5_cc_type_dcc, krb5_cc_type_memory);
1088 test_copy(context, krb5_cc_type_dcc, krb5_cc_type_file);
1089 test_copy(context, krb5_cc_type_dcc, krb5_cc_type_scc);
1090 #endif
1091 #ifdef HAVE_KEYUTILS_H
1092 test_copy(context, krb5_cc_type_keyring, krb5_cc_type_file);
1093 test_copy(context, krb5_cc_type_file, krb5_cc_type_file);
1094 test_copy(context, "KEYRING:", "KEYRING:bar");
1095 test_copy(context, "KEYRING:bar", "KEYRING:baz");
1096 # ifdef HAVE_KEYCTL_GET_PERSISTENT
1097 test_copy(context, krb5_cc_type_file, "KEYRING:persistent");
1098 test_copy(context, "KEYRING:persistent:", krb5_cc_type_file);
1099 test_copy(context, krb5_cc_type_file, "KEYRING:persistent:foo");
1100 test_copy(context, "KEYRING:persistent:foo", krb5_cc_type_file);
1101 # endif
1102 test_copy(context, krb5_cc_type_memory, "KEYRING:process:");
1103 test_copy(context, "KEYRING:process:", krb5_cc_type_memory);
1104 test_copy(context, krb5_cc_type_memory, "KEYRING:process:foo");
1105 test_copy(context, "KEYRING:process:foo", krb5_cc_type_memory);
1106 test_copy(context, krb5_cc_type_memory, "KEYRING:thread:");
1107 test_copy(context, "KEYRING:thread:", krb5_cc_type_memory);
1108 test_copy(context, krb5_cc_type_memory, "KEYRING:thread:foo");
1109 test_copy(context, "KEYRING:thread:foo", krb5_cc_type_memory);
1110 test_copy(context, krb5_cc_type_memory, "KEYRING:session:");
1111 test_copy(context, "KEYRING:session:", krb5_cc_type_memory);
1112 test_copy(context, krb5_cc_type_memory, "KEYRING:session:foo");
1113 test_copy(context, "KEYRING:session:foo", krb5_cc_type_memory);
1114 test_copy(context, krb5_cc_type_file, "KEYRING:user:");
1115 test_copy(context, "KEYRING:user:", krb5_cc_type_file);
1116 test_copy(context, krb5_cc_type_file, "KEYRING:user:foo");
1117 test_copy(context, "KEYRING:user:foo", krb5_cc_type_memory);
1118 #endif /* HAVE_KEYUTILS_H */
1119
1120 test_move(context, krb5_cc_type_file);
1121 test_move(context, krb5_cc_type_memory);
1122 test_move(context, krb5_cc_type_scc);
1123 #if 0
1124 test_move(context, krb5_cc_type_dcc);
1125 #endif
1126 #ifdef HAVE_KEYUTILS_H
1127 test_move(context, krb5_cc_type_keyring);
1128 # ifdef HAVE_KEYCTL_GET_PERSISTENT
1129 test_move(context, "KEYRING:persistent:");
1130 test_move(context, "KEYRING:persistent:foo");
1131 # endif
1132 test_move(context, "KEYRING:process:");
1133 test_move(context, "KEYRING:process:foo");
1134 test_move(context, "KEYRING:thread:");
1135 test_move(context, "KEYRING:thread:foo");
1136 test_move(context, "KEYRING:session:");
1137 test_move(context, "KEYRING:session:foo");
1138 test_move(context, "KEYRING:user:");
1139 test_move(context, "KEYRING:user:foo");
1140 #endif /* HAVE_KEYUTILS_H */
1141
1142 test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops);
1143 test_prefix_ops(context, "FILE", &krb5_fcc_ops);
1144 test_prefix_ops(context, "MEMORY", &krb5_mcc_ops);
1145 test_prefix_ops(context, "MEMORY:foo", &krb5_mcc_ops);
1146 test_prefix_ops(context, "/tmp/kaka", &krb5_fcc_ops);
1147 #ifdef HAVE_SCC
1148 test_prefix_ops(context, "SCC:", &krb5_scc_ops);
1149 test_prefix_ops(context, "SCC:foo", &krb5_scc_ops);
1150 #endif
1151 #if 0
1152 test_prefix_ops(context, "DIR:", &krb5_dcc_ops);
1153 test_prefix_ops(context, "DIR:tkt1", &krb5_dcc_ops);
1154 #endif
1155 #ifdef HAVE_KEYUTILS_H
1156 test_prefix_ops(context, "KEYRING:", &krb5_krcc_ops);
1157 test_prefix_ops(context, "KEYRING:foo", &krb5_krcc_ops);
1158 #endif /* HAVE_KEYUTILS_H */
1159
1160 krb5_cc_destroy(context, id1);
1161 krb5_cc_destroy(context, id2);
1162
1163 test_cc_config(context, "MEMORY", "bar", 1000); /* 1000 because fast */
1164 test_cc_config(context, "FILE", "/tmp/foocc", 30); /* 30 because slower */
1165
1166 test_cccol_dcache(context);
1167 test_cccol_scache(context);
1168 #ifdef HAVE_KEYUTILS_H
1169 {
1170 const char *what;
1171
1172 ret = test_cccol(context, "KEYRING:legacy:fooccol", &what);
1173 if (ret)
1174 krb5_err(context, 1, ret, "%s", what);
1175
1176 ret = test_cccol(context, "MEMORY:fooccol", &what);
1177 if (ret)
1178 krb5_err(context, 1, ret, "%s", what);
1179 }
1180 #endif /* HAVE_KEYUTILS_H */
1181
1182 {
1183 const char *what;
1184 char *config = NULL;
1185 char *fname = NULL;
1186 char *d = NULL;
1187
1188 if (asprintf(&d, "%s/cccol", tmpdir) == -1 || d == NULL)
1189 krb5_err(context, 1, errno, "asprintf");
1190 if (mkdir(d, 0700) == -1)
1191 krb5_err(context, 1, errno, "mkdir(%s)", d);
1192 if (asprintf(&fname, "%s/foobar", d) == -1 || fname == NULL ||
1193 asprintf(&config,
1194 "[libdefaults]\n"
1195 "\tdefault_file_cache_collections = FILE:%1$s/cccol/foobar\n"
1196 "\tenable_file_cache_iteration = true\n",
1197 tmpdir) == -1 || config == NULL)
1198 krb5_err(context, 1, errno, "asprintf");
1199 ret = krb5_set_config(context, config);
1200 if (ret)
1201 krb5_err(context, 1, ret,
1202 "Could not configure context from string:\n%s\n", config);
1203 ret = test_cccol(context, fname, &what);
1204 if (ret)
1205 krb5_err(context, 1, ret, "%s", what);
1206 free(config);
1207 free(fname);
1208 free(d);
1209 }
1210
1211 krb5_free_context(context);
1212
1213 #if 0
1214 sleep(60);
1215 #endif
1216
1217 return 0;
1218 }
Heimdal