summaryrefslogtreecommitdiffstats
path: root/auth/credentials/tests
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
commit8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch)
tree4099e8021376c7d8c05bdf8503093d80e9c7bad0 /auth/credentials/tests
parentInitial commit. (diff)
downloadsamba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz
samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'auth/credentials/tests')
-rwxr-xr-xauth/credentials/tests/bind.py261
-rw-r--r--auth/credentials/tests/test_creds.c349
2 files changed, 610 insertions, 0 deletions
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
new file mode 100755
index 0000000..ce81b73
--- /dev/null
+++ b/auth/credentials/tests/bind.py
@@ -0,0 +1,261 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This is unit with tests for LDAP access checks
+
+import optparse
+import sys
+import base64
+import copy
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from ldb import SCOPE_BASE, SCOPE_SUBTREE, LdbError, ERR_INVALID_CREDENTIALS
+
+from samba import gensec
+import samba.tests
+from samba.tests import delete_force
+from samba.credentials import Credentials
+
+def create_credential(lp, other):
+ c = Credentials()
+ c.guess(lp)
+ c.set_gensec_features(other.get_gensec_features())
+ return c
+
+parser = optparse.OptionParser("bind [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+ parser.print_usage()
+ sys.exit(1)
+
+host = args[0]
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+creds_machine = create_credential(lp, creds)
+creds_virtual = create_credential(lp, creds)
+creds_user1 = create_credential(lp, creds)
+creds_user2 = create_credential(lp, creds)
+creds_user3 = create_credential(lp, creds)
+creds_user4 = create_credential(lp, creds)
+creds_user5 = create_credential(lp, creds)
+creds_user6 = create_credential(lp, creds)
+creds_user7 = create_credential(lp, creds)
+
+class BindTests(samba.tests.TestCase):
+
+ info_dc = None
+
+ def setUp(self):
+ super(BindTests, self).setUp()
+ # fetch rootDSEs
+
+ self.ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
+
+ if self.info_dc is None:
+ res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ self.assertEqual(len(res), 1)
+ BindTests.info_dc = res[0]
+ # cache some of RootDSE props
+ self.schema_dn = self.info_dc["schemaNamingContext"][0]
+ self.domain_dn = self.info_dc["defaultNamingContext"][0]
+ self.config_dn = self.info_dc["configurationNamingContext"][0]
+ self.realm = self.info_dc["ldapServiceName"][0].split(b'@')[1].decode('utf-8')
+ self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
+ self.virtual_user_dn = "CN=frednurk@%s,CN=Computers,%s" % (self.realm, self.domain_dn)
+ self.password = "P@ssw0rd"
+ self.username = "BindTestUser"
+
+ def tearDown(self):
+ delete_force(self.ldb, self.virtual_user_dn)
+ super(BindTests, self).tearDown()
+
+ def test_virtual_email_account_style_bind(self):
+ # create a user in the style often deployed for authentication
+ # of virtual email account at a hosting provider
+ #
+ # The userPrincipalName must not match the samAccountName for
+ # this test to detect when the LDAP DN is being double-parsed
+ # but must be in the user@realm style to allow the account to
+ # be created
+ try:
+ self.ldb.add_ldif("""
+dn: """ + self.virtual_user_dn + """
+cn: frednurk@""" + self.realm + """
+displayName: Fred Nurk
+sAMAccountName: frednurk@""" + self.realm + """
+userPrincipalName: frednurk@NOT.""" + self.realm + """
+countryCode: 0
+objectClass: computer
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: user
+""")
+ except LdbError as e:
+ (num, msg) = e.args
+ self.fail(f"Failed to create e-mail user: {msg}")
+
+ self.addCleanup(delete_force, self.ldb, self.virtual_user_dn)
+ try:
+ self.ldb.modify_ldif("""
+dn: """ + self.virtual_user_dn + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode(u"\"P@ssw0rd\"".encode('utf-16-le')).decode('utf8') + """
+""")
+ except LdbError as e:
+ (num, msg) = e.args
+ self.fail(f"Failed to set password on e-mail user: {msg}")
+
+ self.ldb.enable_account('distinguishedName=%s' % self.virtual_user_dn)
+
+ # do a simple bind and search with the machine account
+ creds_virtual.set_bind_dn(self.virtual_user_dn)
+ creds_virtual.set_password(self.password)
+ print("BindTest with: " + creds_virtual.get_bind_dn())
+ try:
+ ldb_virtual = samba.tests.connect_samdb(host, credentials=creds_virtual,
+ lp=lp, ldap_only=True)
+ except LdbError as e:
+ (num, msg) = e.args
+ if num != ERR_INVALID_CREDENTIALS:
+ raise
+ self.fail(msg)
+
+ res = ldb_virtual.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ def test_computer_account_bind(self):
+ # create a computer acocount for the test
+ delete_force(self.ldb, self.computer_dn)
+ self.ldb.add_ldif("""
+dn: """ + self.computer_dn + """
+cn: CENTOS53
+displayName: CENTOS53$
+name: CENTOS53
+sAMAccountName: CENTOS53$
+countryCode: 0
+objectClass: computer
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: user
+codePage: 0
+userAccountControl: 4096
+dNSHostName: centos53.alabala.test
+operatingSystemVersion: 5.2 (3790)
+operatingSystem: Windows Server 2003
+""")
+ self.ldb.modify_ldif("""
+dn: """ + self.computer_dn + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode(u"\"P@ssw0rd\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+ # do a simple bind and search with the machine account
+ creds_machine.set_bind_dn(self.computer_dn)
+ creds_machine.set_password(self.password)
+ print("BindTest with: " + creds_machine.get_bind_dn())
+ ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
+ lp=lp, ldap_only=True)
+ res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ def test_user_account_bind(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username,
+ attrs=["objectSid"])
+ self.assertEqual(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ # do a simple bind and search with the user account in format user@realm
+ creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
+ creds_user1.set_password(self.password)
+ print("BindTest with: " + creds_user1.get_bind_dn())
+ ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
+ lp=lp, ldap_only=True)
+ res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the user account in format domain\user
+ creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
+ creds_user2.set_password(self.password)
+ print("BindTest with: " + creds_user2.get_bind_dn())
+ ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
+ lp=lp, ldap_only=True)
+ res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the user account DN
+ creds_user3.set_bind_dn(str(user_dn))
+ creds_user3.set_password(self.password)
+ print("BindTest with: " + creds_user3.get_bind_dn())
+ ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
+ lp=lp, ldap_only=True)
+ res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the user account SID
+ creds_user5.set_bind_dn(self.ldb.schema_format_value("objectSid", ldb_res[0]["objectSid"][0]).decode('utf8'))
+ creds_user5.set_password(self.password)
+ print("BindTest with: " + creds_user5.get_bind_dn())
+ ldb_user5 = samba.tests.connect_samdb(host, credentials=creds_user5,
+ lp=lp, ldap_only=True)
+ res = ldb_user5.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the canonical name
+ creds_user6.set_bind_dn(user_dn.canonical_str())
+ creds_user6.set_password(self.password)
+ print("BindTest with: " + creds_user6.get_bind_dn())
+ ldb_user6 = samba.tests.connect_samdb(host, credentials=creds_user6,
+ lp=lp, ldap_only=True)
+ res = ldb_user6.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the extended canonical name
+ creds_user7.set_bind_dn(user_dn.canonical_ex_str())
+ creds_user7.set_password(self.password)
+ print("BindTest with: " + creds_user7.get_bind_dn())
+ ldb_user7 = samba.tests.connect_samdb(host, credentials=creds_user7,
+ lp=lp, ldap_only=True)
+ res = ldb_user7.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ def test_user_account_bind_no_domain(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEqual(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ creds_user4.set_username(self.username)
+ creds_user4.set_password(self.password)
+ creds_user4.set_domain('')
+ creds_user4.set_workstation('')
+ print("BindTest (no domain) with: " + self.username)
+ try:
+ ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+ lp=lp, ldap_only=True)
+ except:
+ self.fail("Failed to connect without the domain set")
+
+ res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
new file mode 100644
index 0000000..2cb2e6d
--- /dev/null
+++ b/auth/credentials/tests/test_creds.c
@@ -0,0 +1,349 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "lib/replace/replace.h"
+#include "auth/credentials/credentials.c"
+
+static int setup_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *state = frame;
+ return 0;
+}
+
+static int teardown_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+static void torture_creds_init(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ const char *username = NULL;
+ const char *domain = NULL;
+ const char *password = NULL;
+ enum credentials_obtained dom_obtained = CRED_UNINITIALISED;
+ enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+ assert_null(creds->username);
+ assert_int_equal(creds->username_obtained, CRED_UNINITIALISED);
+
+ domain = cli_credentials_get_domain(creds);
+ assert_null(domain);
+ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
+ assert_true(ok);
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+ domain = cli_credentials_get_domain(creds);
+ assert_string_equal(domain, "WURST");
+
+ domain = cli_credentials_get_domain_and_obtained(creds,
+ &dom_obtained);
+ assert_int_equal(dom_obtained, CRED_SPECIFIED);
+ assert_string_equal(domain, "WURST");
+
+ username = cli_credentials_get_username(creds);
+ assert_null(username);
+ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
+ assert_true(ok);
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+ username = cli_credentials_get_username(creds);
+ assert_string_equal(username, "brot");
+
+ username = cli_credentials_get_username_and_obtained(creds,
+ &usr_obtained);
+ assert_int_equal(usr_obtained, CRED_SPECIFIED);
+ assert_string_equal(username, "brot");
+
+ password = cli_credentials_get_password(creds);
+ assert_null(password);
+ ok = cli_credentials_set_password(creds, "SECRET", CRED_SPECIFIED);
+ assert_true(ok);
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+ password = cli_credentials_get_password(creds);
+ assert_string_equal(password, "SECRET");
+
+ password = cli_credentials_get_password_and_obtained(creds,
+ &pwd_obtained);
+ assert_int_equal(pwd_obtained, CRED_SPECIFIED);
+ assert_string_equal(password, "SECRET");
+
+ /* Run dump to check it works */
+ cli_credentials_dump(creds);
+}
+
+static void torture_creds_init_anonymous(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+
+ creds = cli_credentials_init_anon(mem_ctx);
+ assert_non_null(creds);
+
+ assert_string_equal(creds->domain, "");
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->username, "");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_null(creds->password);
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+}
+
+static void torture_creds_guess(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ const char *env_user = getenv("USER");
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+
+ setenv("PASSWD", "SECRET", 1);
+ ok = cli_credentials_guess(creds, NULL);
+ assert_true(ok);
+
+ assert_string_equal(creds->username, env_user);
+ assert_int_equal(creds->username_obtained, CRED_GUESS_ENV);
+
+ assert_string_equal(creds->password, "SECRET");
+ assert_int_equal(creds->password_obtained, CRED_GUESS_ENV);
+ unsetenv("PASSWD");
+}
+
+static void torture_creds_anon_guess(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ bool ok;
+
+ creds = cli_credentials_init_anon(mem_ctx);
+ assert_non_null(creds);
+
+ setenv("PASSWD", "SECRET", 1);
+ ok = cli_credentials_guess(creds, NULL);
+ assert_true(ok);
+
+ assert_string_equal(creds->username, "");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_null(creds->password);
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+ unsetenv("PASSWD");
+}
+
+static void torture_creds_parse_string(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+
+ /* Anonymous */
+ cli_credentials_parse_string(creds, "%", CRED_SPECIFIED);
+
+ assert_string_equal(creds->domain, "");
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->username, "");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_null(creds->password);
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+
+ /* Username + password */
+ cli_credentials_parse_string(creds, "wurst%BROT", CRED_SPECIFIED);
+
+ assert_string_equal(creds->domain, "");
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->username, "wurst");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->password, "BROT");
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+
+ /* Domain + username + password */
+ cli_credentials_parse_string(creds, "XXL\\wurst%BROT", CRED_SPECIFIED);
+
+ assert_string_equal(creds->domain, "XXL");
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->username, "wurst");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->password, "BROT");
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+
+ /* Principal */
+ cli_credentials_parse_string(creds, "wurst@brot.realm", CRED_SPECIFIED);
+
+ assert_string_equal(creds->domain, "");
+ assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->username, "wurst@brot.realm");
+ assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->principal, "wurst@brot.realm");
+ assert_int_equal(creds->principal_obtained, CRED_SPECIFIED);
+
+ assert_string_equal(creds->password, "BROT");
+ assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
+}
+
+static void torture_creds_krb5_state(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ struct loadparm_context *lp_ctx = NULL;
+ bool ok;
+
+ lp_ctx = loadparm_init_global(true);
+ assert_non_null(lp_ctx);
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+ assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
+ assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+
+ ok = cli_credentials_set_conf(creds, lp_ctx);
+ assert_true(ok);
+ assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+
+ ok = cli_credentials_guess(creds, lp_ctx);
+ assert_true(ok);
+ assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
+ assert_non_null(creds->ccache);
+
+ ok = cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
+ assert_true(ok);
+ assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+
+ ok = cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SMB_CONF);
+ assert_false(ok);
+ assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+
+}
+
+static void torture_creds_gensec_feature(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+ assert_int_equal(creds->gensec_features_obtained, CRED_UNINITIALISED);
+ assert_int_equal(creds->gensec_features, 0);
+
+ ok = cli_credentials_set_gensec_features(creds,
+ GENSEC_FEATURE_SIGN,
+ CRED_SPECIFIED);
+ assert_true(ok);
+ assert_int_equal(creds->gensec_features_obtained, CRED_SPECIFIED);
+ assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
+
+ ok = cli_credentials_set_gensec_features(creds,
+ GENSEC_FEATURE_SEAL,
+ CRED_SMB_CONF);
+ assert_false(ok);
+ assert_int_equal(creds->gensec_features_obtained, CRED_SPECIFIED);
+ assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
+}
+
+static const char *torture_get_password(struct cli_credentials *creds)
+{
+ return talloc_strdup(creds, "SECRET");
+}
+
+static void torture_creds_password_callback(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ const char *password = NULL;
+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+
+ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
+ assert_true(ok);
+ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
+ assert_true(ok);
+
+ ok = cli_credentials_set_password_callback(creds, torture_get_password);
+ assert_true(ok);
+ assert_int_equal(creds->password_obtained, CRED_CALLBACK);
+
+ password = cli_credentials_get_password_and_obtained(creds,
+ &pwd_obtained);
+ assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT);
+ assert_string_equal(password, "SECRET");
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(torture_creds_init),
+ cmocka_unit_test(torture_creds_init_anonymous),
+ cmocka_unit_test(torture_creds_guess),
+ cmocka_unit_test(torture_creds_anon_guess),
+ cmocka_unit_test(torture_creds_parse_string),
+ cmocka_unit_test(torture_creds_krb5_state),
+ cmocka_unit_test(torture_creds_gensec_feature),
+ cmocka_unit_test(torture_creds_password_callback)
+ };
+
+ if (argc == 2) {
+ cmocka_set_test_filter(argv[1]);
+ }
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ rc = cmocka_run_group_tests(tests,
+ setup_talloc_context,
+ teardown_talloc_context);
+
+ return rc;
+}