1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#include <time.h>
#include <stdlib.h>
#include <stdarg.h>
#include <stddef.h>
#include <setjmp.h>
#include <stdint.h>
#include <cmocka.h>
#include "includes.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/kerberos/kerberos_credentials.h"
#include "auth/kerberos/kerberos_util.h"
static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
krb5_kvno kvno, const char *kt_name)
{
krb5_context krb5_ctx;
krb5_keytab keytab;
krb5_keytab_entry kt_entry;
krb5_kt_cursor cursor;
krb5_error_code code;
int i,j;
char princ_name[] = "user0";
char expect_princ_name[] = "user0@samba.example.com";
bool found_previous;
const char *error_str;
TALLOC_CTX *tmp_ctx = talloc_new(NULL);
krb5_principal *principals = talloc_zero_array(tmp_ctx,
krb5_principal,
num_principals);
krb5_init_context(&krb5_ctx);
krb5_kt_resolve(krb5_ctx, kt_name, &keytab);
ZERO_STRUCT(kt_entry);
for(i=0; i<num_principals; i++) {
princ_name[4] = (char)i+48;
smb_krb5_make_principal(krb5_ctx, &(principals[i]),
"samba.example.com", princ_name, NULL);
kt_entry.principal = principals[i];
for (j=0; j<num_kvnos; j++) {
kt_entry.vno = j+1;
krb5_kt_add_entry(krb5_ctx, keytab, &kt_entry);
}
}
code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
assert_int_equal(code, 0);
#ifdef SAMBA4_USES_HEIMDAL
for (i=0; i<num_principals; i++) {
expect_princ_name[4] = (char)i+48;
for (j=0; j<num_kvnos; j++) {
char *unparsed_name;
code = krb5_kt_next_entry(krb5_ctx, keytab,
&kt_entry, &cursor);
assert_int_equal(code, 0);
assert_int_equal(kt_entry.vno, j+1);
#else
/* MIT - For MEMORY type keytabs, krb5_kt_add_entry() adds an
* entry to the beginning of the keytab table, not the end */
for (i=num_principals-1; i>=0; i--) {
expect_princ_name[4] = (char)i+48;
for (j=num_kvnos; j>0; j--) {
char *unparsed_name;
code = krb5_kt_next_entry(krb5_ctx, keytab,
&kt_entry, &cursor);
assert_int_equal(code, 0);
assert_int_equal(kt_entry.vno, j);
#endif
krb5_unparse_name(krb5_ctx, kt_entry.principal,
&unparsed_name);
assert_string_equal(expect_princ_name, unparsed_name);
}
}
smb_krb5_remove_obsolete_keytab_entries(tmp_ctx, krb5_ctx, keytab,
num_principals, principals,
kvno, &found_previous,
&error_str);
code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
assert_int_equal(code, 0);
#ifdef SAMBA4_USES_HEIMDAL
for (i=0; i<num_principals; i++) {
#else /* MIT - reverse iterate through entries */
for (i=num_principals-1; i>=0; i--) {
#endif
char *unparsed_name;
expect_princ_name[4] = (char)i+48;
code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
assert_int_equal(code, 0);
assert_int_equal(kt_entry.vno, kvno-1);
krb5_unparse_name(krb5_ctx, kt_entry.principal, &unparsed_name);
assert_string_equal(expect_princ_name, unparsed_name);
}
code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
assert_int_not_equal(code, 0);
}
static void test_krb5_remove_obsolete_keytab_entries_many(void **state)
{
internal_obsolete_keytab_test(5, 4, (krb5_kvno)5, "MEMORY:LOL2");
}
static void test_krb5_remove_obsolete_keytab_entries_one(void **state)
{
internal_obsolete_keytab_test(1, 2, (krb5_kvno)3, "MEMORY:LOL");
}
int main(int argc, const char **argv)
{
const struct CMUnitTest tests[] = {
cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_one),
cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_many),
};
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
return cmocka_run_group_tests(tests, NULL, NULL);
}
|
