This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
commit 344cb6f722e3ceb42c1a95a8194e7ba4c4a0183a
Author: Simo Sorce <simo(a)redhat.com>
Date: Wed Jan 18 09:33:24 2017 -0500
Fix impersonation tests to work properly
Current tests worked correctly only with a primed ccache, ie, by side effect.
Fix them to work regardless of status and use the isolate memory ccache
feature of PR#38 to insure no side effects.
Signed-off-by: Simo Sorce <simo(a)redhat.com>
[rharwood(a)redhat.com Reflow commit message]
Reviewed-by: Robbie Harwood <rharwood(a)redhat.com>
Closes #42
---
proxy/tests/t_impersonate.c | 36 +++++++++++++++++++++---------------
proxy/tests/t_impersonate.py | 15 ++++++---------
proxy/tests/testlib.py | 1 +
3 files changed, 28 insertions(+), 24 deletions(-)
diff --git a/proxy/tests/t_impersonate.c b/proxy/tests/t_impersonate.c
index 3ff463d..42d59a4 100644
--- a/proxy/tests/t_impersonate.c
+++ b/proxy/tests/t_impersonate.c
@@ -6,8 +6,6 @@
int main(int argc, const char *argv[])
{
- char buffer[MAX_RPC_SIZE];
- uint32_t buflen;
gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t init_ctx = GSS_C_NO_CONTEXT;
@@ -15,18 +13,18 @@ int main(int argc, const char *argv[])
gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER;
gss_name_t user_name;
+ gss_name_t proxy_name;
gss_name_t target_name;
gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) };
uint32_t ret_maj;
uint32_t ret_min;
- uint32_t time_rec;
uint32_t flags = GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG;
int ret = -1;
bool selfhalf = false;
bool proxyhalf = false;
const char *deleg_ccache = NULL;
- if (argc < 3) return -1;
+ if (argc < 4) return -1;
ret = t_string_to_name(argv[1], &user_name, GSS_C_NT_USER_NAME);
if (ret) {
@@ -35,7 +33,7 @@ int main(int argc, const char *argv[])
goto done;
}
- ret = t_string_to_name(argv[2], &target_name,
+ ret = t_string_to_name(argv[2], &proxy_name,
GSS_C_NT_HOSTBASED_SERVICE);
if (ret) {
DEBUG("Failed to import server name from argv[2]\n");
@@ -43,23 +41,31 @@ int main(int argc, const char *argv[])
goto done;
}
- if (argc > 3) {
- if (strcmp(argv[3], "s4u2self") == 0) {
+ ret = t_string_to_name(argv[3], &target_name,
+ GSS_C_NT_HOSTBASED_SERVICE);
+ if (ret) {
+ DEBUG("Failed to import server name from argv[2]\n");
+ ret = -1;
+ goto done;
+ }
+
+ if (argc > 4) {
+ if (strcmp(argv[4], "s4u2self") == 0) {
selfhalf = true;
- } else if (strcmp(argv[3], "s4u2proxy") == 0) {
+ } else if (strcmp(argv[4], "s4u2proxy") == 0) {
proxyhalf = true;
} else {
- DEBUG("Invalid argument 3: %s\n", argv[3]);
+ DEBUG("Invalid argument 4: %s\n", argv[4]);
ret = -1;
goto done;
}
- if (argc < 5) {
- DEBUG("Option %s requires additional arguments\n", argv[3]);
+ if (argc < 6) {
+ DEBUG("Option %s requires additional arguments\n", argv[4]);
ret = -1;
goto done;
}
- deleg_ccache = argv[4];
- DEBUG("S4U2%s half [ccache %s]\n",
selfhalf?"Self":"Proxy", argv[4]);
+ deleg_ccache = argv[5];
+ DEBUG("S4U2%s half [ccache %s]\n",
selfhalf?"Self":"Proxy", argv[5]);
}
if (proxyhalf) {
@@ -67,7 +73,7 @@ int main(int argc, const char *argv[])
gss_key_value_set_desc cred_store = { 1, &ccelement };
ret_maj = gss_acquire_cred_from(&ret_min,
- GSS_C_NO_NAME,
+ user_name,
GSS_C_INDEFINITE,
&oid_set,
GSS_C_INITIATE,
@@ -85,7 +91,7 @@ int main(int argc, const char *argv[])
} else {
ret_maj = gss_acquire_cred(&ret_min,
- GSS_C_NO_NAME,
+ proxy_name,
GSS_C_INDEFINITE,
&oid_set,
GSS_C_BOTH,
diff --git a/proxy/tests/t_impersonate.py b/proxy/tests/t_impersonate.py
index 42c801a..499b9a1 100755
--- a/proxy/tests/t_impersonate.py
+++ b/proxy/tests/t_impersonate.py
@@ -11,7 +11,6 @@ IMPERSONATE_CONF_TEMPLATE = '''
socket = ${TESTDIR}/impersonate.socket
mechs = krb5
cred_store = keytab:${GSSPROXY_KEYTAB}
- cred_store = ccache:FILE:${GSSPROXY_CLIENT_CCACHE}
cred_store = client_keytab:${GSSPROXY_CLIENT_KEYTAB}
allow_protocol_transition = yes
allow_constrained_delegation = yes
@@ -21,7 +20,6 @@ IMPERSONATE_CONF_TEMPLATE = '''
socket = ${TESTDIR}/impersonate-selfonly.socket
mechs = krb5
cred_store = keytab:${GSSPROXY_KEYTAB}
- cred_store = ccache:FILE:${GSSPROXY_CLIENT_CCACHE}
cred_store = client_keytab:${GSSPROXY_CLIENT_KEYTAB}
allow_protocol_transition = yes
euid = ${UIDNUMBER}
@@ -30,7 +28,6 @@ IMPERSONATE_CONF_TEMPLATE = '''
socket = ${TESTDIR}/impersonate-proxyonly.socket
mechs = krb5
cred_store = keytab:${GSSPROXY_KEYTAB}
- cred_store = ccache:FILE:${GSSPROXY_CLIENT_CCACHE}
cred_store = client_keytab:${GSSPROXY_CLIENT_KEYTAB}
allow_constrained_delegation = yes
euid = ${UIDNUMBER}
@@ -78,39 +75,39 @@ def run(testdir, env, conf):
# Test all permitted
socket = os.path.join(testdir, 'impersonate.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, conf['svc_name']]
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS]
r = run_cmd(testdir, env, conf, "Impersonate", socket, cmd, False)
rets.append(r)
#Test fail
socket = os.path.join(testdir, 'impersonate-proxyonly.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, conf['svc_name']]
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS]
r = run_cmd(testdir, env, conf, "Impersonate fail self", socket, cmd,
True)
rets.append(r)
#Test fail
socket = os.path.join(testdir, 'impersonate-selfonly.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, conf['svc_name']]
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS]
r = run_cmd(testdir, env, conf, "Impersonate fail proxy", socket, cmd,
True)
rets.append(r)
#Test s4u2self half succeed
socket = os.path.join(testdir, 'impersonate-selfonly.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, conf['svc_name'],
's4u2self',
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS,
's4u2self',
path_prefix + 'impersonate-proxy.ccache']
r = run_cmd(testdir, env, conf, "s4u2self delegation", socket, cmd, False)
rets.append(r)
#Test s4u2proxy half fail
socket = os.path.join(testdir, 'impersonate-selfonly.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, PROXY_GSS, 's4u2proxy',
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS,
's4u2proxy',
path_prefix + 'impersonate-proxy.ccache']
r = run_cmd(testdir, env, conf, "s4u2proxy fail", socket, cmd, True)
rets.append(r)
#Test s4u2proxy half succeed
socket = os.path.join(testdir, 'impersonate-proxyonly.socket')
- cmd = ["./tests/t_impersonate", USR_NAME, PROXY_GSS, 's4u2proxy',
+ cmd = ["./tests/t_impersonate", USR_NAME, HOST_GSS, PROXY_GSS,
's4u2proxy',
path_prefix + 'impersonate-proxy.ccache']
r = run_cmd(testdir, env, conf, "s4u2proxy", socket, cmd, False)
rets.append(r)
diff --git a/proxy/tests/testlib.py b/proxy/tests/testlib.py
index 5276906..0a0af2e 100755
--- a/proxy/tests/testlib.py
+++ b/proxy/tests/testlib.py
@@ -345,6 +345,7 @@ MULTI_KTNAME = "multi.gssproxy.keytab"
MULTI_UPN = "multi$"
MULTI_SVC = "multi/%s" % WRAP_HOSTNAME
HOST_SVC = "host/%s" % WRAP_HOSTNAME
+HOST_GSS = "host@%s" % WRAP_HOSTNAME
PROXY_SVC = "proxy/%s" % WRAP_HOSTNAME
PROXY_GSS = "proxy@%s" % WRAP_HOSTNAME
PROXY_KTNAME = "proxy.keytab"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.