diff options
author | Greg Hudson <ghudson@mit.edu> | 2016-05-12 16:05:46 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-07-06 15:17:06 -0400 |
commit | 1939b23ad293d3bcb525d1821b461915ac997ed0 (patch) | |
tree | 25d06d811e787d57c4f7efa18eaec8b5f5a92ae7 | |
parent | 685cb577890bc565ab122bc65027e177c180e12f (diff) | |
download | krb5-1939b23ad293d3bcb525d1821b461915ac997ed0.zip krb5-1939b23ad293d3bcb525d1821b461915ac997ed0.tar.gz krb5-1939b23ad293d3bcb525d1821b461915ac997ed0.tar.bz2 |
Add tests for krb5_sname_match()
(back ported from commit 83dae972736d823216c20dd559e30c7d41361289)
ticket: 8415
version_fixed: 1.13.6
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | src/lib/krb5/krb/Makefile.in | 11 | ||||
-rw-r--r-- | src/lib/krb5/krb/t_sname_match.c | 117 |
3 files changed, 127 insertions, 2 deletions
@@ -212,6 +212,7 @@ testlog /src/lib/krb5/krb/t_vfy_increds /src/lib/krb5/krb/t_walk_rtree /src/lib/krb5/krb/t_response_items +/src/lib/krb5/krb/t_sname_match /src/lib/krb5/os/t_expand_path /src/lib/krb5/os/t_locate_kdc diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 62f0b90..84e721d 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -349,6 +349,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/t_copy_context.c \ $(srcdir)/t_in_ccache.c \ $(srcdir)/t_response_items.c \ + $(srcdir)/t_sname_match.c \ $(srcdir)/t_vfy_increds.c # Someday, when we have a "maintainer mode", do this right: @@ -433,9 +434,12 @@ t_copy_context: t_copy_context.o $(KRB5_BASE_DEPLIBS) t_response_items: t_response_items.o response_items.o $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_response_items.o response_items.o $(KRB5_BASE_LIBS) +t_sname_match: t_sname_match.o sname_match.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ t_sname_match.o sname_match.o $(KRB5_BASE_LIBS) + TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata t_pac \ t_in_ccache t_cc_config t_copy_context \ - t_princ t_etypes t_vfy_increds t_response_items + t_princ t_etypes t_vfy_increds t_response_items t_sname_match check-unix:: $(TEST_PROGS) KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ @@ -474,6 +478,7 @@ check-unix:: $(TEST_PROGS) $(RUN_SETUP) $(VALGRIND) ./t_princ $(RUN_SETUP) $(VALGRIND) ./t_etypes $(RUN_SETUP) $(VALGRIND) ./t_response_items + $(RUN_SETUP) $(VALGRIND) ./t_sname_match KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) ./t_copy_context @@ -498,7 +503,9 @@ clean:: $(OUTPRE)t_in_ccache$(EXEEXT) $(OUTPRE)t_in_ccache.$(OBJEXT) \ $(OUTPRE)t_ad_fx_armor$(EXEEXT) $(OUTPRE)t_ad_fx_armor.$(OBJEXT) \ $(OUTPRE)t_vfy_increds$(EXEEXT) $(OUTPRE)t_vfy_increds.$(OBJEXT) \ - $(OUTPRE)t_response_items$(EXEEXT) $(OUTPRE)t_response_items.$(OBJEXT) + $(OUTPRE)t_response_items$(EXEEXT) \ + $(OUTPRE)t_response_items.$(OBJEXT) $(OUTPRE)t_sname_match(EXEEXT) \ + $(OUTPRE)t_sname_match.$(OBJEXT) @libobj_frag@ diff --git a/src/lib/krb5/krb/t_sname_match.c b/src/lib/krb5/krb/t_sname_match.c new file mode 100644 index 0000000..021b720 --- /dev/null +++ b/src/lib/krb5/krb/t_sname_match.c @@ -0,0 +1,117 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/krb5/krb/t_sname_match.c - Unit tests for krb5_sname_match() */ +/* + * Copyright (C) 2016 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "k5-int.h" + +struct test { + const char *matchstr; + const char *princstr; + krb5_boolean result; + krb5_boolean ignore_acceptor_hostname; + krb5_boolean non_host_nametype; +} tests[] = { + /* If matching is NULL, the result is true for any princ. */ + { NULL, "a/b@R", TRUE }, + + /* If matching does not have two components or does not have name type + * KRB5_NT_SRV_HOST, the result is a direct comparison. */ + { "a@R", "a@R", TRUE }, + { "a@R", "b@R", FALSE }, + { "a/@R", "a/@R", TRUE, FALSE, TRUE }, + { "a/@R", "a/b@R", FALSE, FALSE, TRUE }, + { "a/b@", "a/b@", TRUE, FALSE, TRUE }, + { "a/b@", "a/b@R", FALSE, FALSE, TRUE }, + { "a/b/@R", "a/b/@R", TRUE }, + { "a/b/@R", "a/b/c@R", FALSE }, + + /* The number of components must match. */ + { "a/b@R", "a@R", FALSE }, + { "a/b@R", "a/b/@R", FALSE }, + { "a/b@R", "a/b/c@R", FALSE }, + + /* If matching's realm is empty, any realm in princ is permitted. */ + { "a/b@", "a/b@", TRUE }, + { "a/b@", "a/b@R", TRUE }, + { "a/b@R", "a/b@R", TRUE }, + { "a/b@R", "a/b@S", FALSE }, + + /* matching's first component must match princ's (even if empty). */ + { "/b@R", "/b@R", TRUE }, + { "/b@R", "a/b@R", FALSE }, + + /* If matching's second component is empty, any second component in princ + * is permitted. */ + { "a/@R", "a/@R", TRUE }, + { "a/@R", "a/b@R", TRUE }, + + /* If ignore_acceptor_hostname is set, any second component in princ is + * permitted, even if there is a different second component in matching. */ + { "a/b@R", "a/c@R", TRUE, TRUE }, + { "a/b@R", "c/b@R", FALSE, TRUE }, +}; + +int +main() +{ + size_t i; + struct test *t; + krb5_principal matching, princ; + krb5_context ctx; + + if (krb5_init_context(&ctx) != 0) + abort(); + for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { + t = &tests[i]; + + if (t->matchstr != NULL) { + if (krb5_parse_name(ctx, t->matchstr, &matching) != 0) + abort(); + if (t->non_host_nametype) + matching->type = KRB5_NT_PRINCIPAL; + else + matching->type = KRB5_NT_SRV_HST; + } else { + matching = NULL; + } + if (krb5_parse_name(ctx, t->princstr, &princ) != 0) + abort(); + + ctx->ignore_acceptor_hostname = t->ignore_acceptor_hostname; + if (krb5_sname_match(ctx, matching, princ) != t->result) + abort(); + + krb5_free_principal(ctx, matching); + krb5_free_principal(ctx, princ); + } + krb5_free_context(ctx); + return 0; +} |