/** \brief Constructor
*/
bt_ezswarm_profile_t::bt_ezswarm_profile_t() throw()
{
alloc_policy (ALLOC_POLICY);
check_policy (CHECK_POLICY);
peerpick_mode (PEERPICK_MODE);
peersrc_kad_stopping_timeout (PEERSRC_KAD_STOPPING_TIMEOUT);
// peersrc_kad_peer is NULL by default - it it up to the caller to set it up if bt_peersrc_kad_t
// - TODO why it is here ?!?!?! in a profile and not an bt_ezswarm_t parameter ?
peersrc_kad_peer (NULL);
}
int
main()
{
krb5_db_entry *ent;
osa_policy_ent_t pol;
krb5_pa_data **e_data;
const char *status;
char *defrealm;
int count;
CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx));
/* Currently necessary for krb5_db_open to work. */
CHECK(krb5_get_default_realm(ctx, &defrealm));
/* If we can, revert to requiring all entries match sample_princ in
* iter_princ_handler */
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_create(ctx, NULL));
CHECK(krb5_db_inited(ctx));
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN));
CHECK(krb5_db_inited(ctx));
/* Manipulate a policy, leaving it in place at the end. */
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
check_policy(pol);
pol->pw_min_length--;
CHECK(krb5_db_put_policy(ctx, pol));
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1);
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_delete_policy(ctx, polname));
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
count = 0;
CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count));
CHECK_COND(count == 1);
/* Create a principal. */
CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) ==
KRB5_KDB_NOENTRY);
CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) ==
KRB5_KDB_NOENTRY);
CHECK(krb5_db_put_principal(ctx, &sample_entry));
/* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask)
* but succeed with DB2, so don't check the result. */
(void)krb5_db_put_principal(ctx, &sample_entry);
/* But it should succeed in both back ends with KADM5_LOAD in mask. */
sample_entry.mask |= KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, &sample_entry));
sample_entry.mask &= ~KADM5_LOAD;
/* Fetch and compare the added principal. */
CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent));
check_entry(ent);
/* We can't set up a successful allowed-to-delegate check through existing
* APIs yet, but we can make a failed check. */
CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent,
&sample_princ) != 0);
/* Exercise lockout code. */
/* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */
/* Initial state: last_success 1, last_failed 5, fail_auth_count 2,
* last admin unlock 6 */
/* Check succeeds due to last admin unlock. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data));
/* Failure count resets to 1 due to last admin unlock. */
sim_preauth(8, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8);
/* Failure count resets to 1 due to failcnt_interval */
sim_preauth(70, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70);
/* Failure count resets to 0 due to successful preauth. */
sim_preauth(75, TRUE, &ent);
CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75);
/* Failure count increments to 2 and stops incrementing. */
sim_preauth(80, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80);
sim_preauth(100, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
sim_preauth(110, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
/* Check fails due to reaching maximum failure count. */
CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status,
&e_data) == KRB5KDC_ERR_CLIENT_REVOKED);
/* Check succeeds after lockout_duration has passed. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data));
/* Failure count resets to 1 on next failure. */
sim_preauth(240, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240);
/* Exercise LDAP code to clear a policy reference and to set the key
* data on an existing principal. */
CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy));
ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA;
CHECK(krb5_db_put_principal(ctx, ent));
CHECK(krb5_db_delete_policy(ctx, polname));
/* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as
* from a load operation. */
ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, ent));
/* Exercise LDAP code to create a new principal at a DN from
* KDB_TL_USER_INFO tl-data. */
CHECK(krb5_db_delete_principal(ctx, &sample_princ));
CHECK(krb5_db_put_principal(ctx, ent));
krb5_db_free_principal(ctx, ent);
/* Exercise principal iteration code. */
count = 0;
CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count));
CHECK_COND(count == 1);
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
/* It might be nice to exercise krb5_db_destroy here, but the LDAP module
* doesn't support it. */
krb5_free_default_realm(ctx, defrealm);
krb5_free_context(ctx);
return 0;
}
int
ACE_TMAIN(int argc, ACE_TCHAR *argv[])
{
try
{
// Initialize the ORB, resolve references and parse arguments.
// ORB.
CORBA::ORB_var orb =
CORBA::ORB_init (argc, argv);
// Parse arguments.
if (parse_args (argc, argv) != 0)
return -1;
// Test object 1.
CORBA::Object_var object =
orb->string_to_object (ior1);
Test_var server1 = Test::_narrow (object.in ());
if (check_for_nil (server1.in (), "server1") == -1)
return -1;
// Test object 2.
object = orb->string_to_object (ior2);
Test_var server2 = Test::_narrow (object.in ());
if (check_for_nil (server2.in (), "server2") == -1)
return -1;
// Check that test objects are configured with SERVER_DECLARED
// PriorityModelPolicy, and get their server priorities.
// Test object 1.
CORBA::Short server1_priority =
check_policy (server1.in ());
if (server1_priority == -1)
return -1;
// Test object 2.
CORBA::Short server2_priority =
check_policy (server2.in ());
if (server2_priority == -1)
return -1;
// Testing: make several invocations on test objects.
for (int i = 0; i < 5; ++i)
{
server1->test_method (server1_priority);
server2->test_method (server2_priority);
}
// Testing over. Shut down Server ORB.
server1->shutdown ();
}
catch (const CORBA::Exception& ex)
{
ex._tao_print_exception (
"Unexpected exception in Server_Declared test client:");
return -1;
}
return 0;
}
int check_kasp() {
int status = 0;
int i = 0;
int j = 0;
const char* rngfilename = OPENDNSSEC_SCHEMA_DIR "/kasp.rng";
xmlDocPtr doc;
xmlXPathContextPtr xpath_ctx;
xmlXPathObjectPtr xpath_obj;
xmlNode *curNode;
xmlChar *xexpr;
int policy_count = 0;
char **policy_names = NULL;
int default_found = 0;
if (kasp == NULL) {
dual_log("ERROR: No location for kasp.xml set\n");
return 1;
}
/* Check that the file is well-formed */
status = check_rng(kasp, rngfilename);
if (status ==0) {
dual_log("INFO: The XML in %s is valid\n", kasp);
} else {
return 1;
}
/* Load XML document */
doc = xmlParseFile(kasp);
if (doc == NULL) {
return 1;
}
/* Create xpath evaluation context */
xpath_ctx = xmlXPathNewContext(doc);
if(xpath_ctx == NULL) {
xmlFreeDoc(doc);
return 1;
}
/* First pass through the whole document to test for a policy called "default" and no duplicate names */
xexpr = (xmlChar *)"//KASP/Policy";
xpath_obj = xmlXPathEvalExpression(xexpr, xpath_ctx);
if(xpath_obj == NULL) {
xmlXPathFreeContext(xpath_ctx);
xmlFreeDoc(doc);
return 1;
}
if (xpath_obj->nodesetval) {
policy_count = xpath_obj->nodesetval->nodeNr;
policy_names = (char**)malloc(sizeof(char*) * policy_count);
if (policy_names == NULL) {
dual_log("ERROR: Malloc for policy names failed\n");
exit(1);
}
for (i = 0; i < policy_count; i++) {
policy_names[i] = (char *) xmlGetProp(xpath_obj->nodesetval->nodeTab[i],
(const xmlChar *)"name");
}
}
/* Now we have all the information we need do the checks */
for (i = 0; i < policy_count; i++) {
if (strcmp(policy_names[i], "default") == 0) {
default_found = 1;
}
for (j = i+1; j < policy_count; j++) {
if ( (strcmp(policy_names[i], policy_names[j]) == 0) ) {
dual_log("ERROR: Two policies exist with the same name (%s)\n", policy_names[i]);
status += 1;
}
}
}
if (default_found == 0) {
dual_log("WARNING: No policy named 'default' in %s. This means you will need to refer explicitly to the policy for each zone\n", kasp);
}
/* Go again; this time check each policy */
for (i = 0; i < policy_count; i++) {
curNode = xpath_obj->nodesetval->nodeTab[i]->xmlChildrenNode;
status += check_policy(curNode, policy_names[i], repo_list, repo_count, kasp);
}
for (i = 0; i < policy_count; i++) {
free(policy_names[i]);
}
free(policy_names);
xmlXPathFreeObject(xpath_obj);
xmlXPathFreeContext(xpath_ctx);
xmlFreeDoc(doc);
return status;
}
