int
main(void)
{
struct kerberos_config *config;
struct remctl *r;
struct remctl_output *output;
char *tmpdir, *confpath;
FILE *conf;
const char *test[] = { "test", "test", NULL };
/* Unless we have Kerberos available, we can't really do anything. */
config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB);
/* Write out our empty configuration file. */
tmpdir = test_tmpdir();
basprintf(&confpath, "%s/conf-empty", tmpdir);
conf = fopen(confpath, "w");
if (conf == NULL)
sysbail("cannot create %s", confpath);
fclose(conf);
/* Now we can start remctl with our temporary configuration file. */
remctld_start(config, "tmp/conf-empty", NULL);
plan(7);
/* Test that we get a valid UNKNOWN_COMMAND error. */
r = remctl_new();
ok(remctl_open(r, "localhost", 14373, config->principal), "remctl_open");
ok(remctl_command(r, test), "remctl_command");
output = remctl_output(r);
ok(output != NULL, "first output token is not null");
if (output == NULL)
ok_block(4, 0, "...and has correct content");
else {
is_int(REMCTL_OUT_ERROR, output->type, "...and is an error");
is_int(15, output->length, "...and is right length");
if (output->data == NULL)
ok(0, "...and has the right error message");
else
ok(memcmp("Unknown command", output->data, 15) == 0,
"...and has the right error message");
is_int(ERROR_UNKNOWN_COMMAND, output->error, "...and error number");
}
remctl_close(r);
unlink(confpath);
free(confpath);
test_tmpdir_free(tmpdir);
return 0;
}
int
main(void)
{
struct kerberos_config *config;
const char *err;
struct remctl *r;
struct remctl_output *output;
const char *command[] = { "test", "env", "REMOTE_ADDR", NULL };
/* Set up Kerberos and remctld. */
config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB);
remctld_start(config, "data/conf-simple", (char *) 0);
plan(10);
/* Successful connection to 127.0.0.1. */
r = remctl_new();
ok(r != NULL, "remctl_new");
ok(remctl_set_source_ip(r, "127.0.0.1"), "remctl_set_source_ip");
ok(remctl_open(r, "127.0.0.1", 14373, config->principal),
"remctl_open to 127.0.0.1");
ok(remctl_command(r, command), "remctl_command");
output = remctl_output(r);
ok(output != NULL, "remctl_output");
if (output == NULL)
ok_block(3, 0, "remctl_output failed");
else {
is_int(REMCTL_OUT_OUTPUT, output->type, "output token");
ok(memcmp("127.0.0.1\n", output->data, strlen("127.0.0.1\n")) == 0,
"correct IP address");
is_int(strlen("127.0.0.1\n"), output->length, "correct length");
}
/* Failed connection to ::1. */
ok(!remctl_open(r, "::1", 14373, config->principal), "remctl_open to ::1");
err = remctl_error(r);
diag("error: %s", err);
ok(((strncmp("cannot connect to ::1 (port 14373): ", err,
strlen("cannot connect to ::1 (port 14373): ")) == 0)
|| (strncmp("unknown host ::1: ", err,
strlen("unknown host ::1: ")) == 0)),
"failed with correct error");
remctl_close(r);
return 0;
}
int
main(void)
{
pam_handle_t *pamh;
struct pam_conv conv = { NULL, NULL };
struct pam_args *args;
plan(12);
if (pam_start("test", NULL, &conv, &pamh) != PAM_SUCCESS)
sysbail("Fake PAM initialization failed");
args = putil_args_new(pamh, 0);
ok(args != NULL, "New args struct is not NULL");
if (args == NULL)
ok_block(7, 0, "...args struct is NULL");
else {
ok(args->pamh == pamh, "...and pamh is correct");
ok(args->config == NULL, "...and config is NULL");
ok(args->user == NULL, "...and user is NULL");
is_int(args->debug, false, "...and debug is false");
is_int(args->silent, false, "...and silent is false");
#ifdef HAVE_KRB5
ok(args->ctx != NULL, "...and the Kerberos context is initialized");
ok(args->realm == NULL, "...and realm is NULL");
#else
skip_block(2, "Kerberos support not configured");
#endif
}
putil_args_free(args);
ok(1, "Freeing the args struct works");
args = putil_args_new(pamh, PAM_SILENT);
ok(args != NULL, "New args struct with PAM_SILENT is not NULL");
if (args == NULL)
ok(0, "...args is NULL");
else
is_int(args->silent, true, "...and silent is true");
putil_args_free(args);
putil_args_free(NULL);
ok(1, "Freeing a NULL args struct works");
pam_end(pamh, 0);
return 0;
}
/*
* When testing the bind (server) functions, we create listening sockets, fork
* a child process to connect to it, and accept the connection and read the
* data in the server. The test reporting is therefore done by the listener.
* There are two listeners, depending on whether we're listening to a single
* socket or an array of sockets, both of which invoke this handler when the
* connection is accepted.
*
* Check that the result of accept, read data from the client, and ensure we
* got the expected data, reporting all results through the normal test
* reporting mechanism.
*/
static void
test_server_connection(socket_type client)
{
FILE *out;
char buffer[512];
/* Verify that the result of accept is good. */
if (client == INVALID_SOCKET) {
sysdiag("cannot accept connection from socket");
ok_block(2, 0, "...socket read test");
return;
}
ok(1, "...socket accept");
/* Read data from the client and ensure it matches our expectations. */
out = fdopen(client, "r");
if (fgets(buffer, sizeof(buffer), out) == NULL) {
sysdiag("cannot read from socket");
ok(0, "...socket read");
}
is_string("socket test\r\n", buffer, "...socket read");
fclose(out);
}
int
main(void)
{
struct kerberos_config *config;
const char *cache;
struct remctl *r;
struct remctl_output *output;
int status;
const char *command[] = { "test", "test", NULL };
/* Set up Kerberos and remctld. */
config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB);
remctld_start(config, "data/conf-simple", (char *) 0);
plan(12);
/* Get the current ticket cache and then change KRB5CCNAME. */
cache = getenv("KRB5CCNAME");
if (cache == NULL)
bail("failed to set KRB5CCNAME");
putenv((char *) "KRB5CCNAME=./nonexistent-file");
/* Connecting without setting the ticket cache should fail. */
r = remctl_new();
ok(r != NULL, "remctl_new");
ok(!remctl_open(r, "127.0.0.1", 14373, config->principal),
"remctl_open to 127.0.0.1");
/* Set the ticket cache and connect to 127.0.0.1 and run a command. */
status = remctl_set_ccache(r, cache);
if (!status) {
is_string("setting credential cache not supported", remctl_error(r),
"remctl_set_ccache failed with correct error");
skip_block(9, "credential cache setting not supported");
} else {
ok(remctl_set_ccache(r, cache), "remctl_set_ccache");
ok(remctl_open(r, "127.0.0.1", 14373, config->principal),
"remctl_open to 127.0.0.1");
ok(remctl_command(r, command), "remctl_command");
output = remctl_output(r);
ok(output != NULL, "remctl_output #1");
if (output == NULL)
ok_block(3, 0, "remctl_output failed");
else {
is_int(REMCTL_OUT_OUTPUT, output->type, "output token");
ok(memcmp("hello world\n", output->data,
strlen("hello world\n")) == 0,
"correct output");
is_int(strlen("hello world\n"), output->length, "correct length");
}
output = remctl_output(r);
ok(output != NULL, "remctl_output #2");
if (output == NULL)
ok_block(2, 0, "remctl_output failed");
else {
is_int(REMCTL_OUT_STATUS, output->type, "status token");
is_int(0, output->status, "status is correct");
}
}
remctl_close(r);
return 0;
}
int
main(void)
{
pam_handle_t *pamh;
struct pam_args *args;
struct pam_conv conv = { NULL, NULL };
bool status;
struct vector *cells;
char *program;
struct output *seen;
const char *argv_bool[2] = { NULL, NULL };
const char *argv_err[2] = { NULL, NULL };
const char *argv_empty[] = { NULL };
#ifdef HAVE_KRB5
const char *argv_all[] = {
"cells=stanford.edu,ir.stanford.edu", "debug", "expires=1d",
"ignore_root", "minimum_uid=1000", "program=/bin/true"
};
char *krb5conf;
#else
const char *argv_all[] = {
"cells=stanford.edu,ir.stanford.edu", "debug", "expires=86400",
"ignore_root", "minimum_uid=1000", "program=/bin/true"
};
#endif
if (pam_start("test", NULL, &conv, &pamh) != PAM_SUCCESS)
sysbail("cannot create pam_handle_t");
args = putil_args_new(pamh, 0);
if (args == NULL)
bail("cannot create PAM argument struct");
plan(161);
/* First, check just the defaults. */
args->config = config_new();
status = putil_args_defaults(args, options, optlen);
ok(status, "Setting the defaults");
ok(args->config->cells == NULL, "...cells default");
is_int(false, args->config->debug, "...debug default");
is_int(10, args->config->expires, "...expires default");
is_int(true, args->config->ignore_root, "...ignore_root default");
is_int(0, args->config->minimum_uid, "...minimum_uid default");
ok(args->config->program == NULL, "...program default");
/* Now parse an empty set of PAM arguments. Nothing should change. */
status = putil_args_parse(args, 0, argv_empty, options, optlen);
ok(status, "Parse of empty argv");
ok(args->config->cells == NULL, "...cells still default");
is_int(false, args->config->debug, "...debug still default");
is_int(10, args->config->expires, "...expires default");
is_int(true, args->config->ignore_root, "...ignore_root still default");
is_int(0, args->config->minimum_uid, "...minimum_uid still default");
ok(args->config->program == NULL, "...program still default");
/* Now, check setting everything. */
status = putil_args_parse(args, 6, argv_all, options, optlen);
ok(status, "Parse of full argv");
if (args->config->cells == NULL)
ok_block(4, false, "...cells is set");
else {
ok(args->config->cells != NULL, "...cells is set");
is_int(2, args->config->cells->count, "...with two cells");
is_string("stanford.edu", args->config->cells->strings[0],
"...first is stanford.edu");
is_string("ir.stanford.edu", args->config->cells->strings[1],
"...second is ir.stanford.edu");
}
is_int(true, args->config->debug, "...debug is set");
is_int(86400, args->config->expires, "...expires is set");
is_int(true, args->config->ignore_root, "...ignore_root is set");
is_int(1000, args->config->minimum_uid, "...minimum_uid is set");
is_string("/bin/true", args->config->program, "...program is set");
config_free(args->config);
args->config = NULL;
/* Test deep copying of defaults. */
cells = vector_new();
if (cells == NULL)
sysbail("cannot allocate memory");
vector_add(cells, "foo.com");
vector_add(cells, "bar.com");
options[0].defaults.list = cells;
program = strdup("/bin/false");
if (program == NULL)
sysbail("cannot allocate memory");
options[5].defaults.string = program;
args->config = config_new();
status = putil_args_defaults(args, options, optlen);
ok(status, "Setting defaults with new defaults");
if (args->config->cells == NULL)
ok_block(4, false, "...cells is set");
else {
ok(args->config->cells != NULL, "...cells is set");
is_int(2, args->config->cells->count, "...with two cells");
is_string("foo.com", args->config->cells->strings[0],
"...first is foo.com");
is_string("bar.com", args->config->cells->strings[1],
"...second is bar.com");
}
is_string("/bin/false", args->config->program,
"...program is /bin/false");
status = putil_args_parse(args, 6, argv_all, options, optlen);
ok(status, "Parse of full argv after defaults");
if (args->config->cells == NULL)
ok_block(4, false, "...cells is set");
else {
ok(args->config->cells != NULL, "...cells is set");
is_int(2, args->config->cells->count, "...with two cells");
is_string("stanford.edu", args->config->cells->strings[0],
"...first is stanford.edu");
is_string("ir.stanford.edu", args->config->cells->strings[1],
"...second is ir.stanford.edu");
}
is_int(true, args->config->debug, "...debug is set");
is_int(86400, args->config->expires, "...expires is set");
is_int(true, args->config->ignore_root, "...ignore_root is set");
is_int(1000, args->config->minimum_uid, "...minimum_uid is set");
is_string("/bin/true", args->config->program, "...program is set");
is_string("foo.com", cells->strings[0], "...first cell after parse");
is_string("bar.com", cells->strings[1], "...second cell after parse");
is_string("/bin/false", program, "...string after parse");
config_free(args->config);
args->config = NULL;
is_string("foo.com", cells->strings[0], "...first cell after free");
is_string("bar.com", cells->strings[1], "...second cell after free");
is_string("/bin/false", program, "...string after free");
options[0].defaults.list = NULL;
options[5].defaults.string = NULL;
vector_free(cells);
free(program);
/* Test specifying the default for a vector parameter as a string. */
options[0].type = TYPE_STRLIST;
options[0].defaults.string = "foo.com,bar.com";
args->config = config_new();
status = putil_args_defaults(args, options, optlen);
ok(status, "Setting defaults with string default for vector");
if (args->config->cells == NULL)
ok_block(4, false, "...cells is set");
else {
ok(args->config->cells != NULL, "...cells is set");
is_int(2, args->config->cells->count, "...with two cells");
is_string("foo.com", args->config->cells->strings[0],
"...first is foo.com");
is_string("bar.com", args->config->cells->strings[1],
"...second is bar.com");
}
config_free(args->config);
args->config = NULL;
options[0].type = TYPE_LIST;
options[0].defaults.string = NULL;
/* Should be no errors so far. */
ok(pam_output() == NULL, "No errors so far");
/* Test various ways of spelling booleans. */
args->config = config_new();
TEST_BOOL("debug", args->config->debug, true);
TEST_BOOL("debug=false", args->config->debug, false);
TEST_BOOL("debug=true", args->config->debug, true);
TEST_BOOL("debug=no", args->config->debug, false);
TEST_BOOL("debug=yes", args->config->debug, true);
TEST_BOOL("debug=off", args->config->debug, false);
TEST_BOOL("debug=on", args->config->debug, true);
TEST_BOOL("debug=0", args->config->debug, false);
TEST_BOOL("debug=1", args->config->debug, true);
TEST_BOOL("debug=False", args->config->debug, false);
TEST_BOOL("debug=trUe", args->config->debug, true);
TEST_BOOL("debug=No", args->config->debug, false);
TEST_BOOL("debug=Yes", args->config->debug, true);
TEST_BOOL("debug=OFF", args->config->debug, false);
TEST_BOOL("debug=ON", args->config->debug, true);
config_free(args->config);
args->config = NULL;
/* Test for various parsing errors. */
args->config = config_new();
TEST_ERROR("debug=", LOG_ERR,
"invalid boolean in setting: debug=");
TEST_ERROR("debug=truth", LOG_ERR,
"invalid boolean in setting: debug=truth");
TEST_ERROR("minimum_uid", LOG_ERR,
"value missing for option minimum_uid");
TEST_ERROR("minimum_uid=", LOG_ERR,
"value missing for option minimum_uid=");
TEST_ERROR("minimum_uid=foo", LOG_ERR,
"invalid number in setting: minimum_uid=foo");
TEST_ERROR("minimum_uid=1000foo", LOG_ERR,
"invalid number in setting: minimum_uid=1000foo");
TEST_ERROR("program", LOG_ERR, "value missing for option program");
TEST_ERROR("cells", LOG_ERR, "value missing for option cells");
config_free(args->config);
args->config = NULL;
#ifdef HAVE_KRB5
/* Test for Kerberos krb5.conf option parsing. */
krb5conf = test_file_path("data/krb5-pam.conf");
if (krb5conf == NULL)
bail("cannot find data/krb5-pam.conf");
if (setenv("KRB5_CONFIG", krb5conf, 1) < 0)
sysbail("cannot set KRB5_CONFIG");
krb5_free_context(args->ctx);
status = krb5_init_context(&args->ctx);
if (status != 0)
bail("cannot parse test krb5.conf file");
args->config = config_new();
status = putil_args_defaults(args, options, optlen);
ok(status, "Setting the defaults");
status = putil_args_krb5(args, "testing", options, optlen);
ok(status, "Options from krb5.conf");
ok(args->config->cells == NULL, "...cells default");
is_int(true, args->config->debug, "...debug set from krb5.conf");
is_int(1800, args->config->expires, "...expires set from krb5.conf");
is_int(true, args->config->ignore_root, "...ignore_root default");
is_int(1000, args->config->minimum_uid,
"...minimum_uid set from krb5.conf");
ok(args->config->program == NULL, "...program default");
status = putil_args_krb5(args, "other-test", options, optlen);
ok(status, "Options from krb5.conf (other-test)");
is_int(-1000, args->config->minimum_uid,
"...minimum_uid set from krb5.conf other-test");
/* Test with a realm set, which should expose more settings. */
krb5_free_context(args->ctx);
status = krb5_init_context(&args->ctx);
if (status != 0)
bail("cannot parse test krb5.conf file");
args->realm = strdup("FOO.COM");
if (args->realm == NULL)
sysbail("cannot allocate memory");
status = putil_args_krb5(args, "testing", options, optlen);
ok(status, "Options from krb5.conf with FOO.COM");
is_int(2, args->config->cells->count, "...cells count from krb5.conf");
is_string("foo.com", args->config->cells->strings[0],
"...first cell from krb5.conf");
is_string("bar.com", args->config->cells->strings[1],
"...second cell from krb5.conf");
is_int(true, args->config->debug, "...debug set from krb5.conf");
is_int(1800, args->config->expires, "...expires set from krb5.conf");
is_int(true, args->config->ignore_root, "...ignore_root default");
is_int(1000, args->config->minimum_uid,
"...minimum_uid set from krb5.conf");
is_string("/bin/false", args->config->program,
"...program from krb5.conf");
/* Test with a different realm. */
free(args->realm);
args->realm = strdup("BAR.COM");
if (args->realm == NULL)
sysbail("cannot allocate memory");
status = putil_args_krb5(args, "testing", options, optlen);
ok(status, "Options from krb5.conf with BAR.COM");
is_int(2, args->config->cells->count, "...cells count from krb5.conf");
is_string("bar.com", args->config->cells->strings[0],
"...first cell from krb5.conf");
is_string("foo.com", args->config->cells->strings[1],
"...second cell from krb5.conf");
is_int(true, args->config->debug, "...debug set from krb5.conf");
is_int(1800, args->config->expires, "...expires set from krb5.conf");
is_int(true, args->config->ignore_root, "...ignore_root default");
is_int(1000, args->config->minimum_uid,
"...minimum_uid set from krb5.conf");
is_string("echo /bin/true", args->config->program,
"...program from krb5.conf");
config_free(args->config);
args->config = config_new();
status = putil_args_krb5(args, "other-test", options, optlen);
ok(status, "Options from krb5.conf (other-test with realm)");
ok(args->config->cells == NULL, "...cells is NULL");
is_string("echo /bin/true", args->config->program,
"...program from krb5.conf");
config_free(args->config);
args->config = NULL;
/* Test for time parsing errors. */
args->config = config_new();
TEST_ERROR("expires=ft87", LOG_ERR,
"bad time value in setting: expires=ft87");
config_free(args->config);
/* Test error reporting from the krb5.conf parser. */
args->config = config_new();
status = putil_args_krb5(args, "bad-number", options, optlen);
ok(status, "Options from krb5.conf (bad-number)");
seen = pam_output();
is_string("invalid number in krb5.conf setting for minimum_uid: 1000foo",
seen->lines[0].line, "...and correct error reported");
is_int(LOG_ERR, seen->lines[0].priority, "...with correct priority");
pam_output_free(seen);
config_free(args->config);
args->config = NULL;
/* Test error reporting on times from the krb5.conf parser. */
args->config = config_new();
status = putil_args_krb5(args, "bad-time", options, optlen);
ok(status, "Options from krb5.conf (bad-time)");
seen = pam_output();
if (seen == NULL)
ok_block(2, false, "...no error output");
else {
is_string("invalid time in krb5.conf setting for expires: ft87",
seen->lines[0].line, "...and correct error reported");
is_int(LOG_ERR, seen->lines[0].priority, "...with correct priority");
}
pam_output_free(seen);
config_free(args->config);
args->config = NULL;
test_file_path_free(krb5conf);
#else /* !HAVE_KRB5 */
skip_block(37, "Kerberos support not configured");
#endif
putil_args_free(args);
pam_end(pamh, 0);
return 0;
}
