int main(void) { struct kerberos_config *config; struct remctl *r; struct remctl_output *output; char *tmpdir, *confpath; FILE *conf; const char *test[] = { "test", "test", NULL }; /* Unless we have Kerberos available, we can't really do anything. */ config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB); /* Write out our empty configuration file. */ tmpdir = test_tmpdir(); basprintf(&confpath, "%s/conf-empty", tmpdir); conf = fopen(confpath, "w"); if (conf == NULL) sysbail("cannot create %s", confpath); fclose(conf); /* Now we can start remctl with our temporary configuration file. */ remctld_start(config, "tmp/conf-empty", NULL); plan(7); /* Test that we get a valid UNKNOWN_COMMAND error. */ r = remctl_new(); ok(remctl_open(r, "localhost", 14373, config->principal), "remctl_open"); ok(remctl_command(r, test), "remctl_command"); output = remctl_output(r); ok(output != NULL, "first output token is not null"); if (output == NULL) ok_block(4, 0, "...and has correct content"); else { is_int(REMCTL_OUT_ERROR, output->type, "...and is an error"); is_int(15, output->length, "...and is right length"); if (output->data == NULL) ok(0, "...and has the right error message"); else ok(memcmp("Unknown command", output->data, 15) == 0, "...and has the right error message"); is_int(ERROR_UNKNOWN_COMMAND, output->error, "...and error number"); } remctl_close(r); unlink(confpath); free(confpath); test_tmpdir_free(tmpdir); return 0; }
int main(void) { struct kerberos_config *config; const char *err; struct remctl *r; struct remctl_output *output; const char *command[] = { "test", "env", "REMOTE_ADDR", NULL }; /* Set up Kerberos and remctld. */ config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB); remctld_start(config, "data/conf-simple", (char *) 0); plan(10); /* Successful connection to 127.0.0.1. */ r = remctl_new(); ok(r != NULL, "remctl_new"); ok(remctl_set_source_ip(r, "127.0.0.1"), "remctl_set_source_ip"); ok(remctl_open(r, "127.0.0.1", 14373, config->principal), "remctl_open to 127.0.0.1"); ok(remctl_command(r, command), "remctl_command"); output = remctl_output(r); ok(output != NULL, "remctl_output"); if (output == NULL) ok_block(3, 0, "remctl_output failed"); else { is_int(REMCTL_OUT_OUTPUT, output->type, "output token"); ok(memcmp("127.0.0.1\n", output->data, strlen("127.0.0.1\n")) == 0, "correct IP address"); is_int(strlen("127.0.0.1\n"), output->length, "correct length"); } /* Failed connection to ::1. */ ok(!remctl_open(r, "::1", 14373, config->principal), "remctl_open to ::1"); err = remctl_error(r); diag("error: %s", err); ok(((strncmp("cannot connect to ::1 (port 14373): ", err, strlen("cannot connect to ::1 (port 14373): ")) == 0) || (strncmp("unknown host ::1: ", err, strlen("unknown host ::1: ")) == 0)), "failed with correct error"); remctl_close(r); return 0; }
int main(void) { pam_handle_t *pamh; struct pam_conv conv = { NULL, NULL }; struct pam_args *args; plan(12); if (pam_start("test", NULL, &conv, &pamh) != PAM_SUCCESS) sysbail("Fake PAM initialization failed"); args = putil_args_new(pamh, 0); ok(args != NULL, "New args struct is not NULL"); if (args == NULL) ok_block(7, 0, "...args struct is NULL"); else { ok(args->pamh == pamh, "...and pamh is correct"); ok(args->config == NULL, "...and config is NULL"); ok(args->user == NULL, "...and user is NULL"); is_int(args->debug, false, "...and debug is false"); is_int(args->silent, false, "...and silent is false"); #ifdef HAVE_KRB5 ok(args->ctx != NULL, "...and the Kerberos context is initialized"); ok(args->realm == NULL, "...and realm is NULL"); #else skip_block(2, "Kerberos support not configured"); #endif } putil_args_free(args); ok(1, "Freeing the args struct works"); args = putil_args_new(pamh, PAM_SILENT); ok(args != NULL, "New args struct with PAM_SILENT is not NULL"); if (args == NULL) ok(0, "...args is NULL"); else is_int(args->silent, true, "...and silent is true"); putil_args_free(args); putil_args_free(NULL); ok(1, "Freeing a NULL args struct works"); pam_end(pamh, 0); return 0; }
/* * When testing the bind (server) functions, we create listening sockets, fork * a child process to connect to it, and accept the connection and read the * data in the server. The test reporting is therefore done by the listener. * There are two listeners, depending on whether we're listening to a single * socket or an array of sockets, both of which invoke this handler when the * connection is accepted. * * Check that the result of accept, read data from the client, and ensure we * got the expected data, reporting all results through the normal test * reporting mechanism. */ static void test_server_connection(socket_type client) { FILE *out; char buffer[512]; /* Verify that the result of accept is good. */ if (client == INVALID_SOCKET) { sysdiag("cannot accept connection from socket"); ok_block(2, 0, "...socket read test"); return; } ok(1, "...socket accept"); /* Read data from the client and ensure it matches our expectations. */ out = fdopen(client, "r"); if (fgets(buffer, sizeof(buffer), out) == NULL) { sysdiag("cannot read from socket"); ok(0, "...socket read"); } is_string("socket test\r\n", buffer, "...socket read"); fclose(out); }
int main(void) { struct kerberos_config *config; const char *cache; struct remctl *r; struct remctl_output *output; int status; const char *command[] = { "test", "test", NULL }; /* Set up Kerberos and remctld. */ config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB); remctld_start(config, "data/conf-simple", (char *) 0); plan(12); /* Get the current ticket cache and then change KRB5CCNAME. */ cache = getenv("KRB5CCNAME"); if (cache == NULL) bail("failed to set KRB5CCNAME"); putenv((char *) "KRB5CCNAME=./nonexistent-file"); /* Connecting without setting the ticket cache should fail. */ r = remctl_new(); ok(r != NULL, "remctl_new"); ok(!remctl_open(r, "127.0.0.1", 14373, config->principal), "remctl_open to 127.0.0.1"); /* Set the ticket cache and connect to 127.0.0.1 and run a command. */ status = remctl_set_ccache(r, cache); if (!status) { is_string("setting credential cache not supported", remctl_error(r), "remctl_set_ccache failed with correct error"); skip_block(9, "credential cache setting not supported"); } else { ok(remctl_set_ccache(r, cache), "remctl_set_ccache"); ok(remctl_open(r, "127.0.0.1", 14373, config->principal), "remctl_open to 127.0.0.1"); ok(remctl_command(r, command), "remctl_command"); output = remctl_output(r); ok(output != NULL, "remctl_output #1"); if (output == NULL) ok_block(3, 0, "remctl_output failed"); else { is_int(REMCTL_OUT_OUTPUT, output->type, "output token"); ok(memcmp("hello world\n", output->data, strlen("hello world\n")) == 0, "correct output"); is_int(strlen("hello world\n"), output->length, "correct length"); } output = remctl_output(r); ok(output != NULL, "remctl_output #2"); if (output == NULL) ok_block(2, 0, "remctl_output failed"); else { is_int(REMCTL_OUT_STATUS, output->type, "status token"); is_int(0, output->status, "status is correct"); } } remctl_close(r); return 0; }
int main(void) { pam_handle_t *pamh; struct pam_args *args; struct pam_conv conv = { NULL, NULL }; bool status; struct vector *cells; char *program; struct output *seen; const char *argv_bool[2] = { NULL, NULL }; const char *argv_err[2] = { NULL, NULL }; const char *argv_empty[] = { NULL }; #ifdef HAVE_KRB5 const char *argv_all[] = { "cells=stanford.edu,ir.stanford.edu", "debug", "expires=1d", "ignore_root", "minimum_uid=1000", "program=/bin/true" }; char *krb5conf; #else const char *argv_all[] = { "cells=stanford.edu,ir.stanford.edu", "debug", "expires=86400", "ignore_root", "minimum_uid=1000", "program=/bin/true" }; #endif if (pam_start("test", NULL, &conv, &pamh) != PAM_SUCCESS) sysbail("cannot create pam_handle_t"); args = putil_args_new(pamh, 0); if (args == NULL) bail("cannot create PAM argument struct"); plan(161); /* First, check just the defaults. */ args->config = config_new(); status = putil_args_defaults(args, options, optlen); ok(status, "Setting the defaults"); ok(args->config->cells == NULL, "...cells default"); is_int(false, args->config->debug, "...debug default"); is_int(10, args->config->expires, "...expires default"); is_int(true, args->config->ignore_root, "...ignore_root default"); is_int(0, args->config->minimum_uid, "...minimum_uid default"); ok(args->config->program == NULL, "...program default"); /* Now parse an empty set of PAM arguments. Nothing should change. */ status = putil_args_parse(args, 0, argv_empty, options, optlen); ok(status, "Parse of empty argv"); ok(args->config->cells == NULL, "...cells still default"); is_int(false, args->config->debug, "...debug still default"); is_int(10, args->config->expires, "...expires default"); is_int(true, args->config->ignore_root, "...ignore_root still default"); is_int(0, args->config->minimum_uid, "...minimum_uid still default"); ok(args->config->program == NULL, "...program still default"); /* Now, check setting everything. */ status = putil_args_parse(args, 6, argv_all, options, optlen); ok(status, "Parse of full argv"); if (args->config->cells == NULL) ok_block(4, false, "...cells is set"); else { ok(args->config->cells != NULL, "...cells is set"); is_int(2, args->config->cells->count, "...with two cells"); is_string("stanford.edu", args->config->cells->strings[0], "...first is stanford.edu"); is_string("ir.stanford.edu", args->config->cells->strings[1], "...second is ir.stanford.edu"); } is_int(true, args->config->debug, "...debug is set"); is_int(86400, args->config->expires, "...expires is set"); is_int(true, args->config->ignore_root, "...ignore_root is set"); is_int(1000, args->config->minimum_uid, "...minimum_uid is set"); is_string("/bin/true", args->config->program, "...program is set"); config_free(args->config); args->config = NULL; /* Test deep copying of defaults. */ cells = vector_new(); if (cells == NULL) sysbail("cannot allocate memory"); vector_add(cells, "foo.com"); vector_add(cells, "bar.com"); options[0].defaults.list = cells; program = strdup("/bin/false"); if (program == NULL) sysbail("cannot allocate memory"); options[5].defaults.string = program; args->config = config_new(); status = putil_args_defaults(args, options, optlen); ok(status, "Setting defaults with new defaults"); if (args->config->cells == NULL) ok_block(4, false, "...cells is set"); else { ok(args->config->cells != NULL, "...cells is set"); is_int(2, args->config->cells->count, "...with two cells"); is_string("foo.com", args->config->cells->strings[0], "...first is foo.com"); is_string("bar.com", args->config->cells->strings[1], "...second is bar.com"); } is_string("/bin/false", args->config->program, "...program is /bin/false"); status = putil_args_parse(args, 6, argv_all, options, optlen); ok(status, "Parse of full argv after defaults"); if (args->config->cells == NULL) ok_block(4, false, "...cells is set"); else { ok(args->config->cells != NULL, "...cells is set"); is_int(2, args->config->cells->count, "...with two cells"); is_string("stanford.edu", args->config->cells->strings[0], "...first is stanford.edu"); is_string("ir.stanford.edu", args->config->cells->strings[1], "...second is ir.stanford.edu"); } is_int(true, args->config->debug, "...debug is set"); is_int(86400, args->config->expires, "...expires is set"); is_int(true, args->config->ignore_root, "...ignore_root is set"); is_int(1000, args->config->minimum_uid, "...minimum_uid is set"); is_string("/bin/true", args->config->program, "...program is set"); is_string("foo.com", cells->strings[0], "...first cell after parse"); is_string("bar.com", cells->strings[1], "...second cell after parse"); is_string("/bin/false", program, "...string after parse"); config_free(args->config); args->config = NULL; is_string("foo.com", cells->strings[0], "...first cell after free"); is_string("bar.com", cells->strings[1], "...second cell after free"); is_string("/bin/false", program, "...string after free"); options[0].defaults.list = NULL; options[5].defaults.string = NULL; vector_free(cells); free(program); /* Test specifying the default for a vector parameter as a string. */ options[0].type = TYPE_STRLIST; options[0].defaults.string = "foo.com,bar.com"; args->config = config_new(); status = putil_args_defaults(args, options, optlen); ok(status, "Setting defaults with string default for vector"); if (args->config->cells == NULL) ok_block(4, false, "...cells is set"); else { ok(args->config->cells != NULL, "...cells is set"); is_int(2, args->config->cells->count, "...with two cells"); is_string("foo.com", args->config->cells->strings[0], "...first is foo.com"); is_string("bar.com", args->config->cells->strings[1], "...second is bar.com"); } config_free(args->config); args->config = NULL; options[0].type = TYPE_LIST; options[0].defaults.string = NULL; /* Should be no errors so far. */ ok(pam_output() == NULL, "No errors so far"); /* Test various ways of spelling booleans. */ args->config = config_new(); TEST_BOOL("debug", args->config->debug, true); TEST_BOOL("debug=false", args->config->debug, false); TEST_BOOL("debug=true", args->config->debug, true); TEST_BOOL("debug=no", args->config->debug, false); TEST_BOOL("debug=yes", args->config->debug, true); TEST_BOOL("debug=off", args->config->debug, false); TEST_BOOL("debug=on", args->config->debug, true); TEST_BOOL("debug=0", args->config->debug, false); TEST_BOOL("debug=1", args->config->debug, true); TEST_BOOL("debug=False", args->config->debug, false); TEST_BOOL("debug=trUe", args->config->debug, true); TEST_BOOL("debug=No", args->config->debug, false); TEST_BOOL("debug=Yes", args->config->debug, true); TEST_BOOL("debug=OFF", args->config->debug, false); TEST_BOOL("debug=ON", args->config->debug, true); config_free(args->config); args->config = NULL; /* Test for various parsing errors. */ args->config = config_new(); TEST_ERROR("debug=", LOG_ERR, "invalid boolean in setting: debug="); TEST_ERROR("debug=truth", LOG_ERR, "invalid boolean in setting: debug=truth"); TEST_ERROR("minimum_uid", LOG_ERR, "value missing for option minimum_uid"); TEST_ERROR("minimum_uid=", LOG_ERR, "value missing for option minimum_uid="); TEST_ERROR("minimum_uid=foo", LOG_ERR, "invalid number in setting: minimum_uid=foo"); TEST_ERROR("minimum_uid=1000foo", LOG_ERR, "invalid number in setting: minimum_uid=1000foo"); TEST_ERROR("program", LOG_ERR, "value missing for option program"); TEST_ERROR("cells", LOG_ERR, "value missing for option cells"); config_free(args->config); args->config = NULL; #ifdef HAVE_KRB5 /* Test for Kerberos krb5.conf option parsing. */ krb5conf = test_file_path("data/krb5-pam.conf"); if (krb5conf == NULL) bail("cannot find data/krb5-pam.conf"); if (setenv("KRB5_CONFIG", krb5conf, 1) < 0) sysbail("cannot set KRB5_CONFIG"); krb5_free_context(args->ctx); status = krb5_init_context(&args->ctx); if (status != 0) bail("cannot parse test krb5.conf file"); args->config = config_new(); status = putil_args_defaults(args, options, optlen); ok(status, "Setting the defaults"); status = putil_args_krb5(args, "testing", options, optlen); ok(status, "Options from krb5.conf"); ok(args->config->cells == NULL, "...cells default"); is_int(true, args->config->debug, "...debug set from krb5.conf"); is_int(1800, args->config->expires, "...expires set from krb5.conf"); is_int(true, args->config->ignore_root, "...ignore_root default"); is_int(1000, args->config->minimum_uid, "...minimum_uid set from krb5.conf"); ok(args->config->program == NULL, "...program default"); status = putil_args_krb5(args, "other-test", options, optlen); ok(status, "Options from krb5.conf (other-test)"); is_int(-1000, args->config->minimum_uid, "...minimum_uid set from krb5.conf other-test"); /* Test with a realm set, which should expose more settings. */ krb5_free_context(args->ctx); status = krb5_init_context(&args->ctx); if (status != 0) bail("cannot parse test krb5.conf file"); args->realm = strdup("FOO.COM"); if (args->realm == NULL) sysbail("cannot allocate memory"); status = putil_args_krb5(args, "testing", options, optlen); ok(status, "Options from krb5.conf with FOO.COM"); is_int(2, args->config->cells->count, "...cells count from krb5.conf"); is_string("foo.com", args->config->cells->strings[0], "...first cell from krb5.conf"); is_string("bar.com", args->config->cells->strings[1], "...second cell from krb5.conf"); is_int(true, args->config->debug, "...debug set from krb5.conf"); is_int(1800, args->config->expires, "...expires set from krb5.conf"); is_int(true, args->config->ignore_root, "...ignore_root default"); is_int(1000, args->config->minimum_uid, "...minimum_uid set from krb5.conf"); is_string("/bin/false", args->config->program, "...program from krb5.conf"); /* Test with a different realm. */ free(args->realm); args->realm = strdup("BAR.COM"); if (args->realm == NULL) sysbail("cannot allocate memory"); status = putil_args_krb5(args, "testing", options, optlen); ok(status, "Options from krb5.conf with BAR.COM"); is_int(2, args->config->cells->count, "...cells count from krb5.conf"); is_string("bar.com", args->config->cells->strings[0], "...first cell from krb5.conf"); is_string("foo.com", args->config->cells->strings[1], "...second cell from krb5.conf"); is_int(true, args->config->debug, "...debug set from krb5.conf"); is_int(1800, args->config->expires, "...expires set from krb5.conf"); is_int(true, args->config->ignore_root, "...ignore_root default"); is_int(1000, args->config->minimum_uid, "...minimum_uid set from krb5.conf"); is_string("echo /bin/true", args->config->program, "...program from krb5.conf"); config_free(args->config); args->config = config_new(); status = putil_args_krb5(args, "other-test", options, optlen); ok(status, "Options from krb5.conf (other-test with realm)"); ok(args->config->cells == NULL, "...cells is NULL"); is_string("echo /bin/true", args->config->program, "...program from krb5.conf"); config_free(args->config); args->config = NULL; /* Test for time parsing errors. */ args->config = config_new(); TEST_ERROR("expires=ft87", LOG_ERR, "bad time value in setting: expires=ft87"); config_free(args->config); /* Test error reporting from the krb5.conf parser. */ args->config = config_new(); status = putil_args_krb5(args, "bad-number", options, optlen); ok(status, "Options from krb5.conf (bad-number)"); seen = pam_output(); is_string("invalid number in krb5.conf setting for minimum_uid: 1000foo", seen->lines[0].line, "...and correct error reported"); is_int(LOG_ERR, seen->lines[0].priority, "...with correct priority"); pam_output_free(seen); config_free(args->config); args->config = NULL; /* Test error reporting on times from the krb5.conf parser. */ args->config = config_new(); status = putil_args_krb5(args, "bad-time", options, optlen); ok(status, "Options from krb5.conf (bad-time)"); seen = pam_output(); if (seen == NULL) ok_block(2, false, "...no error output"); else { is_string("invalid time in krb5.conf setting for expires: ft87", seen->lines[0].line, "...and correct error reported"); is_int(LOG_ERR, seen->lines[0].priority, "...with correct priority"); } pam_output_free(seen); config_free(args->config); args->config = NULL; test_file_path_free(krb5conf); #else /* !HAVE_KRB5 */ skip_block(37, "Kerberos support not configured"); #endif putil_args_free(args); pam_end(pamh, 0); return 0; }