static int dns_send(const char *name) { int ret; struct header *header; enum dns_query_type qtype = DNS_A_RECORD; unsigned char *packet = net_udp_get_payload(dns_con); unsigned char *p, *s, *fullname, *dotptr; const unsigned char *domain; /* Prepare DNS packet header */ header = (struct header *)packet; header->tid = 1; header->flags = htons(0x100); /* standard query */ header->nqueries = htons(1); /* Just one query */ header->nanswers = 0; header->nauth = 0; header->nother = 0; domain = getenv("net.domainname"); if (!strchr(name, '.') && domain && *domain) fullname = basprintf(".%s.%s.", name, domain); else fullname = basprintf(".%s.", name); /* replace dots in fullname with chunk len */ dotptr = fullname; do { int len; s = strchr(dotptr + 1, '.'); len = s - dotptr - 1; *dotptr = len; dotptr = s; } while (*(dotptr + 1)); *dotptr = 0; strcpy(header->data, fullname); p = header->data + strlen(fullname); *p++ = 0; /* Mark end of host name */ *p++ = 0; /* Some servers require double null */ *p++ = (unsigned char)qtype; /* Query Type */ *p++ = 0; *p++ = 1; /* Class: inet, 0x0001 */ ret = net_udp_send(dns_con, p - packet); free(fullname); return ret; }
static int state_convert_node_variable(struct state *state, struct device_node *node, struct device_node *parent, const char *parent_name, enum state_convert conv) { const struct variable_type *vtype; struct device_node *child; struct device_node *new_node = NULL; struct state_variable *sv; const char *type_name; char *short_name, *name, *indexs; unsigned int start_size[2]; int ret; /* strip trailing @<ADDRESS> */ short_name = xstrdup(node->name); indexs = strchr(short_name, '@'); if (indexs) *indexs = 0; /* construct full name */ name = basprintf("%s%s%s", parent_name, parent_name[0] ? "." : "", short_name); free(short_name); if ((conv == STATE_CONVERT_TO_NODE) || (conv == STATE_CONVERT_FIXUP)) new_node = of_new_node(parent, node->name); for_each_child_of_node(node, child) { ret = state_convert_node_variable(state, child, new_node, name, conv); if (ret) goto out_free; }
static int e9_devices_init(void) { int ret; char *environment_path; if (!of_machine_is_compatible("embedsky,e9")) return 0; armlinux_set_architecture(3980); environment_path = basprintf("/chosen/environment-mmc%d", bootsource_get_instance()); ret = of_device_enable_path(environment_path); if (ret < 0) pr_warn("Failed to enable environment partition '%s' (%d)\n", environment_path, ret); free(environment_path); defaultenv_append_directory(defaultenv_e9); imx6_bbu_internal_mmc_register_handler("sd", "/dev/mmc1", BBU_HANDLER_FLAG_DEFAULT); imx6_bbu_internal_mmc_register_handler("emmc", "/dev/mmc3", BBU_HANDLER_FLAG_DEFAULT); return 0; }
static int rdu_networkconfig(void) { static char *rdu_netconfig; struct device_d *sp_dev; if (!of_machine_is_compatible("zii,imx6q-zii-rdu2") && !of_machine_is_compatible("zii,imx6qp-zii-rdu2") && !of_machine_is_compatible("zii,imx51-rdu1")) return 0; sp_dev = get_device_by_name("sp"); if (!sp_dev) { pr_warn("no sp device found, network config not available!\n"); return -ENODEV; } rdu_netconfig = basprintf("ip=%s:::%s::eth0:", dev_get_param(sp_dev, "ipaddr"), dev_get_param(sp_dev, "netmask")); globalvar_add_simple_string("linux.bootargs.rdu_network", &rdu_netconfig); return 0; }
int ubi_volume_cdev_add(struct ubi_device *ubi, struct ubi_volume *vol) { struct cdev *cdev = &vol->cdev; struct ubi_volume_cdev_priv *priv; int ret; priv = kzalloc(sizeof(*priv), GFP_KERNEL); priv->vol = vol; priv->ubi = ubi; cdev->ops = &ubi_volume_fops; cdev->name = basprintf("%s.%s", ubi->cdev.name, vol->name); cdev->priv = priv; cdev->size = vol->used_bytes; if (vol->vol_type == UBI_STATIC_VOLUME) cdev->flags = DEVFS_IS_CHARACTER_DEV; cdev->dev = &vol->dev; ubi_msg(ubi, "registering %s as /dev/%s", vol->name, cdev->name); ret = devfs_create(cdev); if (ret) { kfree(priv); free(cdev->name); } list_add_tail(&vol->list, &ubi_volumes_list); return 0; }
/* * Internal helper function for remctld_start and remctld_start_fakeroot. * * Takes the Kerberos test configuration (the keytab principal is used as the * server principal), the configuration file to use (found via * test_file_path), and then any additional arguments to pass to remctld, * ending with a NULL. Returns the PID of the running remctld process. If * anything fails, calls bail. * * The path to remctld is obtained from the PATH_REMCTLD #define. If this is * not set, remctld_start_internal calls skip_all. */ static struct process * remctld_start_internal(struct kerberos_config *krbconf, const char *config, va_list args, bool fakeroot) { va_list args_copy; char *tmpdir, *pidfile, *confpath; size_t i, length; const char *arg, **argv; struct process *process; const char *path_remctld = PATH_REMCTLD; /* Check prerequisites. */ if (path_remctld[0] == '\0') skip_all("remctld not found"); /* Determine the location of the PID file and remove any old ones. */ tmpdir = test_tmpdir(); basprintf(&pidfile, "%s/remctld.pid", tmpdir); if (access(pidfile, F_OK) == 0) bail("remctld may already be running: %s exists", pidfile); /* Build the argv used to run remctld. */ confpath = test_file_path(config); if (confpath == NULL) bail("cannot find remctld config %s", config); length = 11; va_copy(args_copy, args); while ((arg = va_arg(args_copy, const char *)) != NULL) length++; va_end(args_copy); argv = bmalloc(length * sizeof(const char *)); i = 0; argv[i++] = path_remctld; argv[i++] = "-mdSF"; argv[i++] = "-p"; argv[i++] = "14373"; argv[i++] = "-s"; argv[i++] = krbconf->principal; argv[i++] = "-P"; argv[i++] = pidfile; argv[i++] = "-f"; argv[i++] = confpath; while ((arg = va_arg(args, const char *)) != NULL) argv[i++] = arg; argv[i] = NULL; /* Start remctld using process_start or process_start_fakeroot. */ if (fakeroot) process = process_start_fakeroot(argv, pidfile); else process = process_start(argv, pidfile); /* Clean up and return. */ test_file_path_free(confpath); free(pidfile); test_tmpdir_free(tmpdir); free(argv); return process; }
message_log_buffer(int len UNUSED, const char *fmt, va_list args, int error UNUSED) { char *message; bvasprintf(&message, fmt, args); if (errors == NULL) basprintf(&errors, "%s\n", message); else { char *new_errors; basprintf(&new_errors, "%s%s\n", errors, message); free(errors); errors = new_errors; } free(message); }
static void load_logo(int width, void *start, void *end) { char *filename; size_t size = end - start; filename = basprintf("/logo/barebox-logo-%d.png", width); write_file(filename, start, size); free(filename); }
/* * Clean up at the end of a test. This removes the ticket cache and resets * and frees the memory allocated for the environment variables so that * valgrind output on test suites is cleaner. Most of the work is done by * kerberos_free, but this function also deletes the ticket cache. */ void kerberos_cleanup(void) { char *path; if (tmpdir_ticket != NULL) { basprintf(&path, "%s/krb5cc_test", tmpdir_ticket); unlink(path); free(path); } kerberos_free(); }
int copy_recursive(const char *src, const char *dst) { struct stat s; DIR *dir; struct dirent *d; int ret; ret = stat(src, &s); if (ret) return ret; if (!S_ISDIR(s.st_mode)) return copy_file(src, dst, 0); ret = make_directory(dst); if (ret) return ret; dir = opendir(src); if (!dir) return -EIO; while ((d = readdir(dir))) { char *from, *to; if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, "..")) continue; from = basprintf("%s/%s", src, d->d_name); to = basprintf("%s/%s", dst, d->d_name); ret = copy_recursive(from, to); if (ret) break; free(from); free(to); } closedir(dir); return ret; }
static int do_compare_file(const char *filename, const char *base) { int ret; char *cmp; const char *relname = filename + strlen(base) + 1; cmp = basprintf("%s/%s", TMPDIR, relname); ret = compare_file(cmp, filename); free(cmp); return ret; }
int main(void) { struct kerberos_config *config; struct remctl *r; struct remctl_output *output; char *tmpdir, *confpath; FILE *conf; const char *test[] = { "test", "test", NULL }; /* Unless we have Kerberos available, we can't really do anything. */ config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB); /* Write out our empty configuration file. */ tmpdir = test_tmpdir(); basprintf(&confpath, "%s/conf-empty", tmpdir); conf = fopen(confpath, "w"); if (conf == NULL) sysbail("cannot create %s", confpath); fclose(conf); /* Now we can start remctl with our temporary configuration file. */ remctld_start(config, "tmp/conf-empty", NULL); plan(7); /* Test that we get a valid UNKNOWN_COMMAND error. */ r = remctl_new(); ok(remctl_open(r, "localhost", 14373, config->principal), "remctl_open"); ok(remctl_command(r, test), "remctl_command"); output = remctl_output(r); ok(output != NULL, "first output token is not null"); if (output == NULL) ok_block(4, 0, "...and has correct content"); else { is_int(REMCTL_OUT_ERROR, output->type, "...and is an error"); is_int(15, output->length, "...and is right length"); if (output->data == NULL) ok(0, "...and has the right error message"); else ok(memcmp("Unknown command", output->data, 15) == 0, "...and has the right error message"); is_int(ERROR_UNKNOWN_COMMAND, output->error, "...and error number"); } remctl_close(r); unlink(confpath); free(confpath); test_tmpdir_free(tmpdir); return 0; }
static int ds2431_probe(struct w1_device *dev) { struct cdev *cdev; cdev = xzalloc(sizeof(*cdev)); cdev->dev = &dev->dev; cdev->priv = dev; cdev->ops = &ds2431_ops; cdev->size = W1_F2D_EEPROM_SIZE; cdev->name = basprintf(DRIVERNAME"%d", ds2431_count++); if (cdev->name == NULL) return -ENOMEM; return devfs_create(cdev); }
/* * Calls server_config_acl_permit with the anonymous identity and anonymous * set to true. * * Heimdal's KRB5_WELLKNOWN_NAME and related constants expand to a literal in * parentheses, which means they cannot be concatenated by the preprocessor * and the string cannot be constructed at compile time. */ static bool acl_permit_anonymous(const struct rule *rule) { static char *pname = NULL; struct client client = { -1, -1, NULL, NULL, 0, NULL, NULL, true, 0, 0, false, false, NULL, NULL, NULL }; if (pname == NULL) basprintf(&pname, "%s/%s@%s", KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, KRB5_ANON_REALM); client.user = pname; return server_config_acl_permit(rule, &client); }
/* * Clean up the krb5.conf file generated by kerberos_generate_conf and free * the memory used to set the environment variable. This doesn't fail if the * file and variable are already gone, allowing it to be harmlessly run * multiple times. * * Normally called via an atexit handler. */ void kerberos_cleanup_conf(void) { char *path; if (tmpdir_conf != NULL) { basprintf(&path, "%s/krb5.conf", tmpdir_conf); unlink(path); free(path); test_tmpdir_free(tmpdir_conf); tmpdir_conf = NULL; } putenv((char *) "KRB5_CONFIG="); free(krb5_config); krb5_config = NULL; }
static void kerberos_kinit(void) { static const char * const format[] = { "kinit --no-afslog -k -t %s %s >/dev/null 2>&1 </dev/null", "kinit -k -t %s %s >/dev/null 2>&1 </dev/null", "kinit -t %s %s >/dev/null 2>&1 </dev/null", "kinit -k -K %s %s >/dev/null 2>&1 </dev/null" }; FILE *file; char *path; char principal[BUFSIZ], *command; size_t i; int status; /* Read the principal corresponding to the keytab. */ path = test_file_path("config/principal"); if (path == NULL) { test_file_path_free(config->keytab); config->keytab = NULL; return; } file = fopen(path, "r"); if (file == NULL) { test_file_path_free(path); return; } test_file_path_free(path); if (fgets(principal, sizeof(principal), file) == NULL) bail("cannot read %s", path); fclose(file); if (principal[strlen(principal) - 1] != '\n') bail("no newline in %s", path); principal[strlen(principal) - 1] = '\0'; config->principal = bstrdup(principal); /* Now do the Kerberos initialization. */ for (i = 0; i < ARRAY_SIZE(format); i++) { basprintf(&command, format[i], config->keytab, principal); status = system(command); free(command); if (status != -1 && WEXITSTATUS(status) == 0) break; } if (status == -1 || WEXITSTATUS(status) != 0) bail("cannot get Kerberos tickets"); }
int ubi_cdev_add(struct ubi_device *ubi) { struct cdev *cdev = &ubi->cdev; int ret; cdev->ops = &ubi_fops; cdev->name = basprintf("%s.ubi", ubi->mtd->cdev.name); cdev->priv = ubi; cdev->size = 0; ubi_msg(ubi, "registering /dev/%s", cdev->name); ret = devfs_create(cdev); if (ret) kfree(cdev->name); return ret; }
void ubifs_set_rootarg(struct ubifs_priv *priv, struct fs_device_d *fsdev) { struct ubi_volume_info vi = {}; struct ubi_device_info di = {}; struct mtd_info *mtd; char *str; ubi_get_volume_info(priv->ubi, &vi); ubi_get_device_info(vi.ubi_num, &di); mtd = di.mtd; str = basprintf("root=ubi0:%s ubi.mtd=%s rootfstype=ubifs", vi.name, mtd->cdev.partname); fsdev_set_linux_rootarg(fsdev, str); free(str); }
/* * Generate a krb5.conf file for testing and set KRB5_CONFIG to point to it. * The [appdefaults] section will be stripped out and the default realm will * be set to the realm specified, if not NULL. This will use config/krb5.conf * in preference, so users can configure the tests by creating that file if * the system file isn't suitable. * * Depends on data/generate-krb5-conf being present in the test suite. */ void kerberos_generate_conf(const char *realm) { char *path; const char *argv[3]; if (tmpdir_conf != NULL) kerberos_cleanup_conf(); path = test_file_path("data/generate-krb5-conf"); if (path == NULL) bail("cannot find generate-krb5-conf"); argv[0] = path; argv[1] = realm; argv[2] = NULL; run_setup(argv); test_file_path_free(path); tmpdir_conf = test_tmpdir(); basprintf(&krb5_config, "KRB5_CONFIG=%s/krb5.conf", tmpdir_conf); putenv(krb5_config); if (atexit(kerberos_cleanup_conf) != 0) sysdiag("cannot register cleanup function"); }
static int file_remove_action(const char *filename, struct stat *statbuf, void *userdata, int depth) { struct action_data *data = userdata; char *envname; struct stat s; int ret; struct envfs_entry *env; filename += sizeof(TMPDIR) - 1; envname = basprintf("%s/%s", data->base, filename); ret = stat(envname, &s); if (ret) { char *base; base = basename(envname); env = xzalloc(sizeof(*env)); env->name = strdup(filename); env->size = strlen(base) + 1; env->buf = strdup(base); if (!env->buf) goto out; env->mode = S_IRWXU | S_IRWXG | S_IRWXO | S_IFLNK; env->next = data->env; data->env = env; } out: free(envname); return 1; }
static void *omap_xload_boot_mmc(void) { int ret; void *buf; int len; const char *diskdev; char *partname; diskdev = omap_get_bootmmc_devname(); if (!diskdev) diskdev = "disk0"; device_detect_by_name(diskdev); partname = basprintf("%s.0", diskdev); ret = mount(partname, NULL, "/", NULL); if (ret) { printf("Unable to mount %s (%d)\n", partname, ret); free(partname); return NULL; } free(partname); buf = read_file("/barebox.bin", &len); if (!buf) buf = read_file("/boot/barebox.bin", &len); if (!buf) { printf("could not read barebox.bin from sd card\n"); return NULL; } return buf; }
static void kerberos_kinit(void) { char *name, *krbtgt; krb5_error_code code; krb5_context ctx; krb5_ccache ccache; krb5_principal kprinc; krb5_keytab keytab; krb5_get_init_creds_opt *opts; krb5_creds creds; const char *realm; /* * Determine the principal corresponding to that keytab. We copy the * memory to ensure that it's allocated in the right memory domain on * systems where that may matter (like Windows). */ code = krb5_init_context(&ctx); if (code != 0) bail_krb5(ctx, code, "error initializing Kerberos"); kprinc = kerberos_keytab_principal(ctx, config->keytab); code = krb5_unparse_name(ctx, kprinc, &name); if (code != 0) bail_krb5(ctx, code, "error unparsing name"); krb5_free_principal(ctx, kprinc); config->principal = bstrdup(name); krb5_free_unparsed_name(ctx, name); /* Now do the Kerberos initialization. */ code = krb5_cc_default(ctx, &ccache); if (code != 0) bail_krb5(ctx, code, "error setting ticket cache"); code = krb5_parse_name(ctx, config->principal, &kprinc); if (code != 0) bail_krb5(ctx, code, "error parsing principal %s", config->principal); realm = krb5_principal_get_realm(ctx, kprinc); basprintf(&krbtgt, "krbtgt/%s@%s", realm, realm); code = krb5_kt_resolve(ctx, config->keytab, &keytab); if (code != 0) bail_krb5(ctx, code, "cannot open keytab %s", config->keytab); code = krb5_get_init_creds_opt_alloc(ctx, &opts); if (code != 0) bail_krb5(ctx, code, "cannot allocate credential options"); krb5_get_init_creds_opt_set_default_flags(ctx, NULL, realm, opts); krb5_get_init_creds_opt_set_forwardable(opts, 0); krb5_get_init_creds_opt_set_proxiable(opts, 0); code = krb5_get_init_creds_keytab(ctx, &creds, kprinc, keytab, 0, krbtgt, opts); if (code != 0) bail_krb5(ctx, code, "cannot get Kerberos tickets"); code = krb5_cc_initialize(ctx, ccache, kprinc); if (code != 0) bail_krb5(ctx, code, "error initializing ticket cache"); code = krb5_cc_store_cred(ctx, ccache, &creds); if (code != 0) bail_krb5(ctx, code, "error storing credentials"); krb5_cc_close(ctx, ccache); krb5_free_cred_contents(ctx, &creds); krb5_kt_close(ctx, keytab); krb5_free_principal(ctx, kprinc); krb5_get_init_creds_opt_free(ctx, opts); krb5_free_context(ctx); free(krbtgt); }
int main(void) { struct script_config config; struct kerberos_password *password; DIR *tmpdir; struct dirent *file; char *tmppath, *path; /* Load the Kerberos principal and password from a file. */ password = kerberos_config_password(); if (password == NULL) skip_all("Kerberos tests not configured"); memset(&config, 0, sizeof(config)); config.user = password->username; config.password = password->password; config.extra[0] = password->principal; /* Generate a testing krb5.conf file. */ kerberos_generate_conf(password->realm); /* Get the temporary directory and store that as the %1 substitution. */ tmppath = test_tmpdir(); config.extra[1] = tmppath; plan_lazy(); /* * We need to ensure that the only thing in the test temporary directory * is the krb5.conf file that we generated, since we're going to check for * cleanup by looking for any out-of-place files. */ tmpdir = opendir(tmppath); if (tmpdir == NULL) sysbail("cannot open directory %s", tmppath); while ((file = readdir(tmpdir)) != NULL) { if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0) continue; if (strcmp(file->d_name, "krb5.conf") == 0) continue; basprintf(&path, "%s/%s", tmppath, file->d_name); if (unlink(path) < 0) sysbail("cannot delete temporary file %s", path); free(path); } closedir(tmpdir); /* * Authenticate only, call pam_end, and be sure the ticket cache is * gone. The auth-only script sets ccache_dir to the temporary directory, * so the module will create a temporary ticket cache there and then * should clean it up. */ run_script("data/scripts/cache-cleanup/auth-only", &config); path = NULL; tmpdir = opendir(tmppath); if (tmpdir == NULL) sysbail("cannot open directory %s", tmppath); while ((file = readdir(tmpdir)) != NULL) { if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0) continue; if (strcmp(file->d_name, "krb5.conf") == 0) continue; if (path == NULL) basprintf(&path, "%s/%s", tmppath, file->d_name); } closedir(tmpdir); if (path != NULL) diag("found stray temporary file %s", path); ok(path == NULL, "ticket cache cleaned up"); if (path != NULL) free(path); test_tmpdir_free(tmppath); kerberos_config_password_free(password); return 0; }
int main(void) { krb5_context ctx; const char *message; char *expected; char long_principal[VERY_LONG_PRINCIPAL]; const char *acls[5]; const struct rule rule = { (char *) "TEST", 0, NULL, NULL, NULL, NULL, NULL, 0, NULL, NULL, 0, 0, NULL, NULL, (char **) acls }; plan(16); /* Use a krb5.conf with a default realm of EXAMPLE.ORG. */ kerberos_generate_conf("EXAMPLE.ORG"); /* Check behavior with empty groups. */ fake_queue_group(&empty, 0); set_passwd("someone", 0); acls[0] = "localgroup:empty"; acls[1] = NULL; ok(!acl_permit(&rule, "*****@*****.**"), "Empty"); /* Check behavior when user is expected to be in supplied group. */ fake_queue_group(&goodguys, 0); set_passwd("remi", 0); acls[0] = "localgroup:goodguys"; acls[1] = NULL; ok(acl_permit(&rule, "*****@*****.**"), "User in group"); /* And when the user is not in the supplied group. */ fake_queue_group(&goodguys, 0); set_passwd("someoneelse", 0); ok(!acl_permit(&rule, "*****@*****.**"), "User not in group"); /* Check that the user's primary group also counts. */ fake_queue_group(&goodguys, 0); set_passwd("otheruser", 42); ok(acl_permit(&rule, "*****@*****.**"), "User has group as primary group"); /* And when the user does not convert to a local user or is complex. */ fake_queue_group(&goodguys, 0); set_passwd("remi", 0); errors_capture(); ok(!acl_permit(&rule, "remi/[email protected]"), "User with instance with base user in group"); is_string(NULL, errors, "...with no error"); /* Principal name is too long. */ fake_queue_group(&goodguys, 0); memset(long_principal, 'A', sizeof(long_principal)); long_principal[sizeof(long_principal) - 1] = '\0'; errors_capture(); ok(!acl_permit(&rule, long_principal), "Long principal"); /* Determine the expected error message and check it. */ if (krb5_init_context(&ctx) != 0) bail("cannot create Kerberos context"); message = krb5_get_error_message(ctx, KRB5_CONFIG_NOTENUFSPACE); basprintf(&expected, "conversion of %s to local name failed: %s\n", long_principal, message); krb5_free_context(ctx); is_string(expected, errors, "...with correct error message"); krb5_free_error_message(ctx, message); free(expected); /* Unsupported realm. */ fake_queue_group(&goodguys, 0); set_passwd("eagle", 0); ok(!acl_permit(&rule, "*****@*****.**"), "Non-local realm"); /* Check behavior when syscall fails */ fake_queue_group(&goodguys, EPERM); set_passwd("remi", 0); errors_capture(); ok(!acl_permit(&rule, "*****@*****.**"), "Failing getgrnam_r"); is_string("TEST:0: retrieving membership of localgroup goodguys failed\n", errors, "...with correct error message"); /* Check that deny group works as expected */ fake_queue_group(&badguys, 0); set_passwd("boba-fett", 0); acls[0] = "deny:localgroup:badguys"; acls[1] = NULL; ok(!acl_permit(&rule, "*****@*****.**"), "Denied user"); fake_queue_group(&badguys, 0); set_passwd("remi", 0); ok(!acl_permit(&rule, "*****@*****.**"), "User not in denied group but also not allowed"); /* Check that both deny and "allow" pragma work together */ fake_queue_group(&goodguys, 0); fake_queue_group(&badguys, 0); set_passwd("eagle", 0); acls[0] = "localgroup:goodguys"; acls[1] = "deny:localgroup:badguys"; acls[2] = NULL; ok(acl_permit(&rule, "*****@*****.**"), "User in allowed group plus a denied group"); fake_queue_group(&goodguys, 0); fake_queue_group(&badguys, 0); set_passwd("darth-maul", 0); ok(!acl_permit(&rule, "*****@*****.**"), "User in a denied group plus an allowed group"); fake_queue_group(&goodguys, 0); fake_queue_group(&badguys, 0); set_passwd("anyoneelse", 0); ok(!acl_permit(&rule, "*****@*****.**"), "User in neither denied nor allowed group"); /* Clean up. */ free(errors); return 0; }
int ifup(const char *name, unsigned flags) { int ret; char *cmd, *cmd_discover; const char *ip; struct stat s; int i; struct device_d *dev; struct eth_device *edev = eth_get_byname(name); if (edev && edev->ipaddr && !(flags & IFUP_FLAG_FORCE)) return 0; eth_set_current(edev); env_push_context(); setenv("ip", ""); for (i = 0; i < ARRAY_SIZE(vars); i++) setenv(vars[i], ""); cmd = basprintf("source /env/network/%s", name); cmd_discover = basprintf("/env/network/%s-discover", name); ret = run_command(cmd); if (ret) { pr_err("Running '%s' failed with %d\n", cmd, ret); goto out; } ret = stat(cmd_discover, &s); if (!ret) { ret = run_command(cmd_discover); if (ret) { pr_err("Running '%s' failed with %d\n", cmd, ret); goto out; } } dev = get_device_by_name(name); if (!dev) { pr_err("Cannot find device %s\n", name); goto out; } ret = eth_set_param(dev, "ethaddr"); if (ret) goto out; ip = getenv("ip"); if (!ip) ip = ""; if (!strcmp(ip, "dhcp")) { ret = run_command("dhcp"); if (ret) goto out; ret = eth_set_param(dev, "serverip"); if (ret) goto out; } else if (!strcmp(ip, "static")) { for (i = 0; i < ARRAY_SIZE(vars); i++) { ret = eth_set_param(dev, vars[i]); if (ret) goto out; } } else { pr_err("unknown ip type: %s\n", ip); ret = -EINVAL; goto out; } ret = 0; out: env_pop_context(); free(cmd); free(cmd_discover); return ret; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; char *newpass, *date; struct passwd pwd; time_t now; /* Load the Kerberos principal and password from a file. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = krbconf->username; config.password = krbconf->password; config.extra[0] = krbconf->userprinc; /* * Ensure we can expire the password. Heimdal has a prompt for the * expiration time, so save that to use as a substitution in the script. */ now = time(NULL) - 1; if (!kerberos_expire_password(krbconf->userprinc, now)) skip_all("kadmin not configured or kadmin mismatch"); date = bstrdup(ctime(&now)); date[strlen(date) - 1] = '\0'; config.extra[1] = date; /* Generate a testing krb5.conf file. */ kerberos_generate_conf(krbconf->realm); /* Create a fake passwd struct for our user. */ memset(&pwd, 0, sizeof(pwd)); pwd.pw_name = krbconf->username; pwd.pw_uid = getuid(); pwd.pw_gid = getgid(); basprintf(&pwd.pw_dir, "%s/tmp", getenv("BUILD")); pam_set_pwd(&pwd); /* * We'll be changing the password to something new. This needs to be * sufficiently random that it's unlikely to fall afoul of password * strength checking. */ basprintf(&newpass, "ngh1,a%lu nn9af6", (unsigned long) getpid()); config.newpass = newpass; plan_lazy(); /* Default behavior. */ #ifdef HAVE_KRB5_HEIMDAL run_script("data/scripts/expired/basic-heimdal", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-debug", &config); #else run_script("data/scripts/expired/basic-mit", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-debug", &config); #endif /* Test again with PAM_SILENT, specified two ways. */ #ifdef HAVE_KRB5_HEIMDAL config.newpass = newpass; config.password = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-silent", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-flag-silent", &config); #else config.newpass = newpass; config.password = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-silent", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-flag-silent", &config); #endif /* * We can only run the remaining checks if we can suppress the Kerberos * library behavior of prompting for a new password when the password has * expired. */ #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* Check the forced failure behavior. */ run_script("data/scripts/expired/fail", &config); run_script("data/scripts/expired/fail-debug", &config); /* Defer the error to the account management check. */ config.newpass = newpass; config.password = krbconf->password; config.authtok = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/defer", &config); config.newpass = krbconf->password; config.password = newpass; config.authtok = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/defer-debug", &config); #else /* !HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */ /* Mention that we skipped something for the record. */ skip_block(4, "cannot disable library password prompting"); #endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */ /* In case we ran into some error, try to unexpire the password. */ kerberos_expire_password(krbconf->userprinc, 0); free(date); free(newpass); free(pwd.pw_dir); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; char *user; /* * Load the Kerberos principal and password from a file, but set the * principal as extra[0] and use something else bogus as the user. We * want to test that alt_auth_map works when there's no relationship * between the mapped principal and the user. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = "******"; config.authtok = krbconf->password; config.extra[0] = krbconf->username; config.extra[1] = krbconf->userprinc; /* * Generate a testing krb5.conf file with a nonexistent default realm so * that we can be sure that our principals will stay fully-qualified in * the logs. */ kerberos_generate_conf("bogus.example.com"); config.extra[2] = "bogus.example.com"; /* Test without password prompting. */ plan_lazy(); run_script("data/scripts/alt-auth/basic", &config); run_script("data/scripts/alt-auth/basic-debug", &config); run_script("data/scripts/alt-auth/fail", &config); run_script("data/scripts/alt-auth/fail-debug", &config); run_script("data/scripts/alt-auth/force", &config); run_script("data/scripts/alt-auth/only", &config); /* * If the alternate account exists but the password is incorrect, we * should not fall back to the regular account. Test with debug so that * we don't need two principals configured. */ config.authtok = "bogus incorrect password"; run_script("data/scripts/alt-auth/force-fail-debug", &config); /* * Switch to our correct user (but wrong realm) realm to test username * mapping to a different realm. */ config.authtok = krbconf->password; config.user = krbconf->username; config.extra[2] = krbconf->realm; run_script("data/scripts/alt-auth/username-map", &config); /* * Split the username into two parts, one in the PAM configuration and one * in the real username, so that we can test interpolation of the username * when %s isn't the first token. */ config.user = &krbconf->username[1]; user = bstrndup(krbconf->username, 1); config.extra[3] = user; run_script("data/scripts/alt-auth/username-map-prefix", &config); free(user); config.extra[3] = NULL; /* * Ensure that we don't add the realm of the authentication username when * the alt_auth_map already includes a realm. */ basprintf(&user, "*****@*****.**", krbconf->username); config.user = user; diag("re-running username-map with fully-qualified PAM user"); run_script("data/scripts/alt-auth/username-map", &config); free(user); config.user = krbconf->username; /* * Add the password and make the user match our authentication principal, * and then test fallback to normal authentication when alternative * authentication fails. */ config.user = krbconf->userprinc; config.password = krbconf->password; config.extra[2] = krbconf->realm; run_script("data/scripts/alt-auth/fallback", &config); run_script("data/scripts/alt-auth/fallback-debug", &config); run_script("data/scripts/alt-auth/fallback-realm", &config); run_script("data/scripts/alt-auth/force-fallback", &config); run_script("data/scripts/alt-auth/only-fail", &config); return 0; }
int register_framebuffer(struct fb_info *info) { int id = get_free_deviceid("fb"); struct device_d *dev; int ret, num_modes, i; const char **names; dev = &info->dev; /* * If info->mode is set at this point it's the only mode * the fb supports. move it over to the modes list. */ if (info->mode) { info->modes.modes = info->mode; info->modes.num_modes = 1; } if (!info->line_length) info->line_length = info->xres * (info->bits_per_pixel >> 3); info->cdev.ops = &fb_ops; info->cdev.name = basprintf("fb%d", id); info->cdev.size = info->line_length * info->yres; info->cdev.dev = dev; info->cdev.priv = info; dev->resource = xzalloc(sizeof(struct resource)); dev->resource[0].start = (resource_size_t)info->screen_base; dev->resource[0].end = dev->resource[0].start + info->cdev.size - 1; dev->resource[0].flags = IORESOURCE_MEM; dev->num_resources = 1; dev->priv = info; dev->id = id; dev->info = fb_info; dev_set_name(dev, "fb"); ret = register_device(&info->dev); if (ret) goto err_free; dev_add_param_bool(dev, "enable", fb_enable_set, NULL, &info->p_enable, info); if (IS_ENABLED(CONFIG_DRIVER_VIDEO_EDID)) fb_edid_add_modes(info); num_modes = info->modes.num_modes + info->edid_modes.num_modes; names = xzalloc(sizeof(char *) * num_modes); for (i = 0; i < info->modes.num_modes; i++) names[i] = info->modes.modes[i].name; for (i = 0; i < info->edid_modes.num_modes; i++) names[i + info->modes.num_modes] = info->edid_modes.modes[i].name; dev_add_param_enum(dev, "mode_name", fb_set_modename, NULL, &info->current_mode, names, num_modes, info); info->shadowfb = 1; dev_add_param_bool(dev, "shadowfb", fb_set_shadowfb, NULL, &info->shadowfb, info); info->mode = fb_num_to_mode(info, 0); fb_setup_mode(info); ret = devfs_create(&info->cdev); if (ret) goto err_unregister; if (IS_ENABLED(CONFIG_DRIVER_VIDEO_SIMPLEFB)) { ret = fb_register_simplefb(info); if (ret) dev_err(&info->dev, "failed to register simplefb: %s\n", strerror(-ret)); } if (IS_ENABLED(CONFIG_FRAMEBUFFER_CONSOLE)) register_fbconsole(info); return 0; err_unregister: unregister_device(&info->dev); err_free: free(dev->resource); return ret; }
static void *am33xx_net_boot(void) { void *buf = NULL; int err; int len; struct dhcp_req_param dhcp_param; const char *bootfile; IPaddr_t ip; char *file; char ip4_str[sizeof("255.255.255.255")]; struct eth_device *edev; struct dhcp_result *dhcp_res; am33xx_register_ethaddr(0, 0); memset(&dhcp_param, 0, sizeof(struct dhcp_req_param)); dhcp_param.vendor_id = "am335x barebox-mlo"; edev = eth_get_byname("eth0"); if (!edev) { printf("eth0 not found\n"); return NULL; } err = dhcp_request(edev, &dhcp_param, &dhcp_res); if (err) { printf("dhcp failed\n"); return NULL; } dhcp_set_result(edev, dhcp_res); edev->ifup = true; /* * Older tftp server don't send the file size. * Then tftpfs needs temporary place to store the file. */ err = mount("none", "ramfs", "/", NULL); if (err < 0) { printf("failed to mount ramfs\n"); return NULL; } err = make_directory(TFTP_MOUNT); if (err) return NULL; ip = net_get_serverip(); sprintf(ip4_str, "%pI4", &ip); err = mount(ip4_str, "tftp", TFTP_MOUNT, NULL); if (err < 0) { printf("Unable to mount.\n"); return NULL; } bootfile = dhcp_res->bootfile; if (!bootfile) { printf("bootfile not found.\n"); return NULL; } file = basprintf("%s/%s", TFTP_MOUNT, bootfile); buf = read_file(file, &len); if (!buf) printf("could not read %s.\n", bootfile); free(file); umount(TFTP_MOUNT); return buf; }
/* * Obtain Kerberos tickets for the principal specified in config/principal * using the keytab specified in config/keytab, both of which are presumed to * be in tests in either the build or the source tree. Also sets KRB5_KTNAME * and KRB5CCNAME. * * Returns the contents of config/principal in newly allocated memory or NULL * if Kerberos tests are apparently not configured. If Kerberos tests are * configured but something else fails, calls bail. */ struct kerberos_config * kerberos_setup(enum kerberos_needs needs) { char *path; char buffer[BUFSIZ]; FILE *file = NULL; /* If we were called before, clean up after the previous run. */ if (config != NULL) kerberos_cleanup(); config = bcalloc(1, sizeof(struct kerberos_config)); /* * If we have a config/keytab file, set the KRB5CCNAME and KRB5_KTNAME * environment variables and obtain initial tickets. */ config->keytab = test_file_path("config/keytab"); if (config->keytab == NULL) { if (needs == TAP_KRB_NEEDS_KEYTAB || needs == TAP_KRB_NEEDS_BOTH) skip_all("Kerberos tests not configured"); } else { tmpdir_ticket = test_tmpdir(); basprintf(&config->cache, "%s/krb5cc_test", tmpdir_ticket); basprintf(&krb5ccname, "KRB5CCNAME=%s/krb5cc_test", tmpdir_ticket); basprintf(&krb5_ktname, "KRB5_KTNAME=%s", config->keytab); putenv(krb5ccname); putenv(krb5_ktname); kerberos_kinit(); } /* * If we have a config/password file, read it and fill out the relevant * members of our config struct. */ path = test_file_path("config/password"); if (path != NULL) file = fopen(path, "r"); if (file == NULL) { if (needs == TAP_KRB_NEEDS_PASSWORD || needs == TAP_KRB_NEEDS_BOTH) skip_all("Kerberos tests not configured"); } else { if (fgets(buffer, sizeof(buffer), file) == NULL) bail("cannot read %s", path); if (buffer[strlen(buffer) - 1] != '\n') bail("no newline in %s", path); buffer[strlen(buffer) - 1] = '\0'; config->userprinc = bstrdup(buffer); if (fgets(buffer, sizeof(buffer), file) == NULL) bail("cannot read password from %s", path); fclose(file); if (buffer[strlen(buffer) - 1] != '\n') bail("password too long in %s", path); buffer[strlen(buffer) - 1] = '\0'; config->password = bstrdup(buffer); /* * Strip the realm from the principal and set realm and username. * This is not strictly correct; it doesn't cope with escaped @-signs * or enterprise names. */ config->username = bstrdup(config->userprinc); config->realm = strchr(config->username, '@'); if (config->realm == NULL) bail("test principal has no realm"); *config->realm = '\0'; config->realm++; } test_file_path_free(path); /* * If we have PKINIT configuration, read it and fill out the relevant * members of our config struct. */ path = test_file_path("config/pkinit-principal"); if (path != NULL) file = fopen(path, "r"); if (file != NULL) { if (fgets(buffer, sizeof(buffer), file) == NULL) bail("cannot read %s", path); if (buffer[strlen(buffer) - 1] != '\n') bail("no newline in %s", path); buffer[strlen(buffer) - 1] = '\0'; fclose(file); test_file_path_free(path); path = test_file_path("config/pkinit-cert"); if (path != NULL) { config->pkinit_principal = bstrdup(buffer); config->pkinit_cert = bstrdup(path); } } test_file_path_free(path); if (config->pkinit_cert == NULL && (needs & TAP_KRB_NEEDS_PKINIT) != 0) skip_all("PKINIT tests not configured"); /* * Register the cleanup function so that the caller doesn't have to do * explicit cleanup. */ test_cleanup_register(kerberos_cleanup_handler); /* Return the configuration. */ return config; }