END_TEST
START_TEST(test_krb5_style_expansion)
{
char *result;
const char *file_template;
const char *expected;
file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}";
expected = BASE"/"UID"/"UID"/"UID"/"USERNAME;
result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected);
file_template = BASE"/%{unknown}";
expected = BASE"/%{unknown}";
result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected);
}
END_TEST
START_TEST(test_unknow_template)
{
const char *test_template = BASE"_%X";
char *result;
int ret;
bool private_path = false;
result = expand_ccname_template(tmp_ctx, kr, test_template, true,
true, &private_path);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X");
fail_unless(ret == EOK, "Failed to set Ccache dir");
test_template = "%d/"FILENAME;
result = expand_ccname_template(tmp_ctx, kr, test_template, true,
true, &private_path);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
fail_unless(private_path == false,
"Unexprected private path, get [%s], expected [%s].",
private_path ? "true" : "false", "false");
}
END_TEST
START_TEST(test_case_sensitive)
{
char *result;
int ret;
const char *file_template = BASE"_%u";
const char *expected_cs = BASE"_TestUser";
const char *expected_ci = BASE"_testuser";
kr->pd->user = discard_const("TestUser");
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR);
fail_unless(ret == EOK, "Failed to set Ccache dir");
result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected_cs) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected_cs);
result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, false);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected_ci) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected_ci);
}
END_TEST
START_TEST(test_illegal_patterns)
{
char *cwd;
char *dirname;
char *filename;
pcre *illegal_re;
const char *errstr;
int errval;
int errpos;
char *result = NULL;
illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
&errval, &errstr, &errpos, NULL);
fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at "
" position %d. (Error: %d [%s])\n",
errpos, errval, errstr);
cwd = getcwd(NULL, 0);
fail_unless(cwd != NULL, "getcwd failed.");
dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", cwd, TESTS_PATH);
free(cwd);
fail_unless(dirname != NULL, "talloc_asprintf failed.");
result = expand_ccname_template(tmp_ctx, kr, "abc/./ccfile", illegal_re, true, true);
fail_unless(result == NULL, "expand_ccname_template allowed relative path\n");
filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
fail_unless(result == NULL, "expand_ccname_template allowed "
"illegal pattern '/./'\n");
filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
fail_unless(result == NULL, "expand_ccname_template allowed "
"illegal pattern '/../' in filename [%s].",
filename);
filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
fail_unless(result == NULL, "expand_ccname_template allowed "
"illegal pattern '//' in filename [%s].",
filename);
pcre_free(illegal_re);
}
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
struct ldb_message *user_msg,
struct be_ctx *be_ctx)
{
const char *ccname_template;
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template,
kr->krb5_ctx->illegal_path_re, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
kr->old_ccname = ldb_msg_find_attr_as_string(user_msg,
SYSDB_CCACHE_FILE, NULL);
if (kr->old_ccname == NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"No ccache file for user [%s] found.\n", kr->pd->user);
}
return EOK;
}
END_TEST
START_TEST(test_NULL)
{
char *test_template = NULL;
char *result;
result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
fail_unless(result == NULL, "Expected NULL as a result for an empty input.",
test_template);
}
END_TEST
START_TEST(test_unknown_template)
{
const char *test_template = BASE"_%X";
char *result;
int ret;
result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X");
fail_unless(ret == EOK, "Failed to set Ccache dir");
test_template = "%d/"FILENAME;
result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
}
END_TEST
START_TEST(test_no_substitution)
{
const char *test_template = BASE;
char *result;
result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
fail_unless(result != NULL, "Cannot expand template [%s].", test_template);
fail_unless(strcmp(result, test_template) == 0,
"Expansion failed, result [%s], expected [%s].",
result, test_template);
}
END_TEST
START_TEST(test_pid)
{
char *result;
int ret;
do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P");
fail_unless(ret == EOK, "Failed to set Ccache dir");
result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, NULL, true, true);
fail_unless(result == NULL, "Using %%P in ccache dir should fail.");
}
static void do_test(const char *file_template, const char *dir_template,
const char *expected)
{
char *result;
int ret;
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template);
fail_unless(ret == EOK, "Failed to set Ccache dir");
result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected);
}
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
struct ldb_message *user_msg,
struct be_ctx *be_ctx)
{
const char *ccname_template;
switch (kr->dom->type) {
case DOM_TYPE_POSIX:
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
kr->ccname = expand_ccname_template(kr, kr, ccname_template,
kr->krb5_ctx->illegal_path_re, true,
be_ctx->domain->case_sensitive);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
return ENOMEM;
}
kr->old_ccname = ldb_msg_find_attr_as_string(user_msg,
SYSDB_CCACHE_FILE, NULL);
if (kr->old_ccname == NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"No ccache file for user [%s] found.\n", kr->pd->user);
}
break;
case DOM_TYPE_APPLICATION:
DEBUG(SSSDBG_TRACE_FUNC,
"Domain type application, will use in-memory ccache\n");
/* We don't care about using cryptographic randomness, just
* a non-predictable ccname, so using rand() here is fine
*/
kr->ccname = talloc_asprintf(kr,
NON_POSIX_CCNAME_FMT,
rand() % UINT_MAX);
if (kr->ccname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
return ENOMEM;
}
break;
default:
DEBUG(SSSDBG_FATAL_FAILURE, "Unsupported domain type\n");
return EINVAL;
}
return EOK;
}
END_TEST
START_TEST(test_NULL)
{
char *test_template = NULL;
char *result;
bool private_path = false;
result = expand_ccname_template(tmp_ctx, kr, test_template, true,
true, &private_path);
fail_unless(result == NULL, "Expected NULL as a result for an empty input.",
test_template);
fail_unless(private_path == false,
"Unexprected private path, get [%s], expected [%s].",
private_path ? "true" : "false", "false");
}
END_TEST
START_TEST(test_no_substitution)
{
const char *test_template = BASE;
char *result;
bool private_path = false;
result = expand_ccname_template(tmp_ctx, kr, test_template, true,
true, &private_path);
fail_unless(result != NULL, "Cannot expand template [%s].", test_template);
fail_unless(strcmp(result, test_template) == 0,
"Expansion failed, result [%s], expected [%s].",
result, test_template);
fail_unless(private_path == false,
"Unexprected private path, get [%s], expected [%s].",
private_path ? "true" : "false", "false");
}
END_TEST
START_TEST(test_pid)
{
char *result;
int ret;
bool private_path = false;
do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID, false);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P");
fail_unless(ret == EOK, "Failed to set Ccache dir");
result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true,
true, &private_path);
fail_unless(result == NULL, "Using %%P in ccache dir should fail.");
fail_unless(private_path == false,
"Unexprected private path, get [%s], expected [%s].",
private_path ? "true" : "false", "false");
}
static void do_test(const char *file_template, const char *dir_template,
const char *expected, const bool expected_private_path)
{
char *result;
int ret;
bool private_path = false;
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template);
fail_unless(ret == EOK, "Failed to set Ccache dir");
result = expand_ccname_template(tmp_ctx, kr, file_template, true,
true, &private_path);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
"Expansion failed, result [%s], expected [%s].",
result, expected);
fail_unless(private_path == expected_private_path,
"Unexprected private path, get [%s], expected [%s].",
private_path ? "true" : "false",
expected_private_path ? "true" : "false");
}
