END_TEST START_TEST(test_krb5_style_expansion) { char *result; const char *file_template; const char *expected; file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}"; expected = BASE"/"UID"/"UID"/"UID"/"USERNAME; result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); file_template = BASE"/%{unknown}"; expected = BASE"/%{unknown}"; result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); }
END_TEST START_TEST(test_unknow_template) { const char *test_template = BASE"_%X"; char *result; int ret; bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true, &private_path); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X"); fail_unless(ret == EOK, "Failed to set Ccache dir"); test_template = "%d/"FILENAME; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true, &private_path); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); fail_unless(private_path == false, "Unexprected private path, get [%s], expected [%s].", private_path ? "true" : "false", "false"); }
END_TEST START_TEST(test_case_sensitive) { char *result; int ret; const char *file_template = BASE"_%u"; const char *expected_cs = BASE"_TestUser"; const char *expected_ci = BASE"_testuser"; kr->pd->user = discard_const("TestUser"); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected_cs) == 0, "Expansion failed, result [%s], expected [%s].", result, expected_cs); result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, false); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected_ci) == 0, "Expansion failed, result [%s], expected [%s].", result, expected_ci); }
END_TEST START_TEST(test_illegal_patterns) { char *cwd; char *dirname; char *filename; pcre *illegal_re; const char *errstr; int errval; int errpos; char *result = NULL; illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at " " position %d. (Error: %d [%s])\n", errpos, errval, errstr); cwd = getcwd(NULL, 0); fail_unless(cwd != NULL, "getcwd failed."); dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", cwd, TESTS_PATH); free(cwd); fail_unless(dirname != NULL, "talloc_asprintf failed."); result = expand_ccname_template(tmp_ctx, kr, "abc/./ccfile", illegal_re, true, true); fail_unless(result == NULL, "expand_ccname_template allowed relative path\n"); filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true); fail_unless(result == NULL, "expand_ccname_template allowed " "illegal pattern '/./'\n"); filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true); fail_unless(result == NULL, "expand_ccname_template allowed " "illegal pattern '/../' in filename [%s].", filename); filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true); fail_unless(result == NULL, "expand_ccname_template allowed " "illegal pattern '//' in filename [%s].", filename); pcre_free(illegal_re); }
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, struct ldb_message *user_msg, struct be_ctx *be_ctx) { const char *ccname_template; ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, kr->krb5_ctx->illegal_path_re, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n"); return ENOMEM; } kr->old_ccname = ldb_msg_find_attr_as_string(user_msg, SYSDB_CCACHE_FILE, NULL); if (kr->old_ccname == NULL) { DEBUG(SSSDBG_TRACE_LIBS, "No ccache file for user [%s] found.\n", kr->pd->user); } return EOK; }
END_TEST START_TEST(test_NULL) { char *test_template = NULL; char *result; result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true); fail_unless(result == NULL, "Expected NULL as a result for an empty input.", test_template); }
END_TEST START_TEST(test_unknown_template) { const char *test_template = BASE"_%X"; char *result; int ret; result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X"); fail_unless(ret == EOK, "Failed to set Ccache dir"); test_template = "%d/"FILENAME; result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); }
END_TEST START_TEST(test_no_substitution) { const char *test_template = BASE; char *result; result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", test_template); fail_unless(strcmp(result, test_template) == 0, "Expansion failed, result [%s], expected [%s].", result, test_template); }
END_TEST START_TEST(test_pid) { char *result; int ret; do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P"); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, NULL, true, true); fail_unless(result == NULL, "Using %%P in ccache dir should fail."); }
static void do_test(const char *file_template, const char *dir_template, const char *expected) { char *result; int ret; ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); }
static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, struct ldb_message *user_msg, struct be_ctx *be_ctx) { const char *ccname_template; switch (kr->dom->type) { case DOM_TYPE_POSIX: ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, kr->krb5_ctx->illegal_path_re, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n"); return ENOMEM; } kr->old_ccname = ldb_msg_find_attr_as_string(user_msg, SYSDB_CCACHE_FILE, NULL); if (kr->old_ccname == NULL) { DEBUG(SSSDBG_TRACE_LIBS, "No ccache file for user [%s] found.\n", kr->pd->user); } break; case DOM_TYPE_APPLICATION: DEBUG(SSSDBG_TRACE_FUNC, "Domain type application, will use in-memory ccache\n"); /* We don't care about using cryptographic randomness, just * a non-predictable ccname, so using rand() here is fine */ kr->ccname = talloc_asprintf(kr, NON_POSIX_CCNAME_FMT, rand() % UINT_MAX); if (kr->ccname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; } break; default: DEBUG(SSSDBG_FATAL_FAILURE, "Unsupported domain type\n"); return EINVAL; } return EOK; }
END_TEST START_TEST(test_NULL) { char *test_template = NULL; char *result; bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true, &private_path); fail_unless(result == NULL, "Expected NULL as a result for an empty input.", test_template); fail_unless(private_path == false, "Unexprected private path, get [%s], expected [%s].", private_path ? "true" : "false", "false"); }
END_TEST START_TEST(test_no_substitution) { const char *test_template = BASE; char *result; bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true, &private_path); fail_unless(result != NULL, "Cannot expand template [%s].", test_template); fail_unless(strcmp(result, test_template) == 0, "Expansion failed, result [%s], expected [%s].", result, test_template); fail_unless(private_path == false, "Unexprected private path, get [%s], expected [%s].", private_path ? "true" : "false", "false"); }
END_TEST START_TEST(test_pid) { char *result; int ret; bool private_path = false; do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID, false); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P"); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true, &private_path); fail_unless(result == NULL, "Using %%P in ccache dir should fail."); fail_unless(private_path == false, "Unexprected private path, get [%s], expected [%s].", private_path ? "true" : "false", "false"); }
static void do_test(const char *file_template, const char *dir_template, const char *expected, const bool expected_private_path) { char *result; int ret; bool private_path = false; ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, true, true, &private_path); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); fail_unless(private_path == expected_private_path, "Unexprected private path, get [%s], expected [%s].", private_path ? "true" : "false", expected_private_path ? "true" : "false"); }