int main(int argc, char *argv[])
{
plan_lazy();
knot_mm_t pool;
mm_ctx_mempool(&pool, MM_DEFAULT_BLKSIZE);
char *dbid = test_mkdtemp();
ok(dbid != NULL, "make temporary directory");
/* Random keys. */
unsigned nkeys = 10000;
char **keys = mm_alloc(&pool, sizeof(char*) * nkeys);
for (unsigned i = 0; i < nkeys; ++i) {
keys[i] = str_key_rand(KEY_MAXLEN, &pool);
}
/* Sort random keys. */
str_key_sort(keys, nkeys);
/* Execute test set for all backends. */
struct knot_db_lmdb_opts lmdb_opts = KNOT_DB_LMDB_OPTS_INITIALIZER;
lmdb_opts.path = dbid;
struct knot_db_trie_opts trie_opts = KNOT_DB_TRIE_OPTS_INITIALIZER;
knot_db_test_set(nkeys, keys, &lmdb_opts, knot_db_lmdb_api(), &pool);
knot_db_test_set(nkeys, keys, &trie_opts, knot_db_trie_api(), &pool);
/* Cleanup. */
mp_delete(pool.ctx);
test_rm_rf(dbid);
free(dbid);
return 0;
}
int main(void)
{
plan_lazy();
int r;
evsched_t sched = { 0 };
worker_pool_t *pool = NULL;
zone_t zone = { 0 };
r = evsched_init(&sched, NULL);
ok(r == KNOT_EOK, "create scheduler");
pool = worker_pool_create(1);
ok(pool != NULL, "create worker pool");
r = zone_events_init(&zone);
ok(r == KNOT_EOK, "zone events init");
r = zone_events_setup(&zone, pool, &sched, NULL);
ok(r == KNOT_EOK, "zone events setup");
test_scheduling(&zone);
zone_events_deinit(&zone);
worker_pool_destroy(pool);
evsched_deinit(&sched);
return 0;
}
int main(int argc, char *argv[])
{
memset(&me, 0, sizeof(me));
strcpy(me.name, "me.name.");
rb_lib_init(NULL, NULL, NULL, 0, 1024, DNODE_HEAP_SIZE, FD_HEAP_SIZE);
rb_linebuf_init(LINEBUF_HEAP_SIZE);
plan_lazy();
from_empty1();
basic_append1();
append_empty1();
exact_fit_from_empty1();
too_long_from_empty1();
exact_fit_basic_append1();
too_long_basic_append1();
exact_fit_empty1();
truncate_existing1();
truncate_existing2();
no_buffer();
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_config *krbconf;
/* Skip the test if FAST is not available. */
#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE_NAME
skip_all("FAST support not available");
#endif
/*
* To test FAST with an existing ticket cache, we also need a keytab, but
* we can test anonymous FAST without that. So only say that we require a
* password.
*/
krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
memset(&config, 0, sizeof(config));
config.user = krbconf->userprinc;
config.authtok = krbconf->password;
/*
* Generate a testing krb5.conf file with a nonexistent default realm so
* that we can be sure that our principals will stay fully-qualified in
* the logs.
*/
kerberos_generate_conf("bogus.example.com");
plan_lazy();
/* If we have a keytab and ticket cache available, test fast_ccache. */
if (krbconf->keytab == NULL)
skip_block(4, "Kerberos keytab required to test fast_ccache");
else {
config.extra[0] = krbconf->cache;
run_script("data/scripts/fast/ccache", &config);
run_script("data/scripts/fast/ccache-debug", &config);
run_script("data/scripts/fast/no-ccache", &config);
run_script("data/scripts/fast/no-ccache-debug", &config);
}
/*
* Test anonymous FAST. This will require some pre-testing later. For
* this, we need to use our real local realm.
*/
kerberos_generate_conf(krbconf->realm);
config.user = krbconf->username;
config.extra[0] = krbconf->userprinc;
if (anon_fast_works()) {
run_script("data/scripts/fast/anonymous", &config);
run_script("data/scripts/fast/anonymous-debug", &config);
} else {
skip_block(2, "Anonymous authentication required to test anon_fast");
}
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
scheme_find_test();
parser_test();
str_test();
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
// escape safe strings
test_escape("", "");
test_escape("abc-xyz_012-789.com", "abc-xyz_012-789.com");
test_escape("EXAMple.com", "example.com");
test_escape("_.-AZaz09", "_.-azaz09");
// escape unsafe strings
test_escape("abc\\def", "abc\\x5cdef");
test_escape("xyz/jkl", "xyz\\x2fjkl");
test_escape("aaa?bbb#ccc*ddd", "aaa\\x3fbbb\\x23ccc\\x2addd");
test_escape("!$%&()", "\\x21\\x24\\x25\\x26\\x28\\x29");
// test safe unescape
test_unescape("", "");
test_unescape("abc-xyz_012-789.com", "abc-xyz_012-789.com");
test_unescape("examPLE.net", NULL);
test_unescape("@", NULL);
// test unsafe unescape
test_unescape("opq\\x40rst", "opq@rst");
test_unescape("_\\x40-42\\x2eaz", "*****@*****.**");
test_unescape("\\x3f\\x2a\\x28\\x3d\\x22\\x27\\x5c\\x2f", "?*(=\"\'\\/");
test_unescape("new\\x0aline", "new\nline");
// invalid unsafe unescape
test_unescape("a\\", NULL);
test_unescape("a\\z", NULL);
test_unescape("a\\x", NULL);
test_unescape("a\\x00b", NULL);
test_unescape("a\\xgg", NULL);
// unicode escape
test_escape("křemílek.cz", "k\\xc5\\x99em\\xc3\\xadlek.cz");
test_escape("www.vochomůrka", "www.vochom\\xc5\\xafrka");
// unicode unescape
test_unescape("br\\xc4\\x8d\\xc3\\xa1ln\\xc3\\xadk.eu", "brčálník.eu");
test_unescape("\\xc4\\x8dty\\xc5\\x99i.\\xc5\\xa1neci", "čtyři.šneci");
return 0;
}
int
main(void)
{
struct script_config config;
plan_lazy();
/* Attempt login as the root user to test ignore_root. */
memset(&config, 0, sizeof(config));
config.user = "******";
run_script_dir("data/scripts/basic", &config);
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_config *krbconf;
/* Load the Kerberos principal and certificate path. */
krbconf = kerberos_setup(TAP_KRB_NEEDS_PKINIT);
memset(&config, 0, sizeof(config));
config.user = krbconf->pkinit_principal;
config.extra[0] = krbconf->pkinit_cert;
/*
* Generate a testing krb5.conf file with a nonexistent default realm so
* that we can be sure that our principals will stay fully-qualified in
* the logs.
*/
kerberos_generate_conf("bogus.example.com");
/*
* Currently, what we can test and how to test varies a lot by Kerberos
* implementation. This will improve later.
*/
plan_lazy();
#ifdef HAVE_KRB5_HEIMDAL
run_script("data/scripts/pkinit/basic", &config);
run_script("data/scripts/pkinit/basic-debug", &config);
run_script("data/scripts/pkinit/prompt-use", &config);
#else
run_script("data/scripts/pkinit/no-use-pkinit", &config);
#endif
run_script("data/scripts/pkinit/try-pkinit", &config);
#ifdef HAVE_KRB5_HEIMDAL
run_script("data/scripts/pkinit/try-pkinit-debug", &config);
run_script("data/scripts/pkinit/prompt-try", &config);
#else
run_script("data/scripts/pkinit/try-pkinit-debug-mit", &config);
run_script("data/scripts/pkinit/preauth-opt-mit", &config);
#endif
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
/* Module id tests. */
mod_id_test("module/id", "\x06moduleid");
mod_id_bad_test("module", KNOT_EINVAL);
mod_id_bad_test("module/", KNOT_EINVAL);
mod_id_bad_test("/", KNOT_EINVAL);
mod_id_bad_test("/id", KNOT_EINVAL);
/* EDNS option tests. */
edns_opt_test("0:", 0, "");
edns_opt_test("65535:", 65535, "");
edns_opt_test("1:abc", 1, "abc");
edns_opt_test("1:0x0102", 1, "\x01\x02");
edns_opt_bad_test("0", KNOT_EINVAL);
edns_opt_bad_test("-1:a", KNOT_ERANGE);
edns_opt_bad_test("65536:a", KNOT_ERANGE);
edns_opt_bad_test("0:0xa", KNOT_EINVAL);
/* Address range tests. */
addr_range_test("1.1.1.1");
addr_range_test("1.1.1.1/0");
addr_range_test("1.1.1.1/32");
addr_range_test("1.1.1.1-1.2.3.4");
addr_range_test("::1");
addr_range_test("::1/0");
addr_range_test("::1/32");
addr_range_test("1::-5::");
addr_range_bad_test("unix", KNOT_EINVAL);
addr_range_bad_test("1.1.1", KNOT_EINVAL);
addr_range_bad_test("1.1.1.1/", KNOT_EINVAL);
addr_range_bad_test("1.1.1.1/33", KNOT_ERANGE);
addr_range_bad_test("1.1.1.1-", KNOT_EINVAL);
addr_range_bad_test("1.1.1.1-::1", KNOT_EINVAL);
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_password *password;
DIR *tmpdir;
struct dirent *file;
char *tmppath, *path;
/* Load the Kerberos principal and password from a file. */
password = kerberos_config_password();
if (password == NULL)
skip_all("Kerberos tests not configured");
memset(&config, 0, sizeof(config));
config.user = password->username;
config.password = password->password;
config.extra[0] = password->principal;
/* Generate a testing krb5.conf file. */
kerberos_generate_conf(password->realm);
/* Get the temporary directory and store that as the %1 substitution. */
tmppath = test_tmpdir();
config.extra[1] = tmppath;
plan_lazy();
/*
* We need to ensure that the only thing in the test temporary directory
* is the krb5.conf file that we generated, since we're going to check for
* cleanup by looking for any out-of-place files.
*/
tmpdir = opendir(tmppath);
if (tmpdir == NULL)
sysbail("cannot open directory %s", tmppath);
while ((file = readdir(tmpdir)) != NULL) {
if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
continue;
if (strcmp(file->d_name, "krb5.conf") == 0)
continue;
basprintf(&path, "%s/%s", tmppath, file->d_name);
if (unlink(path) < 0)
sysbail("cannot delete temporary file %s", path);
free(path);
}
closedir(tmpdir);
/*
* Authenticate only, call pam_end, and be sure the ticket cache is
* gone. The auth-only script sets ccache_dir to the temporary directory,
* so the module will create a temporary ticket cache there and then
* should clean it up.
*/
run_script("data/scripts/cache-cleanup/auth-only", &config);
path = NULL;
tmpdir = opendir(tmppath);
if (tmpdir == NULL)
sysbail("cannot open directory %s", tmppath);
while ((file = readdir(tmpdir)) != NULL) {
if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
continue;
if (strcmp(file->d_name, "krb5.conf") == 0)
continue;
if (path == NULL)
basprintf(&path, "%s/%s", tmppath, file->d_name);
}
closedir(tmpdir);
if (path != NULL)
diag("found stray temporary file %s", path);
ok(path == NULL, "ticket cache cleaned up");
if (path != NULL)
free(path);
test_tmpdir_free(tmppath);
kerberos_config_password_free(password);
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
// adding a single zero-byte label
test_nsec_next(
"zero-byte label, apex",
"\x7""example""\x3""com",
"\x7""example""\x3""com",
"\x01\x00""\x07""example""\x03""com"
);
test_nsec_next(
"zero-byte label, subdomain",
"\x02""nx""\x7""example""\x3""com",
"\x7""example""\x3""com",
"\x01\x00""\x02""nx""\x07""example""\x03""com"
);
test_nsec_next(
"zero-byte label, binary",
"\x02\xff\xff""\x7""example""\x3""com",
"\x07""example""\x3""com",
"\x01\x00""\x02\xff\xff""\x7""example""\x3""com"
);
// zero byte label won't fit, increment
#define APEX \
"\x05""bacon""\x05""salad"
#define LONG_SUFFIX \
"\x2e""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
"\x2e""iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii" \
"\x2e""mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm" \
"\x2e""qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" \
"\x2c""zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" \
APEX
assert(sizeof(LONG_SUFFIX) == 245 + 1);
test_nsec_next(
"increment first label (simple)",
"\x08""icecream" LONG_SUFFIX,
APEX,
"\x08""icecrean" LONG_SUFFIX
);
test_nsec_next(
"increment first label (binary)",
"\x08""walrus\xff\xff" LONG_SUFFIX,
APEX,
"\x08""walrut\x00\x00" LONG_SUFFIX
);
test_nsec_next(
"increment first label (in place)",
"\x07""lobster" LONG_SUFFIX,
APEX,
"\x07""lobstes" LONG_SUFFIX
);
test_nsec_next(
"increment first label (extend)",
"\x07""\xff\xff\xff\xff\xff\xff\xff" LONG_SUFFIX,
APEX,
"\x08""\xff\xff\xff\xff\xff\xff\xff\x00" LONG_SUFFIX
);
// name too long
test_nsec_next(
"name to long, strip label and increase next (simple)",
"\x03""\xff\xff\xff""\x04""newt" LONG_SUFFIX,
APEX,
"\x04""newu" LONG_SUFFIX
);
test_nsec_next(
"name to long, strip label and increase next (binary)",
"\x03""\xff\xff\xff""\x04""cc\xff\xff" LONG_SUFFIX,
APEX,
"\x04""cd\x00\x00" LONG_SUFFIX
);
test_nsec_next(
"name to long, strip label and increase next (extend)",
"\x04""\xff\xff\xff\xff""\x03""\xff\xff\xff" LONG_SUFFIX,
APEX,
"\x04""\xff\xff\xff\x00" LONG_SUFFIX
);
// label too long
#define MAX_LABEL "\x3f" /* 63 */ \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \
"\xff\xff\xff"
assert(sizeof(MAX_LABEL) == 64 + 1);
#define PAD_LABEL "\x28" /* 40 */ \
"iiiiiiiiiioooooooooottttttttttssssssssss"
assert(sizeof(PAD_LABEL) == 41 + 1);
test_nsec_next(
"label too long, strip and increase next (simple)",
MAX_LABEL "\x08""mandrill" MAX_LABEL MAX_LABEL PAD_LABEL APEX,
APEX,
"\x08""mandrilm" MAX_LABEL MAX_LABEL PAD_LABEL APEX
);
test_nsec_next(
"label too long, strip and increase next (extend)",
MAX_LABEL "\x07""\xff\xff\xff\xff\xff\xff\xff" MAX_LABEL MAX_LABEL PAD_LABEL APEX,
APEX,
"\x08""\xff\xff\xff\xff\xff\xff\xff\x00" MAX_LABEL MAX_LABEL PAD_LABEL APEX
);
test_nsec_next(
"label too long, strip multiple",
MAX_LABEL MAX_LABEL "\x08""flamingo" MAX_LABEL PAD_LABEL APEX,
APEX,
"\x08""flamingp" MAX_LABEL PAD_LABEL APEX
);
test_nsec_next(
"label too long, wrap around to apex",
"\x31" /* 49 */
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff"
MAX_LABEL MAX_LABEL MAX_LABEL APEX,
APEX,
APEX
);
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
/* Random keys. */
srand(time(NULL));
unsigned key_count = 100000;
char **keys = malloc(sizeof(char*) * key_count);
for (unsigned i = 0; i < key_count; ++i) {
keys[i] = str_key_rand(KEY_MAXLEN);
}
/* Sort random keys. */
str_key_sort(keys, key_count);
/* Create trie */
value_t *val = NULL;
hattrie_t *trie = hattrie_create();
ok(trie != NULL, "hattrie: create");
/* Insert keys */
bool passed = true;
size_t inserted = 0;
for (unsigned i = 0; i < key_count; ++i) {
val = hattrie_get(trie, keys[i], strlen(keys[i]) + 1);
if (!val) {
passed = false;
break;
}
if (*val == NULL) {
*val = keys[i];
++inserted;
}
}
ok(passed, "hattrie: insert");
/* Check total insertions against trie weight. */
is_int(hattrie_weight(trie), inserted, "hattrie: trie weight matches insertions");
/* Build order-index. */
hattrie_build_index(trie);
/* Lookup all keys */
passed = true;
for (unsigned i = 0; i < key_count; ++i) {
val = hattrie_tryget(trie, keys[i], strlen(keys[i]) + 1);
if (val && (*val == keys[i] || strcmp(*val, keys[i]) == 0)) {
continue;
} else {
diag("hattrie: mismatch on element '%u'", i);
passed = false;
break;
}
}
ok(passed, "hattrie: lookup all keys");
/* Lesser or equal lookup. */
passed = true;
for (unsigned i = 0; i < key_count; ++i) {
if (!str_key_find_leq(trie, keys, i, key_count)) {
passed = false;
for (int off = -10; off < 10; ++off) {
int k = (int)i + off;
if (k < 0 || k >= key_count) {
continue;
}
diag("[%u/%d]: %s%s", i, off, off == 0?">":"",keys[k]);
}
break;
}
}
ok(passed, "hattrie: find lesser or equal for all keys");
/* Next lookup. */
passed = true;
for (unsigned i = 0; i < key_count - 1 && passed; ++i) {
value_t *val;
hattrie_find_next(trie, keys[i], strlen(keys[i]), &val);
passed = val && *val == (void *)keys[(i + 1)];
}
ok(passed, "hattrie: find next for all keys");
/* Unsorted iteration */
size_t iterated = 0;
hattrie_iter_t *it = hattrie_iter_begin(trie, false);
while (!hattrie_iter_finished(it)) {
++iterated;
hattrie_iter_next(it);
}
is_int(inserted, iterated, "hattrie: unsorted iteration");
hattrie_iter_free(it);
/* Sorted iteration. */
char key_buf[KEY_MAXLEN] = {'\0'};
iterated = 0;
it = hattrie_iter_begin(trie, true);
while (!hattrie_iter_finished(it)) {
size_t cur_key_len = 0;
const char *cur_key = hattrie_iter_key(it, &cur_key_len);
if (iterated > 0) { /* Only if previous exists. */
if (strcmp(key_buf, cur_key) > 0) {
diag("'%s' <= '%s' FAIL\n", key_buf, cur_key);
break;
}
}
++iterated;
memcpy(key_buf, cur_key, cur_key_len);
hattrie_iter_next(it);
}
is_int(inserted, iterated, "hattrie: sorted iteration");
hattrie_iter_free(it);
/* Cleanup */
for (unsigned i = 0; i < key_count; ++i) {
free(keys[i]);
}
free(keys);
hattrie_free(trie);
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_config *krbconf;
char *newpass, *date;
struct passwd pwd;
time_t now;
/* Load the Kerberos principal and password from a file. */
krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
memset(&config, 0, sizeof(config));
config.user = krbconf->username;
config.password = krbconf->password;
config.extra[0] = krbconf->userprinc;
/*
* Ensure we can expire the password. Heimdal has a prompt for the
* expiration time, so save that to use as a substitution in the script.
*/
now = time(NULL) - 1;
if (!kerberos_expire_password(krbconf->userprinc, now))
skip_all("kadmin not configured or kadmin mismatch");
date = bstrdup(ctime(&now));
date[strlen(date) - 1] = '\0';
config.extra[1] = date;
/* Generate a testing krb5.conf file. */
kerberos_generate_conf(krbconf->realm);
/* Create a fake passwd struct for our user. */
memset(&pwd, 0, sizeof(pwd));
pwd.pw_name = krbconf->username;
pwd.pw_uid = getuid();
pwd.pw_gid = getgid();
basprintf(&pwd.pw_dir, "%s/tmp", getenv("BUILD"));
pam_set_pwd(&pwd);
/*
* We'll be changing the password to something new. This needs to be
* sufficiently random that it's unlikely to fall afoul of password
* strength checking.
*/
basprintf(&newpass, "ngh1,a%lu nn9af6", (unsigned long) getpid());
config.newpass = newpass;
plan_lazy();
/* Default behavior. */
#ifdef HAVE_KRB5_HEIMDAL
run_script("data/scripts/expired/basic-heimdal", &config);
config.newpass = krbconf->password;
config.password = newpass;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-heimdal-debug", &config);
#else
run_script("data/scripts/expired/basic-mit", &config);
config.newpass = krbconf->password;
config.password = newpass;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-mit-debug", &config);
#endif
/* Test again with PAM_SILENT, specified two ways. */
#ifdef HAVE_KRB5_HEIMDAL
config.newpass = newpass;
config.password = krbconf->password;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-heimdal-silent", &config);
config.newpass = krbconf->password;
config.password = newpass;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-heimdal-flag-silent", &config);
#else
config.newpass = newpass;
config.password = krbconf->password;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-mit-silent", &config);
config.newpass = krbconf->password;
config.password = newpass;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/basic-mit-flag-silent", &config);
#endif
/*
* We can only run the remaining checks if we can suppress the Kerberos
* library behavior of prompting for a new password when the password has
* expired.
*/
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT
/* Check the forced failure behavior. */
run_script("data/scripts/expired/fail", &config);
run_script("data/scripts/expired/fail-debug", &config);
/* Defer the error to the account management check. */
config.newpass = newpass;
config.password = krbconf->password;
config.authtok = krbconf->password;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/defer", &config);
config.newpass = krbconf->password;
config.password = newpass;
config.authtok = newpass;
kerberos_expire_password(krbconf->userprinc, now);
run_script("data/scripts/expired/defer-debug", &config);
#else /* !HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */
/* Mention that we skipped something for the record. */
skip_block(4, "cannot disable library password prompting");
#endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */
/* In case we ran into some error, try to unexpire the password. */
kerberos_expire_password(krbconf->userprinc, 0);
free(date);
free(newpass);
free(pwd.pw_dir);
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_config *krbconf;
char *user;
/*
* Load the Kerberos principal and password from a file, but set the
* principal as extra[0] and use something else bogus as the user. We
* want to test that alt_auth_map works when there's no relationship
* between the mapped principal and the user.
*/
krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
memset(&config, 0, sizeof(config));
config.user = "******";
config.authtok = krbconf->password;
config.extra[0] = krbconf->username;
config.extra[1] = krbconf->userprinc;
/*
* Generate a testing krb5.conf file with a nonexistent default realm so
* that we can be sure that our principals will stay fully-qualified in
* the logs.
*/
kerberos_generate_conf("bogus.example.com");
config.extra[2] = "bogus.example.com";
/* Test without password prompting. */
plan_lazy();
run_script("data/scripts/alt-auth/basic", &config);
run_script("data/scripts/alt-auth/basic-debug", &config);
run_script("data/scripts/alt-auth/fail", &config);
run_script("data/scripts/alt-auth/fail-debug", &config);
run_script("data/scripts/alt-auth/force", &config);
run_script("data/scripts/alt-auth/only", &config);
/*
* If the alternate account exists but the password is incorrect, we
* should not fall back to the regular account. Test with debug so that
* we don't need two principals configured.
*/
config.authtok = "bogus incorrect password";
run_script("data/scripts/alt-auth/force-fail-debug", &config);
/*
* Switch to our correct user (but wrong realm) realm to test username
* mapping to a different realm.
*/
config.authtok = krbconf->password;
config.user = krbconf->username;
config.extra[2] = krbconf->realm;
run_script("data/scripts/alt-auth/username-map", &config);
/*
* Split the username into two parts, one in the PAM configuration and one
* in the real username, so that we can test interpolation of the username
* when %s isn't the first token.
*/
config.user = &krbconf->username[1];
user = bstrndup(krbconf->username, 1);
config.extra[3] = user;
run_script("data/scripts/alt-auth/username-map-prefix", &config);
free(user);
config.extra[3] = NULL;
/*
* Ensure that we don't add the realm of the authentication username when
* the alt_auth_map already includes a realm.
*/
basprintf(&user, "*****@*****.**", krbconf->username);
config.user = user;
diag("re-running username-map with fully-qualified PAM user");
run_script("data/scripts/alt-auth/username-map", &config);
free(user);
config.user = krbconf->username;
/*
* Add the password and make the user match our authentication principal,
* and then test fallback to normal authentication when alternative
* authentication fails.
*/
config.user = krbconf->userprinc;
config.password = krbconf->password;
config.extra[2] = krbconf->realm;
run_script("data/scripts/alt-auth/fallback", &config);
run_script("data/scripts/alt-auth/fallback-debug", &config);
run_script("data/scripts/alt-auth/fallback-realm", &config);
run_script("data/scripts/alt-auth/force-fallback", &config);
run_script("data/scripts/alt-auth/only-fail", &config);
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
dnssec_crypto_init();
// PKCS #11 initialization
dnssec_keystore_t *store = NULL;
int r = dnssec_keystore_init_pkcs11(&store);
if (r == DNSSEC_NOT_IMPLEMENTED_ERROR) {
skip_all("not supported");
goto done;
}
ok(r == DNSSEC_EOK && store, "dnssec_keystore_init_pkcs11()");
char *dso_name = libsofthsm_dso();
if (!dso_name) {
skip_all("%s not found, set %s environment variable",
SOFTHSM_DSO, ENV_SOFTHSM_DSO);
goto done;
}
ok(dso_name != NULL, "find token DSO");
bool success = token_init();
if (!success) {
skip_all("failed to configure and initialize the token");
goto done;
}
ok(success, "initialize the token");
char config[4096] = { 0 };
r = snprintf(config, sizeof(config), "pkcs11:token=%s;pin-value=%s %s",
TOKEN_LABEL, TOKEN_PIN, dso_name);
free(dso_name);
ok(r > 0 && r < sizeof(config), "build configuration");
// key store access
r = dnssec_keystore_init(store, config);
ok(r == DNSSEC_NOT_IMPLEMENTED_ERROR, "dnssec_keystore_init(), not implemented");
r = dnssec_keystore_open(store, config);
ok(r == DNSSEC_EOK, "dnssec_keystore_open()");
dnssec_list_t *keys = NULL;
r = dnssec_keystore_list_keys(store, &keys);
ok(r == DNSSEC_EOK && dnssec_list_size(keys) == 0, "dnssec_keystore_list_keys(), empty");
dnssec_list_free_full(keys, NULL, NULL);
// key manipulation
static const int KEYS_COUNT = 3;
static const key_parameters_t *KEYS[] = {
&SAMPLE_RSA_KEY,
&SAMPLE_ECDSA_KEY,
&SAMPLE_DSA_KEY,
};
assert(KEYS_COUNT == sizeof(KEYS) / sizeof(*KEYS));
for (int i = 0; i < KEYS_COUNT; i++) {
test_algorithm(store, KEYS[i]);
}
test_key_listing(store, KEYS, KEYS_COUNT);
r = dnssec_keystore_close(store);
ok(r == DNSSEC_EOK, "dnssec_keystore_close()");
done:
dnssec_keystore_deinit(store);
dnssec_crypto_cleanup();
token_cleanup();
return 0;
}
int main(int argc, char *argv[])
{
plan_lazy();
/* new list */
dnssec_list_t *list = dnssec_list_new();
ok(list != NULL, "create new list");
ok(dnssec_list_size(list) == 0, "new list has zero size");
ok(dnssec_list_is_empty(list), "new list is empty");
ok(dnssec_list_head(list) == NULL, "new list has no head");
ok(dnssec_list_tail(list) == NULL, "new list has no tail");
/* populate the list */
dnssec_list_append(list, (void *)7);
dnssec_list_append(list, (void *)9);
// 7, 9
dnssec_list_prepend(list, (void *)5);
dnssec_list_prepend(list, (void *)2);
// 2, 5, 7, 9
dnssec_item_t *head = dnssec_list_head(list);
dnssec_list_insert_before(head, (void *)1);
dnssec_list_insert_after(head, (void *)3);
// 1, 2, 3, 5, 7, 9
dnssec_item_t *tail = dnssec_list_tail(list);
dnssec_list_insert_before(tail, (void *)8);
dnssec_list_insert_after(tail, (void *)10);
// 1, 2, 3, 5, 7, 8, 9, 10
dnssec_item_t *item_5 = dnssec_list_nth(list, 3);
dnssec_list_insert_before(item_5, (void *)4);
dnssec_list_insert_after(item_5, (void *)6);
// 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
ok(dnssec_list_size(list) == 10, "populated list has expected size");
ok(!dnssec_list_is_empty(list), "populated list is non-empty");
// content iteration
int sum = 0;
int previous = 0;
bool increasing = true;
for (dnssec_item_t *i = dnssec_list_head(list); i; i = dnssec_list_next(list, i)) {
int number = (int)(intptr_t)dnssec_item_get(i);
sum += number;
if (previous + 1 != number) {
increasing = false;
}
previous = number;
}
ok(sum == 55, "all items are in the list");
ok(increasing, "append and prepend work");
// content lookup
ok(dnssec_list_contains(list, (void *)7), "contains: positive");
ok(!dnssec_list_contains(list, (void *)17), "contains: negative");
ok(dnssec_list_search(list, (void *)3) == dnssec_list_nth(list, 2), "search: positive");
ok(dnssec_list_search(list, (void *)12) == NULL, "search: negative");
// item removal
dnssec_list_remove(dnssec_list_head(list));
dnssec_list_remove(dnssec_list_tail(list));
dnssec_list_remove(dnssec_list_nth(list, 5));
ok(dnssec_list_size(list) == 7, "three items removed");
// full free
counter = 0;
dnssec_list_free_full(list, item_free, free_context);
ok(counter == 7, "list full free");
// non-full free
list = dnssec_list_new();
dnssec_list_append(list, NULL);
ok(!dnssec_list_is_empty(list), "new list with one item");
counter = 0;
dnssec_list_free(list);
ok(counter == 0, "list non-full free");
return 0;
}
int
main(void)
{
struct script_config config;
struct kerberos_config *krbconf;
char *k5login;
struct extra extra;
struct passwd pwd;
FILE *file;
/* Load the Kerberos principal and password from a file. */
krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
memset(&config, 0, sizeof(config));
config.user = krbconf->username;
extra.realm = krbconf->realm;
config.authtok = krbconf->password;
config.extra[0] = krbconf->userprinc;
/* Generate a testing krb5.conf file. */
kerberos_generate_conf(krbconf->realm);
/* Create a fake passwd struct for our user. */
memset(&pwd, 0, sizeof(pwd));
pwd.pw_name = krbconf->username;
pwd.pw_uid = getuid();
pwd.pw_gid = getgid();
basprintf(&pwd.pw_dir, "%s/tmp", getenv("BUILD"));
pam_set_pwd(&pwd);
plan_lazy();
/* Basic test. */
run_script("data/scripts/cache/basic", &config);
/* Check the cache status before the session is closed. */
config.callback = check_cache;
config.data = &extra;
run_script("data/scripts/cache/open-session", &config);
/* Change the authenticating user and test search_k5login. */
pwd.pw_name = (char *) "testuser";
config.user = "******";
basprintf(&k5login, "%s/.k5login", pwd.pw_dir);
file = fopen(k5login, "w");
if (file == NULL)
sysbail("cannot create %s", k5login);
if (fprintf(file, "%s\n", krbconf->userprinc) < 0)
sysbail("cannot write to %s", k5login);
if (fclose(file) < 0)
sysbail("cannot flush %s", k5login);
run_script("data/scripts/cache/search-k5login", &config);
config.callback = NULL;
run_script("data/scripts/cache/search-k5login-debug", &config);
unlink(k5login);
free(k5login);
/* Test search_k5login when no .k5login file exists. */
pwd.pw_name = krbconf->username;
config.user = krbconf->username;
diag("testing search_k5login with no .k5login file");
run_script("data/scripts/cache/search-k5login", &config);
free(pwd.pw_dir);
return 0;
}
int main(void)
{
plan_lazy();
wire_ctx_t wire = { 0 };
dnssec_binary_t buffer = { .size = 20, .data = (uint8_t []) {
0xc8, 0x25, 0x19, 0x3c, 0x96, 0xe6, 0x59, 0xf7, 0x2b, 0x94,
0x83, 0xb3, 0x3e, 0x6f, 0xb9, 0x01, 0xe2, 0x91, 0xa8, 0xa9,
}
};
wire = wire_init(buffer.data + 10, 10);
ok(wire_read_u8(&wire) == 0x83, "wire_init()");
wire = wire_init_binary(&buffer);
ok(wire_read_u8(&wire) == 0xc8, "wire_init_binary()");
// read operations
wire_seek(&wire, 5);
ok(wire_read_u8(&wire) == 0xe6, "wire_seek() forward");
wire_seek(&wire, 3);
ok(wire_read_u8(&wire) == 0x3c, "wire_seek() backward");
wire_seek(&wire, 10);
ok(wire_read_u8(&wire) == 0x83, "wire_read_u8()");
ok(wire_read_u16(&wire) == 45886, "wire_read_u16()");
ok(wire_tell(&wire) == 13, "wire_tell()");
ok(wire_available(&wire) == 7, "wire_available()");
dnssec_binary_t ref = { 0 };
wire_available_binary(&wire, &ref);
ok(ref.data == buffer.data + 13 && ref.size == 7, "wire_available_binary()");
uint8_t in[6] = { 0 };
wire_seek(&wire, 4);
wire_read(&wire, in, 6);
ok(memcmp(in, buffer.data + 4, 6) == 0 && wire_tell(&wire) == 10,
"wire_read()");
// write operations
wire_seek(&wire, 0);
wire_write_u8(&wire, 0x42);
ok(buffer.data[0] == 0x42 && wire_tell(&wire) == 1,
"wire_write_u8()");
wire_write_u16(&wire, 44513);
ok(memcmp(buffer.data + 1, "\xad\xe1", 2) == 0 && wire_tell(&wire) == 3,
"wire_write_u16()");
wire_seek(&wire, 12);
const uint8_t out[7] = { 0xc0, 0x1d, 0xca, 0xfe, 0xde, 0xad, 0xbe };
wire_write(&wire, out, 7);
ok(memcmp(buffer.data + 12, out, 7) == 0 && wire_tell(&wire) == 19,
"wire_write()");
dnssec_binary_t bignum = { .data = (uint8_t *)out, .size = 4 };
const uint8_t expect[8] = { 0x00, 0x00, 0x00, 0x00, 0xc0, 0x1d, 0xca, 0xfe };
wire_seek(&wire, 2);
wire_write_bignum(&wire, 8, &bignum);
ok(memcmp(buffer.data + 2, expect, 8) == 0 && wire_tell(&wire) == 10,
"wire_write_ralign()");
return 0;
}
int main(void)
{
plan_lazy();
{
uint8_t der[] = { 0x30,0x08, 0x02,0x02,0x1a,0x2b, 0x02,0x02,0x3c,0x4d };
uint8_t r[] = { 0x1a, 0x2b };
uint8_t s[] = { 0x3c, 0x4d };
DECODE_OK(der, r, s, "simple without MSB");
}
{
uint8_t der[] = { 0x30,0x08, 0x02,0x02,0xff,0xff, 0x02,0x02,0x80,0x00 };
uint8_t r[] = { 0xff, 0xff };
uint8_t s[] = { 0x80, 0x00 };
DECODE_OK(der, r, s, "simple with MSB");
}
{
uint8_t der[] = { 0x30,0x09, 0x02,0x04,0x00,0x00,0x00,0xfa, 0x02,0x01,0x07 };
uint8_t r[] = { 0xfa };
uint8_t s[] = { 0x07 };
DECODE_OK(der, r, s, "leading zeros");
}
{
uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x00, 0x02,0x02,0x00,0x00 };
uint8_t r[] = { 0x00 };
uint8_t s[] = { 0x00 };
DECODE_OK(der, r, s, "zero values" );
}
{
uint8_t der[] = { };
DECODE_FAIL(der, "empty input");
}
{
uint8_t der[] = { 0x30,0x04, 0x02,0x01,0x01 };
DECODE_FAIL(der, "partial sequence");
}
{
uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x01, 0x02,0x02,0x01 };
DECODE_FAIL(der, "partial integer");
}
{
uint8_t der[] = { 0x30,0x00 };
DECODE_FAIL(der, "zero-length sequence");
}
{
uint8_t der[] = { 0x30,0x05, 0x02,0x01,0xff, 0x02,0x00 };
DECODE_FAIL(der, "zero-length integer");
}
{
uint8_t der[] = { 0x30,0x84, 0x02,0x40,ONE_64_TIMES, 0x02,0x40,ONE_64_TIMES };
DECODE_FAIL(der, "unsupported size");
}
{
uint8_t r[] = { 0x01, };
uint8_t s[] = { 0x02,0x03 };
uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x01, 0x02,0x02,0x02,0x03 };
ENCODE_OK(r, s, der, "simple");
}
{
uint8_t r[] = { 0x00,0x01, };
uint8_t s[] = { 0x00,0x00,0x02,0x03 };
uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x01, 0x02,0x02,0x02,0x03 };
ENCODE_OK(r, s, der, "unnecessary leading zeros");
}
{
uint8_t r[] = { 0x00,0x8f };
uint8_t s[] = { 0x00,0x00,0xff };
uint8_t der[] = { 0x30,0x08, 0x02,0x02,0x00,0x8f, 0x02,0x02,0x00,0xff };
ENCODE_OK(r, s, der, "required zero not removed");
}
{
uint8_t r[] = { 0x8c };
uint8_t s[] = { 0xff,0xee };
uint8_t der[] = { 0x30,0x09, 0x02,0x02,0x00,0x8c, 0x02,0x03,0x00,0xff,0xee };
ENCODE_OK(r, s, der, "implicitly added zero");
}
{
uint8_t r[] = { 0x00 };
uint8_t s[] = { 0x00,0x00 };
uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x00, 0x02,0x01,0x00 };
ENCODE_OK(r, s, der, "zero");
}
{
uint8_t r[] = { 0x01 };
uint8_t s[] = { };
uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x01, 0x02,0x01,0x00 };
ENCODE_OK(r, s, der, "zero-length input");
}
{
uint8_t r[] = { ONE_128_TIMES };
uint8_t s[] = { 0x01 };
ENCODE_FAIL(r, s, "input too long");
}
{
uint8_t r[] = { ONE_64_TIMES };
uint8_t s[] = { ONE_64_TIMES };
ENCODE_FAIL(r, s, "result too long");
}
return 0;
}
