int main(int argc, char *argv[]) { plan_lazy(); knot_mm_t pool; mm_ctx_mempool(&pool, MM_DEFAULT_BLKSIZE); char *dbid = test_mkdtemp(); ok(dbid != NULL, "make temporary directory"); /* Random keys. */ unsigned nkeys = 10000; char **keys = mm_alloc(&pool, sizeof(char*) * nkeys); for (unsigned i = 0; i < nkeys; ++i) { keys[i] = str_key_rand(KEY_MAXLEN, &pool); } /* Sort random keys. */ str_key_sort(keys, nkeys); /* Execute test set for all backends. */ struct knot_db_lmdb_opts lmdb_opts = KNOT_DB_LMDB_OPTS_INITIALIZER; lmdb_opts.path = dbid; struct knot_db_trie_opts trie_opts = KNOT_DB_TRIE_OPTS_INITIALIZER; knot_db_test_set(nkeys, keys, &lmdb_opts, knot_db_lmdb_api(), &pool); knot_db_test_set(nkeys, keys, &trie_opts, knot_db_trie_api(), &pool); /* Cleanup. */ mp_delete(pool.ctx); test_rm_rf(dbid); free(dbid); return 0; }
int main(void) { plan_lazy(); int r; evsched_t sched = { 0 }; worker_pool_t *pool = NULL; zone_t zone = { 0 }; r = evsched_init(&sched, NULL); ok(r == KNOT_EOK, "create scheduler"); pool = worker_pool_create(1); ok(pool != NULL, "create worker pool"); r = zone_events_init(&zone); ok(r == KNOT_EOK, "zone events init"); r = zone_events_setup(&zone, pool, &sched, NULL); ok(r == KNOT_EOK, "zone events setup"); test_scheduling(&zone); zone_events_deinit(&zone); worker_pool_destroy(pool); evsched_deinit(&sched); return 0; }
int main(int argc, char *argv[]) { memset(&me, 0, sizeof(me)); strcpy(me.name, "me.name."); rb_lib_init(NULL, NULL, NULL, 0, 1024, DNODE_HEAP_SIZE, FD_HEAP_SIZE); rb_linebuf_init(LINEBUF_HEAP_SIZE); plan_lazy(); from_empty1(); basic_append1(); append_empty1(); exact_fit_from_empty1(); too_long_from_empty1(); exact_fit_basic_append1(); too_long_basic_append1(); exact_fit_empty1(); truncate_existing1(); truncate_existing2(); no_buffer(); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; /* Skip the test if FAST is not available. */ #ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE_NAME skip_all("FAST support not available"); #endif /* * To test FAST with an existing ticket cache, we also need a keytab, but * we can test anonymous FAST without that. So only say that we require a * password. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = krbconf->userprinc; config.authtok = krbconf->password; /* * Generate a testing krb5.conf file with a nonexistent default realm so * that we can be sure that our principals will stay fully-qualified in * the logs. */ kerberos_generate_conf("bogus.example.com"); plan_lazy(); /* If we have a keytab and ticket cache available, test fast_ccache. */ if (krbconf->keytab == NULL) skip_block(4, "Kerberos keytab required to test fast_ccache"); else { config.extra[0] = krbconf->cache; run_script("data/scripts/fast/ccache", &config); run_script("data/scripts/fast/ccache-debug", &config); run_script("data/scripts/fast/no-ccache", &config); run_script("data/scripts/fast/no-ccache-debug", &config); } /* * Test anonymous FAST. This will require some pre-testing later. For * this, we need to use our real local realm. */ kerberos_generate_conf(krbconf->realm); config.user = krbconf->username; config.extra[0] = krbconf->userprinc; if (anon_fast_works()) { run_script("data/scripts/fast/anonymous", &config); run_script("data/scripts/fast/anonymous-debug", &config); } else { skip_block(2, "Anonymous authentication required to test anon_fast"); } return 0; }
int main(int argc, char *argv[]) { plan_lazy(); scheme_find_test(); parser_test(); str_test(); return 0; }
int main(int argc, char *argv[]) { plan_lazy(); // escape safe strings test_escape("", ""); test_escape("abc-xyz_012-789.com", "abc-xyz_012-789.com"); test_escape("EXAMple.com", "example.com"); test_escape("_.-AZaz09", "_.-azaz09"); // escape unsafe strings test_escape("abc\\def", "abc\\x5cdef"); test_escape("xyz/jkl", "xyz\\x2fjkl"); test_escape("aaa?bbb#ccc*ddd", "aaa\\x3fbbb\\x23ccc\\x2addd"); test_escape("!$%&()", "\\x21\\x24\\x25\\x26\\x28\\x29"); // test safe unescape test_unescape("", ""); test_unescape("abc-xyz_012-789.com", "abc-xyz_012-789.com"); test_unescape("examPLE.net", NULL); test_unescape("@", NULL); // test unsafe unescape test_unescape("opq\\x40rst", "opq@rst"); test_unescape("_\\x40-42\\x2eaz", "*****@*****.**"); test_unescape("\\x3f\\x2a\\x28\\x3d\\x22\\x27\\x5c\\x2f", "?*(=\"\'\\/"); test_unescape("new\\x0aline", "new\nline"); // invalid unsafe unescape test_unescape("a\\", NULL); test_unescape("a\\z", NULL); test_unescape("a\\x", NULL); test_unescape("a\\x00b", NULL); test_unescape("a\\xgg", NULL); // unicode escape test_escape("křemílek.cz", "k\\xc5\\x99em\\xc3\\xadlek.cz"); test_escape("www.vochomůrka", "www.vochom\\xc5\\xafrka"); // unicode unescape test_unescape("br\\xc4\\x8d\\xc3\\xa1ln\\xc3\\xadk.eu", "brčálník.eu"); test_unescape("\\xc4\\x8dty\\xc5\\x99i.\\xc5\\xa1neci", "čtyři.šneci"); return 0; }
int main(void) { struct script_config config; plan_lazy(); /* Attempt login as the root user to test ignore_root. */ memset(&config, 0, sizeof(config)); config.user = "******"; run_script_dir("data/scripts/basic", &config); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; /* Load the Kerberos principal and certificate path. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PKINIT); memset(&config, 0, sizeof(config)); config.user = krbconf->pkinit_principal; config.extra[0] = krbconf->pkinit_cert; /* * Generate a testing krb5.conf file with a nonexistent default realm so * that we can be sure that our principals will stay fully-qualified in * the logs. */ kerberos_generate_conf("bogus.example.com"); /* * Currently, what we can test and how to test varies a lot by Kerberos * implementation. This will improve later. */ plan_lazy(); #ifdef HAVE_KRB5_HEIMDAL run_script("data/scripts/pkinit/basic", &config); run_script("data/scripts/pkinit/basic-debug", &config); run_script("data/scripts/pkinit/prompt-use", &config); #else run_script("data/scripts/pkinit/no-use-pkinit", &config); #endif run_script("data/scripts/pkinit/try-pkinit", &config); #ifdef HAVE_KRB5_HEIMDAL run_script("data/scripts/pkinit/try-pkinit-debug", &config); run_script("data/scripts/pkinit/prompt-try", &config); #else run_script("data/scripts/pkinit/try-pkinit-debug-mit", &config); run_script("data/scripts/pkinit/preauth-opt-mit", &config); #endif return 0; }
int main(int argc, char *argv[]) { plan_lazy(); /* Module id tests. */ mod_id_test("module/id", "\x06moduleid"); mod_id_bad_test("module", KNOT_EINVAL); mod_id_bad_test("module/", KNOT_EINVAL); mod_id_bad_test("/", KNOT_EINVAL); mod_id_bad_test("/id", KNOT_EINVAL); /* EDNS option tests. */ edns_opt_test("0:", 0, ""); edns_opt_test("65535:", 65535, ""); edns_opt_test("1:abc", 1, "abc"); edns_opt_test("1:0x0102", 1, "\x01\x02"); edns_opt_bad_test("0", KNOT_EINVAL); edns_opt_bad_test("-1:a", KNOT_ERANGE); edns_opt_bad_test("65536:a", KNOT_ERANGE); edns_opt_bad_test("0:0xa", KNOT_EINVAL); /* Address range tests. */ addr_range_test("1.1.1.1"); addr_range_test("1.1.1.1/0"); addr_range_test("1.1.1.1/32"); addr_range_test("1.1.1.1-1.2.3.4"); addr_range_test("::1"); addr_range_test("::1/0"); addr_range_test("::1/32"); addr_range_test("1::-5::"); addr_range_bad_test("unix", KNOT_EINVAL); addr_range_bad_test("1.1.1", KNOT_EINVAL); addr_range_bad_test("1.1.1.1/", KNOT_EINVAL); addr_range_bad_test("1.1.1.1/33", KNOT_ERANGE); addr_range_bad_test("1.1.1.1-", KNOT_EINVAL); addr_range_bad_test("1.1.1.1-::1", KNOT_EINVAL); return 0; }
int main(void) { struct script_config config; struct kerberos_password *password; DIR *tmpdir; struct dirent *file; char *tmppath, *path; /* Load the Kerberos principal and password from a file. */ password = kerberos_config_password(); if (password == NULL) skip_all("Kerberos tests not configured"); memset(&config, 0, sizeof(config)); config.user = password->username; config.password = password->password; config.extra[0] = password->principal; /* Generate a testing krb5.conf file. */ kerberos_generate_conf(password->realm); /* Get the temporary directory and store that as the %1 substitution. */ tmppath = test_tmpdir(); config.extra[1] = tmppath; plan_lazy(); /* * We need to ensure that the only thing in the test temporary directory * is the krb5.conf file that we generated, since we're going to check for * cleanup by looking for any out-of-place files. */ tmpdir = opendir(tmppath); if (tmpdir == NULL) sysbail("cannot open directory %s", tmppath); while ((file = readdir(tmpdir)) != NULL) { if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0) continue; if (strcmp(file->d_name, "krb5.conf") == 0) continue; basprintf(&path, "%s/%s", tmppath, file->d_name); if (unlink(path) < 0) sysbail("cannot delete temporary file %s", path); free(path); } closedir(tmpdir); /* * Authenticate only, call pam_end, and be sure the ticket cache is * gone. The auth-only script sets ccache_dir to the temporary directory, * so the module will create a temporary ticket cache there and then * should clean it up. */ run_script("data/scripts/cache-cleanup/auth-only", &config); path = NULL; tmpdir = opendir(tmppath); if (tmpdir == NULL) sysbail("cannot open directory %s", tmppath); while ((file = readdir(tmpdir)) != NULL) { if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0) continue; if (strcmp(file->d_name, "krb5.conf") == 0) continue; if (path == NULL) basprintf(&path, "%s/%s", tmppath, file->d_name); } closedir(tmpdir); if (path != NULL) diag("found stray temporary file %s", path); ok(path == NULL, "ticket cache cleaned up"); if (path != NULL) free(path); test_tmpdir_free(tmppath); kerberos_config_password_free(password); return 0; }
int main(int argc, char *argv[]) { plan_lazy(); // adding a single zero-byte label test_nsec_next( "zero-byte label, apex", "\x7""example""\x3""com", "\x7""example""\x3""com", "\x01\x00""\x07""example""\x03""com" ); test_nsec_next( "zero-byte label, subdomain", "\x02""nx""\x7""example""\x3""com", "\x7""example""\x3""com", "\x01\x00""\x02""nx""\x07""example""\x03""com" ); test_nsec_next( "zero-byte label, binary", "\x02\xff\xff""\x7""example""\x3""com", "\x07""example""\x3""com", "\x01\x00""\x02\xff\xff""\x7""example""\x3""com" ); // zero byte label won't fit, increment #define APEX \ "\x05""bacon""\x05""salad" #define LONG_SUFFIX \ "\x2e""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \ "\x2e""iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii" \ "\x2e""mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm" \ "\x2e""qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" \ "\x2c""zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" \ APEX assert(sizeof(LONG_SUFFIX) == 245 + 1); test_nsec_next( "increment first label (simple)", "\x08""icecream" LONG_SUFFIX, APEX, "\x08""icecrean" LONG_SUFFIX ); test_nsec_next( "increment first label (binary)", "\x08""walrus\xff\xff" LONG_SUFFIX, APEX, "\x08""walrut\x00\x00" LONG_SUFFIX ); test_nsec_next( "increment first label (in place)", "\x07""lobster" LONG_SUFFIX, APEX, "\x07""lobstes" LONG_SUFFIX ); test_nsec_next( "increment first label (extend)", "\x07""\xff\xff\xff\xff\xff\xff\xff" LONG_SUFFIX, APEX, "\x08""\xff\xff\xff\xff\xff\xff\xff\x00" LONG_SUFFIX ); // name too long test_nsec_next( "name to long, strip label and increase next (simple)", "\x03""\xff\xff\xff""\x04""newt" LONG_SUFFIX, APEX, "\x04""newu" LONG_SUFFIX ); test_nsec_next( "name to long, strip label and increase next (binary)", "\x03""\xff\xff\xff""\x04""cc\xff\xff" LONG_SUFFIX, APEX, "\x04""cd\x00\x00" LONG_SUFFIX ); test_nsec_next( "name to long, strip label and increase next (extend)", "\x04""\xff\xff\xff\xff""\x03""\xff\xff\xff" LONG_SUFFIX, APEX, "\x04""\xff\xff\xff\x00" LONG_SUFFIX ); // label too long #define MAX_LABEL "\x3f" /* 63 */ \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" \ "\xff\xff\xff" assert(sizeof(MAX_LABEL) == 64 + 1); #define PAD_LABEL "\x28" /* 40 */ \ "iiiiiiiiiioooooooooottttttttttssssssssss" assert(sizeof(PAD_LABEL) == 41 + 1); test_nsec_next( "label too long, strip and increase next (simple)", MAX_LABEL "\x08""mandrill" MAX_LABEL MAX_LABEL PAD_LABEL APEX, APEX, "\x08""mandrilm" MAX_LABEL MAX_LABEL PAD_LABEL APEX ); test_nsec_next( "label too long, strip and increase next (extend)", MAX_LABEL "\x07""\xff\xff\xff\xff\xff\xff\xff" MAX_LABEL MAX_LABEL PAD_LABEL APEX, APEX, "\x08""\xff\xff\xff\xff\xff\xff\xff\x00" MAX_LABEL MAX_LABEL PAD_LABEL APEX ); test_nsec_next( "label too long, strip multiple", MAX_LABEL MAX_LABEL "\x08""flamingo" MAX_LABEL PAD_LABEL APEX, APEX, "\x08""flamingp" MAX_LABEL PAD_LABEL APEX ); test_nsec_next( "label too long, wrap around to apex", "\x31" /* 49 */ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff\xff" MAX_LABEL MAX_LABEL MAX_LABEL APEX, APEX, APEX ); return 0; }
int main(int argc, char *argv[]) { plan_lazy(); /* Random keys. */ srand(time(NULL)); unsigned key_count = 100000; char **keys = malloc(sizeof(char*) * key_count); for (unsigned i = 0; i < key_count; ++i) { keys[i] = str_key_rand(KEY_MAXLEN); } /* Sort random keys. */ str_key_sort(keys, key_count); /* Create trie */ value_t *val = NULL; hattrie_t *trie = hattrie_create(); ok(trie != NULL, "hattrie: create"); /* Insert keys */ bool passed = true; size_t inserted = 0; for (unsigned i = 0; i < key_count; ++i) { val = hattrie_get(trie, keys[i], strlen(keys[i]) + 1); if (!val) { passed = false; break; } if (*val == NULL) { *val = keys[i]; ++inserted; } } ok(passed, "hattrie: insert"); /* Check total insertions against trie weight. */ is_int(hattrie_weight(trie), inserted, "hattrie: trie weight matches insertions"); /* Build order-index. */ hattrie_build_index(trie); /* Lookup all keys */ passed = true; for (unsigned i = 0; i < key_count; ++i) { val = hattrie_tryget(trie, keys[i], strlen(keys[i]) + 1); if (val && (*val == keys[i] || strcmp(*val, keys[i]) == 0)) { continue; } else { diag("hattrie: mismatch on element '%u'", i); passed = false; break; } } ok(passed, "hattrie: lookup all keys"); /* Lesser or equal lookup. */ passed = true; for (unsigned i = 0; i < key_count; ++i) { if (!str_key_find_leq(trie, keys, i, key_count)) { passed = false; for (int off = -10; off < 10; ++off) { int k = (int)i + off; if (k < 0 || k >= key_count) { continue; } diag("[%u/%d]: %s%s", i, off, off == 0?">":"",keys[k]); } break; } } ok(passed, "hattrie: find lesser or equal for all keys"); /* Next lookup. */ passed = true; for (unsigned i = 0; i < key_count - 1 && passed; ++i) { value_t *val; hattrie_find_next(trie, keys[i], strlen(keys[i]), &val); passed = val && *val == (void *)keys[(i + 1)]; } ok(passed, "hattrie: find next for all keys"); /* Unsorted iteration */ size_t iterated = 0; hattrie_iter_t *it = hattrie_iter_begin(trie, false); while (!hattrie_iter_finished(it)) { ++iterated; hattrie_iter_next(it); } is_int(inserted, iterated, "hattrie: unsorted iteration"); hattrie_iter_free(it); /* Sorted iteration. */ char key_buf[KEY_MAXLEN] = {'\0'}; iterated = 0; it = hattrie_iter_begin(trie, true); while (!hattrie_iter_finished(it)) { size_t cur_key_len = 0; const char *cur_key = hattrie_iter_key(it, &cur_key_len); if (iterated > 0) { /* Only if previous exists. */ if (strcmp(key_buf, cur_key) > 0) { diag("'%s' <= '%s' FAIL\n", key_buf, cur_key); break; } } ++iterated; memcpy(key_buf, cur_key, cur_key_len); hattrie_iter_next(it); } is_int(inserted, iterated, "hattrie: sorted iteration"); hattrie_iter_free(it); /* Cleanup */ for (unsigned i = 0; i < key_count; ++i) { free(keys[i]); } free(keys); hattrie_free(trie); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; char *newpass, *date; struct passwd pwd; time_t now; /* Load the Kerberos principal and password from a file. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = krbconf->username; config.password = krbconf->password; config.extra[0] = krbconf->userprinc; /* * Ensure we can expire the password. Heimdal has a prompt for the * expiration time, so save that to use as a substitution in the script. */ now = time(NULL) - 1; if (!kerberos_expire_password(krbconf->userprinc, now)) skip_all("kadmin not configured or kadmin mismatch"); date = bstrdup(ctime(&now)); date[strlen(date) - 1] = '\0'; config.extra[1] = date; /* Generate a testing krb5.conf file. */ kerberos_generate_conf(krbconf->realm); /* Create a fake passwd struct for our user. */ memset(&pwd, 0, sizeof(pwd)); pwd.pw_name = krbconf->username; pwd.pw_uid = getuid(); pwd.pw_gid = getgid(); basprintf(&pwd.pw_dir, "%s/tmp", getenv("BUILD")); pam_set_pwd(&pwd); /* * We'll be changing the password to something new. This needs to be * sufficiently random that it's unlikely to fall afoul of password * strength checking. */ basprintf(&newpass, "ngh1,a%lu nn9af6", (unsigned long) getpid()); config.newpass = newpass; plan_lazy(); /* Default behavior. */ #ifdef HAVE_KRB5_HEIMDAL run_script("data/scripts/expired/basic-heimdal", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-debug", &config); #else run_script("data/scripts/expired/basic-mit", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-debug", &config); #endif /* Test again with PAM_SILENT, specified two ways. */ #ifdef HAVE_KRB5_HEIMDAL config.newpass = newpass; config.password = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-silent", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-heimdal-flag-silent", &config); #else config.newpass = newpass; config.password = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-silent", &config); config.newpass = krbconf->password; config.password = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/basic-mit-flag-silent", &config); #endif /* * We can only run the remaining checks if we can suppress the Kerberos * library behavior of prompting for a new password when the password has * expired. */ #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* Check the forced failure behavior. */ run_script("data/scripts/expired/fail", &config); run_script("data/scripts/expired/fail-debug", &config); /* Defer the error to the account management check. */ config.newpass = newpass; config.password = krbconf->password; config.authtok = krbconf->password; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/defer", &config); config.newpass = krbconf->password; config.password = newpass; config.authtok = newpass; kerberos_expire_password(krbconf->userprinc, now); run_script("data/scripts/expired/defer-debug", &config); #else /* !HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */ /* Mention that we skipped something for the record. */ skip_block(4, "cannot disable library password prompting"); #endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT */ /* In case we ran into some error, try to unexpire the password. */ kerberos_expire_password(krbconf->userprinc, 0); free(date); free(newpass); free(pwd.pw_dir); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; char *user; /* * Load the Kerberos principal and password from a file, but set the * principal as extra[0] and use something else bogus as the user. We * want to test that alt_auth_map works when there's no relationship * between the mapped principal and the user. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = "******"; config.authtok = krbconf->password; config.extra[0] = krbconf->username; config.extra[1] = krbconf->userprinc; /* * Generate a testing krb5.conf file with a nonexistent default realm so * that we can be sure that our principals will stay fully-qualified in * the logs. */ kerberos_generate_conf("bogus.example.com"); config.extra[2] = "bogus.example.com"; /* Test without password prompting. */ plan_lazy(); run_script("data/scripts/alt-auth/basic", &config); run_script("data/scripts/alt-auth/basic-debug", &config); run_script("data/scripts/alt-auth/fail", &config); run_script("data/scripts/alt-auth/fail-debug", &config); run_script("data/scripts/alt-auth/force", &config); run_script("data/scripts/alt-auth/only", &config); /* * If the alternate account exists but the password is incorrect, we * should not fall back to the regular account. Test with debug so that * we don't need two principals configured. */ config.authtok = "bogus incorrect password"; run_script("data/scripts/alt-auth/force-fail-debug", &config); /* * Switch to our correct user (but wrong realm) realm to test username * mapping to a different realm. */ config.authtok = krbconf->password; config.user = krbconf->username; config.extra[2] = krbconf->realm; run_script("data/scripts/alt-auth/username-map", &config); /* * Split the username into two parts, one in the PAM configuration and one * in the real username, so that we can test interpolation of the username * when %s isn't the first token. */ config.user = &krbconf->username[1]; user = bstrndup(krbconf->username, 1); config.extra[3] = user; run_script("data/scripts/alt-auth/username-map-prefix", &config); free(user); config.extra[3] = NULL; /* * Ensure that we don't add the realm of the authentication username when * the alt_auth_map already includes a realm. */ basprintf(&user, "*****@*****.**", krbconf->username); config.user = user; diag("re-running username-map with fully-qualified PAM user"); run_script("data/scripts/alt-auth/username-map", &config); free(user); config.user = krbconf->username; /* * Add the password and make the user match our authentication principal, * and then test fallback to normal authentication when alternative * authentication fails. */ config.user = krbconf->userprinc; config.password = krbconf->password; config.extra[2] = krbconf->realm; run_script("data/scripts/alt-auth/fallback", &config); run_script("data/scripts/alt-auth/fallback-debug", &config); run_script("data/scripts/alt-auth/fallback-realm", &config); run_script("data/scripts/alt-auth/force-fallback", &config); run_script("data/scripts/alt-auth/only-fail", &config); return 0; }
int main(int argc, char *argv[]) { plan_lazy(); dnssec_crypto_init(); // PKCS #11 initialization dnssec_keystore_t *store = NULL; int r = dnssec_keystore_init_pkcs11(&store); if (r == DNSSEC_NOT_IMPLEMENTED_ERROR) { skip_all("not supported"); goto done; } ok(r == DNSSEC_EOK && store, "dnssec_keystore_init_pkcs11()"); char *dso_name = libsofthsm_dso(); if (!dso_name) { skip_all("%s not found, set %s environment variable", SOFTHSM_DSO, ENV_SOFTHSM_DSO); goto done; } ok(dso_name != NULL, "find token DSO"); bool success = token_init(); if (!success) { skip_all("failed to configure and initialize the token"); goto done; } ok(success, "initialize the token"); char config[4096] = { 0 }; r = snprintf(config, sizeof(config), "pkcs11:token=%s;pin-value=%s %s", TOKEN_LABEL, TOKEN_PIN, dso_name); free(dso_name); ok(r > 0 && r < sizeof(config), "build configuration"); // key store access r = dnssec_keystore_init(store, config); ok(r == DNSSEC_NOT_IMPLEMENTED_ERROR, "dnssec_keystore_init(), not implemented"); r = dnssec_keystore_open(store, config); ok(r == DNSSEC_EOK, "dnssec_keystore_open()"); dnssec_list_t *keys = NULL; r = dnssec_keystore_list_keys(store, &keys); ok(r == DNSSEC_EOK && dnssec_list_size(keys) == 0, "dnssec_keystore_list_keys(), empty"); dnssec_list_free_full(keys, NULL, NULL); // key manipulation static const int KEYS_COUNT = 3; static const key_parameters_t *KEYS[] = { &SAMPLE_RSA_KEY, &SAMPLE_ECDSA_KEY, &SAMPLE_DSA_KEY, }; assert(KEYS_COUNT == sizeof(KEYS) / sizeof(*KEYS)); for (int i = 0; i < KEYS_COUNT; i++) { test_algorithm(store, KEYS[i]); } test_key_listing(store, KEYS, KEYS_COUNT); r = dnssec_keystore_close(store); ok(r == DNSSEC_EOK, "dnssec_keystore_close()"); done: dnssec_keystore_deinit(store); dnssec_crypto_cleanup(); token_cleanup(); return 0; }
int main(int argc, char *argv[]) { plan_lazy(); /* new list */ dnssec_list_t *list = dnssec_list_new(); ok(list != NULL, "create new list"); ok(dnssec_list_size(list) == 0, "new list has zero size"); ok(dnssec_list_is_empty(list), "new list is empty"); ok(dnssec_list_head(list) == NULL, "new list has no head"); ok(dnssec_list_tail(list) == NULL, "new list has no tail"); /* populate the list */ dnssec_list_append(list, (void *)7); dnssec_list_append(list, (void *)9); // 7, 9 dnssec_list_prepend(list, (void *)5); dnssec_list_prepend(list, (void *)2); // 2, 5, 7, 9 dnssec_item_t *head = dnssec_list_head(list); dnssec_list_insert_before(head, (void *)1); dnssec_list_insert_after(head, (void *)3); // 1, 2, 3, 5, 7, 9 dnssec_item_t *tail = dnssec_list_tail(list); dnssec_list_insert_before(tail, (void *)8); dnssec_list_insert_after(tail, (void *)10); // 1, 2, 3, 5, 7, 8, 9, 10 dnssec_item_t *item_5 = dnssec_list_nth(list, 3); dnssec_list_insert_before(item_5, (void *)4); dnssec_list_insert_after(item_5, (void *)6); // 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ok(dnssec_list_size(list) == 10, "populated list has expected size"); ok(!dnssec_list_is_empty(list), "populated list is non-empty"); // content iteration int sum = 0; int previous = 0; bool increasing = true; for (dnssec_item_t *i = dnssec_list_head(list); i; i = dnssec_list_next(list, i)) { int number = (int)(intptr_t)dnssec_item_get(i); sum += number; if (previous + 1 != number) { increasing = false; } previous = number; } ok(sum == 55, "all items are in the list"); ok(increasing, "append and prepend work"); // content lookup ok(dnssec_list_contains(list, (void *)7), "contains: positive"); ok(!dnssec_list_contains(list, (void *)17), "contains: negative"); ok(dnssec_list_search(list, (void *)3) == dnssec_list_nth(list, 2), "search: positive"); ok(dnssec_list_search(list, (void *)12) == NULL, "search: negative"); // item removal dnssec_list_remove(dnssec_list_head(list)); dnssec_list_remove(dnssec_list_tail(list)); dnssec_list_remove(dnssec_list_nth(list, 5)); ok(dnssec_list_size(list) == 7, "three items removed"); // full free counter = 0; dnssec_list_free_full(list, item_free, free_context); ok(counter == 7, "list full free"); // non-full free list = dnssec_list_new(); dnssec_list_append(list, NULL); ok(!dnssec_list_is_empty(list), "new list with one item"); counter = 0; dnssec_list_free(list); ok(counter == 0, "list non-full free"); return 0; }
int main(void) { struct script_config config; struct kerberos_config *krbconf; char *k5login; struct extra extra; struct passwd pwd; FILE *file; /* Load the Kerberos principal and password from a file. */ krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); memset(&config, 0, sizeof(config)); config.user = krbconf->username; extra.realm = krbconf->realm; config.authtok = krbconf->password; config.extra[0] = krbconf->userprinc; /* Generate a testing krb5.conf file. */ kerberos_generate_conf(krbconf->realm); /* Create a fake passwd struct for our user. */ memset(&pwd, 0, sizeof(pwd)); pwd.pw_name = krbconf->username; pwd.pw_uid = getuid(); pwd.pw_gid = getgid(); basprintf(&pwd.pw_dir, "%s/tmp", getenv("BUILD")); pam_set_pwd(&pwd); plan_lazy(); /* Basic test. */ run_script("data/scripts/cache/basic", &config); /* Check the cache status before the session is closed. */ config.callback = check_cache; config.data = &extra; run_script("data/scripts/cache/open-session", &config); /* Change the authenticating user and test search_k5login. */ pwd.pw_name = (char *) "testuser"; config.user = "******"; basprintf(&k5login, "%s/.k5login", pwd.pw_dir); file = fopen(k5login, "w"); if (file == NULL) sysbail("cannot create %s", k5login); if (fprintf(file, "%s\n", krbconf->userprinc) < 0) sysbail("cannot write to %s", k5login); if (fclose(file) < 0) sysbail("cannot flush %s", k5login); run_script("data/scripts/cache/search-k5login", &config); config.callback = NULL; run_script("data/scripts/cache/search-k5login-debug", &config); unlink(k5login); free(k5login); /* Test search_k5login when no .k5login file exists. */ pwd.pw_name = krbconf->username; config.user = krbconf->username; diag("testing search_k5login with no .k5login file"); run_script("data/scripts/cache/search-k5login", &config); free(pwd.pw_dir); return 0; }
int main(void) { plan_lazy(); wire_ctx_t wire = { 0 }; dnssec_binary_t buffer = { .size = 20, .data = (uint8_t []) { 0xc8, 0x25, 0x19, 0x3c, 0x96, 0xe6, 0x59, 0xf7, 0x2b, 0x94, 0x83, 0xb3, 0x3e, 0x6f, 0xb9, 0x01, 0xe2, 0x91, 0xa8, 0xa9, } }; wire = wire_init(buffer.data + 10, 10); ok(wire_read_u8(&wire) == 0x83, "wire_init()"); wire = wire_init_binary(&buffer); ok(wire_read_u8(&wire) == 0xc8, "wire_init_binary()"); // read operations wire_seek(&wire, 5); ok(wire_read_u8(&wire) == 0xe6, "wire_seek() forward"); wire_seek(&wire, 3); ok(wire_read_u8(&wire) == 0x3c, "wire_seek() backward"); wire_seek(&wire, 10); ok(wire_read_u8(&wire) == 0x83, "wire_read_u8()"); ok(wire_read_u16(&wire) == 45886, "wire_read_u16()"); ok(wire_tell(&wire) == 13, "wire_tell()"); ok(wire_available(&wire) == 7, "wire_available()"); dnssec_binary_t ref = { 0 }; wire_available_binary(&wire, &ref); ok(ref.data == buffer.data + 13 && ref.size == 7, "wire_available_binary()"); uint8_t in[6] = { 0 }; wire_seek(&wire, 4); wire_read(&wire, in, 6); ok(memcmp(in, buffer.data + 4, 6) == 0 && wire_tell(&wire) == 10, "wire_read()"); // write operations wire_seek(&wire, 0); wire_write_u8(&wire, 0x42); ok(buffer.data[0] == 0x42 && wire_tell(&wire) == 1, "wire_write_u8()"); wire_write_u16(&wire, 44513); ok(memcmp(buffer.data + 1, "\xad\xe1", 2) == 0 && wire_tell(&wire) == 3, "wire_write_u16()"); wire_seek(&wire, 12); const uint8_t out[7] = { 0xc0, 0x1d, 0xca, 0xfe, 0xde, 0xad, 0xbe }; wire_write(&wire, out, 7); ok(memcmp(buffer.data + 12, out, 7) == 0 && wire_tell(&wire) == 19, "wire_write()"); dnssec_binary_t bignum = { .data = (uint8_t *)out, .size = 4 }; const uint8_t expect[8] = { 0x00, 0x00, 0x00, 0x00, 0xc0, 0x1d, 0xca, 0xfe }; wire_seek(&wire, 2); wire_write_bignum(&wire, 8, &bignum); ok(memcmp(buffer.data + 2, expect, 8) == 0 && wire_tell(&wire) == 10, "wire_write_ralign()"); return 0; }
int main(void) { plan_lazy(); { uint8_t der[] = { 0x30,0x08, 0x02,0x02,0x1a,0x2b, 0x02,0x02,0x3c,0x4d }; uint8_t r[] = { 0x1a, 0x2b }; uint8_t s[] = { 0x3c, 0x4d }; DECODE_OK(der, r, s, "simple without MSB"); } { uint8_t der[] = { 0x30,0x08, 0x02,0x02,0xff,0xff, 0x02,0x02,0x80,0x00 }; uint8_t r[] = { 0xff, 0xff }; uint8_t s[] = { 0x80, 0x00 }; DECODE_OK(der, r, s, "simple with MSB"); } { uint8_t der[] = { 0x30,0x09, 0x02,0x04,0x00,0x00,0x00,0xfa, 0x02,0x01,0x07 }; uint8_t r[] = { 0xfa }; uint8_t s[] = { 0x07 }; DECODE_OK(der, r, s, "leading zeros"); } { uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x00, 0x02,0x02,0x00,0x00 }; uint8_t r[] = { 0x00 }; uint8_t s[] = { 0x00 }; DECODE_OK(der, r, s, "zero values" ); } { uint8_t der[] = { }; DECODE_FAIL(der, "empty input"); } { uint8_t der[] = { 0x30,0x04, 0x02,0x01,0x01 }; DECODE_FAIL(der, "partial sequence"); } { uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x01, 0x02,0x02,0x01 }; DECODE_FAIL(der, "partial integer"); } { uint8_t der[] = { 0x30,0x00 }; DECODE_FAIL(der, "zero-length sequence"); } { uint8_t der[] = { 0x30,0x05, 0x02,0x01,0xff, 0x02,0x00 }; DECODE_FAIL(der, "zero-length integer"); } { uint8_t der[] = { 0x30,0x84, 0x02,0x40,ONE_64_TIMES, 0x02,0x40,ONE_64_TIMES }; DECODE_FAIL(der, "unsupported size"); } { uint8_t r[] = { 0x01, }; uint8_t s[] = { 0x02,0x03 }; uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x01, 0x02,0x02,0x02,0x03 }; ENCODE_OK(r, s, der, "simple"); } { uint8_t r[] = { 0x00,0x01, }; uint8_t s[] = { 0x00,0x00,0x02,0x03 }; uint8_t der[] = { 0x30,0x07, 0x02,0x01,0x01, 0x02,0x02,0x02,0x03 }; ENCODE_OK(r, s, der, "unnecessary leading zeros"); } { uint8_t r[] = { 0x00,0x8f }; uint8_t s[] = { 0x00,0x00,0xff }; uint8_t der[] = { 0x30,0x08, 0x02,0x02,0x00,0x8f, 0x02,0x02,0x00,0xff }; ENCODE_OK(r, s, der, "required zero not removed"); } { uint8_t r[] = { 0x8c }; uint8_t s[] = { 0xff,0xee }; uint8_t der[] = { 0x30,0x09, 0x02,0x02,0x00,0x8c, 0x02,0x03,0x00,0xff,0xee }; ENCODE_OK(r, s, der, "implicitly added zero"); } { uint8_t r[] = { 0x00 }; uint8_t s[] = { 0x00,0x00 }; uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x00, 0x02,0x01,0x00 }; ENCODE_OK(r, s, der, "zero"); } { uint8_t r[] = { 0x01 }; uint8_t s[] = { }; uint8_t der[] = { 0x30,0x06, 0x02,0x01,0x01, 0x02,0x01,0x00 }; ENCODE_OK(r, s, der, "zero-length input"); } { uint8_t r[] = { ONE_128_TIMES }; uint8_t s[] = { 0x01 }; ENCODE_FAIL(r, s, "input too long"); } { uint8_t r[] = { ONE_64_TIMES }; uint8_t s[] = { ONE_64_TIMES }; ENCODE_FAIL(r, s, "result too long"); } return 0; }