Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
krb5.33398
0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X....
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X.patch of Package krb5.33398
From e647e47ab7117bacb2910e1e86944e2bf75d378e Mon Sep 17 00:00:00 2001 From: Greg Hudson <ghudson@mit.edu> Date: Sat, 30 May 2015 13:05:52 -0400 Subject: [PATCH 2/3] Add tests for GSS_KRB5_CRED_NO_CI_FLAGS_X ticket: 6938 (cherry picked from commit c1887eda950dfd84696f4f9bab9098f0bf1fd3c0) --- src/tests/gssapi/Makefile.in | 33 ++++++------ src/tests/gssapi/t_ciflags.c | 122 +++++++++++++++++++++++++++++++++++++++++++ src/tests/gssapi/t_gssapi.py | 3 ++ 4 files changed, 144 insertions(+), 15 deletions(-) create mode 100644 src/tests/gssapi/t_ciflags.c diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in index 966ad522b..2937ff7b9 100644 --- a/src/tests/gssapi/Makefile.in +++ b/src/tests/gssapi/Makefile.in @@ -3,34 +3,34 @@ BUILDTOP=$(REL)..$(S).. DEFINES = -DUSE_AUTOCONF_H SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \ - $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_credstore.c \ - $(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \ - $(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \ - $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_inq_cred.c \ - $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \ - $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c $(srcdir)/t_pcontok.c \ + $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c \ + $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c $(srcdir)/t_err.c \ + $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \ + $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \ + $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \ + $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c $(srcdir)/t_pcontok.c \ $(srcdir)/t_s4u.c $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \ $(srcdir)/t_spnego.c -OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_ccselect.o t_credstore.o \ - t_enctypes.o t_err.o t_export_cred.o t_export_name.o t_gssexts.o \ - t_imp_cred.o t_imp_name.o t_inq_cred.o t_inq_mechs_name.o t_iov.o \ - t_namingexts.o t_oid.o t_pcontok.o t_s4u.o t_s4u2proxy_krb5.o \ +OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_ccselect.o t_ciflags.o \ + t_credstore.o t_enctypes.o t_err.o t_export_cred.o t_export_name.o \ + t_gssexts.o t_imp_cred.o t_imp_name.o t_inq_cred.o t_inq_mechs_name.o \ + t_iov.o t_namingexts.o t_oid.o t_pcontok.o t_s4u.o t_s4u2proxy_krb5.o \ t_saslname.o t_spnego.o COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS) -all:: ccinit ccrefresh t_accname t_ccselect t_credstore t_enctypes t_err \ - t_export_cred t_export_name t_gssexts t_imp_cred t_imp_name \ +all:: ccinit ccrefresh t_accname t_ccselect t_ciflags t_credstore t_enctypes \ + t_err t_export_cred t_export_name t_gssexts t_imp_cred t_imp_name \ t_inq_cred t_inq_mechs_name t_iov t_namingexts t_oid t_pcontok t_s4u \ t_s4u2proxy_krb5 t_saslname t_spnego check-unix:: t_oid $(RUN_SETUP) $(VALGRIND) ./t_oid -check-pytests:: ccinit ccrefresh t_accname t_ccselect t_credstore t_enctypes \ - t_err t_export_cred t_export_name t_imp_cred t_inq_cred \ +check-pytests:: ccinit ccrefresh t_accname t_ccselect t_ciflags t_credstore \ + t_enctypes t_err t_export_cred t_export_name t_imp_cred t_inq_cred \ t_inq_mechs_name t_iov t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS) @@ -47,6 +47,8 @@ t_accname: t_accname.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS) t_ccselect: t_ccselect.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS) +t_ciflags: t_ciflags.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_ciflags.o $(COMMON_LIBS) t_credstore: t_credstore.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_credstore.o $(COMMON_LIBS) t_enctypes: t_enctypes.o $(COMMON_DEPS) @@ -85,7 +87,8 @@ t_spnego: t_spnego.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_spnego.o $(COMMON_LIBS) clean:: - $(RM) ccinit ccrefresh t_accname t_ccselect t_credstore t_enctypes + $(RM) ccinit ccrefresh t_accname t_ccselect t_ciflags t_credstore + $(RM) t_enctypes $(RM) t_err t_export_cred t_export_name t_gssexts t_imp_cred t_imp_name $(RM) t_inq_cred t_inq_mechs_name t_iov t_namingexts t_oid t_pcontok $(RM) t_s4u t_s4u2proxy_krb5 t_saslname t_spnego diff --git a/src/tests/gssapi/t_ciflags.c b/src/tests/gssapi/t_ciflags.c new file mode 100644 index 000000000..6627b7b96 --- /dev/null +++ b/src/tests/gssapi/t_ciflags.c @@ -0,0 +1,122 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* tests/gssapi/t_ciflags.c - GSS_KRB5_CRED_NO_CI_FLAGS_X tests */ +/* + * Copyright (C) 2015 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> + +#include "common.h" + +static void +flagtest(gss_OID mech, gss_cred_id_t icred, gss_name_t tname, + OM_uint32 inflags, OM_uint32 expflags) +{ + gss_ctx_id_t ictx, actx; + OM_uint32 major, minor, flags; + + establish_contexts(mech, icred, GSS_C_NO_CREDENTIAL, tname, inflags, &ictx, + &actx, NULL, NULL, NULL); + + major = gss_inquire_context(&minor, actx, NULL, NULL, NULL, NULL, &flags, + NULL, NULL); + check_gsserr("gss_inquire_context", major, minor); + assert(flags == expflags); + + (void)gss_delete_sec_context(&minor, &ictx, NULL); + (void)gss_delete_sec_context(&minor, &actx, NULL); +} + +int +main(int argc, char *argv[]) +{ + OM_uint32 minor, major; + gss_cred_id_t icred; + gss_name_t tname; + gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER; + + if (argc != 2) { + fprintf(stderr, "Usage: %s targetname\n", argv[0]); + return 1; + } + tname = import_name(argv[1]); + + /* With no flags, the initiator asserts conf, integ, trans */ + flagtest(&mech_krb5, GSS_C_NO_CREDENTIAL, tname, 0, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + flagtest(&mech_spnego, GSS_C_NO_CREDENTIAL, tname, 0, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + + /* The initiator also asserts most flags specified by the caller. */ + flagtest(&mech_krb5, GSS_C_NO_CREDENTIAL, tname, GSS_C_SEQUENCE_FLAG, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG | + GSS_C_SEQUENCE_FLAG); + flagtest(&mech_spnego, GSS_C_NO_CREDENTIAL, tname, GSS_C_SEQUENCE_FLAG, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG | + GSS_C_SEQUENCE_FLAG); + + /* Get a normal initiator cred and re-test with no flags. */ + major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, GSS_C_INITIATE, &icred, NULL, + NULL); + check_gsserr("gss_acquire_cred", major, minor); + flagtest(&mech_krb5, icred, tname, 0, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + + /* Suppress confidentiality and integrity flags on the initiator cred and + * check that they are suppressed, but can still be asserted explicitly. */ + major = gss_set_cred_option(&minor, &icred, + (gss_OID)GSS_KRB5_CRED_NO_CI_FLAGS_X, + &empty_buffer); + check_gsserr("gss_set_cred_option", major, minor); + flagtest(&mech_krb5, icred, tname, 0, GSS_C_TRANS_FLAG); + flagtest(&mech_krb5, icred, tname, GSS_C_CONF_FLAG, + GSS_C_CONF_FLAG | GSS_C_TRANS_FLAG); + flagtest(&mech_krb5, icred, tname, GSS_C_INTEG_FLAG, + GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + flagtest(&mech_krb5, icred, tname, GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + + /* Currently we cannot suppress the integ flag through SPNEGO, since SPNEGO + * always requests integrity from the underlying mech. */ + flagtest(&mech_spnego, icred, tname, 0, + GSS_C_TRANS_FLAG | GSS_C_INTEG_FLAG); + flagtest(&mech_spnego, icred, tname, GSS_C_INTEG_FLAG, + GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + flagtest(&mech_spnego, icred, tname, GSS_C_CONF_FLAG, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + flagtest(&mech_spnego, icred, tname, GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG, + GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG); + + (void)gss_release_name(&minor, &tname); + (void)gss_release_cred(&minor, &icred); + return 0; +} diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index 80ff5c472..0690f73c6 100755 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -204,4 +204,7 @@ if krb5_mech not in out or spnego_mech not in out: # init_sec_context can interpret it. realm.run(['./t_err', 'p:' + realm.host_princ]) +# Test the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option. +realm.run(['./t_ciflags', 'p:' + realm.host_princ]) + success('GSSAPI tests') -- 2.16.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor