diff options
| author | Russ Allbery <eagle@eyrie.org> | 2014-07-16 13:46:50 -0700 | 
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2014-07-16 13:46:50 -0700 | 
| commit | 1796d631f0846ec98cd286bc4284898a7300ee78 (patch) | |
| tree | 6fd42de6dc858ef06c6d270410c32ec61f39e593 /perl/t | |
| parent | f5194217566a6f4cdeffbae551153feb1412210d (diff) | |
| parent | 6409733ee3b7b1910dc1c166a392cc628834146c (diff) | |
Merge tag 'upstream/1.1' into debian
Upstream version 1.1
Conflicts:
	NEWS
	README
	client/keytab.c
	perl/lib/Wallet/ACL.pm
	perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
	perl/t/general/admin.t
	perl/t/verifier/ldap-attr.t
Change-Id: I1a1dc09b97c9258e61f1c8877d0837193c8ae2c6
Diffstat (limited to 'perl/t')
| -rw-r--r-- | perl/t/data/duo/integration.json | 11 | ||||
| -rw-r--r-- | perl/t/data/duo/keys.json | 5 | ||||
| -rw-r--r-- | perl/t/data/perl.conf | 7 | ||||
| -rwxr-xr-x | perl/t/docs/pod-spelling.t | 66 | ||||
| -rwxr-xr-x | perl/t/docs/pod.t | 65 | ||||
| -rwxr-xr-x | perl/t/general/acl.t (renamed from perl/t/acl.t) | 22 | ||||
| -rwxr-xr-x | perl/t/general/admin.t (renamed from perl/t/admin.t) | 35 | ||||
| -rwxr-xr-x | perl/t/general/config.t (renamed from perl/t/config.t) | 9 | ||||
| -rwxr-xr-x | perl/t/general/init.t (renamed from perl/t/init.t) | 13 | ||||
| -rwxr-xr-x | perl/t/general/report.t (renamed from perl/t/report.t) | 15 | ||||
| -rwxr-xr-x | perl/t/general/server.t (renamed from perl/t/server.t) | 53 | ||||
| -rw-r--r-- | perl/t/lib/Util.pm | 5 | ||||
| -rwxr-xr-x | perl/t/object/base.t (renamed from perl/t/object.t) | 25 | ||||
| -rwxr-xr-x | perl/t/object/duo.t | 157 | ||||
| -rwxr-xr-x | perl/t/object/file.t (renamed from perl/t/file.t) | 15 | ||||
| -rwxr-xr-x | perl/t/object/keytab.t (renamed from perl/t/keytab.t) | 42 | ||||
| -rwxr-xr-x | perl/t/object/wa-keyring.t (renamed from perl/t/wa-keyring.t) | 9 | ||||
| -rwxr-xr-x | perl/t/pod-spelling.t | 74 | ||||
| -rwxr-xr-x | perl/t/pod.t | 15 | ||||
| -rwxr-xr-x | perl/t/policy/stanford.t (renamed from perl/t/stanford-naming.t) | 15 | ||||
| -rwxr-xr-x | perl/t/style/minimum-version.t | 47 | ||||
| -rwxr-xr-x | perl/t/style/strict.t | 56 | ||||
| -rwxr-xr-x | perl/t/util/kadmin.t (renamed from perl/t/kadmin.t) | 8 | ||||
| -rwxr-xr-x | perl/t/verifier/basic.t (renamed from perl/t/verifier.t) | 23 | ||||
| -rwxr-xr-x | perl/t/verifier/ldap-attr.t (renamed from perl/t/verifier-ldap-attr.t) | 7 | ||||
| -rwxr-xr-x | perl/t/verifier/netdb.t (renamed from perl/t/verifier-netdb.t) | 18 | 
26 files changed, 601 insertions, 216 deletions
| diff --git a/perl/t/data/duo/integration.json b/perl/t/data/duo/integration.json new file mode 100644 index 0000000..6e569d6 --- /dev/null +++ b/perl/t/data/duo/integration.json @@ -0,0 +1,11 @@ +{ +    "enroll_policy": "enroll", +    "greeting": "", +    "groups_allowed": [], +    "integration_key": "DIRWIH0ZZPV4G88B37VQ", +    "name": "Integration for UNIX PAM", +    "notes": "", +    "secret_key": "QO4ZLqQVRIOZYkHfdPDORfcNf8LeXIbCWwHazY7o", +    "type": "unix", +    "visual_style": "default" +} diff --git a/perl/t/data/duo/keys.json b/perl/t/data/duo/keys.json new file mode 100644 index 0000000..0de11ff --- /dev/null +++ b/perl/t/data/duo/keys.json @@ -0,0 +1,5 @@ +{ +    "integration_key": "VWFQIFMA9E79ZFG0ABIQ", +    "secret_key": "BAbja87NB8AmzlgalGAm09abNqpGZVva985al1zF", +    "api_hostname": "example-admin.duosecurity.com" +} diff --git a/perl/t/data/perl.conf b/perl/t/data/perl.conf new file mode 100644 index 0000000..ca05568 --- /dev/null +++ b/perl/t/data/perl.conf @@ -0,0 +1,7 @@ +# Configuration for Perl tests.  -*- perl -*- + +# Default minimum version requirement. +$MINIMUM_VERSION = '5.008'; + +# File must end with this line. +1; diff --git a/perl/t/docs/pod-spelling.t b/perl/t/docs/pod-spelling.t new file mode 100755 index 0000000..6debd42 --- /dev/null +++ b/perl/t/docs/pod-spelling.t @@ -0,0 +1,66 @@ +#!/usr/bin/perl +# +# Check for spelling errors in POD documentation. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2013, 2014 +#     The Board of Trustees of the Leland Stanford Junior University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. + +use 5.006; +use strict; +use warnings; + +use lib 't/lib'; + +use Test::More; +use Test::RRA qw(skip_unless_author use_prereq); + +# Only run this test for the module author since the required stopwords are +# too sensitive to the exact spell-checking program and dictionary. +skip_unless_author('Spelling tests'); + +# Load prerequisite modules. +use_prereq('Test::Spelling'); + +# Check all POD in the Perl distribution.  Add the examples directory if it +# exists.  Also add any files in usr/bin or usr/sbin, which are widely used in +# Stanford-internal packages. +my @files = all_pod_files(); +if (-d 'examples') { +    push(@files, all_pod_files('examples')); +} +for my $dir (qw(usr/bin usr/sbin)) { +    if (-d $dir) { +        push(@files, glob("$dir/*")); +    } +} + +# We now have a list of all files to check, so output a plan and run the +# tests.  We can't use all_pod_files_spelling_ok because it refuses to check +# non-Perl files and Stanford-internal packages have a lot of shell scripts +# with POD documentation. +plan tests => scalar(@files); +for my $file (@files) { +    pod_file_spelling_ok($file); +} diff --git a/perl/t/docs/pod.t b/perl/t/docs/pod.t new file mode 100755 index 0000000..674ce30 --- /dev/null +++ b/perl/t/docs/pod.t @@ -0,0 +1,65 @@ +#!/usr/bin/perl +# +# Check all POD documents for POD formatting errors. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2012, 2013, 2014 +#     The Board of Trustees of the Leland Stanford Junior University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. + +use 5.006; +use strict; +use warnings; + +use lib 't/lib'; + +use Test::More; +use Test::RRA qw(skip_unless_automated use_prereq); + +# Skip this test for normal user installs, although pod2man may still fail. +skip_unless_automated('POD syntax tests'); + +# Load prerequisite modules. +use_prereq('Test::Pod'); + +# Check all POD in the Perl distribution.  Add the examples directory if it +# exists.  Also add any files in usr/bin or usr/sbin, which are widely used in +# Stanford-internal packages. +my @files = all_pod_files(); +if (-d 'examples') { +    push(@files, all_pod_files('examples')); +} +for my $dir (qw(usr/bin usr/sbin)) { +    if (-d $dir) { +        push(@files, glob("$dir/*")); +    } +} + +# We now have a list of all files to check, so output a plan and run the +# tests.  We can't use all_pod_files_ok because it refuses to check non-Perl +# files and Stanford-internal packages have a lot of shell scripts with POD +# documentation. +plan tests => scalar(@files); +for my $file (@files) { +    pod_file_ok($file); +} diff --git a/perl/t/acl.t b/perl/t/general/acl.t index 26b4903..1dd5c53 100755 --- a/perl/t/acl.t +++ b/perl/t/general/acl.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the wallet ACL API.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use POSIX qw(strftime);  use Test::More tests => 101; @@ -60,7 +63,7 @@ ok ($acl->isa ('Wallet::ACL'), ' and the right class');  is ($acl->name, 'test', ' and the right name');  # Test rename. -if ($acl->rename ('example')) { +if ($acl->rename ('example', @trace)) {      ok (1, 'Renaming the ACL');  } else {      is ($acl->error, '', 'Renaming the ACL'); @@ -80,7 +83,8 @@ ok (defined ($acl), ' and it can still found by ID');  is ($@, '', ' with no exceptions');  is ($acl->name, 'example', ' and the right name');  is ($acl->id, 2, ' and the right ID'); -ok (! $acl->rename ('ADMIN'), ' but renaming to an existing name fails'); +ok (! $acl->rename ('ADMIN', @trace), +    ' but renaming to an existing name fails');  like ($acl->error, qr/^cannot rename ACL 2 to ADMIN: /,        ' with the right error'); @@ -192,6 +196,8 @@ my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);  my $history = <<"EOO";  $date  create      by $admin from $host +$date  rename from test +    by $admin from $host  $date  add krb5 $user1      by $admin from $host  $date  add krb5 $user2 @@ -223,8 +229,10 @@ $acl = eval { Wallet::ACL->create ('example', $schema, @trace) };  ok (defined ($acl), ' and creating another with the same name works');  is ($@, '', ' with no exceptions');  is ($acl->name, 'example', ' and the right name'); -is ($acl->id, 3, ' and a new ID'); +like ($acl->id, qr{\A[23]\z}, ' and an ID of 2 or 3');  # Clean up.  $setup->destroy; -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/admin.t b/perl/t/general/admin.t index 740c79e..7c62932 100755 --- a/perl/t/admin.t +++ b/perl/t/general/admin.t @@ -2,13 +2,16 @@  #  # Tests for wallet administrative interface.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008, 2009, 2010, 2011, 2013 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2008, 2009, 2010, 2011, 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. -use Test::More tests => 24; +use strict; +use warnings; + +use Test::More tests => 26;  use Wallet::Admin;  use Wallet::Report; @@ -44,7 +47,7 @@ is ($admin->register_object ('base', 'Wallet::Object::Base'), 1,      'Registering Wallet::Object::Base works');  is ($admin->register_object ('base', 'Wallet::Object::Base'), undef,      ' and cannot be registered twice'); -$server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') }; +my $server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };  is ($@, '', 'Creating a server instance did not die');  is ($server->create ('base', 'service/admin'), 1,      ' and creating base:service/admin succeeds'); @@ -61,7 +64,6 @@ is ($server->acl_add ('ADMIN', 'base', 'foo'), 1,  $Wallet::Schema::VERSION = '0.07';  is ($admin->reinitialize ('admin@EXAMPLE.COM'), 1,      ' and re-initialization succeeds'); -$Wallet::Schema::VERSION = '0.08';  # Test an upgrade.  Reinitialize to an older version, then test upgrade to the  # current version. @@ -73,20 +75,35 @@ SKIP: {      # Delete all tables and then redump them straight from the SQL file to      # avoid getting the version table.      unlink 'wallet-db'; -    $admin = eval { Wallet::Admin->new };      my $status = system ('sqlite3', 'wallet-db',                           '.read sql/Wallet-Schema-0.07-SQLite.sql');      is ($status, 0, 'Reinstalling database from non-versioned SQL succeds'); + +    # Upgrade to 0.08. +    $Wallet::Schema::VERSION = '0.08'; +    $admin = eval { Wallet::Admin->new };      my $retval = $admin->upgrade; -    is ($retval, 1, ' and performing an upgrade succeeds'); +    is ($retval, 1, ' and performing an upgrade to 0.08 succeeds');      my $sql = "select version from dbix_class_schema_versions order by"        . " version DESC"; -    $version = $admin->dbh->selectall_arrayref ($sql); +    my $version = $admin->dbh->selectall_arrayref ($sql);      is (@$version, 2, ' and versions table has correct number of rows');      is (@{ $version->[0] }, 1, ' and correct number of columns');      is ($version->[0][0], '0.08', ' and the schema version is correct'); + +    # Upgrade to 0.09. +    $Wallet::Schema::VERSION = '0.09'; +    $admin = eval { Wallet::Admin->new }; +    $retval = $admin->upgrade; +    is ($retval, 1, ' and performing an upgrade to 0.09 succeeds'); +    $sql = "select version from dbix_class_schema_versions order by" +      . " version DESC"; +    $version = $admin->dbh->selectall_arrayref ($sql); +    is ($version->[0][0], '0.09', ' and the schema version is correct');  }  # Clean up.  is ($admin->destroy, 1, 'Destruction succeeds'); -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/config.t b/perl/t/general/config.t index 543e5d6..bc200de 100755 --- a/perl/t/config.t +++ b/perl/t/general/config.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the wallet server configuration.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008, 2010 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2008, 2010, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More tests => 6;  # Silence warnings since we're not using use. diff --git a/perl/t/init.t b/perl/t/general/init.t index 142f54c..58b9a4c 100755 --- a/perl/t/init.t +++ b/perl/t/general/init.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for database initialization.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More tests => 18;  use Wallet::ACL; @@ -53,4 +56,6 @@ is ($admin->destroy, 1, 'Destroying the database works');  $acl = eval { Wallet::ACL->new ('ADMIN', $admin->schema) };  like ($@, qr/^cannot search for ACL ADMIN: /,        ' and now the database is gone'); -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/report.t b/perl/t/general/report.t index a6b85df..8d348ed 100755 --- a/perl/t/report.t +++ b/perl/t/general/report.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the wallet reporting interface.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008, 2009, 2010 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2008, 2009, 2010, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More tests => 197;  use Wallet::Admin; @@ -39,7 +42,7 @@ is ($acls[0][0], 1, ' and that is ACL ID 1');  is ($acls[0][1], 'ADMIN', ' with the right name');  # Create an object. -$server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') }; +my $server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };  is ($@, '', 'Creating a server instance did not die');  is ($server->create ('base', 'service/admin'), 1,      ' and creating base:service/admin succeeds'); @@ -324,5 +327,7 @@ is ($report->error, undef, ' and no error');  # Clean up.  $admin->destroy; -unlink 'wallet-db';  system ('rm -r test-files') == 0 or die "cannot remove test-files\n"; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/server.t b/perl/t/general/server.t index 4afda51..b270733 100755 --- a/perl/t/server.t +++ b/perl/t/general/server.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the wallet server API.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2010, 2011, 2012, 2013 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2010, 2011, 2012, 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More tests => 382;  use POSIX qw(strftime); @@ -33,7 +36,7 @@ is ($@, '', 'Database initialization did not die');  is ($setup->reinitialize ($admin), 1, 'Database initialization succeeded');  # Now test the new method. -$server = eval { Wallet::Server->new (@trace) }; +my $server = eval { Wallet::Server->new (@trace) };  is ($@, '', 'Reopening with new did not die');  ok ($server->isa ('Wallet::Server'), ' and returned the right class');  my $schema = $server->schema; @@ -51,18 +54,8 @@ is ($server->acl_show ('ADMIN'),  is ($server->acl_show (1),      "Members of ACL ADMIN (id: 1) are:\n  krb5 $admin\n",      ' including by number'); -my $history = <<"EOO"; -DATE  create -    by $admin from $host -DATE  add krb5 $admin -    by $admin from $host -EOO -my $result = $server->acl_history ('ADMIN'); -$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; -is ($result, $history, ' and displaying history works'); -$result = $server->acl_history (1); -$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; -is ($result, $history, ' including by number'); +is ($server->acl_history ('ADMIN'), '', ' and initial history is empty'); +is ($server->acl_history (1), '', ' including by number');  is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name');  is ($server->error, 'ACL name may not be all numbers',      ' and returns the right error'); @@ -79,14 +72,14 @@ like ($server->error, qr/^cannot create ACL ADMIN: /,        ' and returns a good error');  is ($server->acl_create ('user2'), 1, 'Create another ACL');  is ($server->acl_create ('both'), 1, ' and one for both users'); -is ($server->acl_create ('test'), 1, ' and an empty one'); -is ($server->acl_create ('test2'), 1, ' and another test one'); +is ($server->acl_create ('test2'), 1, ' and an empty one'); +is ($server->acl_create ('test'), 1, ' and another test one');  is ($server->acl_rename ('empty', 'test'), undef,      'Cannot rename nonexistent ACL');  is ($server->error, 'ACL empty not found', ' and returns the right error');  is ($server->acl_rename ('test', 'test2'), undef,      ' and cannot rename to an existing name'); -like ($server->error, qr/^cannot rename ACL 5 to test2: /, +like ($server->error, qr/^cannot rename ACL 6 to test2: /,        ' and returns the right error');  is ($server->acl_rename ('test', 'empty'), 1, 'Renaming does work');  is ($server->acl_rename ('test', 'empty'), undef, ' but not twice'); @@ -114,7 +107,7 @@ is ($server->acl_add ('both', 'krb5', $user2), 1,  is ($server->acl_show ('both'),      "Members of ACL both (id: 4) are:\n  krb5 $user1\n  krb5 $user2\n",      ' and show returns the correct result'); -$history = <<"EOO"; +my $history = <<"EOO";  DATE  create      by $admin from $host  DATE  add krb5 $user1 @@ -122,7 +115,7 @@ DATE  add krb5 $user1  DATE  add krb5 $user2      by $admin from $host  EOO -$result = $server->acl_history ('both'); +my $result = $server->acl_history ('both');  $result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;  is ($result, $history, ' as does history');  is ($server->acl_add ('empty', 'krb5', $user1), 1, ' and another to empty'); @@ -135,19 +128,19 @@ is ($server->error, 'ACL test not found', ' and returns the right error');  is ($server->acl_remove ('empty', 'krb5', $user2), undef,      ' and removing an entry not there fails');  is ($server->error, -    "cannot remove krb5:$user2 from 5: entry not found in ACL", +    "cannot remove krb5:$user2 from 6: entry not found in ACL",      ' and returns the right error');  is ($server->acl_show ('empty'), -    "Members of ACL empty (id: 5) are:\n  krb5 $user1\n", +    "Members of ACL empty (id: 6) are:\n  krb5 $user1\n",      ' and show returns the correct status');  is ($server->acl_remove ('empty', 'krb5', $user1), 1,      ' but removing a good one works');  is ($server->acl_remove ('empty', 'krb5', $user1), undef,      ' but does not work twice');  is ($server->error, -    "cannot remove krb5:$user1 from 5: entry not found in ACL", +    "cannot remove krb5:$user1 from 6: entry not found in ACL",      ' and returns the right error'); -is ($server->acl_show ('empty'), "Members of ACL empty (id: 5) are:\n", +is ($server->acl_show ('empty'), "Members of ACL empty (id: 6) are:\n",      ' and show returns the correct status');  # Make sure we can't cripple the ADMIN ACL. @@ -434,11 +427,11 @@ DATE  unset acl_store (was ADMIN (1))      by $admin from $host  DATE  set owner to ADMIN (1)      by $admin from $host -DATE  set acl_get to empty (5) +DATE  set acl_get to empty (6)      by $admin from $host -DATE  set acl_store to empty (5) +DATE  set acl_store to empty (6)      by $admin from $host -DATE  unset acl_store (was empty (5)) +DATE  unset acl_store (was empty (6))      by $admin from $host  DATE  unset owner (was ADMIN (1))      by $admin from $host @@ -1020,7 +1013,9 @@ is ($server->acl_destroy ('test-naming'), 1, 'Destroying it succeeds');  # Clean up.  $setup->destroy; -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +}  # Now test handling of some configuration errors.  undef $Wallet::Config::DB_DRIVER; diff --git a/perl/t/lib/Util.pm b/perl/t/lib/Util.pm index 3e606fe..187e483 100644 --- a/perl/t/lib/Util.pm +++ b/perl/t/lib/Util.pm @@ -1,7 +1,7 @@  # Utility class for wallet tests.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. @@ -10,6 +10,7 @@ package Util;  require 5.006;  use strict; +use warnings;  use vars qw(@ISA @EXPORT $VERSION);  use Wallet::Config; diff --git a/perl/t/object.t b/perl/t/object/base.t index 5eb6941..ee9ff4b 100755 --- a/perl/t/object.t +++ b/perl/t/object/base.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the basic object implementation.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2011 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2011, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use POSIX qw(strftime);  use Test::More tests => 137; @@ -67,7 +70,7 @@ if ($object->owner ('ADMIN', @trace)) {  } else {      is ($object->error, '', ' and setting it to ADMIN works');  } -is ($object->owner, $acl->id, ' at which point it is ADMIN'); +is ($object->owner, $acl->name, ' at which point it is ADMIN');  ok (! $object->owner ('unknown', @trace),      ' but setting it to something bogus fails');  is ($object->error, 'ACL unknown not found', ' with the right error'); @@ -125,7 +128,7 @@ for my $type (qw/get store show destroy flags/) {      } else {          is ($object->error, '', ' and setting it to ADMIN (numeric) works');      } -    is ($object->acl ($type), $acl->id, ' at which point it is ADMIN'); +    is ($object->acl ($type), $acl->name, ' at which point it is ADMIN');      ok (! $object->acl ($type, 22, @trace),          ' but setting it to something bogus fails');      is ($object->error, 'ACL 22 not found', ' with the right error'); @@ -135,8 +138,8 @@ for my $type (qw/get store show destroy flags/) {          is ($object->error, '', ' and clearing it works');      }      is ($object->acl ($type), undef, ' at which point it is cleared'); -    is ($object->acl ($type, $acl->id, @trace), 1, -        ' and setting it again works'); +    is ($object->acl ($type, $acl->name, @trace), 1, +        ' and setting it again by name works');  }  # Flags. @@ -186,7 +189,7 @@ is ($object->error, "cannot store keytab:${princ}: object is locked",  is ($object->owner ('', @trace), undef, ' and setting owner fails');  is ($object->error, "cannot modify keytab:${princ}: object is locked",      ' for the same reason'); -is ($object->owner, 1, ' but retrieving the owner works'); +is ($object->owner, 'ADMIN', ' but retrieving the owner works');  is ($object->expires ('', @trace), undef, ' and setting expires fails');  is ($object->error, "cannot modify keytab:${princ}: object is locked",      ' for the same reason'); @@ -195,7 +198,7 @@ for my $acl (qw/get store show destroy flags/) {      is ($object->acl ($acl, '', @trace), undef, " and setting $acl ACL fails");      is ($object->error, "cannot modify keytab:${princ}: object is locked",          ' for the same reason'); -    is ($object->acl ($acl), 1, " but retrieving $acl ACL works"); +    is ($object->acl ($acl), 'ADMIN', " but retrieving $acl ACL works");  }  is ($object->flag_check ('locked'), 1, ' and checking flags works');  @flags = $object->flag_list; @@ -348,4 +351,6 @@ is ($object->history, $output, ' and the history is correct');  # Clean up.  $admin->destroy; -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/object/duo.t b/perl/t/object/duo.t new file mode 100755 index 0000000..4229afe --- /dev/null +++ b/perl/t/object/duo.t @@ -0,0 +1,157 @@ +#!/usr/bin/perl +# +# Tests for the Duo integration object implementation. +# +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2014 +#     The Board of Trustees of the Leland Stanford Junior University +# +# See LICENSE for licensing terms. + +use strict; +use warnings; + +use POSIX qw(strftime); +use Test::More; + +BEGIN { +    eval 'use Net::Duo'; +    plan skip_all => 'Net::Duo required for testing duo' +      if $@; +    eval 'use Net::Duo::Mock::Agent'; +    plan skip_all => 'Net::Duo::Mock::Agent required for testing duo' +      if $@; +} + +BEGIN { +    use_ok('Wallet::Admin'); +    use_ok('Wallet::Config'); +    use_ok('Wallet::Object::Duo'); +} + +use lib 't/lib'; +use Util; + +# Some global defaults to use. +my $user = 'admin@EXAMPLE.COM'; +my $host = 'localhost'; +my @trace = ($user, $host, time); +my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]); + +# Flush all output immediately. +$| = 1; + +# Use Wallet::Admin to set up the database. +db_setup; +my $admin = eval { Wallet::Admin->new }; +is ($@, '', 'Database connection succeeded'); +is ($admin->reinitialize ($user), 1, 'Database initialization succeeded'); +my $schema = $admin->schema; + +# Create a mock object to use for Duo calls. +my $mock = Net::Duo::Mock::Agent->new ({ key_file => 't/data/duo/keys.json' }); + +# Test error handling in the absence of configuration. +my $object = eval { +    Wallet::Object::Duo->new ('duo', 'test', $schema); +}; +is ($object, undef, 'Wallet::Object::Duo new with no config failed'); +is ($@, "duo object implementation not configured\n", '...with correct error'); +$object = eval { +    Wallet::Object::Duo->create ('duo', 'test', $schema, @trace); +}; +is ($object, undef, 'Wallet::Object::Duo creation with no config failed'); +is ($@, "duo object implementation not configured\n", '...with correct error'); + +# Set up the Duo configuration. +$Wallet::Config::DUO_AGENT    = $mock; +$Wallet::Config::DUO_KEY_FILE = 't/data/duo/keys.json'; + +# Test creating an integration. +note ('Test creating an integration'); +my $expected = { +    name  => 'test', +    notes => 'Managed by wallet', +    type  => 'unix', +}; +$mock->expect ( +    { +        method        => 'POST', +        uri           => '/admin/v1/integrations', +        content       => $expected, +        response_file => 't/data/duo/integration.json', +    } +); +$object = Wallet::Object::Duo->create ('duo', 'test', $schema, @trace); +isa_ok ($object, 'Wallet::Object::Duo'); + +# Check the metadata about the new wallet object. +$expected = <<"EOO"; +           Type: duo +           Name: test +        Duo key: DIRWIH0ZZPV4G88B37VQ +     Created by: $user +   Created from: $host +     Created on: $date +EOO +is ($object->show, $expected, 'Show output is correct'); + +# Test retrieving the integration information. +note ('Test retrieving an integration'); +$mock->expect ( +    { +        method        => 'GET', +        uri           => '/admin/v1/integrations/DIRWIH0ZZPV4G88B37VQ', +        response_file => 't/data/duo/integration.json', +    } +); +my $data = $object->get (@trace); +ok (defined ($data), 'Retrieval succeeds'); +$expected = <<'EOO'; +[duo] +ikey = DIRWIH0ZZPV4G88B37VQ +skey = QO4ZLqQVRIOZYkHfdPDORfcNf8LeXIbCWwHazY7o +host = example-admin.duosecurity.com +EOO +is ($data, $expected, '...and integration data is correct'); + +# Ensure that we can't retrieve the object when locked. +is ($object->flag_set ('locked', @trace), 1, +    'Setting object to locked succeeds'); +is ($object->get, undef, '...and now get fails'); +is ($object->error, 'cannot get duo:test: object is locked', +    '...with correct error'); +is ($object->flag_clear ('locked', @trace), 1, +    '...and clearing locked flag works'); + +# Create a new object by wallet type and name. +$object = Wallet::Object::Duo->new ('duo', 'test', $schema); + +# Test deleting an integration.  We can't test this entirely properly because +# currently Net::Duo::Mock::Agent doesn't support stacking multiple expected +# calls and delete makes two calls. +note ('Test deleting an integration'); +$mock->expect ( +    { +        method        => 'GET', +        uri           => '/admin/v1/integrations/DIRWIH0ZZPV4G88B37VQ', +        response_file => 't/data/duo/integration.json', +    } +); +TODO: { +    local $TODO = 'Net::Duo::Mock::Agent not yet capable'; + +    is ($object->destroy (@trace), 1, 'Duo object deletion succeeded'); +    $object = eval { Wallet::Object::Duo->new ('duo', 'test', $schema) }; +    is ($object, undef, '...and now object cannot be retrieved'); +    is ($@, "cannot find duo:test\n", '...with correct error'); +} + +# Clean up. +$admin->destroy; +END { +    unlink ('wallet-db'); +} + +# Done testing. +done_testing (); diff --git a/perl/t/file.t b/perl/t/object/file.t index 5cb7c35..201f46d 100755 --- a/perl/t/file.t +++ b/perl/t/object/file.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the file object implementation.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2008, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use POSIX qw(strftime);  use Test::More tests => 56; @@ -39,7 +42,7 @@ my $history = '';  my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);  # Test error handling in the absence of configuration. -$object = eval { +my $object = eval {      Wallet::Object::File->create ('file', 'test', $schema, @trace)    };  ok (defined ($object), 'Creating a basic file object succeeds'); @@ -145,4 +148,6 @@ is ($object->destroy (@trace), 1, ' but destroying the object succeeds');  # Clean up.  $admin->destroy; -unlink ('wallet-db'); +END { +    unlink ('wallet-db'); +} diff --git a/perl/t/keytab.t b/perl/t/object/keytab.t index f89b2c6..69db438 100755 --- a/perl/t/keytab.t +++ b/perl/t/object/keytab.t @@ -1,15 +1,18 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the keytab object implementation.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2009, 2010, 2013 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2009, 2010, 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use POSIX qw(strftime); -use Test::More tests => 139; +use Test::More tests => 141;  BEGIN { $Wallet::Config::KEYTAB_TMP = '.' } @@ -117,14 +120,14 @@ sub enctypes {          next unless /^ *\d+ /;          my ($string) = /\((.*)\)\s*$/;          next unless $string; -        $enctype = $enctype{lc $string} || 'UNKNOWN'; +        my $enctype = $enctype{lc $string} || 'UNKNOWN';          push (@enctypes, $enctype);      }      close KLIST;      # If that failed, we may have a Heimdal user space instead, so try ktutil.      # If we try this directly, it will just hang with MIT ktutil. -    if ($? != 0) { +    if ($? != 0 || !@enctypes) {          @enctypes = ();          open (KTUTIL, '-|', 'ktutil', '-k', 'keytab', 'list')              or die "cannot run ktutil: $!\n"; @@ -174,7 +177,7 @@ SKIP: {      # Test that object creation without KEYTAB_TMP fails.      undef $Wallet::Config::KEYTAB_TMP; -    $object = eval { +    my $object = eval {          Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,                                          @trace)        }; @@ -386,7 +389,7 @@ EOO  # Tests for unchanging support.  Skip these if we don't have a keytab or if we  # can't find remctld.  SKIP: { -    skip 'no keytab configuration', 31 unless -f 't/data/test.keytab'; +    skip 'no keytab configuration', 32 unless -f 't/data/test.keytab';      # Set up our configuration.      $Wallet::Config::KEYTAB_FILE      = 't/data/test.keytab'; @@ -471,7 +474,7 @@ SKIP: {      # Now Heimdal.  Since the keytab contains timestamps, before testing for      # equality we have to substitute out the timestamps.    SKIP: { -        skip 'skipping Heimdal unchanging tests for MIT', 10 +        skip 'skipping Heimdal unchanging tests for MIT', 11              if (lc ($Wallet::Config::KEYTAB_KRBTYPE) eq 'mit');          my $data = $one->get (@trace);          ok (defined $data, 'Get of unchanging keytab works'); @@ -480,7 +483,8 @@ SKIP: {          ok (defined $second, ' and second retrieval also works');          $data =~ s/one.{8}/one\000\000\000\000\000\000\000\000/g;          $second =~ s/one.{8}/one\000\000\000\000\000\000\000\000/g; -        is ($data, $second, ' and the keytab matches'); +        ok (keytab_valid ($second, 'wallet/one'), ' and the keytab is valid'); +        ok (keytab_valid ($data, 'wallet/one'), ' as is the first keytab');          is ($one->flag_clear ('unchanging', @trace), 1,              'Clearing the unchanging flag works');          $data = $one->get (@trace); @@ -585,7 +589,7 @@ EOO  # Tests for enctype restriction.  SKIP: { -    skip 'no keytab configuration', 36 unless -f 't/data/test.keytab'; +    skip 'no keytab configuration', 37 unless -f 't/data/test.keytab';      # Set up our configuration.      $Wallet::Config::KEYTAB_FILE      = 't/data/test.keytab'; @@ -619,18 +623,12 @@ EOO      is ($one->history, $history, ' and history is still correct');      # No enctypes we recognize? -    skip 'no recognized enctypes', 33 unless @enctypes; - -    # We can test.  Add the enctypes we recognized to the enctypes table so -    # that we'll be allowed to use them. -    for my $enctype (@enctypes) { -        my $sql = 'insert into enctypes (en_name) values (?)'; -        $dbh->do ($sql, undef, $enctype); -    } +    skip 'no recognized enctypes', 34 unless @enctypes;      # Set those encryption types and make sure we get back a limited keytab.      is ($one->attr ('enctypes', [ @enctypes ], @trace), 1,          'Setting enctypes works'); +    is ($one->error, undef, ' with no error');      for my $enctype (@enctypes) {          $history .= "$date  add $enctype to attribute enctypes\n";          $history .= "    by $user from $host\n"; @@ -639,7 +637,7 @@ EOO      is ("@values", "@enctypes", ' and we get back the right enctype list');      my $eshow = join ("\n" . (' ' x 17), @enctypes);      $eshow =~ s/\s+\z/\n/; -    $expected = <<"EOO"; +    my $expected = <<"EOO";             Type: keytab             Name: wallet/one         Enctypes: $eshow @@ -771,4 +769,6 @@ EOO  # Clean up.  $admin->destroy; -unlink ('wallet-db', 'krb5cc_temp', 'krb5cc_test', 'test-acl', 'test-pid'); +END { +    unlink ('wallet-db', 'krb5cc_temp', 'krb5cc_test', 'test-acl', 'test-pid'); +} diff --git a/perl/t/wa-keyring.t b/perl/t/object/wa-keyring.t index 7ba5723..4a3bd48 100755 --- a/perl/t/wa-keyring.t +++ b/perl/t/object/wa-keyring.t @@ -2,8 +2,8 @@  #  # Tests for the WebAuth keyring object implementation.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2013 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. @@ -19,7 +19,6 @@ BEGIN {        if $@;  } -use POSIX qw(strftime);  use WebAuth::Key 1.01 ();  use WebAuth::Keyring 1.02 (); @@ -179,4 +178,6 @@ is ($object->destroy (@trace), 1, ' but destroying the object succeeds');  # Clean up.  $admin->destroy; -unlink ('wallet-db'); +END { +    unlink ('wallet-db'); +} diff --git a/perl/t/pod-spelling.t b/perl/t/pod-spelling.t deleted file mode 100755 index 6d9f7b0..0000000 --- a/perl/t/pod-spelling.t +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -w -# -# Check for spelling errors in POD documentation -# -# Checks all POD files in the tree for spelling problems using Pod::Spell and -# either aspell or ispell.  aspell is preferred.  This test is disabled unless -# RRA_MAINTAINER_TESTS is set, since spelling dictionaries vary too much -# between environments. -# -# Copyright 2008, 2009 Russ Allbery <rra@stanford.edu> -# -# See LICENSE for licensing terms. - -use strict; -use Test::More; - -# Skip all spelling tests unless the maintainer environment variable is set. -plan skip_all => 'Spelling tests only run for maintainer' -    unless $ENV{RRA_MAINTAINER_TESTS}; - -# Load required Perl modules. -eval 'use Test::Pod 1.00'; -plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@; -eval 'use Pod::Spell'; -plan skip_all => 'Pod::Spell required to test POD spelling' if $@; - -# Locate a spell-checker.  hunspell is not currently supported due to its lack -# of support for contractions (at least in the version in Debian). -my @spell; -my %options = (aspell => [ qw(-d en_US --home-dir=./ list) ], -               ispell => [ qw(-d american -l -p /dev/null) ]); -SEARCH: for my $program (qw/aspell ispell/) { -    for my $dir (split ':', $ENV{PATH}) { -        if (-x "$dir/$program") { -            @spell = ("$dir/$program", @{ $options{$program} }); -        } -        last SEARCH if @spell; -    } -} -plan skip_all => 'aspell or ispell required to test POD spelling' -    unless @spell; - -# Prerequisites are satisfied, so we're going to do some testing.  Figure out -# what POD files we have and from that develop our plan. -$| = 1; -my @pod = all_pod_files (); -plan tests => scalar @pod; - -# Finally, do the checks. -for my $pod (@pod) { -    my $child = open (CHILD, '-|'); -    if (not defined $child) { -        die "Cannot fork: $!\n"; -    } elsif ($child == 0) { -        my $pid = open (SPELL, '|-', @spell) or die "Cannot run @spell: $!\n"; -        open (POD, '<', $pod) or die "Cannot open $pod: $!\n"; -        my $parser = Pod::Spell->new; -        $parser->parse_from_filehandle (\*POD, \*SPELL); -        close POD; -        close SPELL; -        exit ($? >> 8); -    } else { -        my @words = <CHILD>; -        close CHILD; -      SKIP: { -            skip "@spell failed for $pod", 1 unless $? == 0; -            for (@words) { -                s/^\s+//; -                s/\s+$//; -            } -            is ("@words", '', $pod); -        } -    } -} diff --git a/perl/t/pod.t b/perl/t/pod.t deleted file mode 100755 index dc5f468..0000000 --- a/perl/t/pod.t +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/perl -w -# -# Test POD formatting for the wallet Perl modules. -# -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2010 -#     The Board of Trustees of the Leland Stanford Junior University -# -# See LICENSE for licensing terms. - -use strict; -use Test::More; -eval 'use Test::Pod 1.00'; -plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@; -all_pod_files_ok (); diff --git a/perl/t/stanford-naming.t b/perl/t/policy/stanford.t index 3b9ea60..555086c 100755 --- a/perl/t/stanford-naming.t +++ b/perl/t/policy/stanford.t @@ -6,8 +6,8 @@  # sites, but it's used at Stanford and this test suite is used to verify  # behavior at Stanford.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2013 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. @@ -16,7 +16,7 @@ use 5.008;  use strict;  use warnings; -use Test::More tests => 99; +use Test::More tests => 101;  use lib 't/lib';  use Util; @@ -31,11 +31,12 @@ BEGIN {  # Various valid keytab names.  my @VALID_KEYTABS = qw(host/example.stanford.edu HTTP/example.stanford.edu      service/example example/cgi class-example01/cgi dept-01example/cgi -    group-example-01/cgi); +    group-example-01/cgi afs/testcell.stanford.edu);  # Various invalid keytab names.  my @INVALID_KEYTABS = qw(example host/example service/example.stanford.edu -    thisistoolong/cgi not-valid/cgi unknown/example.stanford.edu); +    thisistoolong/cgi not-valid/cgi unknown/example.stanford.edu +    afs/testcell);  # Various valid file names.  my @VALID_FILES = qw(htpasswd/example.stanford.edu/web @@ -254,4 +255,6 @@ for my $type (qw(htpasswd ssh-rsa ssh-dsa ssl-key tivoli-key)) {  # Clean up.  $setup->destroy; -unlink 'wallet-db'; +END { +    unlink 'wallet-db'; +} diff --git a/perl/t/style/minimum-version.t b/perl/t/style/minimum-version.t new file mode 100755 index 0000000..e4eeafd --- /dev/null +++ b/perl/t/style/minimum-version.t @@ -0,0 +1,47 @@ +#!/usr/bin/perl +# +# Check that too-new features of Perl are not being used. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2013, 2014 +#     The Board of Trustees of the Leland Stanford Junior University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. + +use 5.006; +use strict; +use warnings; + +use lib 't/lib'; + +use Test::More; +use Test::RRA qw(skip_unless_automated use_prereq); +use Test::RRA::Config qw($MINIMUM_VERSION); + +# Skip for normal user installs since this doesn't affect functionality. +skip_unless_automated('Minimum version tests'); + +# Load prerequisite modules. +use_prereq('Test::MinimumVersion'); + +# Check all files in the Perl distribution. +all_minimum_version_ok($MINIMUM_VERSION); diff --git a/perl/t/style/strict.t b/perl/t/style/strict.t new file mode 100755 index 0000000..7137b15 --- /dev/null +++ b/perl/t/style/strict.t @@ -0,0 +1,56 @@ +#!/usr/bin/perl +# +# Test Perl code for strict, warnings, and syntax. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. +# +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2013, 2014 +#     The Board of Trustees of the Leland Stanford Junior University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. + +use 5.006; +use strict; +use warnings; + +use lib 't/lib'; + +use File::Spec; +use Test::RRA qw(skip_unless_automated use_prereq); + +# Skip for normal user installs since this doesn't affect functionality. +skip_unless_automated('Strictness tests'); + +# Load prerequisite modules. +use_prereq('Test::Strict'); + +# Test everything in the distribution directory except the Build and +# Makefile.PL scripts generated by Module::Build.  We also want to check use +# warnings. +$Test::Strict::TEST_SKIP = ['Build', 'Makefile.PL']; +$Test::Strict::TEST_WARNINGS = 1; +all_perl_files_ok(File::Spec->curdir); + +# Hack to suppress "used only once" warnings. +END { +    $Test::Strict::TEST_SKIP     = []; +    $Test::Strict::TEST_WARNINGS = 0; +} diff --git a/perl/t/kadmin.t b/perl/t/util/kadmin.t index 8eabc6b..db94780 100755 --- a/perl/t/kadmin.t +++ b/perl/t/util/kadmin.t @@ -1,14 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the kadmin object implementation.  #  # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2009, 2010, 2012, 2013 +# Copyright 2009, 2010, 2012, 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. -use POSIX qw(strftime); +use strict; +use warnings; +  use Test::More tests => 34;  BEGIN { $Wallet::Config::KEYTAB_TMP = '.' } diff --git a/perl/t/verifier.t b/perl/t/verifier/basic.t index 75f1afa..ce44d44 100755 --- a/perl/t/verifier.t +++ b/perl/t/verifier/basic.t @@ -1,13 +1,16 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the basic wallet ACL verifiers.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2010 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2007, 2008, 2010, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More tests => 57;  use Wallet::ACL::Base; @@ -23,22 +26,22 @@ use Util;  my $verifier = Wallet::ACL::Base->new;  ok (defined $verifier, 'Wallet::ACL::Base creation');  ok ($verifier->isa ('Wallet::ACL::Base'), ' and class verification'); -is ($verifier->check ('rra@stanford.edu', 'rra@stanford.edu'), 0, +is ($verifier->check ('eagle@eyrie.org', 'eagle@eyrie.org'), 0,      'Default check declines');  is ($verifier->error, undef, 'No error set');  $verifier = Wallet::ACL::Krb5->new;  ok (defined $verifier, 'Wallet::ACL::Krb5 creation');  ok ($verifier->isa ('Wallet::ACL::Krb5'), ' and class verification'); -is ($verifier->check ('rra@stanford.edu', 'rra@stanford.edu'), 1, +is ($verifier->check ('eagle@eyrie.org', 'eagle@eyrie.org'), 1,      'Simple check'); -is ($verifier->check ('rra@stanford.edu', 'thoron@stanford.edu'), 0, +is ($verifier->check ('eagle@eyrie.org', 'thoron@stanford.edu'), 0,      'Simple failure');  is ($verifier->error, undef, 'No error set'); -is ($verifier->check (undef, 'rra@stanford.edu'), undef, +is ($verifier->check (undef, 'eagle@eyrie.org'), undef,      'Undefined principal');  is ($verifier->error, 'no principal specified', ' and right error'); -is ($verifier->check ('rra@stanford.edu', ''), undef, 'Empty ACL'); +is ($verifier->check ('eagle@eyrie.org', ''), undef, 'Empty ACL');  is ($verifier->error, 'malformed krb5 ACL', ' and right error');  $verifier = Wallet::ACL::Krb5::Regex->new; @@ -51,9 +54,9 @@ is ($verifier->error, undef, 'No error set');  is ($verifier->check (undef, '^rra@stanford\.edu\z'), undef,      'Undefined principal');  is ($verifier->error, 'no principal specified', ' and right error'); -is ($verifier->check ('rra@stanford.edu', ''), undef, 'Empty ACL'); +is ($verifier->check ('eagle@eyrie.org', ''), undef, 'Empty ACL');  is ($verifier->error, 'no ACL specified', ' and right error'); -is ($verifier->check ('rra@stanford.edu', '(rra'), undef, 'Malformed regex'); +is ($verifier->check ('eagle@eyrie.org', '(rra'), undef, 'Malformed regex');  is ($verifier->error, 'malformed krb5-regex ACL', ' and right error');  # Tests for the NetDB verifiers.  Skip these if we don't have a keytab or if diff --git a/perl/t/verifier-ldap-attr.t b/perl/t/verifier/ldap-attr.t index 7fad990..3c132e2 100755 --- a/perl/t/verifier-ldap-attr.t +++ b/perl/t/verifier/ldap-attr.t @@ -1,16 +1,19 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the LDAP attribute ACL verifier.  #  # This test can only be run by someone local to Stanford with appropriate  # access to the LDAP server and will be skipped in all other environments.  # -# Written by Russ Allbery <rra@stanford.edu> +# Written by Russ Allbery <eagle@eyrie.org>  # Copyright 2012, 2013, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. +use strict; +use warnings; +  use Test::More;  use lib 't/lib'; diff --git a/perl/t/verifier-netdb.t b/perl/t/verifier/netdb.t index 398cc6a..7048ef9 100755 --- a/perl/t/verifier-netdb.t +++ b/perl/t/verifier/netdb.t @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl  #  # Tests for the NetDB wallet ACL verifiers.  # @@ -6,13 +6,16 @@  # access to the NetDB role server and will be skipped in all other  # environments.  # -# Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008 +# Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2008, 2014  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. -use Test::More tests => 4; +use strict; +use warnings; + +use Test::More tests => 5;  use Wallet::ACL::NetDB; @@ -26,8 +29,8 @@ my $user  = 'rra@stanford.edu';  # Determine the local principal.  my $klist = `klist 2>&1` || '';  SKIP: { -    skip "tests useful only with Stanford Kerberos tickets", 4 -        unless ($klist =~ /^Default principal: \S+\@stanford\.edu$/m); +    skip "tests useful only with Stanford Kerberos tickets", 5 +        unless ($klist =~ /^(Default p|\s+P)rincipal: \S+\@stanford\.edu$/m);      # Set up our configuration.      $Wallet::Config::NETDB_REALM = 'stanford.edu'; @@ -35,8 +38,9 @@ SKIP: {      $Wallet::Config::NETDB_REMCTL_HOST  = $netdb;      # Finally, we can test. -    $verifier = eval { Wallet::ACL::NetDB->new }; +    my $verifier = eval { Wallet::ACL::NetDB->new };      ok (defined $verifier, ' and now creation succeeds'); +    is ($@, q{}, ' with no errors');      ok ($verifier->isa ('Wallet::ACL::NetDB'), ' and returns the right class');      is ($verifier->check ($user, $host), 1, "Checking $host succeeds");      is ($verifier->check ('test-user@stanford.edu', $host), 0, | 
