diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-09-15 00:48:20 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-09-15 00:48:20 +0000 |
| commit | b2285aff21d379b680cabb1259d31e5bf5b57a69 (patch) | |
| tree | 9cdfe75dadb3106b69ea3aef246da4135bf8a2e0 /tests | |
| parent | 4c4cb52999c9f4d7bbd31b958decfbf8a5012cbc (diff) | |
Add a test suite for keytab-backend.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/TESTS | 1 | ||||
| -rw-r--r-- | tests/data/allow-extract | 8 | ||||
| -rwxr-xr-x | tests/data/fake-kadmin | 20 | ||||
| -rw-r--r-- | tests/server/keytab-t.in | 75 |
4 files changed, 104 insertions, 0 deletions
diff --git a/tests/TESTS b/tests/TESTS index 7b5c9dd..1c8ab65 100644 --- a/tests/TESTS +++ b/tests/TESTS @@ -1,2 +1,3 @@ client/basic server/backend +server/keytab diff --git a/tests/data/allow-extract b/tests/data/allow-extract new file mode 100644 index 0000000..abfe816 --- /dev/null +++ b/tests/data/allow-extract @@ -0,0 +1,8 @@ +# List of principal regexes that may be extracted. + # this is still a comment + +^service/foo@EXAMPLE\.ORG$ +.*/bar@EXAMPLE.NET$ +^host/example.org@EXAMPLE\.ORG$ +#.* +^error@EXAMPLE.ORG$ diff --git a/tests/data/fake-kadmin b/tests/data/fake-kadmin new file mode 100755 index 0000000..e1e1892 --- /dev/null +++ b/tests/data/fake-kadmin @@ -0,0 +1,20 @@ +#!/usr/bin/perl -w +# $Id$ +# +# fake-kadmin -- Fake kadmin.local used to test the keytab backend. + +unless ($ARGV[0] eq '-q' && @ARGV == 2) { + die "invalid arguments\n"; +} +my @command = split (' ', $ARGV[1]); +unless ("@command[0..3]" eq 'ktadd -q -norandkey -k') { + die "invalid command @command\n"; +} +if ($command[5] eq 'error@EXAMPLE.ORG') { + warn "Some bad stuff\n"; + exit 1; +} +open (OUT, '>', $command[4]) or die "cannot create $command[4]: $!\n"; +print OUT $command[5], "\n"; +close OUT; +exit 0; diff --git a/tests/server/keytab-t.in b/tests/server/keytab-t.in new file mode 100644 index 0000000..4a8be77 --- /dev/null +++ b/tests/server/keytab-t.in @@ -0,0 +1,75 @@ +#!/usr/bin/perl -w +# $Id: backend-t.in 3547 2007-09-14 23:18:48Z rra $ +# +# t/keytab.t -- Tests for the keytab-backend dispatch code. + +use strict; +use vars qw($CONFIG $KADMIN $SYSLOG $TMP); + +use IO::String; +use Test::More tests => 43; + +# Load the keytab-backend code and override various settings. +$SYSLOG = 0; +eval { do '@abs_top_srcdir@/server/keytab-backend' }; +$CONFIG = '@abs_top_srcdir@/tests/data/allow-extract'; +$KADMIN = '@abs_top_srcdir@/tests/data/fake-kadmin'; +$TMP = '.'; + +# Run the keytab backend. +sub run_backend { + my (@args) = @_; + my $result; + my $output = IO::String->new (\$result); + $output->autoflush (1); + select $output; + eval { download (@args) }; + my $error = $@; + select STDOUT; + return ($result, $error); +} + +# The actual tests. +$ENV{REMOTE_USER} = 'admin'; +my ($out, $err) = run_backend (); +is ($err, "keytab-backend: invalid arguments: \n", 'Fails with no arguments'); +is ($out, '', ' and produces no output'); +($out, $err) = run_backend ('foo', 'bar', 'baz'); +is ($err, "keytab-backend: invalid arguments: foo bar baz\n", + 'Fails with three arguments'); +is ($out, '', ' and produces no output'); +for my $bad (qw{service service\*@example =@example host/foo+bar@example + rcmd.foo@EXAMPLE host/foo/bar@EXAMPLE /bar@EXAMPLE.NET + bar/@EXAMPLE.NET bar/bar@}) { + ($out, $err) = run_backend ('keytab', $bad); + is ($err, "keytab-backend: bad principal name $bad\n", + "Invalid principal $bad"); + is ($out, '', ' and produces no output'); +} +for my $bad (qw{service/foo@EXAMPLE.ORGA bar@EXAMPLE.NET + host/example.net@EXAMPLE.ORG aservice/foo@EXAMPLE.ORG}) { + ($out, $err) = run_backend ('keytab', $bad); + is ($err, + "keytab-backend: permission denied: admin may not retrieve $bad\n", + "Permission denied for $bad"); + is ($out, '', ' and produces no output'); +} +for my $good (qw{service/foo@EXAMPLE.ORG foo/bar@EXAMPLE.NET + host/example.org@EXAMPLE.ORG}) { + ($out, $err) = run_backend ($good); + is ($err, '', "Success for good keytab $good"); + is ($out, "$good\n", ' and the right output'); + ok (! -f "$TMP/keytab$$", ' and the file is gone'); +} +($out, $err) = run_backend ('keytab', 'error@EXAMPLE.ORG'); +is ($err, "keytab-backend: retrieve of error\@EXAMPLE.ORG failed for" + . " admin: kadmin.local exited with status 1\n", + 'Good error on kadmin failure'); +is ($out, '', ' and no output'); + +# Test a configuration failure. +$CONFIG = '/path/to/bad/file'; +($out, $err) = run_backend ('get', 'service/foo@EXAMPLE.ORG'); +like ($err, qr{^keytab-backend: cannot open /path/to/bad/file: }, + 'Fails with bad configuration file'); +is ($out, '', ' and produces no output'); |