diff options
| -rwxr-xr-x | server/keytab-backend | 33 | ||||
| -rw-r--r-- | tests/server/keytab-t.in | 14 |
2 files changed, 40 insertions, 7 deletions
diff --git a/server/keytab-backend b/server/keytab-backend index 87868d5..a06c717 100755 --- a/server/keytab-backend +++ b/server/keytab-backend @@ -41,21 +41,45 @@ $KADMIN = '/usr/sbin/kadmin.local'; # A temporary area into which keytabs should be written. $TMP = '/var/lib/keytabs'; -# Set to zero to suppress syslog logging, which is used only for testing. +# Set to zero to suppress syslog logging, which is used only for testing. Set +# to a reference to a string to append messages to that string instead. $SYSLOG = 1 unless defined $SYSLOG; ############################################################################## # Logging ############################################################################## +# Initialize logging. +sub log_init { + if (ref $SYSLOG) { + $$SYSLOG = ''; + } elsif ($SYSLOG) { + openlog ('keytab-backend', 'pid', 'auth'); + } +} + # Log a failure message to both syslog and to stderr and exit with a non-zero # status. sub error { my $message = join ('', @_); - syslog ('err', '%s', $message) if $SYSLOG; + if (ref $SYSLOG) { + $$SYSLOG .= $message . "\n"; + } elsif ($SYSLOG) { + syslog ('err', '%s', $message); + } die "keytab-backend: $message\n"; } +# Log a regular message, generally for success. +sub info { + my $message = join ('', @_); + if (ref $SYSLOG) { + $$SYSLOG .= $message . "\n"; + } elsif ($SYSLOG) { + syslog ('info', '%s', $message); + } +} + ############################################################################## # Implementation ############################################################################## @@ -66,7 +90,7 @@ sub error { # not. sub download { my (@args) = @_; - openlog ('keytab-backend', 'pid', 'auth') if $SYSLOG; + log_init; # Set up a default identity if run from the command line. $ENV{REMOTE_USER} = getpwnam ($<) || 'UNKNOWN' unless $ENV{REMOTE_USER}; @@ -124,8 +148,7 @@ sub download { print while <KEYTAB>; close KEYTAB; unlink $filename; - syslog ('info', '%s', "keytab $principal retrieved by $ENV{REMOTE_USER}") - if $SYSLOG; + info ("keytab $principal retrieved by $ENV{REMOTE_USER}"); } download (@ARGV); __END__ diff --git a/tests/server/keytab-t.in b/tests/server/keytab-t.in index 30229e8..53a6b21 100644 --- a/tests/server/keytab-t.in +++ b/tests/server/keytab-t.in @@ -11,10 +11,11 @@ use strict; use vars qw($CONFIG $KADMIN $SYSLOG $TMP); use IO::String; -use Test::More tests => 43; +use Test::More tests => 63; # Load the keytab-backend code and override various settings. -$SYSLOG = 0; +my $OUTPUT; +$SYSLOG = \$OUTPUT; eval { do '@abs_top_srcdir@/server/keytab-backend' }; $CONFIG = '@abs_top_srcdir@/tests/data/allow-extract'; $KADMIN = '@abs_top_srcdir@/tests/data/fake-kadmin'; @@ -37,10 +38,12 @@ sub run_backend { $ENV{REMOTE_USER} = 'admin'; my ($out, $err) = run_backend (); is ($err, "keytab-backend: invalid arguments: \n", 'Fails with no arguments'); +is ($OUTPUT, "invalid arguments: \n", ' and syslog matches'); is ($out, '', ' and produces no output'); ($out, $err) = run_backend ('foo', 'bar', 'baz'); is ($err, "keytab-backend: invalid arguments: foo bar baz\n", 'Fails with three arguments'); +is ($OUTPUT, "invalid arguments: foo bar baz\n", ' and syslog matches'); is ($out, '', ' and produces no output'); for my $bad (qw{service service\*@example =@example host/foo+bar@example rcmd.foo@EXAMPLE host/foo/bar@EXAMPLE /bar@EXAMPLE.NET @@ -48,6 +51,7 @@ for my $bad (qw{service service\*@example =@example host/foo+bar@example ($out, $err) = run_backend ('keytab', $bad); is ($err, "keytab-backend: bad principal name $bad\n", "Invalid principal $bad"); + is ($OUTPUT, "bad principal name $bad\n", ' and syslog matches'); is ($out, '', ' and produces no output'); } for my $bad (qw{service/foo@EXAMPLE.ORGA bar@EXAMPLE.NET @@ -56,6 +60,8 @@ for my $bad (qw{service/foo@EXAMPLE.ORGA bar@EXAMPLE.NET is ($err, "keytab-backend: permission denied: admin may not retrieve $bad\n", "Permission denied for $bad"); + is ($OUTPUT, "permission denied: admin may not retrieve $bad\n", + ' and syslog matches'); is ($out, '', ' and produces no output'); } for my $good (qw{service/foo@EXAMPLE.ORG foo/bar@EXAMPLE.NET @@ -63,12 +69,15 @@ for my $good (qw{service/foo@EXAMPLE.ORG foo/bar@EXAMPLE.NET ($out, $err) = run_backend ($good); is ($err, '', "Success for good keytab $good"); is ($out, "$good\n", ' and the right output'); + is ($OUTPUT, "keytab $good retrieved by admin\n", ' and syslog is right'); ok (! -f "$TMP/keytab$$", ' and the file is gone'); } ($out, $err) = run_backend ('keytab', 'error@EXAMPLE.ORG'); is ($err, "keytab-backend: retrieve of error\@EXAMPLE.ORG failed for" . " admin: kadmin.local exited with status 1\n", 'Good error on kadmin failure'); +is ($OUTPUT, "retrieve of error\@EXAMPLE.ORG failed for admin: kadmin.local" + . " exited with status 1\n", ' and syslog matches'); is ($out, '', ' and no output'); # Test a configuration failure. @@ -76,4 +85,5 @@ $CONFIG = '/path/to/bad/file'; ($out, $err) = run_backend ('get', 'service/foo@EXAMPLE.ORG'); like ($err, qr{^keytab-backend: cannot open /path/to/bad/file: }, 'Fails with bad configuration file'); +like ($OUTPUT, qr{^cannot open /path/to/bad/file: }, ' and syslog matches'); is ($out, '', ' and produces no output'); |