From 2393ffbc3c52c6552e00212d5209d6b870a55d4e Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 15 Nov 2007 05:42:29 +0000
Subject: Add an ACL verifier that checks access against NetDB roles using the
 NetDB remctl interface.

---
 perl/t/data/keytab.conf | 10 +++------
 perl/t/data/netdb-fake  | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
 perl/t/data/netdb.conf  | 10 +++++++++
 3 files changed, 71 insertions(+), 7 deletions(-)
 create mode 100755 perl/t/data/netdb-fake
 create mode 100644 perl/t/data/netdb.conf

(limited to 'perl/t/data')

diff --git a/perl/t/data/keytab.conf b/perl/t/data/keytab.conf
index eb105e2..e7908ed 100644
--- a/perl/t/data/keytab.conf
+++ b/perl/t/data/keytab.conf
@@ -1,10 +1,6 @@
 # $Id$
 #
-# This is the remctl configuration used for testing the keytab backend's
-# ability to retrieve existing keytabs through remctl.  Currently the only
-# supported and used command is keytab retrieve.  The ACL is written on
-# the fly by the test program.
-#
-# Compare to config/keytab.
+# This is the remctl configuration used for testing the NetDB ACL verifier.
+# The ACL is written on the fly by the test program.
 
-keytab retrieve t/data/keytab-fake test-acl
+netdb node-roles t/data/netdb-fake test-acl
diff --git a/perl/t/data/netdb-fake b/perl/t/data/netdb-fake
new file mode 100755
index 0000000..56744a7
--- /dev/null
+++ b/perl/t/data/netdb-fake
@@ -0,0 +1,58 @@
+#!/bin/sh
+# $Id$
+#
+# netdb-fake -- Fake NetDB remctl interface.
+#
+# This netdb-fake script is meant to be run by remctld during testing of
+# the NetDB ACL verifier.  It returns known roles or errors for different
+# nodes.
+
+set -e
+
+if [ "$1" != "node-roles" ] ; then
+    echo "Invalid command $1" >&2
+    exit 1
+fi
+
+case "$2" in
+test-user)
+    case "$3" in
+    all)
+        echo 'admin'
+        echo 'team'
+        echo 'user'
+        ;;
+    admin)
+        echo 'admin'
+        ;;
+    team)
+        echo 'team'
+        ;;
+    user)
+        echo 'This is just ignored' >&2
+        echo 'user'
+        ;;
+    unknown)
+        echo 'admin' >&2
+        echo 'unknown'
+        ;;
+    none)
+        ;;
+    esac
+    ;;
+error)
+    case "$3" in
+    normal)
+        echo 'some error' >&2
+        exit 1
+        ;;
+    status)
+        exit 1
+        ;;
+    esac
+    ;;
+*)
+    echo "Unknown principal $2" >&2
+    exit 1
+    ;;
+esac
diff --git a/perl/t/data/netdb.conf b/perl/t/data/netdb.conf
new file mode 100644
index 0000000..eb105e2
--- /dev/null
+++ b/perl/t/data/netdb.conf
@@ -0,0 +1,10 @@
+# $Id$
+#
+# This is the remctl configuration used for testing the keytab backend's
+# ability to retrieve existing keytabs through remctl.  Currently the only
+# supported and used command is keytab retrieve.  The ACL is written on
+# the fly by the test program.
+#
+# Compare to config/keytab.
+
+keytab retrieve t/data/keytab-fake test-acl
-- 
cgit v1.2.3