1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/usr/bin/perl -w
#
# Tests for the keytab-backend dispatch code.
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2006, 2007, 2010 Board of Trustees, Leland Stanford Jr. University
#
# See LICENSE for licensing terms.
use strict;
use vars qw($CONFIG $KADMIN $SYSLOG $TMP);
use Test::More tests => 63;
# Load the keytab-backend code and override various settings.
my $OUTPUT;
$SYSLOG = \$OUTPUT;
eval { do "$ENV{SOURCE}/../server/keytab-backend" };
$CONFIG = "$ENV{SOURCE}/data/allow-extract";
$KADMIN = "$ENV{SOURCE}/data/fake-kadmin";
$TMP = '.';
# Run the keytab backend.
sub run_backend {
my (@args) = @_;
my $result = '';
open (OUTPUT, '>', \$result) or die "cannot create output string: $!\n";
select OUTPUT;
local $| = 1;
eval { download (@args) };
my $error = $@;
select STDOUT;
return ($result, $error);
}
# The actual tests.
$ENV{REMOTE_USER} = 'admin';
my ($out, $err) = run_backend ();
is ($err, "keytab-backend: invalid arguments: \n", 'Fails with no arguments');
is ($OUTPUT, "invalid arguments: \n", ' and syslog matches');
is ($out, '', ' and produces no output');
($out, $err) = run_backend ('foo', 'bar', 'baz');
is ($err, "keytab-backend: invalid arguments: foo bar baz\n",
'Fails with three arguments');
is ($OUTPUT, "invalid arguments: foo bar baz\n", ' and syslog matches');
is ($out, '', ' and produces no output');
for my $bad (qw{service service\*@example =@example host/foo+bar@example
rcmd.foo@EXAMPLE host/foo/bar@EXAMPLE /bar@EXAMPLE.NET
bar/@EXAMPLE.NET bar/bar@}) {
($out, $err) = run_backend ('keytab', $bad);
is ($err, "keytab-backend: bad principal name $bad\n",
"Invalid principal $bad");
is ($OUTPUT, "bad principal name $bad\n", ' and syslog matches');
is ($out, '', ' and produces no output');
}
for my $bad (qw{service/foo@EXAMPLE.ORGA bar@EXAMPLE.NET
host/example.net@EXAMPLE.ORG aservice/foo@EXAMPLE.ORG}) {
($out, $err) = run_backend ('keytab', $bad);
is ($err,
"keytab-backend: permission denied: admin may not retrieve $bad\n",
"Permission denied for $bad");
is ($OUTPUT, "permission denied: admin may not retrieve $bad\n",
' and syslog matches');
is ($out, '', ' and produces no output');
}
for my $good (qw{service/foo@EXAMPLE.ORG foo/bar@EXAMPLE.NET
host/example.org@EXAMPLE.ORG}) {
($out, $err) = run_backend ($good);
is ($err, '', "Success for good keytab $good");
is ($out, "$good\n", ' and the right output');
is ($OUTPUT, "keytab $good retrieved by admin\n", ' and syslog is right');
ok (! -f "$TMP/keytab$$", ' and the file is gone');
}
($out, $err) = run_backend ('keytab', 'error@EXAMPLE.ORG');
is ($err, "keytab-backend: retrieve of error\@EXAMPLE.ORG failed for"
. " admin: kadmin.local exited with status 1\n",
'Good error on kadmin failure');
is ($OUTPUT, "retrieve of error\@EXAMPLE.ORG failed for admin: kadmin.local"
. " exited with status 1\n", ' and syslog matches');
is ($out, '', ' and no output');
# Test a configuration failure.
$CONFIG = '/path/to/bad/file';
($out, $err) = run_backend ('get', 'service/foo@EXAMPLE.ORG');
like ($err, qr{^keytab-backend: cannot open /path/to/bad/file: },
'Fails with bad configuration file');
like ($OUTPUT, qr{^cannot open /path/to/bad/file: }, ' and syslog matches');
is ($out, '', ' and produces no output');
|
