------------------------------------------------------------------------
r22097 | hartmans | 2009-03-16 12:50:30 -0400 (Mon, 16 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/krb5/krb/Makefile.in
A /trunk/src/lib/krb5/krb/t_authdata.c
ticket: 6422
Implement tests for authdata functions
Implement some test cases for krb5_merge_authdata and
krb5int_find_authdata
------------------------------------------------------------------------
r22096 | hartmans | 2009-03-16 12:50:26 -0400 (Mon, 16 Mar 2009) | 5 lines
Changed paths:
M /trunk/src/lib/krb5/krb/copy_auth.c
subject: Implement krb5int_find_authdata
ticket: 6422
Implement a function to find all instances of a particular ad_type in
ticket or authenticator authdata.
ticket: 6422
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22229
dc483132-0cff-0310-8789-
dd5450dbe970
krb5_data *,
const krb5_keyblock *,
krb5_kdc_rep ** );
+krb5_error_code krb5int_find_authdata
+(krb5_context context, krb5_authdata *const * ticket_authdata,
+ krb5_authdata * const *ap_req_authdata,
+ krb5_authdatatype ad_type,
+ krb5_authdata ***results);
krb5_error_code krb5_rd_req_decoded
(krb5_context,
t_walk_rtree: $(T_WALK_RTREE_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_walk_rtree $(T_WALK_RTREE_OBJS) $(KRB5_BASE_LIBS)
+t_authdata: t_authdata.o copy_auth.o
+ $(CC_LINK) -o $@ $< copy_auth.o $(KRB5_BASE_LIBS)
t_kerb: $(T_KERB_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_kerb $(T_KERB_OBJS) $(KRB5_BASE_LIBS)
t_expand : $(T_EXPAND_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_expand $(T_EXPAND_OBJS) $(KRB5_BASE_LIBS)
-TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand
+TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata
check-unix:: $(TEST_PROGS)
KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests
KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests
+ KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(VALGRIND) ./t_authdata
clean::
$(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \
$(OUTPRE)t_kerb$(EXEEXT) $(OUTPRE)t_kerb.$(OBJEXT) \
$(OUTPRE)t_ser$(EXEEXT) $(OUTPRE)t_ser.$(OBJEXT) \
$(OUTPRE)t_deltat$(EXEEXT) $(OUTPRE)t_deltat.$(OBJEXT) \
- $(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT)
+ $(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT) \
+ $(OUTPRE)t_authdata$(EXEEXT) $(OUTPRE)t_authdata.$(OBJEXT)
@libobj_frag@
return code;
}
+
+struct find_authdata_context {
+ krb5_authdata **out;
+ size_t space;
+ size_t length;
+};
+
+static krb5_error_code grow_find_authdata
+(krb5_context context, struct find_authdata_context *fctx,
+ krb5_authdata *elem)
+{
+ krb5_error_code retval = 0;
+ if (fctx->length == fctx->space) {
+ krb5_authdata **new;
+ if (fctx->space >= 256) {
+ krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query");
+ return ERANGE;
+ }
+ new = realloc(fctx->out,
+ sizeof (krb5_authdata *)*(2*fctx->space+1));
+ if (new == NULL)
+ return ENOMEM;
+ fctx->out = new;
+ fctx->space *=2;
+ }
+ fctx->out[fctx->length+1] = NULL;
+ retval = krb5_copy_authdatum(context, elem,
+ &fctx->out[fctx->length]);
+ if (retval == 0)
+ fctx->length++;
+ return retval;
+}
+
+
+
+
+static krb5_error_code find_authdata_1
+(krb5_context context, krb5_authdata *const *in_authdat, krb5_authdatatype ad_type,
+ struct find_authdata_context *fctx)
+{
+ int i = 0;
+ krb5_error_code retval=0;
+
+ for (i = 0; in_authdat[i]; i++) {
+ krb5_authdata *ad = in_authdat[i];
+ if (ad->ad_type == ad_type && retval ==0)
+ retval = grow_find_authdata(context, fctx, ad);
+ else switch (ad->ad_type) {
+ krb5_authdata **decoded_container;
+ case KRB5_AUTHDATA_IF_RELEVANT:
+ if (retval == 0)
+ retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container);
+ if (retval == 0) {
+ retval = find_authdata_1(context,
+ decoded_container, ad_type, fctx);
+ krb5_free_authdata(context, decoded_container);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ return retval;
+}
+
+
+krb5_error_code krb5int_find_authdata
+(krb5_context context, krb5_authdata *const * ticket_authdata,
+ krb5_authdata * const *ap_req_authdata,
+ krb5_authdatatype ad_type,
+ krb5_authdata ***results)
+{
+ krb5_error_code retval = 0;
+ struct find_authdata_context fctx;
+ fctx.length = 0;
+ fctx.space = 2;
+ fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *));
+ *results = NULL;
+ if (fctx.out == NULL)
+ return ENOMEM;
+ if (ticket_authdata)
+ retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx);
+ if ((retval==0) && ap_req_authdata)
+ retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx);
+ if ((retval== 0) && fctx.length)
+ *results = fctx.out;
+ else krb5_free_authdata(context, fctx.out);
+ return retval;
+}
--- /dev/null
+/*
+ * lib/krb5/krb/t_authdata.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * Test authorization data search
+ */
+
+#include <k5-int.h>
+#include <krb5.h>
+#include <assert.h>
+#include <memory.h>
+
+krb5_authdata ad1 = {
+ KV5M_AUTHDATA,
+ 22,
+ 4,
+ (unsigned char *) "abcd"};
+krb5_authdata ad2 = {
+ KV5M_AUTHDATA,
+ 23,
+ 5,
+ (unsigned char *) "abcde"
+};
+
+krb5_authdata ad3= {
+ KV5M_AUTHDATA,
+ 22,
+ 3,
+ (unsigned char *) "ab"
+};
+/* we want three results in the return from krb5int_find_authdata so
+it has to grow its list.
+*/
+krb5_authdata ad4 = {
+ KV5M_AUTHDATA,
+ 22,
+ 5,
+ (unsigned char *)"abcd"
+};
+
+krb5_authdata *adseq1[] = {&ad1, &ad2, &ad4, NULL};
+
+krb5_authdata *adseq2[] = {&ad3, NULL};
+
+static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) {
+ assert(adc1->ad_type == adc2->ad_type);
+ assert(adc1->length == adc2->length);
+ assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0);
+}
+
+int main()
+{
+ krb5_context context;
+ krb5_authdata **results;
+ krb5_authdata *container[2];
+ krb5_authdata **container_out;
+
+
+ assert(krb5_init_context(&context) == 0);
+ assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0);
+ compare_authdata(results[0], &ad1);
+ compare_authdata( results[1], &ad2);
+ compare_authdata(results[2], &ad4);
+ compare_authdata( results[3], &ad3);
+ assert(results[4] == NULL);
+ krb5_free_authdata(context, results);
+ container[0] = &ad3;
+ container[1] = NULL;
+ assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
+ assert(krb5int_find_authdata(context,
+ adseq1, container_out, 22, &results) == 0);
+ compare_authdata(&ad1, results[0]);
+ compare_authdata( results[1], &ad4);
+ compare_authdata( results[2], &ad3);
+ assert( results[3] == NULL);
+ krb5_free_authdata(context, results);
+ krb5_free_authdata(context, container_out);
+ return 0;
+}
projects / krb5.git / commitdiff