File: perms-t

package info (click to toggle)
kstart 4.3-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 1,884 kB
  • sloc: ansic: 5,937; sh: 4,785; perl: 2,130; makefile: 142
file content (128 lines) | stat: -rwxr-xr-x 4,339 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
#!/usr/bin/perl -w
#
# Tests for k5start handling of ticket permissions.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2021 Russ Allbery <eagle@eyrie.org>
# Copyright 2011
#     The Board of Trustees of the Leland Stanford Junior University
#
# SPDX-License-Identifier: MIT

use Test::More;

# The full path to the newly-built k5start client.
our $K5START = "$ENV{C_TAP_BUILD}/../commands/k5start";

# The path to our data directory, which contains the keytab to use to test.
our $DATA = "$ENV{C_TAP_BUILD}/data";

# Load our test utility programs.
require "$ENV{C_TAP_SOURCE}/libtest.pl";

# This test requires running under fakeroot, and therefore can't run unless
# fakeroot is available (or it's run as root, although that's a bad idea).
if ($> != 0) {
    if (defined $ENV{TRY_FAKEROOT}) {
        plan skip_all => 'fakeroot not available';
        exit 0;
    }
    $ENV{TRY_FAKEROOT} = 'trying';
    unless (exec ('fakeroot', "$ENV{C_TAP_SOURCE}/k5start/perms-t")) {
        plan skip_all => 'fakeroot not available';
        exit 0;
    }
}

# Decide whether we have the configuration to run the tests.
if (-f "$DATA/test.keytab" and -f "$DATA/test.principal") {
    plan tests => 34;
} else {
    plan skip_all => 'no keytab configuration';
    exit 0;
}

# Get the test principal.
my $principal = contents ("$DATA/test.principal");

# Don't overwrite the user's ticket cache.
$ENV{KRB5CCNAME} = 'krb5cc_test';

# Basic authentication test.
unlink 'krb5cc_test';
my ($out, $err, $status) = command ($K5START, '-qUf', "$DATA/test.keytab");
is ($status, 0, 'Basic k5start command succeeds');
is ($err, '', ' with no errors');
my ($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0600, ' mode is correct');
is ($uid, 0, ' owner is correct');
is ($gid, 0, ' group is correct');

# Basic authentication test with -o, -g, and -m.
unlink 'krb5cc_test';
($out, $err, $status)
    = command ($K5START, '-Uf', "$DATA/test.keytab", '-o', 42, '-g', 42,
               '-m', 440);
is ($status, 0, 'k5start -o 42 -g 42 -m 440 succeeds');
is ($err, '', ' with no errors');
like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
      ' and the right output');
($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0440, ' mode is correct');
is ($uid, 42, ' owner is correct');
is ($gid, 42, ' group is correct');
chown (0, 0, 'krb5cc_test');
chmod (0600, 'krb5cc_test');
my ($default, $service) = klist ();
like ($default, qr/^\Q$principal\E(\@\S+)?\z/, ' for the right principal');
like ($service, qr%^krbtgt/%, ' and the right service');

# Just -o.
unlink 'krb5cc_test';
($out, $err, $status)
    = command ($K5START, '-qUf', "$DATA/test.keytab", '-o', 42);
is ($status, 0, 'k5start -o 42 succeeds');
is ($err, '', ' with no errors');
($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0600, ' mode is correct');
is ($uid, 42, ' owner is correct');
is ($gid, 0, ' group is correct');

# Just -g.
unlink 'krb5cc_test';
($out, $err, $status)
    = command ($K5START, '-qUf', "$DATA/test.keytab", '-g', 42);
is ($status, 0, 'k5start -g 42 succeeds');
is ($err, '', ' with no errors');
($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0600, ' mode is correct');
is ($uid, 0, ' owner is correct');
is ($gid, 42, ' group is correct');

# Just -m.
unlink 'krb5cc_test';
($out, $err, $status)
    = command ($K5START, '-qUf', "$DATA/test.keytab", '-m', 400);
is ($status, 0, 'k5start -m 400 succeeds');
is ($err, '', ' with no errors');
($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0400, ' mode is correct');
is ($uid, 0, ' owner is correct');
is ($gid, 0, ' group is correct');

# Test handling of FILE: prefixes for the cache.
unlink 'krb5cc_test';
($out, $err, $status)
    = command ($K5START, '-Uf', "$DATA/test.keytab", '-o', 42, '-g', 42,
               '-m', 440, '-k', 'FILE:krb5cc_test');
is ($status, 0, 'k5start -o 42 -g 42 -m 440 -k succeeds');
is ($err, '', ' with no errors');
like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
      ' and the right output');
($mode, $uid, $gid) = (stat 'krb5cc_test')[2, 4, 5];
is (($mode & 0777), 0440, ' mode is correct');
is ($uid, 42, ' owner is correct');
is ($gid, 42, ' group is correct');

# Clean up.
unlink 'krb5cc_test';