xref: /freebsd/contrib/pam-krb5/tests/module/cache-cleanup-t.c (revision bf6873c5786e333d679a7838d28812febf479a8a) 
1*bf6873c5SCy Schubert /*
2*bf6873c5SCy Schubert  * Test for properly cleaning up ticket caches.
3*bf6873c5SCy Schubert  *
4*bf6873c5SCy Schubert  * Verify that the temporary Kerberos ticket cache generated during
5*bf6873c5SCy Schubert  * authentication is cleaned up on pam_end, even if no session was opened.
6*bf6873c5SCy Schubert  *
7*bf6873c5SCy Schubert  * Written by Russ Allbery <eagle@eyrie.org>
8*bf6873c5SCy Schubert  * Copyright 2020 Russ Allbery <eagle@eyrie.org>
9*bf6873c5SCy Schubert  * Copyright 2012
10*bf6873c5SCy Schubert  *     The Board of Trustees of the Leland Stanford Junior University
11*bf6873c5SCy Schubert  *
12*bf6873c5SCy Schubert  * SPDX-License-Identifier: BSD-3-clause or GPL-1+
13*bf6873c5SCy Schubert  */
14*bf6873c5SCy Schubert 
15*bf6873c5SCy Schubert #include <config.h>
16*bf6873c5SCy Schubert #include <portable/system.h>
17*bf6873c5SCy Schubert 
18*bf6873c5SCy Schubert #include <dirent.h>
19*bf6873c5SCy Schubert 
20*bf6873c5SCy Schubert #include <tests/fakepam/pam.h>
21*bf6873c5SCy Schubert #include <tests/fakepam/script.h>
22*bf6873c5SCy Schubert #include <tests/tap/basic.h>
23*bf6873c5SCy Schubert #include <tests/tap/kerberos.h>
24*bf6873c5SCy Schubert #include <tests/tap/string.h>
25*bf6873c5SCy Schubert 
26*bf6873c5SCy Schubert 
27*bf6873c5SCy Schubert int
main(void)28*bf6873c5SCy Schubert main(void)
29*bf6873c5SCy Schubert {
30*bf6873c5SCy Schubert     struct script_config config;
31*bf6873c5SCy Schubert     struct kerberos_config *krbconf;
32*bf6873c5SCy Schubert     DIR *tmpdir;
33*bf6873c5SCy Schubert     struct dirent *file;
34*bf6873c5SCy Schubert     char *tmppath, *path;
35*bf6873c5SCy Schubert 
36*bf6873c5SCy Schubert     /* Load the Kerberos principal and password from a file. */
37*bf6873c5SCy Schubert     krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
38*bf6873c5SCy Schubert     memset(&config, 0, sizeof(config));
39*bf6873c5SCy Schubert     config.user = krbconf->username;
40*bf6873c5SCy Schubert     config.authtok = krbconf->password;
41*bf6873c5SCy Schubert     config.extra[0] = krbconf->userprinc;
42*bf6873c5SCy Schubert 
43*bf6873c5SCy Schubert     /* Generate a testing krb5.conf file. */
44*bf6873c5SCy Schubert     kerberos_generate_conf(krbconf->realm);
45*bf6873c5SCy Schubert 
46*bf6873c5SCy Schubert     /* Get the temporary directory and store that as the %1 substitution. */
47*bf6873c5SCy Schubert     tmppath = test_tmpdir();
48*bf6873c5SCy Schubert     config.extra[1] = tmppath;
49*bf6873c5SCy Schubert 
50*bf6873c5SCy Schubert     plan_lazy();
51*bf6873c5SCy Schubert 
52*bf6873c5SCy Schubert     /*
53*bf6873c5SCy Schubert      * We need to ensure that the only thing in the test temporary directory
54*bf6873c5SCy Schubert      * is the krb5.conf file that we generated and any valgrind logs, since
55*bf6873c5SCy Schubert      * we're going to check for cleanup by looking for any out-of-place files.
56*bf6873c5SCy Schubert      */
57*bf6873c5SCy Schubert     tmpdir = opendir(tmppath);
58*bf6873c5SCy Schubert     if (tmpdir == NULL)
59*bf6873c5SCy Schubert         sysbail("cannot open directory %s", tmppath);
60*bf6873c5SCy Schubert     while ((file = readdir(tmpdir)) != NULL) {
61*bf6873c5SCy Schubert         if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
62*bf6873c5SCy Schubert             continue;
63*bf6873c5SCy Schubert         if (strcmp(file->d_name, "krb5.conf") == 0)
64*bf6873c5SCy Schubert             continue;
65*bf6873c5SCy Schubert         if (strcmp(file->d_name, "valgrind") == 0)
66*bf6873c5SCy Schubert             continue;
67*bf6873c5SCy Schubert         basprintf(&path, "%s/%s", tmppath, file->d_name);
68*bf6873c5SCy Schubert         if (unlink(path) < 0)
69*bf6873c5SCy Schubert             sysbail("cannot delete temporary file %s", path);
70*bf6873c5SCy Schubert         free(path);
71*bf6873c5SCy Schubert     }
72*bf6873c5SCy Schubert     closedir(tmpdir);
73*bf6873c5SCy Schubert 
74*bf6873c5SCy Schubert     /*
75*bf6873c5SCy Schubert      * Authenticate only, call pam_end, and be sure the ticket cache is
76*bf6873c5SCy Schubert      * gone.  The auth-only script sets ccache_dir to the temporary directory,
77*bf6873c5SCy Schubert      * so the module will create a temporary ticket cache there and then
78*bf6873c5SCy Schubert      * should clean it up.
79*bf6873c5SCy Schubert      */
80*bf6873c5SCy Schubert     run_script("data/scripts/cache-cleanup/auth-only", &config);
81*bf6873c5SCy Schubert     path = NULL;
82*bf6873c5SCy Schubert     tmpdir = opendir(tmppath);
83*bf6873c5SCy Schubert     if (tmpdir == NULL)
84*bf6873c5SCy Schubert         sysbail("cannot open directory %s", tmppath);
85*bf6873c5SCy Schubert     while ((file = readdir(tmpdir)) != NULL) {
86*bf6873c5SCy Schubert         if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
87*bf6873c5SCy Schubert             continue;
88*bf6873c5SCy Schubert         if (strcmp(file->d_name, "krb5.conf") == 0)
89*bf6873c5SCy Schubert             continue;
90*bf6873c5SCy Schubert         if (strcmp(file->d_name, "valgrind") == 0)
91*bf6873c5SCy Schubert             continue;
92*bf6873c5SCy Schubert         if (path == NULL)
93*bf6873c5SCy Schubert             basprintf(&path, "%s/%s", tmppath, file->d_name);
94*bf6873c5SCy Schubert     }
95*bf6873c5SCy Schubert     closedir(tmpdir);
96*bf6873c5SCy Schubert     if (path != NULL)
97*bf6873c5SCy Schubert         diag("found stray temporary file %s", path);
98*bf6873c5SCy Schubert     ok(path == NULL, "ticket cache cleaned up");
99*bf6873c5SCy Schubert     if (path != NULL)
100*bf6873c5SCy Schubert         free(path);
101*bf6873c5SCy Schubert 
102*bf6873c5SCy Schubert     test_tmpdir_free(tmppath);
103*bf6873c5SCy Schubert     return 0;
104*bf6873c5SCy Schubert }
105