1 /* 2 * Tests for authenticated FAST support in pam-krb5. 3 * 4 * Tests for Flexible Authentication Secure Tunneling, a mechanism for 5 * improving the preauthentication part of the Kerberos protocol and 6 * protecting it against various attacks. This tests authenticated FAST; 7 * anonymous FAST is tested separately. 8 * 9 * Written by Russ Allbery <eagle@eyrie.org> 10 * Copyright 2017, 2020 Russ Allbery <eagle@eyrie.org> 11 * Copyright 2012 12 * The Board of Trustees of the Leland Stanford Junior University 13 * 14 * SPDX-License-Identifier: BSD-3-clause or GPL-1+ 15 */ 16 17 #include <config.h> 18 #include <portable/system.h> 19 20 #include <tests/fakepam/script.h> 21 #include <tests/tap/kerberos.h> 22 23 24 int 25 main(void) 26 { 27 struct script_config config; 28 struct kerberos_config *krbconf; 29 30 /* Skip the test if FAST is not available. */ 31 #ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE_NAME 32 skip_all("FAST support not available"); 33 #endif 34 35 /* Initialize Kerberos configuration. */ 36 krbconf = kerberos_setup(TAP_KRB_NEEDS_BOTH); 37 memset(&config, 0, sizeof(config)); 38 config.user = krbconf->userprinc; 39 config.authtok = krbconf->password; 40 config.extra[0] = krbconf->cache; 41 42 /* 43 * Generate a testing krb5.conf file with a nonexistent default realm so 44 * that we can be sure that our principals will stay fully-qualified in 45 * the logs. 46 */ 47 kerberos_generate_conf("bogus.example.com"); 48 49 /* Test fast_ccache */ 50 plan_lazy(); 51 run_script("data/scripts/fast/ccache", &config); 52 run_script("data/scripts/fast/ccache-debug", &config); 53 run_script("data/scripts/fast/no-ccache", &config); 54 run_script("data/scripts/fast/no-ccache-debug", &config); 55 56 return 0; 57 } 58