1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* tests/conccache.c - ccache concurrent get_creds/refresh test program */
3 /*
4 * Copyright (C) 2021 by the Massachusetts Institute of Technology.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 /*
34 * Usage: conccache ccname clientprinc serverprinc
35 *
36 * This program spawns two subprocesses. One repeatedly runs
37 * krb5_get_credentials() on ccname, and the other repeatedly refreshes ccname
38 * from the default keytab. If either subprocess fails, the program exits with
39 * status 1. The goal is to expose time windows where cache refreshes cause
40 * get_cred operations to fail.
41 */
42
43 #include "k5-platform.h"
44 #include <sys/types.h>
45 #include <sys/wait.h>
46 #include <pthread.h>
47 #include <krb5.h>
48
49 /* Run this many iterations of each operation. */
50 static const int iterations = 200;
51
52 /* Saved command-line arguments. */
53 static const char *ccname, *server_name, *client_name;
54
55 static void
check(krb5_error_code code)56 check(krb5_error_code code)
57 {
58 if (code)
59 abort();
60 }
61
62 static krb5_boolean
get_cred(krb5_context context)63 get_cred(krb5_context context)
64 {
65 krb5_error_code ret;
66 krb5_ccache cc;
67 krb5_principal client, server;
68 krb5_creds mcred, *cred;
69
70 check(krb5_cc_resolve(context, ccname, &cc));
71 check(krb5_parse_name(context, client_name, &client));
72 check(krb5_parse_name(context, server_name, &server));
73
74 memset(&mcred, 0, sizeof(mcred));
75 mcred.client = client;
76 mcred.server = server;
77 ret = krb5_get_credentials(context, 0, cc, &mcred, &cred);
78
79 krb5_free_creds(context, cred);
80 krb5_free_principal(context, client);
81 krb5_free_principal(context, server);
82 krb5_cc_close(context, cc);
83
84 return ret == 0;
85 }
86
87 static krb5_boolean
refresh_cache(krb5_context context)88 refresh_cache(krb5_context context)
89 {
90 krb5_error_code ret;
91 krb5_ccache cc;
92 krb5_principal client;
93 krb5_get_init_creds_opt *opt;
94 krb5_creds cred;
95
96 check(krb5_cc_resolve(context, ccname, &cc));
97 check(krb5_parse_name(context, client_name, &client));
98
99 check(krb5_get_init_creds_opt_alloc(context, &opt));
100 check(krb5_get_init_creds_opt_set_out_ccache(context, opt, cc));
101 ret = krb5_get_init_creds_keytab(context, &cred, client, NULL, 0, NULL,
102 opt);
103
104 krb5_get_init_creds_opt_free(context, opt);
105 krb5_free_cred_contents(context, &cred);
106 krb5_free_principal(context, client);
107 krb5_cc_close(context, cc);
108
109 return ret == 0;
110 }
111
112 static pid_t
spawn_cred_subprocess()113 spawn_cred_subprocess()
114 {
115 krb5_context context;
116 pid_t pid;
117 int i;
118
119 pid = fork();
120 assert(pid >= 0);
121 if (pid > 0)
122 return pid;
123
124 check(krb5_init_context(&context));
125 for (i = 0; i < iterations; i++) {
126 if (!get_cred(context)) {
127 fprintf(stderr, "cred worker failed after %d successes\n", i);
128 exit(1);
129 }
130 }
131 krb5_free_context(context);
132 exit(0);
133 }
134
135 static pid_t
spawn_refresh_subprocess()136 spawn_refresh_subprocess()
137 {
138 krb5_context context;
139 pid_t pid;
140 int i;
141
142 pid = fork();
143 assert(pid >= 0);
144 if (pid > 0)
145 return pid;
146
147 check(krb5_init_context(&context));
148 for (i = 0; i < iterations; i++) {
149 if (!refresh_cache(context)) {
150 fprintf(stderr, "refresh worker failed after %d successes\n", i);
151 exit(1);
152 }
153 }
154 krb5_free_context(context);
155 exit(0);
156 }
157
158 int
main(int argc,char * argv[])159 main(int argc, char *argv[])
160 {
161 krb5_context context;
162 pid_t cred_pid, refresh_pid, pid;
163 int cstatus, rstatus;
164
165 assert(argc == 4);
166 ccname = argv[1];
167 client_name = argv[2];
168 server_name = argv[3];
169
170 /* Begin with an initialized cache. */
171 check(krb5_init_context(&context));
172 refresh_cache(context);
173 krb5_free_context(context);
174
175 cred_pid = spawn_cred_subprocess();
176 refresh_pid = spawn_refresh_subprocess();
177
178 pid = waitpid(cred_pid, &cstatus, 0);
179 if (pid == -1)
180 abort();
181 pid = waitpid(refresh_pid, &rstatus, 0);
182 if (pid == -1)
183 abort();
184
185 if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus) != 0)
186 return 1;
187 if (!WIFEXITED(rstatus) || WEXITSTATUS(rstatus) != 0)
188 return 1;
189 return 0;
190 }
191