1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* tests/conccache.c - ccache concurrent get_creds/refresh test program */ 3 /* 4 * Copyright (C) 2021 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * Usage: conccache ccname clientprinc serverprinc 35 * 36 * This program spawns two subprocesses. One repeatedly runs 37 * krb5_get_credentials() on ccname, and the other repeatedly refreshes ccname 38 * from the default keytab. If either subprocess fails, the program exits with 39 * status 1. The goal is to expose time windows where cache refreshes cause 40 * get_cred operations to fail. 41 */ 42 43 #include "k5-platform.h" 44 #include <sys/types.h> 45 #include <sys/wait.h> 46 #include <pthread.h> 47 #include <krb5.h> 48 49 /* Run this many iterations of each operation. */ 50 static const int iterations = 200; 51 52 /* Saved command-line arguments. */ 53 static const char *ccname, *server_name, *client_name; 54 55 static void 56 check(krb5_error_code code) 57 { 58 if (code) 59 abort(); 60 } 61 62 static krb5_boolean 63 get_cred(krb5_context context) 64 { 65 krb5_error_code ret; 66 krb5_ccache cc; 67 krb5_principal client, server; 68 krb5_creds mcred, *cred; 69 70 check(krb5_cc_resolve(context, ccname, &cc)); 71 check(krb5_parse_name(context, client_name, &client)); 72 check(krb5_parse_name(context, server_name, &server)); 73 74 memset(&mcred, 0, sizeof(mcred)); 75 mcred.client = client; 76 mcred.server = server; 77 ret = krb5_get_credentials(context, 0, cc, &mcred, &cred); 78 79 krb5_free_creds(context, cred); 80 krb5_free_principal(context, client); 81 krb5_free_principal(context, server); 82 krb5_cc_close(context, cc); 83 84 return ret == 0; 85 } 86 87 static krb5_boolean 88 refresh_cache(krb5_context context) 89 { 90 krb5_error_code ret; 91 krb5_ccache cc; 92 krb5_principal client; 93 krb5_get_init_creds_opt *opt; 94 krb5_creds cred; 95 96 check(krb5_cc_resolve(context, ccname, &cc)); 97 check(krb5_parse_name(context, client_name, &client)); 98 99 check(krb5_get_init_creds_opt_alloc(context, &opt)); 100 check(krb5_get_init_creds_opt_set_out_ccache(context, opt, cc)); 101 ret = krb5_get_init_creds_keytab(context, &cred, client, NULL, 0, NULL, 102 opt); 103 104 krb5_get_init_creds_opt_free(context, opt); 105 krb5_free_cred_contents(context, &cred); 106 krb5_free_principal(context, client); 107 krb5_cc_close(context, cc); 108 109 return ret == 0; 110 } 111 112 static pid_t 113 spawn_cred_subprocess() 114 { 115 krb5_context context; 116 pid_t pid; 117 int i; 118 119 pid = fork(); 120 assert(pid >= 0); 121 if (pid > 0) 122 return pid; 123 124 check(krb5_init_context(&context)); 125 for (i = 0; i < iterations; i++) { 126 if (!get_cred(context)) { 127 fprintf(stderr, "cred worker failed after %d successes\n", i); 128 exit(1); 129 } 130 } 131 krb5_free_context(context); 132 exit(0); 133 } 134 135 static pid_t 136 spawn_refresh_subprocess() 137 { 138 krb5_context context; 139 pid_t pid; 140 int i; 141 142 pid = fork(); 143 assert(pid >= 0); 144 if (pid > 0) 145 return pid; 146 147 check(krb5_init_context(&context)); 148 for (i = 0; i < iterations; i++) { 149 if (!refresh_cache(context)) { 150 fprintf(stderr, "refresh worker failed after %d successes\n", i); 151 exit(1); 152 } 153 } 154 krb5_free_context(context); 155 exit(0); 156 } 157 158 int 159 main(int argc, char *argv[]) 160 { 161 krb5_context context; 162 pid_t cred_pid, refresh_pid, pid; 163 int cstatus, rstatus; 164 165 assert(argc == 4); 166 ccname = argv[1]; 167 client_name = argv[2]; 168 server_name = argv[3]; 169 170 /* Begin with an initialized cache. */ 171 check(krb5_init_context(&context)); 172 refresh_cache(context); 173 krb5_free_context(context); 174 175 cred_pid = spawn_cred_subprocess(); 176 refresh_pid = spawn_refresh_subprocess(); 177 178 pid = waitpid(cred_pid, &cstatus, 0); 179 if (pid == -1) 180 abort(); 181 pid = waitpid(refresh_pid, &rstatus, 0); 182 if (pid == -1) 183 abort(); 184 185 if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus) != 0) 186 return 1; 187 if (!WIFEXITED(rstatus) || WEXITSTATUS(rstatus) != 0) 188 return 1; 189 return 0; 190 } 191