diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-18 16:14:40 +0200 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2012-10-26 10:32:05 +0200 |
commit | 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 (patch) | |
tree | 720875032628182f533e990752eb94824d7ea24c /src/tests | |
parent | 7219ef88751bb05edd77629b8068330bb6d9b117 (diff) | |
download | sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.gz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.bz2 sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.zip |
krb5_auth: check if principal belongs to a different realm
Add a flag if the principal used for authentication does not belong
to our realm. This can be used to act differently for users from other
realms.
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/krb5_utils-tests.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 5fee4544..636bcd40 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -673,6 +673,47 @@ START_TEST(test_no_substitution) } END_TEST +START_TEST(test_compare_principal_realm) +{ + int ret; + bool different_realm; + + ret = compare_principal_realm(NULL, "a", &different_realm); + fail_unless(ret == EINVAL, "NULL upn does not cause EINVAL."); + + ret = compare_principal_realm("a", NULL, &different_realm); + fail_unless(ret == EINVAL, "NULL realm does not cause EINVAL."); + + ret = compare_principal_realm("a", "b", NULL); + fail_unless(ret == EINVAL, "NULL different_realmbool " \ + "does not cause EINVAL."); + + ret = compare_principal_realm("", "a", &different_realm); + fail_unless(ret == EINVAL, "Empty upn does not cause EINVAL."); + + ret = compare_principal_realm("a", "", &different_realm); + fail_unless(ret == EINVAL, "Empty realm does not cause EINVAL."); + + ret = compare_principal_realm("ABC", "ABC", &different_realm); + fail_unless(ret == EINVAL, "Short UPN does not cause EINVAL."); + + ret = compare_principal_realm("userABC", "ABC", &different_realm); + fail_unless(ret == EINVAL, "Missing '@' does not cause EINVAL."); + + fail_unless(different_realm == false, "Same realm but " \ + "different_realm is not false."); + ret = compare_principal_realm("user@ABC", "ABC", &different_realm); + fail_unless(ret == EOK, "Failure with same realm"); + fail_unless(different_realm == false, "Same realm but " \ + "different_realm is not false."); + + ret = compare_principal_realm("user@ABC", "DEF", &different_realm); + fail_unless(ret == EOK, "Failure with different realm"); + fail_unless(different_realm == true, "Different realm but " \ + "different_realm is not true."); +} +END_TEST + Suite *krb5_utils_suite (void) { Suite *s = suite_create ("krb5_utils"); @@ -713,6 +754,10 @@ Suite *krb5_utils_suite (void) } suite_add_tcase (s, tc_create_dir); + TCase *tc_krb5_helpers = tcase_create("Helper functions"); + tcase_add_test(tc_krb5_helpers, test_compare_principal_realm); + suite_add_tcase(s, tc_krb5_helpers); + return s; } |