* Test for the MIT Kerberos shared module API.
*
* Written by Russ Allbery <eagle@eyrie.org>
- * Copyright 2010, 2013, 2014
+ * Copyright 2017, 2020 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2010, 2013-2014
* The Board of Trustees of the Leland Stanford Junior University
*
- * See LICENSE for licensing terms.
+ * SPDX-License-Identifier: MIT
*/
#include <config.h>
#include <dlfcn.h>
#include <errno.h>
#ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
-# include <krb5/pwqual_plugin.h>
+# include <krb5/pwqual_plugin.h>
#endif
#include <tests/tap/basic.h>
char *path;
krb5_error_code code;
krb5_pwqual_vtable vtable = NULL;
- krb5_error_code (*init)(krb5_context, int, int, krb5_plugin_vtable);
+ pwqual_strength_initvt *init;
/* Load the module. */
path = test_file_path("../plugin/.libs/strength.so");
test_file_path_free(path);
/* Find the entry point function. */
- init = dlsym(*handle, "pwqual_strength_initvt");
+ init = (pwqual_strength_initvt *) dlsym(*handle, "pwqual_strength_initvt");
if (init == NULL)
bail("cannot get pwqual_strength_initvt symbol: %s", dlerror());
{
char *path, *dictionary, *krb5_config, *krb5_config_empty, *tmpdir;
char *setup_argv[12];
- const char*build;
+ const char *build;
size_t i, count;
krb5_context ctx;
krb5_pwqual_vtable vtable;
if (code != 0)
bail("cannot continue after plugin initialization failure");
- /* Now, run all of the tests, with principal tests. */
- for (i = 0; i < ARRAY_SIZE(cracklib_tests); i++)
- is_password_test(ctx, vtable, data, &cracklib_tests[i]);
+ /* Run the principal tests. */
for (i = 0; i < ARRAY_SIZE(principal_tests); i++)
is_password_test(ctx, vtable, data, &principal_tests[i]);
+# ifdef HAVE_CRACKLIB
+ /*
+ * Run the CrackLib tests if CrackLib is available, otherwise skip them.
+ * If built with the system CrackLib, skip tests that are marked as only
+ * working with the tougher rules of our embedded CrackLib.
+ */
+ for (i = 0; i < ARRAY_SIZE(cracklib_tests); i++) {
+# ifdef HAVE_SYSTEM_CRACKLIB
+ if (cracklib_tests[i].skip_for_system_cracklib) {
+ skip_block(2, "not built with embedded CrackLib");
+ continue;
+ }
+# endif
+ is_password_test(ctx, vtable, data, &cracklib_tests[i]);
+ }
+# else
+ count = ARRAY_SIZE(cracklib_tests);
+ skip_block(count * 2, "not built with CrackLib support");
+# endif
+
/* Close that initialization of the plugin and destroy that context. */
vtable->close(ctx, data);
krb5_free_context(ctx);
ctx = NULL;
- /* Set up our krb5.conf with the dictionary configuration. */
+ /* Set up our krb5.conf with a base configuration. */
tmpdir = test_tmpdir();
setup_argv[0] = test_file_path("data/make-krb5-conf");
if (setup_argv[0] == NULL)
bail("cannot find data/make-krb5-conf in the test suite");
setup_argv[1] = path;
setup_argv[2] = tmpdir;
- setup_argv[3] = (char *) "password_dictionary";
- setup_argv[4] = dictionary;
- setup_argv[5] = NULL;
- run_setup((const char **) setup_argv);
/* Point KRB5_CONFIG at the newly-generated krb5.conf file. */
basprintf(&krb5_config, "KRB5_CONFIG=%s/krb5.conf", tmpdir);
putenv(krb5_config);
free(krb5_config_empty);
+# ifdef HAVE_CRACKLIB
+
+ /* Add CrackLib configuration. */
+ setup_argv[3] = (char *) "password_dictionary";
+ setup_argv[4] = dictionary;
+ setup_argv[5] = NULL;
+ run_setup((const char **) setup_argv);
+
/* Obtain a new Kerberos context with that krb5.conf file. */
krb5_free_context(ctx);
code = krb5_init_context(&ctx);
is_int(0, code, "Plugin initialization (krb5.conf dictionary)");
if (code != 0)
bail("cannot continue after plugin initialization failure");
- for (i = 0; i < ARRAY_SIZE(cracklib_tests); i++)
+ for (i = 0; i < ARRAY_SIZE(cracklib_tests); i++) {
+# ifdef HAVE_SYSTEM_CRACKLIB
+ if (cracklib_tests[i].skip_for_system_cracklib) {
+ skip_block(2, "not built with embedded CrackLib");
+ continue;
+ }
+# endif
is_password_test(ctx, vtable, data, &cracklib_tests[i]);
+ }
vtable->close(ctx, data);
/*
is_password_test(ctx, vtable, data, &length_tests[i]);
vtable->close(ctx, data);
- /* Add simple character class configuration to krb5.conf. */
- setup_argv[5] = (char *) "minimum_different";
- setup_argv[6] = (char *) "8";
- setup_argv[7] = (char *) "require_ascii_printable";
+# else
+
+ /* Otherwise mark the CrackLib tests as skipped. */
+ count = ARRAY_SIZE(cracklib_tests) + ARRAY_SIZE(length_tests);
+ skip_block(count * 2 + 2, "not built with CrackLib support");
+
+# endif /* !HAVE_CRACKLIB */
+
+ /* Switch to simple character class configuration in krb5.conf. */
+ setup_argv[3] = (char *) "minimum_different";
+ setup_argv[4] = (char *) "8";
+ setup_argv[5] = (char *) "require_ascii_printable";
+ setup_argv[6] = (char *) "true";
+ setup_argv[7] = (char *) "require_non_letter";
setup_argv[8] = (char *) "true";
- setup_argv[9] = (char *) "require_non_letter";
- setup_argv[10] = (char *) "true";
- setup_argv[11] = NULL;
+ setup_argv[9] = NULL;
run_setup((const char **) setup_argv);
/* Obtain a new Kerberos context with that krb5.conf file. */
is_password_test(ctx, vtable, data, &letter_tests[i]);
vtable->close(ctx, data);
- /*
- * Add complex character class configuration to krb5.conf but drop
- * the dictionary configuration.
- */
+ /* Add complex character class configuration to krb5.conf. */
setup_argv[3] = (char *) "require_classes";
- setup_argv[4] = (char *) "8-19:lower,upper 8-15:digit 8-11:symbol";
+ setup_argv[4] = (char *) "8-19:lower,upper 8-15:digit 8-11:symbol 24-24:3";
setup_argv[5] = NULL;
run_setup((const char **) setup_argv);
code = vtable->open(ctx, NULL, &data);
is_int(0, code, "Plugin initialization (complex character class)");
if (code != 0)
- bail("cannot continue after plugin initialization failure");
+ bail_krb5(ctx, code, "plugin initialization failure");
for (i = 0; i < ARRAY_SIZE(classes_tests); i++)
is_password_test(ctx, vtable, data, &classes_tests[i]);
vtable->close(ctx, data);
is_password_test(ctx, vtable, data, &length_tests[i]);
vtable->close(ctx, data);
-#ifdef HAVE_CDB
+# ifdef HAVE_CDB
/* If built with CDB, set up krb5.conf to use a CDB dictionary instead. */
test_file_path_free(dictionary);
is_password_test(ctx, vtable, data, &principal_tests[i]);
vtable->close(ctx, data);
-#else /* !HAVE_CDB */
+# else /* !HAVE_CDB */
/* Otherwise, mark the CDB tests as skipped. */
count = ARRAY_SIZE(cdb_tests) + ARRAY_SIZE(principal_tests);
skip_block(count * 2 + 1, "not built with CDB support");
-#endif /* !HAVE_CDB */
+# endif /* !HAVE_CDB */
-#ifdef HAVE_SQLITE
+# ifdef HAVE_SQLITE
/*
* If built with SQLite, set up krb5.conf to use a SQLite dictionary
is_password_test(ctx, vtable, data, &principal_tests[i]);
vtable->close(ctx, data);
-#else /* !HAVE_SQLITE */
+# else /* !HAVE_SQLITE */
/* Otherwise, mark the SQLite tests as skipped. */
count = ARRAY_SIZE(sqlite_tests) + ARRAY_SIZE(principal_tests);
skip_block(count * 2 + 1, "not built with SQLite support");
-#endif /* !HAVE_SQLITE */
+# endif /* !HAVE_SQLITE */
/* Manually clean up after the results of make-krb5-conf. */
basprintf(&path, "%s/krb5.conf", tmpdir);