1 /*
2 * Test for properly cleaning up ticket caches.
3 *
4 * Verify that the temporary Kerberos ticket cache generated during
5 * authentication is cleaned up on pam_end, even if no session was opened.
6 *
7 * Written by Russ Allbery <eagle@eyrie.org>
8 * Copyright 2020 Russ Allbery <eagle@eyrie.org>
9 * Copyright 2012
10 * The Board of Trustees of the Leland Stanford Junior University
11 *
12 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
13 */
14
15 #include <config.h>
16 #include <portable/system.h>
17
18 #include <dirent.h>
19
20 #include <tests/fakepam/pam.h>
21 #include <tests/fakepam/script.h>
22 #include <tests/tap/basic.h>
23 #include <tests/tap/kerberos.h>
24 #include <tests/tap/string.h>
25
26
27 int
main(void)28 main(void)
29 {
30 struct script_config config;
31 struct kerberos_config *krbconf;
32 DIR *tmpdir;
33 struct dirent *file;
34 char *tmppath, *path;
35
36 /* Load the Kerberos principal and password from a file. */
37 krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
38 memset(&config, 0, sizeof(config));
39 config.user = krbconf->username;
40 config.authtok = krbconf->password;
41 config.extra[0] = krbconf->userprinc;
42
43 /* Generate a testing krb5.conf file. */
44 kerberos_generate_conf(krbconf->realm);
45
46 /* Get the temporary directory and store that as the %1 substitution. */
47 tmppath = test_tmpdir();
48 config.extra[1] = tmppath;
49
50 plan_lazy();
51
52 /*
53 * We need to ensure that the only thing in the test temporary directory
54 * is the krb5.conf file that we generated and any valgrind logs, since
55 * we're going to check for cleanup by looking for any out-of-place files.
56 */
57 tmpdir = opendir(tmppath);
58 if (tmpdir == NULL)
59 sysbail("cannot open directory %s", tmppath);
60 while ((file = readdir(tmpdir)) != NULL) {
61 if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
62 continue;
63 if (strcmp(file->d_name, "krb5.conf") == 0)
64 continue;
65 if (strcmp(file->d_name, "valgrind") == 0)
66 continue;
67 basprintf(&path, "%s/%s", tmppath, file->d_name);
68 if (unlink(path) < 0)
69 sysbail("cannot delete temporary file %s", path);
70 free(path);
71 }
72 closedir(tmpdir);
73
74 /*
75 * Authenticate only, call pam_end, and be sure the ticket cache is
76 * gone. The auth-only script sets ccache_dir to the temporary directory,
77 * so the module will create a temporary ticket cache there and then
78 * should clean it up.
79 */
80 run_script("data/scripts/cache-cleanup/auth-only", &config);
81 path = NULL;
82 tmpdir = opendir(tmppath);
83 if (tmpdir == NULL)
84 sysbail("cannot open directory %s", tmppath);
85 while ((file = readdir(tmpdir)) != NULL) {
86 if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
87 continue;
88 if (strcmp(file->d_name, "krb5.conf") == 0)
89 continue;
90 if (strcmp(file->d_name, "valgrind") == 0)
91 continue;
92 if (path == NULL)
93 basprintf(&path, "%s/%s", tmppath, file->d_name);
94 }
95 closedir(tmpdir);
96 if (path != NULL)
97 diag("found stray temporary file %s", path);
98 ok(path == NULL, "ticket cache cleaned up");
99 if (path != NULL)
100 free(path);
101
102 test_tmpdir_free(tmppath);
103 return 0;
104 }
105