1 /*
2  * Test for properly cleaning up ticket caches.
3  *
4  * Verify that the temporary Kerberos ticket cache generated during
5  * authentication is cleaned up on pam_end, even if no session was opened.
6  *
7  * Written by Russ Allbery <eagle@eyrie.org>
8  * Copyright 2020 Russ Allbery <eagle@eyrie.org>
9  * Copyright 2012
10  *     The Board of Trustees of the Leland Stanford Junior University
11  *
12  * SPDX-License-Identifier: BSD-3-clause or GPL-1+
13  */
14 
15 #include <config.h>
16 #include <portable/system.h>
17 
18 #include <dirent.h>
19 
20 #include <tests/fakepam/pam.h>
21 #include <tests/fakepam/script.h>
22 #include <tests/tap/basic.h>
23 #include <tests/tap/kerberos.h>
24 #include <tests/tap/string.h>
25 
26 
27 int
main(void)28 main(void)
29 {
30     struct script_config config;
31     struct kerberos_config *krbconf;
32     DIR *tmpdir;
33     struct dirent *file;
34     char *tmppath, *path;
35 
36     /* Load the Kerberos principal and password from a file. */
37     krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD);
38     memset(&config, 0, sizeof(config));
39     config.user = krbconf->username;
40     config.authtok = krbconf->password;
41     config.extra[0] = krbconf->userprinc;
42 
43     /* Generate a testing krb5.conf file. */
44     kerberos_generate_conf(krbconf->realm);
45 
46     /* Get the temporary directory and store that as the %1 substitution. */
47     tmppath = test_tmpdir();
48     config.extra[1] = tmppath;
49 
50     plan_lazy();
51 
52     /*
53      * We need to ensure that the only thing in the test temporary directory
54      * is the krb5.conf file that we generated and any valgrind logs, since
55      * we're going to check for cleanup by looking for any out-of-place files.
56      */
57     tmpdir = opendir(tmppath);
58     if (tmpdir == NULL)
59         sysbail("cannot open directory %s", tmppath);
60     while ((file = readdir(tmpdir)) != NULL) {
61         if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
62             continue;
63         if (strcmp(file->d_name, "krb5.conf") == 0)
64             continue;
65         if (strcmp(file->d_name, "valgrind") == 0)
66             continue;
67         basprintf(&path, "%s/%s", tmppath, file->d_name);
68         if (unlink(path) < 0)
69             sysbail("cannot delete temporary file %s", path);
70         free(path);
71     }
72     closedir(tmpdir);
73 
74     /*
75      * Authenticate only, call pam_end, and be sure the ticket cache is
76      * gone.  The auth-only script sets ccache_dir to the temporary directory,
77      * so the module will create a temporary ticket cache there and then
78      * should clean it up.
79      */
80     run_script("data/scripts/cache-cleanup/auth-only", &config);
81     path = NULL;
82     tmpdir = opendir(tmppath);
83     if (tmpdir == NULL)
84         sysbail("cannot open directory %s", tmppath);
85     while ((file = readdir(tmpdir)) != NULL) {
86         if (strcmp(file->d_name, ".") == 0 || strcmp(file->d_name, "..") == 0)
87             continue;
88         if (strcmp(file->d_name, "krb5.conf") == 0)
89             continue;
90         if (strcmp(file->d_name, "valgrind") == 0)
91             continue;
92         if (path == NULL)
93             basprintf(&path, "%s/%s", tmppath, file->d_name);
94     }
95     closedir(tmpdir);
96     if (path != NULL)
97         diag("found stray temporary file %s", path);
98     ok(path == NULL, "ticket cache cleaned up");
99     if (path != NULL)
100         free(path);
101 
102     test_tmpdir_free(tmppath);
103     return 0;
104 }
105