2010-12-27 20:29:48 +00:00
|
|
|
/* This is a simple program which originally produced the KeyFile used
|
|
|
|
|
* by the test suite. The contents of that file shouldn't be regenerated,
|
|
|
|
|
* though, as the purpose of the tests using that file is to ensure that we
|
|
|
|
|
* can still read old KeyFiles.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <afsconfig.h>
|
|
|
|
|
#include <afs/param.h>
|
|
|
|
|
#include <afs/cellconfig.h>
|
|
|
|
|
#include <afs/afsutil.h>
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
#include <afs/opr.h>
|
2010-12-27 20:29:48 +00:00
|
|
|
|
|
|
|
|
#include <roken.h>
|
|
|
|
|
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
#include "common.h"
|
|
|
|
|
|
2010-12-27 20:29:48 +00:00
|
|
|
int
|
|
|
|
|
main(int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
struct afsconf_dir *dir;
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
char *dirname;
|
2010-12-27 20:29:48 +00:00
|
|
|
char *block;
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
char *keyfile = NULL;
|
2010-12-27 20:29:48 +00:00
|
|
|
int in, out;
|
|
|
|
|
size_t len;
|
2021-04-01 06:12:43 +01:00
|
|
|
struct afstest_configinfo bct;
|
2010-12-27 20:29:48 +00:00
|
|
|
|
2021-04-01 06:12:43 +01:00
|
|
|
memset(&bct, 0, sizeof(bct));
|
|
|
|
|
|
|
|
|
|
bct.skipkeys = 1;
|
|
|
|
|
|
|
|
|
|
dirname = afstest_BuildTestConfig(&bct);
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
if (dirname == NULL) {
|
|
|
|
|
fprintf(stderr, "Unable to create tmp config dir\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
2010-12-27 20:29:48 +00:00
|
|
|
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
dir = afsconf_Open(dirname);
|
2010-12-27 20:29:48 +00:00
|
|
|
if (dir == NULL) {
|
|
|
|
|
fprintf(stderr, "Unable to open configuration directory\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
afsconf_AddKey(dir, 1, "\x01\x02\x04\x08\x10\x20\x40\x80", 1);
|
|
|
|
|
afsconf_AddKey(dir, 2, "\x04\x04\x04\x04\x04\x04\x04\x04", 1);
|
|
|
|
|
afsconf_AddKey(dir, 4, "\x19\x16\xfe\xe6\xba\x77\x2f\xfd", 1);
|
|
|
|
|
|
|
|
|
|
afsconf_Close(dir);
|
|
|
|
|
|
|
|
|
|
/* Copy out the resulting keyfile into our homedirectory */
|
2021-04-14 22:09:37 +01:00
|
|
|
keyfile = afstest_asprintf("%s/KeyFile", dirname);
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
in = open(keyfile, O_RDONLY);
|
2010-12-27 20:29:48 +00:00
|
|
|
out = open("KeyFile", O_WRONLY | O_CREAT, 0644);
|
|
|
|
|
|
|
|
|
|
block = malloc(1024);
|
|
|
|
|
do {
|
|
|
|
|
len = read(in, block, 1024);
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
if (len > 0) {
|
|
|
|
|
if (write(out, block, len) != len) {
|
|
|
|
|
len = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-27 20:29:48 +00:00
|
|
|
} while (len > 0);
|
|
|
|
|
|
|
|
|
|
if (len == -1) {
|
|
|
|
|
fprintf(stderr, "I/O error whilst copying file\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
close(in);
|
|
|
|
|
close(out);
|
|
|
|
|
|
tests: Generalize temp dir management
Currently, afstest_BuildTestConfig calls afstest_mkdtemp (our thin
wrapper around mkdtemp) to create its temporary config dir. We may
want to make new tests, though, that create a temp dir for other
purposes. To make that easier, move a little more code into
afstest_mkdtemp, so the caller doesn't need to construct the template.
To allow callers to clean up such temporary dirs, change
afstest_UnlinkTestConfig into a more general function,
afstest_rmdtemp. Allow this new function to remove all files in a dir,
not just files one-level-deep. To avoid needing to write our own
traversal and removal logic, just run 'rm -rf' via a new function,
afstest_systemlp().
Move these temp dir-related functions from config.c into files.c,
since they are no longer specific to config dirs.
Change-Id: I16750a2f30e98c9ca2e14dfb7d3fc9bc5d456e8d
Reviewed-on: https://gerrit.openafs.org/14632
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-07-02 03:18:04 +01:00
|
|
|
afstest_rmdtemp(dirname);
|
tests: Modernize writekeyfile.c
tests/auth/writekeyfile.c contains some code used to generate
tests/auth/KeyFile, which is used to test code interpreting the
old-style KeyFile format. This code currently has a few problems:
- We don't check the results of afstest_mkdtemp, which could allow
symlink attacks from other users on the system.
- We duplicate some logic from afstest_BuildTestConfig, in order to
build a temporary config dir.
- writekeyfile isn't built or run by default (it only exists to
generate KeyFile, so it's almost never run), so eventual bitrot is
quite likely, and the existing code already generates warnings.
To avoid this, change writekeyfile.c to use the existing
afstest_BuildTestConfig to generate a local config dir. To ensure we
avoid bitrot, build writekeyfile by default, and create a test to run
it, to make sure it can generate a KeyFile as expected.
Note that the KeyFile.short we test against is different than the
KeyFile currently in the tree. The existing KeyFile was generated from
an older OpenAFS release, which always generated 100-byte KeyFiles,
even if we only have a few keys. The current codebase only writes out
as much key data as needed, so the generated KeyFiles are shorter (but
still understandable by older OpenAFS releases).
Keep the old 100-byte KeyFile around, since that's what older OpenAFS
would generate, and create a new KeyFile.short to test against, to
make sure our code for generating KeyFiles doesn't change any further.
Change-Id: Ibe9246c6dd808ed2b2225dd7be2b27bbdee072fd
Reviewed-on: https://gerrit.openafs.org/14246
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-06-17 18:23:46 +01:00
|
|
|
|
|
|
|
|
return 0;
|
2010-12-27 20:29:48 +00:00
|
|
|
}
|
