Ci setup

.dockerignore

@@ -0,0 +1 @@
+.gitignore

.gitignore

@@ -138,3 +138,6 @@ flycheck_*.el
 /auks*.tar.gz
 /auks*.rpm
 /.rpmbuild
+
+# Gitlab build
+/builds/

.gitlab-ci.yml

@@ -1,16 +1,18 @@
-build:
-  stage: build
-  script:
-    - autoreconf -fvi
-    - ./configure
-    - make rpm
-  artifacts:
-    paths:
-      - auks*rpm
+variables:
+    GIT_SUBMODULE_STRATEGY: recursive
+
+default:
+  before_script:
+    - docker info
+    - docker-compose version
 
 
-# run tests using the binary built before
-#test:
-#  stage: test
-#  script:
-#    - ./test.sh
+test:
+  script:
+    - cd tests
+    - docker-compose build --parallel
+    - docker-compose up -d --force-recreate
+    - docker-compose exec -ti auks_server useradd -M -u 2000 auks_admin
+    - docker-compose exec -ti auks_server useradd -M -u 2001 auks_user
+    - docker-compose exec -ti auks_server useradd -M -u 2002 auks_guest
+    - docker-compose exec -ti auks_client bats /tests/bats/

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "tests/bats/bats-assert"]
+	path = tests/bats/bats-assert
+	url = https://github.com/ztombol/bats-assert.git
+[submodule "tests/bats/bats-support"]
+	path = tests/bats/bats-support
+	url = https://github.com/ztombol/bats-support.git

.travis.yml

@@ -1,3 +1,9 @@
+services:
+  - docker
+
+git:
+  submodules: true
+
 language: c
 
 os: linux
@@ -6,10 +12,11 @@ arch:
   - amd64
   - arm64
 
-compiler:
-  - gcc
-
 script:
-  - autoreconf -fvi
-  - ./configure
-  - make
+  - cd tests
+  - docker-compose build --parallel
+  - docker-compose up -d --force-recreate
+  - docker-compose exec -ti auks_server useradd -M -u 2000 auks_admin
+  - docker-compose exec -ti auks_server useradd -M -u 2001 auks_user
+  - docker-compose exec -ti auks_server useradd -M -u 2002 auks_guest
+  - docker-compose exec -ti auks_client bats --tap /tests/bats/

Dockerfile

@@ -1,26 +1,29 @@
-FROM quay.io/almalinuxorg/almalinux:8
+FROM quay.io/almalinuxorg/almalinux:8 as auks_server
 
-RUN yum -y update; yum install -y autoconf automake libtool\
-        libtirpc libtirpc-devel krb5-devel krb5-workstation\
-        make gcc diffutils file strace gdb
+RUN dnf install -y epel-release; crb enable; dnf makecache
+RUN dnf -y update; dnf install -y autoconf automake libtool\
+        libtirpc libtirpc-devel krb5-devel krb5-workstation kstart\
+        make gcc diffutils file strace gdb &&\
+	dnf clean all
 
-RUN dnf config-manager --set-enabled powertools; dnf install -y epel-release
-RUN dnf install -y bats
+COPY . /auks_src/
 
-COPY . auks
+WORKDIR /auks_src/
 
-WORKDIR auks
+RUN autoreconf -fvi && ./configure --prefix=/auks/ && make clean && make -j 8 && make -j 8 install && rm -Rf /auks_src
+WORKDIR /auks
 
-RUN autoreconf -fvi && ./configure && make clean && make && make install
+RUN mkdir /var/cache/auks
 
-COPY fixtures/krb5.conf /etc/krb5.conf
-COPY fixtures/auks* /conf/
-COPY fixtures/renewer_script.sh /usr/local/bin/renewer_script.sh
-COPY fixtures/entrypoint_*.sh /usr/local/bin
-RUN chmod 0750 /usr/local/bin/entrypoint_*.sh
+VOLUME /auks/etc
+EXPOSE 12345/tcp
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod a+x /entrypoint.sh
 
-RUN mkdir /var/cache/auks
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["-v"]
 
-RUN useradd -M -u 1234 user; useradd -M -u 4321 admin
+FROM auks_server AS auks_test
 
-EXPOSE 12345/tcp
+RUN dnf install -y bats && dnf clean all
+ENTRYPOINT ["bash"]

entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -xe
+
+AUKS_PRIV_SYSLOG_PRIO="none" AUKS_PRIV_PRINC="${KRB5_PRINCIPAL}" AUKS_PRIV_KEYTAB="${KRB5_KTNAME}" /auks/sbin/aukspriv -v &
+
+/auks/sbin/auksd -F -f /auks/etc/auks.conf $@

fixtures/auks.conf

@@ -9,16 +9,16 @@ common {
 
 
  # Primary daemon configuration
- PrimaryHost        = 	"auks" ;
- #PrimaryAddress     = 	"" ;
+ PrimaryHost        = 	"localhost" ;
+ PrimaryAddress     = 	"0.0.0.0" ;
  PrimaryPort        = 	12345 ;
- PrimaryPrincipal   = 	"auks/auks[email protected]" ;
+ PrimaryPrincipal   = 	"auks/auks1[email protected]" ;
 
  # Secondary daemon configuration
- SecondaryHost      = 	"auks2" ;
+ SecondaryHost      = 	"localhost" ;
  #SecondaryAddress   = 	"" ;
- SecondaryPort      = 	"12345" ;
- SecondaryPrincipal = 	"host/auks2.[email protected]" ;
+ SecondaryPort      = 	12345 ;
+ SecondaryPrincipal = 	"host/auks2.[email protected]" ;
 
  # If set, an attempt will be made to acquire a cross-realm ticket
  # for the given realm before forwarding credentials
@@ -79,7 +79,7 @@ auksd {
  CacheDir           = 	"/var/cache/auks" ;
 
  # ACL file for cred repo access authorization rules
- ACLFile            = 	"/conf/auks.acl" ;
+ ACLFile            = 	"/auks/etc/auks.acl" ;
 
  # default size of incoming requests queue
  # it grows up dynamically

src/api/auks/auks_cred.c

@@ -217,17 +217,26 @@ int auks_cred_init(auks_cred_t * credential, char *data, size_t length)
 		fstatus = AUKS_ERROR_CRED_INIT_KRB_PRINC_TO_UNAME ;
 		goto string_exit;
 	}
+	auks_log("Succesfully converted the '%s' principal to a local name '%s'", credential->info.principal, username);
 
 	/* associated uid from username */
 	fstatus = getpwnam_r(username,&user_pwent,pwnam_buffer,
 			     pwnam_buffer_length,&p_pwent) ;
 	if (fstatus) {
-		auks_log("unable to get %s pwnam entry : %s",username,
+		auks_log("Unexpected error while retrieving pwnam entry for '%s' : %s",username,
 			 strerror(fstatus)) ;
 		fstatus = AUKS_ERROR_CRED_INIT_GETPWNAM ;
 		goto string_exit;
 	}
 
+	if (!p_pwent) {
+		auks_log("No password entry found for user '%s'",username);
+		fstatus = AUKS_ERROR_CRED_INIT_GETPWNAM;
+		goto string_exit;
+	}
+
+	auks_log("Succesfully retrieved the password entry of the user '%s', uid is '%d'", username, user_pwent.pw_uid);
+
 	/* uid information */
 	credential->info.uid = user_pwent.pw_uid;
 

tests/auks_conf/auks.acl

@@ -0,0 +1,57 @@
+#------------------------------------------------------------------------------
+# auks-0.3 daemon configuration file
+# (Generated using autotools)
+#------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+# Any principals from realm REALM.A coming from any hosts are guests.
+# Guests can only add creds to an Auks repository
+#-------------------------------------------------------------------------------
+# rule {
+#         principal = ^[[:alnum:]]*@REALM.A$ ;
+#         host = * ;
+#         role = guest ;
+# }
+#-------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+# Any principals from realm REALM.A coming from any hosts are users. 
+# Users can add/get/remove their own creds using an Auks repository
+#-------------------------------------------------------------------------------
+# rule {
+#         principal = ^[[:alnum:]]*@REALM.B$ ;
+#         host = * ;
+#         role = user ;
+# }
+#-------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+# Any principals from realm REALM.C coming from any hosts are administrators. 
+# Administrators can add/get/remove any creds and get dumps of the repository
+#-------------------------------------------------------------------------------
+# rule {
+#         principal = ^[[:alnum:]]*@REALM.C$ ;
+#         host = * ;
+#         role = admin ;
+# }
+#-------------------------------------------------------------------------------
+rule {
+    principal = ^[email protected];
+    host = *;
+    role = guest;
+}
+rule {
+    principal = ^[email protected]$;
+    host = *;
+    role = admin;
+}
+rule {
+    principal = ^[email protected]$;
+    host = *;
+    role = user;
+}
+rule {
+    principal = ^[email protected]$;
+    host = *;
+    role = user;
+}