Replace gssrpc tests with a Python script
This commit is contained in:
parent
883355750a
commit
49849de329
@ -1,4 +1,4 @@
|
||||
From 1e72ba5c1b74d5b78f84c5884d06e979830aeb53 Mon Sep 17 00:00:00 2001
|
||||
From d003b4aa8dce14967725d6607c54ceb884b3647c Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Wed, 27 May 2020 18:48:35 -0400
|
||||
Subject: [PATCH] Default dns_canonicalize_hostname to "fallback"
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 621cf6c98d74b025a0ca190cd279756596709ef9 Mon Sep 17 00:00:00 2001
|
||||
From c21bb26abc4799298726124d73f0c968430a87bd Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Thu, 28 May 2020 18:41:02 -0400
|
||||
Subject: [PATCH] Remove resolver test utility
|
||||
@ -22,10 +22,10 @@ tests/resolve is no longer used after the previous commit.
|
||||
delete mode 100644 src/tests/resolve/resolve.c
|
||||
|
||||
diff --git a/src/configure.ac b/src/configure.ac
|
||||
index 29be532cb..2a756d6b5 100644
|
||||
index aafc462f9..00b5ea4c5 100644
|
||||
--- a/src/configure.ac
|
||||
+++ b/src/configure.ac
|
||||
@@ -1542,7 +1542,6 @@ V5_AC_OUTPUT_MAKEFILE(.
|
||||
@@ -1540,7 +1540,6 @@ V5_AC_OUTPUT_MAKEFILE(.
|
||||
appl/simple appl/simple/client appl/simple/server
|
||||
appl/gss-sample appl/user_user
|
||||
|
||||
|
861
Replace-gssrpc-tests-with-a-Python-script.patch
Normal file
861
Replace-gssrpc-tests-with-a-Python-script.patch
Normal file
@ -0,0 +1,861 @@
|
||||
From 5af211200d6c2ac82872435556f5b39edcaba541 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Sat, 15 Feb 2020 20:34:23 -0500
|
||||
Subject: [PATCH] Replace gssrpc tests with a Python script
|
||||
|
||||
Replace the dejagnu RPC test framework with a short Python script to
|
||||
do the same tests as fullrun.exp and gsserr.exp. Modify the server
|
||||
test program to facilitate use by k5test.py.
|
||||
|
||||
expire.exp, together with a comment in the client test program, was
|
||||
designed to test a libdb2 btree bug via the gssrpc server-side
|
||||
authentication code. That code was subsequently changed not to use
|
||||
libdb2, before it was merged into the main krb5 tree (in revision 1.23
|
||||
of svc_auth_gssapi.c, according to the changelog removed in commit
|
||||
2a43d772be1e45faa8e488d436b6e867371563fb). Remove the comment and do
|
||||
not replace that test sequence.
|
||||
|
||||
[rharwood@redhat.com: .gitignore]
|
||||
---
|
||||
src/configure.ac | 2 -
|
||||
src/lib/rpc/unit-test/Makefile.in | 36 +--
|
||||
src/lib/rpc/unit-test/client.c | 26 ---
|
||||
src/lib/rpc/unit-test/config/unix.exp | 176 --------------
|
||||
src/lib/rpc/unit-test/lib/helpers.exp | 234 -------------------
|
||||
src/lib/rpc/unit-test/rpc_test.0/expire.exp | 49 ----
|
||||
src/lib/rpc/unit-test/rpc_test.0/fullrun.exp | 91 --------
|
||||
src/lib/rpc/unit-test/rpc_test.0/gsserr.exp | 30 ---
|
||||
src/lib/rpc/unit-test/server.c | 13 +-
|
||||
src/lib/rpc/unit-test/t_rpc.py | 29 +++
|
||||
10 files changed, 41 insertions(+), 645 deletions(-)
|
||||
delete mode 100644 src/lib/rpc/unit-test/config/unix.exp
|
||||
delete mode 100644 src/lib/rpc/unit-test/lib/helpers.exp
|
||||
delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/expire.exp
|
||||
delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
|
||||
delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
|
||||
create mode 100644 src/lib/rpc/unit-test/t_rpc.py
|
||||
|
||||
diff --git a/src/configure.ac b/src/configure.ac
|
||||
index 29be532cb..aafc462f9 100644
|
||||
--- a/src/configure.ac
|
||||
+++ b/src/configure.ac
|
||||
@@ -1102,8 +1102,6 @@ extern void endrpcent();],
|
||||
AC_MSG_RESULT($k5_cv_type_endrpcent)
|
||||
AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
|
||||
K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
|
||||
-PASS=tcp
|
||||
-AC_SUBST(PASS)
|
||||
|
||||
# for pkinit
|
||||
AC_ARG_ENABLE([pkinit],
|
||||
diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in
|
||||
index 0b6e5203d..309ae2b21 100644
|
||||
--- a/src/lib/rpc/unit-test/Makefile.in
|
||||
+++ b/src/lib/rpc/unit-test/Makefile.in
|
||||
@@ -16,10 +16,6 @@ server: server.o rpc_test_svc.o $(GSSRPC_DEPLIBS) $(KRB5_BASE_DEPLIBS)
|
||||
|
||||
client.o server.o: rpc_test.h
|
||||
|
||||
-runenv.exp: Makefile
|
||||
- $(RUN_SETUP); for i in $(RUN_VARS); do \
|
||||
- eval echo "set env\($$i\) \$$$$i"; done > runenv.exp
|
||||
-
|
||||
# If rpc_test.h and rpc_test_*.c do not work on your system, you can
|
||||
# try using rpcgen by uncommenting these lines (be sure to uncomment
|
||||
# then in the generated not Makefile.in).
|
||||
@@ -34,37 +30,9 @@ runenv.exp: Makefile
|
||||
# rm -f rpc_test.h rpc_test_clnt.c rpc_test_svc.c
|
||||
#
|
||||
|
||||
-check unit-test: unit-test-@DO_TEST@
|
||||
-
|
||||
-unit-test-:
|
||||
- @echo "+++"
|
||||
- @echo "+++ WARNING: lib/rpc unit tests not run."
|
||||
- @echo "+++ Either tcl, runtest, or Perl is unavailable."
|
||||
- @echo "+++"
|
||||
- @echo 'Skipped rpc tests: runtest or Perl not found' >> $(SKIPTESTS)
|
||||
-
|
||||
-unit-test-ok: unit-test-body
|
||||
-
|
||||
-PASS=@PASS@
|
||||
-unit-test-body: runenv.sh runenv.exp
|
||||
- $(RM) krb5cc_rpc_test_*
|
||||
- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
|
||||
- RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \
|
||||
- trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
|
||||
- if $(ENV_SETUP) \
|
||||
- $(RUNTEST) SERVER=./server CLIENT=./client \
|
||||
- KINIT=$(BUILDTOP)/clients/kinit/kinit \
|
||||
- KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
|
||||
- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \
|
||||
- PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \
|
||||
- then \
|
||||
- echo Cleaning up... ; \
|
||||
- rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \
|
||||
- $(ENV_SETUP) $(STOP_SERVERS) ; \
|
||||
- trap 0 ; exit 0 ; \
|
||||
- else exit 1 ; fi
|
||||
+check-pytests:
|
||||
+ $(RUNPYTEST) $(srcdir)/t_rpc.py $(PYTESTFLAGS)
|
||||
|
||||
clean:
|
||||
$(RM) server client
|
||||
- $(RM) dbg.log rpc_test.log rpc_test.sum runenv.exp
|
||||
|
||||
diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
|
||||
index 5edde49df..c9a812bc5 100644
|
||||
--- a/src/lib/rpc/unit-test/client.c
|
||||
+++ b/src/lib/rpc/unit-test/client.c
|
||||
@@ -231,32 +231,6 @@ main(argc, argv)
|
||||
else
|
||||
gssrpc_xdr_free(xdr_wrapstring, echo_resp);
|
||||
|
||||
- /*
|
||||
- * Test fix for secure-rpc/586, part 1: btree keys must be
|
||||
- * unique. Create another context from the same credentials; it
|
||||
- * should have the same expiration time and will cause the server
|
||||
- * to abort if the clients are not differentiated.
|
||||
- *
|
||||
- * Test fix for secure-rpc/586, part 2: btree keys cannot be
|
||||
- * mutated in place. To test this: a second client, *with a
|
||||
- * later expiration time*, must be run. The second client should
|
||||
- * destroy itself *after* the first one; if the key-mutating bug
|
||||
- * is not fixed, the second client_data will be in the btree
|
||||
- * before the first, but its key will be larger; thus, when the
|
||||
- * first client calls AUTH_DESTROY, the server won't find it in
|
||||
- * the btree and call abort.
|
||||
- *
|
||||
- * For unknown reasons, running just a second client didn't
|
||||
- * tickle the bug; the btree code seemed to guess which node to
|
||||
- * look at first. Running a total of three clients does ticket
|
||||
- * the bug. Thus, the full test sequence looks like this:
|
||||
- *
|
||||
- * kinit -l 20m user && client server test@ddn 200
|
||||
- * sleep 1
|
||||
- * kini -l 30m user && client server test@ddn 300
|
||||
- * sleep 1
|
||||
- * kinit -l 40m user && client server test@ddn 400
|
||||
- */
|
||||
if (! auth_once) {
|
||||
tmp_auth = clnt->cl_auth;
|
||||
clnt->cl_auth = auth_gssapi_create_default(clnt, target);
|
||||
diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp
|
||||
deleted file mode 100644
|
||||
index 18da62be4..000000000
|
||||
--- a/src/lib/rpc/unit-test/config/unix.exp
|
||||
+++ /dev/null
|
||||
@@ -1,176 +0,0 @@
|
||||
-#
|
||||
-# $Id$
|
||||
-#
|
||||
-
|
||||
-source runenv.exp
|
||||
-
|
||||
-set kill /bin/kill
|
||||
-set sleep /bin/sleep
|
||||
-set kinit $KINIT
|
||||
-set kdestroy $KDESTROY
|
||||
-
|
||||
-set hostname [exec hostname]
|
||||
-
|
||||
-# Hack around Solaris 9 kernel race condition that causes last output
|
||||
-# from a pty to get dropped.
|
||||
-if { $PRIOCNTL_HACK } {
|
||||
- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
|
||||
- rename spawn oldspawn
|
||||
- proc spawn { args } {
|
||||
- upvar 1 spawn_id spawn_id
|
||||
- set newargs {}
|
||||
- set inflags 1
|
||||
- set eatnext 0
|
||||
- foreach arg $args {
|
||||
- if { $arg == "-ignore" \
|
||||
- || $arg == "-open" \
|
||||
- || $arg == "-leaveopen" } {
|
||||
- lappend newargs $arg
|
||||
- set eatnext 1
|
||||
- continue
|
||||
- }
|
||||
- if [string match "-*" $arg] {
|
||||
- lappend newargs $arg
|
||||
- continue
|
||||
- }
|
||||
- if { $eatnext } {
|
||||
- set eatnext 0
|
||||
- lappend newargs $arg
|
||||
- continue
|
||||
- }
|
||||
- if { $inflags } {
|
||||
- set inflags 0
|
||||
- set newargs [concat $newargs {priocntl -e -c FX -p 0}]
|
||||
- }
|
||||
- lappend newargs $arg
|
||||
- }
|
||||
- set pid [eval oldspawn $newargs]
|
||||
- return $pid
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-if { [string length $VALGRIND] } {
|
||||
- rename spawn valgrind_aux_spawn
|
||||
- proc spawn { args } {
|
||||
- global VALGRIND
|
||||
- upvar 1 spawn_id spawn_id
|
||||
- set newargs {}
|
||||
- set inflags 1
|
||||
- set eatnext 0
|
||||
- foreach arg $args {
|
||||
- if { $arg == "-ignore" \
|
||||
- || $arg == "-open" \
|
||||
- || $arg == "-leaveopen" } {
|
||||
- lappend newargs $arg
|
||||
- set eatnext 1
|
||||
- continue
|
||||
- }
|
||||
- if [string match "-*" $arg] {
|
||||
- lappend newargs $arg
|
||||
- continue
|
||||
- }
|
||||
- if { $eatnext } {
|
||||
- set eatnext 0
|
||||
- lappend newargs $arg
|
||||
- continue
|
||||
- }
|
||||
- if { $inflags } {
|
||||
- set inflags 0
|
||||
- # Only run valgrind for local programs, not
|
||||
- # system ones.
|
||||
-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
|
||||
- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
|
||||
- set newargs [concat $newargs $VALGRIND]
|
||||
- } elseif [string match "." [string index $arg 0]] {
|
||||
- set newargs [concat $newargs $VALGRIND]
|
||||
- }
|
||||
- }
|
||||
- lappend newargs $arg
|
||||
- }
|
||||
- set pid [eval valgrind_aux_spawn $newargs]
|
||||
- return $pid
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-# this will initialize the database and keytab
|
||||
-load_lib "helpers.exp"
|
||||
-
|
||||
-proc rpc_test_version {} {
|
||||
- global CLIENT
|
||||
- global SERVER
|
||||
-
|
||||
- clone_output "$CLIENT version <unknown>"
|
||||
- clone_output "$SERVER version <unknown>"
|
||||
-}
|
||||
-
|
||||
-proc rpc_test_load {} {
|
||||
- #
|
||||
-}
|
||||
-
|
||||
-# rpc_test_exit -- clean up and exit
|
||||
-proc rpc_test_exit {} {
|
||||
- global server_id
|
||||
- global server_pid
|
||||
- global server_started
|
||||
- global kill
|
||||
-
|
||||
- if {[catch {
|
||||
- expect {
|
||||
- -i $server_id
|
||||
- eof {
|
||||
- fail "server exited!"
|
||||
- verbose $expect_out(buffer) 1
|
||||
- }
|
||||
- timeout { pass "server survived" }
|
||||
- }
|
||||
- } tmp]} {
|
||||
- fail "server exited! (expect failed)"
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-#
|
||||
-# rpc_test_start -- start the rpc_test server running
|
||||
-#
|
||||
-proc rpc_test_start { } {
|
||||
- global SERVER PROT
|
||||
- global server_id
|
||||
- global server_pid
|
||||
- global server_started
|
||||
- global server_port
|
||||
- global env
|
||||
-
|
||||
- if [info exists server_pid] { rpc_test_exit }
|
||||
-
|
||||
- set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB)
|
||||
-
|
||||
- verbose "% $SERVER" 1
|
||||
- set server_pid [spawn $SERVER $PROT]
|
||||
- set server_id $spawn_id
|
||||
- set server_started 1
|
||||
- set server_port -1
|
||||
-
|
||||
- unset env(KRB5_KTNAME)
|
||||
-
|
||||
- set timeout 30
|
||||
-
|
||||
- expect {
|
||||
- -re "port: (\[0-9\]*)\r\n" {
|
||||
- set server_port $expect_out(1,string)
|
||||
- }
|
||||
- "running" { }
|
||||
- eof {
|
||||
- send_error "server exited!"
|
||||
- verbose $expect_out(buffer) 1
|
||||
- }
|
||||
- timeout {
|
||||
- send_error "server didn't start in $timeout seconds"
|
||||
- verbose $expect_out(buffer) 1
|
||||
- }
|
||||
- }
|
||||
-
|
||||
-}
|
||||
-
|
||||
-set MULTIPASS {
|
||||
- {tcp PROT=-t dummy=[rpc_test_start]}
|
||||
- {udp PROT=-u dummy=[rpc_test_start]}
|
||||
-}
|
||||
diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp
|
||||
deleted file mode 100644
|
||||
index eb2797c53..000000000
|
||||
--- a/src/lib/rpc/unit-test/lib/helpers.exp
|
||||
+++ /dev/null
|
||||
@@ -1,234 +0,0 @@
|
||||
-if {[info commands exp_version] != {}} {
|
||||
- set exp_version_4 [regexp {^4} [exp_version]]
|
||||
-} else {
|
||||
- set exp_version_4 [regexp {^4} [expect_version]]
|
||||
-}
|
||||
-
|
||||
-# Backward compatibility until we're using expect 5 everywhere
|
||||
-if {$exp_version_4} {
|
||||
- global wait_error_index wait_errno_index wait_status_index
|
||||
- set wait_error_index 0
|
||||
- set wait_errno_index 1
|
||||
- set wait_status_index 1
|
||||
-} else {
|
||||
- set wait_error_index 2
|
||||
- set wait_errno_index 3
|
||||
- set wait_status_index 3
|
||||
-}
|
||||
-
|
||||
-proc set_from_env {varname default_value} {
|
||||
- global env
|
||||
- upvar $varname v
|
||||
-
|
||||
- if [info exists env($varname)] {
|
||||
- set v $env($varname)
|
||||
- } else {
|
||||
- set v $default_value
|
||||
- }
|
||||
-}
|
||||
-proc expect_tcl_prompt {} {
|
||||
- global kadmin_tcl_spawn_id
|
||||
- expect {
|
||||
- -i $kadmin_tcl_spawn_id
|
||||
- -re "^% $" { }
|
||||
- -re . { perror "unexpected output {$expect_out(buffer)} from subprocess, expecting tcl prompt" }
|
||||
- timeout { perror "timeout waiting for tcl prompt" }
|
||||
- eof { perror "eof from subprocess when expecting tcl prompt" }
|
||||
- }
|
||||
-}
|
||||
-proc send_tcl_cmd_await_echo {cmd} {
|
||||
- global kadmin_tcl_spawn_id
|
||||
- send -i $kadmin_tcl_spawn_id "$cmd\n"
|
||||
- expect {
|
||||
- -i $kadmin_tcl_spawn_id
|
||||
- -ex "$cmd\r\n" { }
|
||||
- timeout { perror "timeout waiting for tcl subprocess to echo input" }
|
||||
- eof { perror "eof waiting for tcl subprocess to echo input" }
|
||||
- }
|
||||
-}
|
||||
-proc expect_kadm_ok {} {
|
||||
- global kadmin_tcl_spawn_id
|
||||
- expect {
|
||||
- -i $kadmin_tcl_spawn_id
|
||||
- -re "^OK KADM5_OK \[^\n\]*\n" {}
|
||||
- -re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" }
|
||||
- -re "^marshall_new_creds: \[^\n\]*\n" { exp_continue }
|
||||
- -re "^gssapi_\[^\n\]*\n" { exp_continue }
|
||||
- -re "^\r?\n" { exp_continue }
|
||||
- eof { perror "kadmin tcl subprocess died" }
|
||||
- default { perror "didn't get ok back" }
|
||||
- }
|
||||
-}
|
||||
-proc setup_database {} {
|
||||
- global env spawn_id kadmin_tcl_spawn_id TESTDIR CANON_HOST
|
||||
-
|
||||
- # XXXXX
|
||||
- set_from_env TOP {/x/x/x/x/x}
|
||||
- send_user "TOP=$TOP\n"
|
||||
-
|
||||
- set_from_env TESTDIR $env(TOP)/testing
|
||||
- set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
|
||||
- set_from_env TCLUTIL $TESTDIR/tcl/util.t
|
||||
- set env(TCLUTIL) $TCLUTIL
|
||||
- set env(PATH) "$TOP/install/admin:$env(PATH)"
|
||||
-
|
||||
- # $VERBOSE ?
|
||||
-
|
||||
- if [info exists spawn_id] { set x $spawn_id }
|
||||
- spawn $CLNTTCL
|
||||
- set kadmin_tcl_spawn_id $spawn_id
|
||||
- if [info exists x] { set spawn_id $x }
|
||||
-
|
||||
- expect_tcl_prompt
|
||||
- # tcl 8.4 for some reason screws up autodetection of output EOL
|
||||
- # translation. Work around it for now.
|
||||
- send_tcl_cmd_await_echo "if { \[info commands fconfigure\] != \"\" } { fconfigure stdout -translation lf }"
|
||||
- expect_tcl_prompt
|
||||
- send_tcl_cmd_await_echo "source {$TCLUTIL}"
|
||||
- expect_tcl_prompt
|
||||
- send_tcl_cmd_await_echo "set h {$CANON_HOST}"
|
||||
- expect {
|
||||
- -ex "$CANON_HOST\r\n" { }
|
||||
- timeout { perror "timeout waiting for subprocess" }
|
||||
- eof { perror "eof from subprocess" }
|
||||
- }
|
||||
- expect_tcl_prompt
|
||||
-
|
||||
- send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- send_tcl_cmd_await_echo {kadm5_destroy $server_handle}
|
||||
- expect_kadm_ok
|
||||
- expect "^% "
|
||||
- wait -nowait -i $spawn_id
|
||||
- close -i $spawn_id
|
||||
-}
|
||||
-
|
||||
-if ![info exists CANON_HOST] {
|
||||
- set CANON_HOST $env(QUALNAME)
|
||||
- setup_database
|
||||
- file delete $env(RPC_TEST_KEYTAB)
|
||||
- exec $env(TOP)/cli/kadmin -p admin -w admin ktadd -k $env(RPC_TEST_KEYTAB) server/$CANON_HOST
|
||||
-}
|
||||
-
|
||||
-
|
||||
-proc kinit {princ pass lifetime} {
|
||||
- global kinit
|
||||
- global wait_error_index wait_errno_index wait_status_index
|
||||
-
|
||||
- spawn -noecho $kinit -5 -l $lifetime $princ
|
||||
- expect {
|
||||
- -re "Password for $princ.*: " { send "$pass\n"; expect eof }
|
||||
- timeout { perror "Timeout waiting for kinit"; close }
|
||||
- eof
|
||||
- }
|
||||
-
|
||||
- set ret [wait]
|
||||
- if {[lindex $ret $wait_error_index] == -1} {
|
||||
- perror \
|
||||
- "wait(kinit $princ) returned error [lindex $ret $wait_errno_index]"
|
||||
- } else {
|
||||
- if {[lindex $ret $wait_status_index] != 0} {
|
||||
- perror \
|
||||
- "kinit $princ failed with [lindex $ret $wait_status_index]"
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-proc flush_server {} {
|
||||
- global server_id
|
||||
- global expect_out
|
||||
-
|
||||
- verbose "flushing server output" 1
|
||||
-
|
||||
- while {1} {
|
||||
- set timeout 5
|
||||
-
|
||||
- expect {
|
||||
- -i $server_id
|
||||
- -re "^.+$" {
|
||||
- verbose "server output: $expect_out(buffer)"
|
||||
- }
|
||||
- timeout { break }
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-proc start_client {testname ccname user password lifetime count
|
||||
- {target ""}} {
|
||||
- global env CLIENT PROT hostname server_port spawn_id verbose
|
||||
-
|
||||
- if {$target == ""} {
|
||||
- set target "server@$hostname"
|
||||
- }
|
||||
-
|
||||
- set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname
|
||||
- kinit $user $password $lifetime
|
||||
-
|
||||
- if {$verbose > 0} {
|
||||
- spawn $CLIENT -a 1 -s 1 -m 1 $PROT $hostname $server_port $target $count
|
||||
- } else {
|
||||
- spawn $CLIENT $PROT $hostname $server_port $target $count
|
||||
- }
|
||||
-
|
||||
- verbose "$testname: client $ccname started"
|
||||
-
|
||||
- unset env(KRB5CCNAME)
|
||||
-}
|
||||
-
|
||||
-proc eof_client {testname ccname id status} {
|
||||
- verbose "$testname: eof'ing for client $ccname" 1
|
||||
-
|
||||
- expect {
|
||||
- -i $id
|
||||
- -re "^marshall_new_creds\[^\n\]*\n" { exp_continue }
|
||||
- -re "^gssapi_\[^\n\]*\n" { exp_continue }
|
||||
- -re "^\r?\n" { exp_continue }
|
||||
- eof { verbose $expect_out(buffer) 1 }
|
||||
- timeout {
|
||||
- fail "$testname: timeout waiting for client $ccname to exit"
|
||||
- }
|
||||
- }
|
||||
- wait_client $testname $ccname $id $status
|
||||
-}
|
||||
-
|
||||
-
|
||||
-proc wait_client {testname ccname id status} {
|
||||
- global env
|
||||
- global kill
|
||||
- global kdestroy
|
||||
- global wait_error_index wait_errno_index wait_status_index
|
||||
-
|
||||
- verbose "$testname: waiting for client $ccname" 1
|
||||
-
|
||||
- set ret [wait -i $id]
|
||||
- if {[lindex $ret $wait_error_index] == -1} {
|
||||
- fail \
|
||||
- "$testname: wait $ccname returned error [lindex $ret $wait_errno_index]"
|
||||
- } else {
|
||||
- if {[lindex $ret $wait_status_index] == $status} {
|
||||
- pass "$testname: client $ccname"
|
||||
- } else {
|
||||
- fail "$testname: client $ccname: unexpected return status [lindex $ret $wait_status_index], should be $status."
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname
|
||||
- if {[catch "exec $kdestroy -5"] != 0} {
|
||||
- perror "$testname: cannot destroy client $ccname ccache"
|
||||
- }
|
||||
-
|
||||
- unset env(KRB5CCNAME)
|
||||
-}
|
||||
diff --git a/src/lib/rpc/unit-test/rpc_test.0/expire.exp b/src/lib/rpc/unit-test/rpc_test.0/expire.exp
|
||||
deleted file mode 100644
|
||||
index e19cca0ef..000000000
|
||||
--- a/src/lib/rpc/unit-test/rpc_test.0/expire.exp
|
||||
+++ /dev/null
|
||||
@@ -1,49 +0,0 @@
|
||||
-set timeout 40
|
||||
-
|
||||
-load_lib "helpers.exp"
|
||||
-
|
||||
-global server_started
|
||||
-
|
||||
-proc expired {} {
|
||||
- global spawn_id server_id
|
||||
-
|
||||
- start_client expired expired testuser notathena -1m 100
|
||||
- eof_client expired expired $spawn_id 2
|
||||
-
|
||||
- expect {
|
||||
- -i $server_id
|
||||
- -re "rpc_test server: Authen.*failed:.*credential.*expired" { pass "expired" }
|
||||
- timeout { fail "expired: timeout waiting for expired creds error" }
|
||||
- }
|
||||
-
|
||||
- flush_server
|
||||
-}
|
||||
-
|
||||
-# This test doesn't work after #6948, because the client won't try to
|
||||
-# authenticate using an expired TGT.
|
||||
-#if { $server_started } {expired }
|
||||
-
|
||||
-proc overlap {} {
|
||||
- global spawn_id
|
||||
-
|
||||
- start_client expire 1 testuser notathena 20m 100
|
||||
- set client1_id $spawn_id
|
||||
- flush_server
|
||||
-
|
||||
- start_client expire 2 testuser notathena 40m 300
|
||||
- set client2_id $spawn_id
|
||||
- flush_server
|
||||
-
|
||||
- start_client expire 3 testuser notathena 60m 500
|
||||
- set client3_id $spawn_id
|
||||
- flush_server
|
||||
-
|
||||
- eof_client expire 1 $client1_id 0
|
||||
- eof_client expire 2 $client2_id 0
|
||||
- eof_client expire 3 $client3_id 0
|
||||
-
|
||||
- flush_server
|
||||
-}
|
||||
-if { $server_started } {overlap}
|
||||
-
|
||||
-
|
||||
diff --git a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp b/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
|
||||
deleted file mode 100644
|
||||
index 73083de1f..000000000
|
||||
--- a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
|
||||
+++ /dev/null
|
||||
@@ -1,91 +0,0 @@
|
||||
-set timeout 120
|
||||
-
|
||||
-load_lib "helpers.exp"
|
||||
-
|
||||
-global spawn_id
|
||||
-global server_id
|
||||
-global server_started
|
||||
-
|
||||
-if { !$server_started } {return}
|
||||
-
|
||||
-# Start the client and do a full run
|
||||
-start_client "full run" fullrun testuser notathena 8h 1026
|
||||
-set client_id $spawn_id
|
||||
-
|
||||
-#
|
||||
-# test: did we get 11 dots?
|
||||
-#
|
||||
-verbose "Starting RPC echo test. This will take about 50 seconds.\n"
|
||||
-
|
||||
-set ver_line "rpc_test server: bad verifier\[^\r\n\]*\[\r\n]+"
|
||||
-
|
||||
-set dots 0
|
||||
-set server_lines 0
|
||||
-while {1} {
|
||||
- expect {
|
||||
- -i $server_id
|
||||
- -re $ver_line {
|
||||
- verbose "Got line from server."
|
||||
- incr server_lines
|
||||
- }
|
||||
- default {
|
||||
- exp_continue
|
||||
- }
|
||||
-
|
||||
- -i $client_id
|
||||
- . {
|
||||
- incr dots
|
||||
- verbose "$expect_out(buffer)" 1
|
||||
- if ($dots==11) { break }
|
||||
- }
|
||||
- eof {
|
||||
- #
|
||||
- # test: was the exit status right?
|
||||
- #
|
||||
- wait_client "full run" fullrun $client_id 0
|
||||
- break
|
||||
- }
|
||||
-
|
||||
- timeout {
|
||||
- verbose "Timeout waiting for dot\n" 1
|
||||
- fail "full run: timeout waiting for dot"
|
||||
- break
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-if {$dots==11} {
|
||||
- pass "fullrun: echo test"
|
||||
-} else {
|
||||
- fail "fullrun: echo test: expected 11 dots, got $dots"
|
||||
-}
|
||||
-
|
||||
-#
|
||||
-# test: server logged four bad verifiers?
|
||||
-#
|
||||
-verbose "full run: checking server output"
|
||||
-
|
||||
-# Small timeout, since the server should have already printed everything
|
||||
-set timeout 5
|
||||
-
|
||||
-while {$server_lines < 4} {
|
||||
- expect {
|
||||
- -i $server_id
|
||||
- -re $ver_line {
|
||||
- incr server_lines
|
||||
- }
|
||||
- -re ".+\r\n" {
|
||||
- verbose "Unexpected server output: $expect_out(buffer)"
|
||||
- }
|
||||
- default {
|
||||
- break
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-if {$server_lines == 4} {
|
||||
- pass "fullrun: bad verifiers"
|
||||
-} else {
|
||||
- fail "fullrun: expected four bad verifiers, got $server_lines"
|
||||
-}
|
||||
-
|
||||
-flush_server
|
||||
diff --git a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp b/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
|
||||
deleted file mode 100644
|
||||
index 005971989..000000000
|
||||
--- a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
|
||||
+++ /dev/null
|
||||
@@ -1,30 +0,0 @@
|
||||
-set timeout 30
|
||||
-
|
||||
-load_lib "helpers.exp"
|
||||
-
|
||||
-global spawn_id
|
||||
-global server_id
|
||||
-global server_started
|
||||
-global hostname
|
||||
-
|
||||
-if { !$server_started } {return}
|
||||
-
|
||||
-start_client "gss err" gsserr testuser notathena 8h 1026 notserver@$hostname
|
||||
-
|
||||
-eof_client "gss err" gsserr $spawn_id 2
|
||||
-
|
||||
-#
|
||||
-# test: server logged an authentication attempted failed?
|
||||
-#
|
||||
-verbose "gss err: checking server output"
|
||||
-
|
||||
-expect {
|
||||
- -i $server_id
|
||||
- -re "rpc_test server: Authent.*failed: .* not found in keytab" {
|
||||
- pass "gss err: server logged auth error"
|
||||
- }
|
||||
- eof { fail "gss err: server exited" }
|
||||
- timeout { fail "gss err: timeout waiting for server output" }
|
||||
-}
|
||||
-
|
||||
-flush_server
|
||||
diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c
|
||||
index 13e99bb06..c3bbcbf8c 100644
|
||||
--- a/src/lib/rpc/unit-test/server.c
|
||||
+++ b/src/lib/rpc/unit-test/server.c
|
||||
@@ -37,7 +37,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server,
|
||||
caddr_t data);
|
||||
|
||||
#ifndef SERVICE_NAME
|
||||
-#define SERVICE_NAME "server"
|
||||
+#define SERVICE_NAME "host"
|
||||
#endif
|
||||
|
||||
static void usage()
|
||||
@@ -120,7 +120,6 @@ main(int argc, char **argv)
|
||||
prot == IPPROTO_TCP ? "tcp" : "udp");
|
||||
exit(1);
|
||||
}
|
||||
- printf("port: %d\n", (int)transp->xp_port);
|
||||
|
||||
if (svcauth_gssapi_set_names(names, 0) == FALSE) {
|
||||
fprintf(stderr, "unable to set gssapi names\n");
|
||||
@@ -144,6 +143,8 @@ main(int argc, char **argv)
|
||||
signal(SIGTERM, handlesig);
|
||||
#endif
|
||||
printf("running\n");
|
||||
+ printf("port: %d\n", (int)transp->xp_port);
|
||||
+ fflush(stdout);
|
||||
|
||||
svc_run();
|
||||
fprintf(stderr, "svc_run returned");
|
||||
@@ -177,6 +178,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server,
|
||||
inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr),
|
||||
ntohs(rqst->rq_xprt->xp_raddr.sin_port),
|
||||
(int) server_name.length, (char *) server_name.value);
|
||||
+ fflush(stdout);
|
||||
|
||||
(void) gss_release_buffer(&minor_stat, &client_name);
|
||||
(void) gss_release_buffer(&minor_stat, &server_name);
|
||||
@@ -211,6 +213,7 @@ void rpc_test_badauth(OM_uint32 major, OM_uint32 minor,
|
||||
printf("rpc_test server: Authentication attempt failed: %s", a);
|
||||
log_badauth_display_status(major, minor);
|
||||
printf("\n");
|
||||
+ fflush(stdout);
|
||||
}
|
||||
|
||||
void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
|
||||
@@ -220,6 +223,7 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
|
||||
|
||||
a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
|
||||
printf("Miscellaneous RPC error: %s, %s\n", a, error);
|
||||
+ fflush(stdout);
|
||||
}
|
||||
|
||||
void log_badauth_display_status(OM_uint32 major, OM_uint32 minor)
|
||||
@@ -243,10 +247,12 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
|
||||
log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1);
|
||||
log_badauth_display_status_1(minor_stat,
|
||||
GSS_C_MECH_CODE, 1);
|
||||
- } else
|
||||
+ } else {
|
||||
printf("GSS-API authentication error %.*s: "
|
||||
"recursive failure!\n", (int) msg.length,
|
||||
(char *)msg.value);
|
||||
+ }
|
||||
+ fflush(stdout);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -256,4 +262,5 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
|
||||
if (!msg_ctx)
|
||||
break;
|
||||
}
|
||||
+ fflush(stdout);
|
||||
}
|
||||
diff --git a/src/lib/rpc/unit-test/t_rpc.py b/src/lib/rpc/unit-test/t_rpc.py
|
||||
new file mode 100644
|
||||
index 000000000..4e565d25c
|
||||
--- /dev/null
|
||||
+++ b/src/lib/rpc/unit-test/t_rpc.py
|
||||
@@ -0,0 +1,29 @@
|
||||
+import re
|
||||
+
|
||||
+from k5test import *
|
||||
+
|
||||
+realm = K5Realm()
|
||||
+
|
||||
+server = realm.start_server(['./server', '-t'], 'running')
|
||||
+line = server.stdout.readline()
|
||||
+portstr = re.match(r'^port: (\d+)$', line).group(1)
|
||||
+
|
||||
+realm.run(['./client', '-t', hostname, portstr, 'host@' + hostname, '1026'],
|
||||
+ expected_msg='...........')
|
||||
+
|
||||
+for i in range(4):
|
||||
+ line = server.stdout.readline()
|
||||
+ if 'rpc_test server: bad verifier from user@KRBTEST.COM at ' not in line:
|
||||
+ fail('unexpected server message: ' + line)
|
||||
+ output(line)
|
||||
+
|
||||
+realm.addprinc('nokey/' + hostname)
|
||||
+
|
||||
+realm.run(['./client', '-t', hostname, portstr, 'nokey@' + hostname, '1026'],
|
||||
+ expected_code=2)
|
||||
+
|
||||
+line = server.stdout.readline()
|
||||
+if 'rpc_test server: Authentication attempt failed: ' not in line:
|
||||
+ fail('unexpected server message: ' + line)
|
||||
+
|
||||
+success('gssrpc auth_gssapi tests')
|
10
krb5.spec
10
krb5.spec
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.18.2
|
||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
# rharwood has trust path to signing key and verifies on check-in
|
||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
|
||||
@ -60,8 +60,9 @@ Patch17: Pass-gss_localname-through-SPNEGO.patch
|
||||
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
|
||||
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
|
||||
Patch20: Pass-channel-bindings-through-SPNEGO.patch
|
||||
Patch21: Default-dns_canonicalize_hostname-to-fallback.patch
|
||||
Patch22: Remove-resolver-test-utility.patch
|
||||
Patch21: Replace-gssrpc-tests-with-a-Python-script.patch
|
||||
Patch22: Default-dns_canonicalize_hostname-to-fallback.patch
|
||||
Patch23: Remove-resolver-test-utility.patch
|
||||
|
||||
License: MIT
|
||||
URL: https://web.mit.edu/kerberos/www/
|
||||
@ -634,6 +635,9 @@ exit 0
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
|
||||
%changelog
|
||||
* Sat May 30 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-5
|
||||
- Replace gssrpc tests with a Python script
|
||||
|
||||
* Sat May 30 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-4
|
||||
- Default dns_canonicalize_hostname to "fallback"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user