From 404cc1152880a567fc27bb7c691a1a732692bbf9 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 15 Feb 2020 20:34:23 -0500 Subject: [PATCH] Replace gssrpc tests with a Python script Replace the dejagnu RPC test framework with a short Python script to do the same tests as fullrun.exp and gsserr.exp. Modify the server test program to facilitate use by k5test.py. expire.exp, together with a comment in the client test program, was designed to test a libdb2 btree bug via the gssrpc server-side authentication code. That code was subsequently changed not to use libdb2, before it was merged into the main krb5 tree (in revision 1.23 of svc_auth_gssapi.c, according to the changelog removed in commit 2a43d772be1e45faa8e488d436b6e867371563fb). Remove the comment and do not replace that test sequence. [rharwood@redhat.com: .gitignore] --- src/configure.ac | 2 - src/lib/rpc/unit-test/Makefile.in | 36 +-- src/lib/rpc/unit-test/client.c | 26 --- src/lib/rpc/unit-test/config/unix.exp | 176 -------------- src/lib/rpc/unit-test/lib/helpers.exp | 234 ------------------- src/lib/rpc/unit-test/rpc_test.0/expire.exp | 49 ---- src/lib/rpc/unit-test/rpc_test.0/fullrun.exp | 91 -------- src/lib/rpc/unit-test/rpc_test.0/gsserr.exp | 30 --- src/lib/rpc/unit-test/server.c | 13 +- src/lib/rpc/unit-test/t_rpc.py | 29 +++ 10 files changed, 41 insertions(+), 645 deletions(-) delete mode 100644 src/lib/rpc/unit-test/config/unix.exp delete mode 100644 src/lib/rpc/unit-test/lib/helpers.exp delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/expire.exp delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/fullrun.exp delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/gsserr.exp create mode 100644 src/lib/rpc/unit-test/t_rpc.py diff --git a/src/configure.ac b/src/configure.ac index 29be532cb..aafc462f9 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1102,8 +1102,6 @@ extern void endrpcent();], AC_MSG_RESULT($k5_cv_type_endrpcent) AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent]) K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin) -PASS=tcp -AC_SUBST(PASS) # for pkinit AC_ARG_ENABLE([pkinit], diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 0b6e5203d..309ae2b21 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -16,10 +16,6 @@ server: server.o rpc_test_svc.o $(GSSRPC_DEPLIBS) $(KRB5_BASE_DEPLIBS) client.o server.o: rpc_test.h -runenv.exp: Makefile - $(RUN_SETUP); for i in $(RUN_VARS); do \ - eval echo "set env\($$i\) \$$$$i"; done > runenv.exp - # If rpc_test.h and rpc_test_*.c do not work on your system, you can # try using rpcgen by uncommenting these lines (be sure to uncomment # then in the generated not Makefile.in). @@ -34,37 +30,9 @@ runenv.exp: Makefile # rm -f rpc_test.h rpc_test_clnt.c rpc_test_svc.c # -check unit-test: unit-test-@DO_TEST@ - -unit-test-: - @echo "+++" - @echo "+++ WARNING: lib/rpc unit tests not run." - @echo "+++ Either tcl, runtest, or Perl is unavailable." - @echo "+++" - @echo 'Skipped rpc tests: runtest or Perl not found' >> $(SKIPTESTS) - -unit-test-ok: unit-test-body - -PASS=@PASS@ -unit-test-body: runenv.sh runenv.exp - $(RM) krb5cc_rpc_test_* - $(ENV_SETUP) $(VALGRIND) $(START_SERVERS) - RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \ - trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \ - if $(ENV_SETUP) \ - $(RUNTEST) SERVER=./server CLIENT=./client \ - KINIT=$(BUILDTOP)/clients/kinit/kinit \ - KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \ - PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \ - PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \ - then \ - echo Cleaning up... ; \ - rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \ - $(ENV_SETUP) $(STOP_SERVERS) ; \ - trap 0 ; exit 0 ; \ - else exit 1 ; fi +check-pytests: + $(RUNPYTEST) $(srcdir)/t_rpc.py $(PYTESTFLAGS) clean: $(RM) server client - $(RM) dbg.log rpc_test.log rpc_test.sum runenv.exp diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index 5edde49df..c9a812bc5 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -231,32 +231,6 @@ main(argc, argv) else gssrpc_xdr_free(xdr_wrapstring, echo_resp); - /* - * Test fix for secure-rpc/586, part 1: btree keys must be - * unique. Create another context from the same credentials; it - * should have the same expiration time and will cause the server - * to abort if the clients are not differentiated. - * - * Test fix for secure-rpc/586, part 2: btree keys cannot be - * mutated in place. To test this: a second client, *with a - * later expiration time*, must be run. The second client should - * destroy itself *after* the first one; if the key-mutating bug - * is not fixed, the second client_data will be in the btree - * before the first, but its key will be larger; thus, when the - * first client calls AUTH_DESTROY, the server won't find it in - * the btree and call abort. - * - * For unknown reasons, running just a second client didn't - * tickle the bug; the btree code seemed to guess which node to - * look at first. Running a total of three clients does ticket - * the bug. Thus, the full test sequence looks like this: - * - * kinit -l 20m user && client server test@ddn 200 - * sleep 1 - * kini -l 30m user && client server test@ddn 300 - * sleep 1 - * kinit -l 40m user && client server test@ddn 400 - */ if (! auth_once) { tmp_auth = clnt->cl_auth; clnt->cl_auth = auth_gssapi_create_default(clnt, target); diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp deleted file mode 100644 index 18da62be4..000000000 --- a/src/lib/rpc/unit-test/config/unix.exp +++ /dev/null @@ -1,176 +0,0 @@ -# -# $Id$ -# - -source runenv.exp - -set kill /bin/kill -set sleep /bin/sleep -set kinit $KINIT -set kdestroy $KDESTROY - -set hostname [exec hostname] - -# Hack around Solaris 9 kernel race condition that causes last output -# from a pty to get dropped. -if { $PRIOCNTL_HACK } { - catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]} - rename spawn oldspawn - proc spawn { args } { - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - set newargs [concat $newargs {priocntl -e -c FX -p 0}] - } - lappend newargs $arg - } - set pid [eval oldspawn $newargs] - return $pid - } -} - -if { [string length $VALGRIND] } { - rename spawn valgrind_aux_spawn - proc spawn { args } { - global VALGRIND - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - # Only run valgrind for local programs, not - # system ones. -#&&![string match "/bin/sh" $arg] sh is used to start kadmind! - if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] { - set newargs [concat $newargs $VALGRIND] - } elseif [string match "." [string index $arg 0]] { - set newargs [concat $newargs $VALGRIND] - } - } - lappend newargs $arg - } - set pid [eval valgrind_aux_spawn $newargs] - return $pid - } -} - -# this will initialize the database and keytab -load_lib "helpers.exp" - -proc rpc_test_version {} { - global CLIENT - global SERVER - - clone_output "$CLIENT version " - clone_output "$SERVER version " -} - -proc rpc_test_load {} { - # -} - -# rpc_test_exit -- clean up and exit -proc rpc_test_exit {} { - global server_id - global server_pid - global server_started - global kill - - if {[catch { - expect { - -i $server_id - eof { - fail "server exited!" - verbose $expect_out(buffer) 1 - } - timeout { pass "server survived" } - } - } tmp]} { - fail "server exited! (expect failed)" - } -} - -# -# rpc_test_start -- start the rpc_test server running -# -proc rpc_test_start { } { - global SERVER PROT - global server_id - global server_pid - global server_started - global server_port - global env - - if [info exists server_pid] { rpc_test_exit } - - set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB) - - verbose "% $SERVER" 1 - set server_pid [spawn $SERVER $PROT] - set server_id $spawn_id - set server_started 1 - set server_port -1 - - unset env(KRB5_KTNAME) - - set timeout 30 - - expect { - -re "port: (\[0-9\]*)\r\n" { - set server_port $expect_out(1,string) - } - "running" { } - eof { - send_error "server exited!" - verbose $expect_out(buffer) 1 - } - timeout { - send_error "server didn't start in $timeout seconds" - verbose $expect_out(buffer) 1 - } - } - -} - -set MULTIPASS { - {tcp PROT=-t dummy=[rpc_test_start]} - {udp PROT=-u dummy=[rpc_test_start]} -} diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp deleted file mode 100644 index eb2797c53..000000000 --- a/src/lib/rpc/unit-test/lib/helpers.exp +++ /dev/null @@ -1,234 +0,0 @@ -if {[info commands exp_version] != {}} { - set exp_version_4 [regexp {^4} [exp_version]] -} else { - set exp_version_4 [regexp {^4} [expect_version]] -} - -# Backward compatibility until we're using expect 5 everywhere -if {$exp_version_4} { - global wait_error_index wait_errno_index wait_status_index - set wait_error_index 0 - set wait_errno_index 1 - set wait_status_index 1 -} else { - set wait_error_index 2 - set wait_errno_index 3 - set wait_status_index 3 -} - -proc set_from_env {varname default_value} { - global env - upvar $varname v - - if [info exists env($varname)] { - set v $env($varname) - } else { - set v $default_value - } -} -proc expect_tcl_prompt {} { - global kadmin_tcl_spawn_id - expect { - -i $kadmin_tcl_spawn_id - -re "^% $" { } - -re . { perror "unexpected output {$expect_out(buffer)} from subprocess, expecting tcl prompt" } - timeout { perror "timeout waiting for tcl prompt" } - eof { perror "eof from subprocess when expecting tcl prompt" } - } -} -proc send_tcl_cmd_await_echo {cmd} { - global kadmin_tcl_spawn_id - send -i $kadmin_tcl_spawn_id "$cmd\n" - expect { - -i $kadmin_tcl_spawn_id - -ex "$cmd\r\n" { } - timeout { perror "timeout waiting for tcl subprocess to echo input" } - eof { perror "eof waiting for tcl subprocess to echo input" } - } -} -proc expect_kadm_ok {} { - global kadmin_tcl_spawn_id - expect { - -i $kadmin_tcl_spawn_id - -re "^OK KADM5_OK \[^\n\]*\n" {} - -re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" } - -re "^marshall_new_creds: \[^\n\]*\n" { exp_continue } - -re "^gssapi_\[^\n\]*\n" { exp_continue } - -re "^\r?\n" { exp_continue } - eof { perror "kadmin tcl subprocess died" } - default { perror "didn't get ok back" } - } -} -proc setup_database {} { - global env spawn_id kadmin_tcl_spawn_id TESTDIR CANON_HOST - - # XXXXX - set_from_env TOP {/x/x/x/x/x} - send_user "TOP=$TOP\n" - - set_from_env TESTDIR $env(TOP)/testing - set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl - set_from_env TCLUTIL $TESTDIR/tcl/util.t - set env(TCLUTIL) $TCLUTIL - set env(PATH) "$TOP/install/admin:$env(PATH)" - - # $VERBOSE ? - - if [info exists spawn_id] { set x $spawn_id } - spawn $CLNTTCL - set kadmin_tcl_spawn_id $spawn_id - if [info exists x] { set spawn_id $x } - - expect_tcl_prompt - # tcl 8.4 for some reason screws up autodetection of output EOL - # translation. Work around it for now. - send_tcl_cmd_await_echo "if { \[info commands fconfigure\] != \"\" } { fconfigure stdout -translation lf }" - expect_tcl_prompt - send_tcl_cmd_await_echo "source {$TCLUTIL}" - expect_tcl_prompt - send_tcl_cmd_await_echo "set h {$CANON_HOST}" - expect { - -ex "$CANON_HOST\r\n" { } - timeout { perror "timeout waiting for subprocess" } - eof { perror "eof from subprocess" } - } - expect_tcl_prompt - - send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle} - expect_kadm_ok - expect "^% " - send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin} - expect_kadm_ok - expect "^% " - send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null} - expect_kadm_ok - expect "^% " - send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin} - expect_kadm_ok - expect "^% " - send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null} - expect_kadm_ok - expect "^% " - send_tcl_cmd_await_echo {kadm5_destroy $server_handle} - expect_kadm_ok - expect "^% " - wait -nowait -i $spawn_id - close -i $spawn_id -} - -if ![info exists CANON_HOST] { - set CANON_HOST $env(QUALNAME) - setup_database - file delete $env(RPC_TEST_KEYTAB) - exec $env(TOP)/cli/kadmin -p admin -w admin ktadd -k $env(RPC_TEST_KEYTAB) server/$CANON_HOST -} - - -proc kinit {princ pass lifetime} { - global kinit - global wait_error_index wait_errno_index wait_status_index - - spawn -noecho $kinit -5 -l $lifetime $princ - expect { - -re "Password for $princ.*: " { send "$pass\n"; expect eof } - timeout { perror "Timeout waiting for kinit"; close } - eof - } - - set ret [wait] - if {[lindex $ret $wait_error_index] == -1} { - perror \ - "wait(kinit $princ) returned error [lindex $ret $wait_errno_index]" - } else { - if {[lindex $ret $wait_status_index] != 0} { - perror \ - "kinit $princ failed with [lindex $ret $wait_status_index]" - } - } -} - -proc flush_server {} { - global server_id - global expect_out - - verbose "flushing server output" 1 - - while {1} { - set timeout 5 - - expect { - -i $server_id - -re "^.+$" { - verbose "server output: $expect_out(buffer)" - } - timeout { break } - } - } -} - -proc start_client {testname ccname user password lifetime count - {target ""}} { - global env CLIENT PROT hostname server_port spawn_id verbose - - if {$target == ""} { - set target "server@$hostname" - } - - set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname - kinit $user $password $lifetime - - if {$verbose > 0} { - spawn $CLIENT -a 1 -s 1 -m 1 $PROT $hostname $server_port $target $count - } else { - spawn $CLIENT $PROT $hostname $server_port $target $count - } - - verbose "$testname: client $ccname started" - - unset env(KRB5CCNAME) -} - -proc eof_client {testname ccname id status} { - verbose "$testname: eof'ing for client $ccname" 1 - - expect { - -i $id - -re "^marshall_new_creds\[^\n\]*\n" { exp_continue } - -re "^gssapi_\[^\n\]*\n" { exp_continue } - -re "^\r?\n" { exp_continue } - eof { verbose $expect_out(buffer) 1 } - timeout { - fail "$testname: timeout waiting for client $ccname to exit" - } - } - wait_client $testname $ccname $id $status -} - - -proc wait_client {testname ccname id status} { - global env - global kill - global kdestroy - global wait_error_index wait_errno_index wait_status_index - - verbose "$testname: waiting for client $ccname" 1 - - set ret [wait -i $id] - if {[lindex $ret $wait_error_index] == -1} { - fail \ - "$testname: wait $ccname returned error [lindex $ret $wait_errno_index]" - } else { - if {[lindex $ret $wait_status_index] == $status} { - pass "$testname: client $ccname" - } else { - fail "$testname: client $ccname: unexpected return status [lindex $ret $wait_status_index], should be $status." - } - } - - set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname - if {[catch "exec $kdestroy -5"] != 0} { - perror "$testname: cannot destroy client $ccname ccache" - } - - unset env(KRB5CCNAME) -} diff --git a/src/lib/rpc/unit-test/rpc_test.0/expire.exp b/src/lib/rpc/unit-test/rpc_test.0/expire.exp deleted file mode 100644 index e19cca0ef..000000000 --- a/src/lib/rpc/unit-test/rpc_test.0/expire.exp +++ /dev/null @@ -1,49 +0,0 @@ -set timeout 40 - -load_lib "helpers.exp" - -global server_started - -proc expired {} { - global spawn_id server_id - - start_client expired expired testuser notathena -1m 100 - eof_client expired expired $spawn_id 2 - - expect { - -i $server_id - -re "rpc_test server: Authen.*failed:.*credential.*expired" { pass "expired" } - timeout { fail "expired: timeout waiting for expired creds error" } - } - - flush_server -} - -# This test doesn't work after #6948, because the client won't try to -# authenticate using an expired TGT. -#if { $server_started } {expired } - -proc overlap {} { - global spawn_id - - start_client expire 1 testuser notathena 20m 100 - set client1_id $spawn_id - flush_server - - start_client expire 2 testuser notathena 40m 300 - set client2_id $spawn_id - flush_server - - start_client expire 3 testuser notathena 60m 500 - set client3_id $spawn_id - flush_server - - eof_client expire 1 $client1_id 0 - eof_client expire 2 $client2_id 0 - eof_client expire 3 $client3_id 0 - - flush_server -} -if { $server_started } {overlap} - - diff --git a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp b/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp deleted file mode 100644 index 73083de1f..000000000 --- a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp +++ /dev/null @@ -1,91 +0,0 @@ -set timeout 120 - -load_lib "helpers.exp" - -global spawn_id -global server_id -global server_started - -if { !$server_started } {return} - -# Start the client and do a full run -start_client "full run" fullrun testuser notathena 8h 1026 -set client_id $spawn_id - -# -# test: did we get 11 dots? -# -verbose "Starting RPC echo test. This will take about 50 seconds.\n" - -set ver_line "rpc_test server: bad verifier\[^\r\n\]*\[\r\n]+" - -set dots 0 -set server_lines 0 -while {1} { - expect { - -i $server_id - -re $ver_line { - verbose "Got line from server." - incr server_lines - } - default { - exp_continue - } - - -i $client_id - . { - incr dots - verbose "$expect_out(buffer)" 1 - if ($dots==11) { break } - } - eof { - # - # test: was the exit status right? - # - wait_client "full run" fullrun $client_id 0 - break - } - - timeout { - verbose "Timeout waiting for dot\n" 1 - fail "full run: timeout waiting for dot" - break - } - } -} -if {$dots==11} { - pass "fullrun: echo test" -} else { - fail "fullrun: echo test: expected 11 dots, got $dots" -} - -# -# test: server logged four bad verifiers? -# -verbose "full run: checking server output" - -# Small timeout, since the server should have already printed everything -set timeout 5 - -while {$server_lines < 4} { - expect { - -i $server_id - -re $ver_line { - incr server_lines - } - -re ".+\r\n" { - verbose "Unexpected server output: $expect_out(buffer)" - } - default { - break - } - } -} - -if {$server_lines == 4} { - pass "fullrun: bad verifiers" -} else { - fail "fullrun: expected four bad verifiers, got $server_lines" -} - -flush_server diff --git a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp b/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp deleted file mode 100644 index 005971989..000000000 --- a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp +++ /dev/null @@ -1,30 +0,0 @@ -set timeout 30 - -load_lib "helpers.exp" - -global spawn_id -global server_id -global server_started -global hostname - -if { !$server_started } {return} - -start_client "gss err" gsserr testuser notathena 8h 1026 notserver@$hostname - -eof_client "gss err" gsserr $spawn_id 2 - -# -# test: server logged an authentication attempted failed? -# -verbose "gss err: checking server output" - -expect { - -i $server_id - -re "rpc_test server: Authent.*failed: .* not found in keytab" { - pass "gss err: server logged auth error" - } - eof { fail "gss err: server exited" } - timeout { fail "gss err: timeout waiting for server output" } -} - -flush_server diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c index 13e99bb06..c3bbcbf8c 100644 --- a/src/lib/rpc/unit-test/server.c +++ b/src/lib/rpc/unit-test/server.c @@ -37,7 +37,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server, caddr_t data); #ifndef SERVICE_NAME -#define SERVICE_NAME "server" +#define SERVICE_NAME "host" #endif static void usage() @@ -120,7 +120,6 @@ main(int argc, char **argv) prot == IPPROTO_TCP ? "tcp" : "udp"); exit(1); } - printf("port: %d\n", (int)transp->xp_port); if (svcauth_gssapi_set_names(names, 0) == FALSE) { fprintf(stderr, "unable to set gssapi names\n"); @@ -144,6 +143,8 @@ main(int argc, char **argv) signal(SIGTERM, handlesig); #endif printf("running\n"); + printf("port: %d\n", (int)transp->xp_port); + fflush(stdout); svc_run(); fprintf(stderr, "svc_run returned"); @@ -177,6 +178,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server, inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr), ntohs(rqst->rq_xprt->xp_raddr.sin_port), (int) server_name.length, (char *) server_name.value); + fflush(stdout); (void) gss_release_buffer(&minor_stat, &client_name); (void) gss_release_buffer(&minor_stat, &server_name); @@ -211,6 +213,7 @@ void rpc_test_badauth(OM_uint32 major, OM_uint32 minor, printf("rpc_test server: Authentication attempt failed: %s", a); log_badauth_display_status(major, minor); printf("\n"); + fflush(stdout); } void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, @@ -220,6 +223,7 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); printf("Miscellaneous RPC error: %s, %s\n", a, error); + fflush(stdout); } void log_badauth_display_status(OM_uint32 major, OM_uint32 minor) @@ -243,10 +247,12 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec) log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1); log_badauth_display_status_1(minor_stat, GSS_C_MECH_CODE, 1); - } else + } else { printf("GSS-API authentication error %.*s: " "recursive failure!\n", (int) msg.length, (char *)msg.value); + } + fflush(stdout); return; } @@ -256,4 +262,5 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec) if (!msg_ctx) break; } + fflush(stdout); } diff --git a/src/lib/rpc/unit-test/t_rpc.py b/src/lib/rpc/unit-test/t_rpc.py new file mode 100644 index 000000000..4e565d25c --- /dev/null +++ b/src/lib/rpc/unit-test/t_rpc.py @@ -0,0 +1,29 @@ +import re + +from k5test import * + +realm = K5Realm() + +server = realm.start_server(['./server', '-t'], 'running') +line = server.stdout.readline() +portstr = re.match(r'^port: (\d+)$', line).group(1) + +realm.run(['./client', '-t', hostname, portstr, 'host@' + hostname, '1026'], + expected_msg='...........') + +for i in range(4): + line = server.stdout.readline() + if 'rpc_test server: bad verifier from user@KRBTEST.COM at ' not in line: + fail('unexpected server message: ' + line) + output(line) + +realm.addprinc('nokey/' + hostname) + +realm.run(['./client', '-t', hostname, portstr, 'nokey@' + hostname, '1026'], + expected_code=2) + +line = server.stdout.readline() +if 'rpc_test server: Authentication attempt failed: ' not in line: + fail('unexpected server message: ' + line) + +success('gssrpc auth_gssapi tests')