Problems creating a Kerberos test (sw_gethostbyname?)

Andrew Bartlett abartlet at samba.org
Wed Feb 15 00:55:08 GMT 2006


On Wed, 2006-02-15 at 11:40 +1100, tridge at samba.org wrote:
> Andrew,
> 
> I can see a couple of approaches that might work. One is to put hooks
> in the heimdal code, equivalent to the environment variable hacks I
> put into MIT krb5 for the early AS work in Samba3. It doesn't have to
> be via environment variables, but it would have to be some sort of
> heimdal hack to tell it to not use the normal resolver, and instead
> use something else.

So, the krb5.conf in the selftest code at the moment does this pretty
well.  I just configure the kdc as 127.0.0.1...

> The other approach would be to do a resolver equivalent of our
> socketwrapper code, which means linking to functions which will take
> over the resolver calls when configured (and possibly enabled via an
> environment variable).
> 
> I guess the main question to decide on the approach is what the
> narrowest "choke point" in the heimdal code is, to catch all the calls
> you need. Are there one or two central functions that could be changed
> to catch all the cases you need? Are the functions in this "choke
> point" most naturally the resolver functions themselves, or some
> higher level abstraction in heimdal?

It is a question of 'how much can we test while retaining sainity'.
I've pretty much prevented Heimdal doing DNS lookups already, except for
the KDC.  That's provided by the krb5.conf.

However, it means we don't test any of that code.

The problem that actually started this wasn't in Heimdal at all, but in
Samba, where we make calls to gethostbyname() in interpret_addr().  

'make test' was blocking in the CLDAP tests, because that would fail on
'localtest'.

>  > To test this area properly, I really need to direct all host lookups to
>  > an 'internal' DNS, pointed at the zone file provision generates.  
> 
> you really want to parse the zone file, or are you comfortable in
> having our test system hard-code some specific results? The latter is
> much easier of course.

It is a matter of testing, but I suspect I'll start with a
'socketwrapper' that can parse an /etc/hosts style file.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060215/f5479baa/attachment.bin


More information about the samba-technical mailing list