[PATCHES] Avoid system krb5.conf in selftest
Uri Simchoni
uri at samba.org
Mon Oct 26 21:17:53 UTC 2015
Hi,
Following patches fix "make test" on my FC22 box. The recurring theme
was that this box has a krb5.conf that is deemed invalid by the Heimdal
libs embedded in samba. Tests that need krb5.conf take care to divert
the test program from the system krb5.conf to the testenv version. Tests
that do not need krb5.conf sometimes omit this, causing the test to read
the system krb5.conf (while creating a context) and choke.
I haven't checked whether it's an MIT thing or an invalid config - IMHO
it doesn't matter - a test should read the system krb5.conf at all.
The patches don't necessarily eliminate ALL references to the system
krb5.conf, just the ones that fail tests.
Review and push appreciated.
Thanks,
Uri.
-------------- next part --------------
From 57834b9e2dabb6e4c1e3ed25fb070c8c3456eba7 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sat, 24 Oct 2015 00:41:23 +0300
Subject: [PATCH 1/3] selftest: Avoid system krb5.conf in testenv provisioning
Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
selftest/target/Samba4.pm | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 16d4b28..c32830d 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -646,6 +646,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
$ctx->{smb_conf_extra_options} = "";
my @provision_options = ();
+ push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
@@ -896,14 +897,18 @@ sub provision_raw_step2($$$)
}
my $testallowed_account = "testallowed";
- my $samba_tool_cmd = Samba::bindir_path($self, "samba-tool")
+ my $samba_tool_cmd = "";
+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
. " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
unless (system($samba_tool_cmd) == 0) {
warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
return undef;
}
- my $ldbmodify = Samba::bindir_path($self, "ldbmodify");
+ my $ldbmodify = "";
+ $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $ldbmodify .= Samba::bindir_path($self, "ldbmodify");
my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
if ($ctx->{server_role} ne "domain controller") {
@@ -932,7 +937,9 @@ servicePrincipalName: host/testallowed
";
close(LDIF);
- $samba_tool_cmd = Samba::bindir_path($self, "samba-tool")
+ $samba_tool_cmd = "";
+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
. " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
unless (system($samba_tool_cmd) == 0) {
warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
@@ -949,7 +956,9 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
";
close(LDIF);
- $samba_tool_cmd = Samba::bindir_path($self, "samba-tool")
+ $samba_tool_cmd = "";
+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
. " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
unless (system($samba_tool_cmd) == 0) {
warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n");
--
2.4.3
From 4288abd0a3369000b0417734fc7a7757e48ec9bb Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sun, 25 Oct 2015 15:02:17 +0200
Subject: [PATCH 2/3] selftest: Avoid system krb5.conf in some test envs that
don't use kerberos
Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
selftest/target/Samba3.pm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 15423fe..f66aea7 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -172,6 +172,13 @@ sub setup_env($$$)
return $self->{vars}->{$envname};
}
+ #
+ # Avoid hitting system krb5.conf -
+ # An env that needs Kerberos will reset this to the real
+ # value.
+ #
+ $ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
+
if ($envname eq "nt4_dc") {
return $self->setup_nt4_dc("$path/nt4_dc");
} elsif ($envname eq "nt4_dc_schannel") {
@@ -1632,6 +1639,13 @@ userdup:x:$gid_userdup:$unix_name
$ret{LOCAL_PATH} = "$shrdir";
$ret{LOGDIR} = $logdir;
+ #
+ # Avoid hitting system krb5.conf -
+ # An env that needs Kerberos will reset this to the real
+ # value.
+ #
+ $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
+
return \%ret;
}
--
2.4.3
From 81775c5e645d20eac7e5fac4f7ae071f496cfed0 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Mon, 26 Oct 2015 07:38:08 +0200
Subject: [PATCH 3/3] selftest: Avoid system krb5.conf in "none" test env
Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
selftest/selftest.pl | 5 +----
selftest/target/Samba4.pm | 17 ++++++++++++++++-
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 779847f..db5da05 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -831,9 +831,7 @@ sub setup_env($$)
$option = "client" if $option eq "";
- if ($envname eq "none") {
- $testenv_vars = {};
- } elsif (defined(get_running_env($envname))) {
+ if (defined(get_running_env($envname))) {
$testenv_vars = get_running_env($envname);
if (not $testenv_vars->{target}->check_env($testenv_vars)) {
print $testenv_vars->{target}->getlog_env($testenv_vars);
@@ -901,7 +899,6 @@ sub getlog_env($)
sub check_env($)
{
my ($envname) = @_;
- return 1 if ($envname eq "none");
my $env = get_running_env($envname);
return $env->{target}->check_env($env);
}
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c32830d..65308e2 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1999,8 +1999,11 @@ sub getlog_env($$)
sub check_env($$)
{
my ($self, $envvars) = @_;
+ my $samba_pid = $envvars->{SAMBA_PID};
- my $childpid = Samba::cleanup_child($envvars->{SAMBA_PID}, "samba");
+ return 1 if $samba_pid == -1;
+
+ my $childpid = Samba::cleanup_child($samba_pid, "samba");
return ($childpid == 0);
}
@@ -2077,6 +2080,8 @@ sub setup_env($$$)
}
return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
$self->{vars}->{ad_dc_ntvfs}, 34);
+ } elsif ($envname eq "none") {
+ return $self->setup_none("$path/none");
} else {
return "UNKNOWN";
}
@@ -2479,4 +2484,14 @@ sub setup_ad_dc($$)
return $env;
}
+sub setup_none($$)
+{
+ my ($self, $path) = @_;
+
+ my $ret = {
+ KRB5_CONFIG => abs_path($path) . "/no_krb5.conf",
+ SAMBA_PID => -1,
+ }
+}
+
1;
--
2.4.3
More information about the samba-technical
mailing list