[PATCH] Fix s4 auth test_kerberos with MIT kerberos

Alexander Bokovoy ab at samba.org
Fri Nov 9 16:21:02 UTC 2018 

On pe, 09 marras 2018, Justin Stephenson via samba-technical wrote:
> Hello,
> 
> This patches fixes the test_kerberos failure when building with MIT krb5
> libraries, please review.
> 
> My CI gitlab pipeline failed several times yesterday and failed after a
> retry this morning, but I don't think it is due to this patch.
> 
> https://gitlab.com/samba-team/devel/samba/pipelines/35906260
> 
> Thank you,
> 
> Justin Stephenson
> Red Hat

> From ddeaad999914e12694e61ec1339cf0ee23b14332 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Thu, 8 Nov 2018 10:57:48 -0500
> Subject: [PATCH] s4-auth-tests: Fix test_kerberos with MIT krb
> 
> When a keytab of type MEMORY is used, the MIT kerberos krb5_kt_add_entry()
> library function adds a keytab entry to the beginning of the keytab table,
> instead of the end.
> 
> This adds a MIT kerberos conditional to reverse iterate through
> the keytable entries to address this.
> 
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
>  source4/auth/tests/kerberos.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/source4/auth/tests/kerberos.c b/source4/auth/tests/kerberos.c
> index fcc8ac45f7e..3a98f18a915 100644
> --- a/source4/auth/tests/kerberos.c
> +++ b/source4/auth/tests/kerberos.c
> @@ -51,6 +51,7 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
>  
>  	code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
>  	assert_int_equal(code, 0);
> +#ifdef SAMBA4_USES_HEIMDAL
>  	for (i=0; i<num_principals; i++) {
>  		expect_princ_name[4] = (char)i+48;
>  		for (j=0; j<num_kvnos; j++) {
> @@ -59,6 +60,16 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
>  						  &kt_entry, &cursor);
>  			assert_int_equal(code, 0);
>  			assert_int_equal(kt_entry.vno, j+1);
> +#else /* MIT */
Could you please add here a short comment as well? It would help
avoiding to run git commands to understand why this part is
conditionalized.

Otherwise, RB+.

> +	for (i=num_principals-1; i>=0; i--) {
> +		expect_princ_name[4] = (char)i+48;
> +		for (j=num_kvnos; j>0; j--) {
> +			char *unparsed_name;
> +			code = krb5_kt_next_entry(krb5_ctx, keytab,
> +						  &kt_entry, &cursor);
> +			assert_int_equal(code, 0);
> +			assert_int_equal(kt_entry.vno, j);
> +#endif
>  			krb5_unparse_name(krb5_ctx, kt_entry.principal,
>  					  &unparsed_name);
>  			assert_string_equal(expect_princ_name, unparsed_name);
> @@ -72,7 +83,11 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
>  
>  	code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
>  	assert_int_equal(code, 0);
> +#ifdef SAMBA4_USES_HEIMDAL
>  	for (i=0; i<num_principals; i++) {
> +#else /* MIT */
> +	for (i=num_principals-1; i>=0; i--) {
> +#endif
>  		char *unparsed_name;
>  		expect_princ_name[4] = (char)i+48;
>  		code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
> -- 
> 2.17.2
> 


-- 
/ Alexander Bokovoy

More information about the samba-technical mailing list