buggy krb5 ccache behavior and cmocka unit tests

Andrew Bartlett abartlet at samba.org
Wed Sep 28 17:54:20 UTC 2022

On Wed, 2022-09-28 at 14:04 +0200, Christian Merten via samba-technical
> Hello,
> 1.) I encountered a few issues when using other ccache names in 
> samba-tool. For example:
> samba-tool user list --use-kerberos=required --use-kerberos=required 
> --use-krb5-ccache=KEYRING:persistent:12345:12345
> although klist correctly shows a ticket that is working with ldapsearch.
> Also using --use-krb5-ccache=DIR gives a segmentation fault. The 
> segmentation fault is thrown somewhere in the python function 
> set_named_ccache patched in auth/credentials/pycredentials.c. I tried to 
> track it back to the actual c code, but I stumbled upon cmocka tests. 
> This leads me to my second question:

DIR and KEYRING are implemented in MIT Kerberos, if you are running
Samba as an AD DC then you will most likely have Samba built with our
bundled Heimdal Kerberos.

In any case, these are not tested.

> 2.) How do I run cmocka unit tests? I tried make subunit-tests 
> TESTS=auth.credentials.tests.test_creds but I only get: skipping subunit 
> (testscenarios are not available).

Try shortening the test name, the part of the code that filters for
tests doesn't see into the full test, only the prefix.

Andrew Bartlett

Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba

More information about the samba-technical mailing list