From 5d50d0684549e321931ec745fd370ea17df311c6 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Thu, 16 Apr 2015 19:49:13 -0500 Subject: [PATCH] Better test workaround for NTLM bug --- lib/gssapi/test_context.c | 10 +++------- tests/gss/check-ntlm.in | 6 +++--- tests/gss/check-spnego.in | 17 +++++++++-------- 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index d40f976e2..07a6d908a 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -598,9 +598,6 @@ main(int argc, char **argv) * * - the NTLM gss_acquire_cred() refuses to work with * desired_name == GSS_C_NO_NAME - * - the NTLM gss_import_name() also fails, so that merely - * adding --client-name to this program's invocation doesn't - * work around that * - gss_acquire_cred() with desired_mechs == GSS_C_NO_OID_SET * does work here because we happen to have Kerberos * credentials in check-ntlm, and the subsequent @@ -609,12 +606,11 @@ main(int argc, char **argv) * NTLM gss_init_sec_context() just works. * * In summary, there's some breakage in gss_init_sec_context() - * and some breakage in NTLM (and SPNEGO) that conspires against - * us here. + * and some breakage in NTLM that conspires against us here. * * We work around this in check-ntlm and check-spnego by adding - * --mech-types='' to the invocations of this test program that - * require it. + * --client-name=user1@${R} to the invocations of this test + * program that require it. */ oids[0] = *mechoid; mechoid_descs.elements = &oids[0]; diff --git a/tests/gss/check-ntlm.in b/tests/gss/check-ntlm.in index 2968c241d..de247cd18 100644 --- a/tests/gss/check-ntlm.in +++ b/tests/gss/check-ntlm.in @@ -134,7 +134,7 @@ KRB5CCNAME="$cache" echo "no NTLM initiator creds" ${context} --mech-type=ntlm \ - --mech-types= \ + --client-name=user1@${R} \ --mutual \ --name-type=hostbased-service \ --ret-mech-type=ntlm \ @@ -146,7 +146,7 @@ ${kinit} --password-file=${objdir}/foopassword --ntlm-domain=TEST user1@${R} || echo "NTLM initiator krb5 creds" ${context} --mech-type=ntlm \ - --mech-types= \ + --client-name=user1@${R} \ --mutual \ --name-type=hostbased-service \ --ret-mech-type=ntlm \ @@ -155,7 +155,7 @@ ${context} --mech-type=ntlm \ echo "NTLM initiator krb5 creds (getverifymic, wrapunwrap)" ${context} --mech-type=ntlm \ - --mech-types= \ + --client-name=user1@${R} \ --mutual \ --name-type=hostbased-service \ --ret-mech-type=ntlm \ diff --git a/tests/gss/check-spnego.in b/tests/gss/check-spnego.in index 699c0761c..cf28d334c 100644 --- a/tests/gss/check-spnego.in +++ b/tests/gss/check-spnego.in @@ -124,7 +124,8 @@ echo "======context building for each mech" for mech in ntlm krb5 ; do echo "${mech}" - ${context} --mech-type=${mech} --mech-types= --ret-mech-type=${mech} \ + ${context} --mech-type=${mech} --client-name=user1@${R} \ + --ret-mech-type=${mech} \ --name-type=hostbased-service host@host.test.h5l.se || \ { exitcode=1 ; echo test failed; } done @@ -132,18 +133,18 @@ done echo "spnego" ${context} \ --mech-type=spnego \ - --mech-types= \ + --client-name=user1@${R} \ --ret-mech-type=krb5 \ --name-type=hostbased-service \ host@host.test.h5l.se || \ { exitcode=1 ; echo test failed; } echo "test failure cases" -${context} --mech-type=ntlm --mech-types= --ret-mech-type=krb5 \ +${context} --mech-type=ntlm --client-name=user1@${R} --ret-mech-type=krb5 \ --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ { exitcode=1 ; echo test failed; } -${context} --mech-type=krb5 --mech-types= --ret-mech-type=ntlm \ +${context} --mech-type=krb5 --client-name=user1@${R} --ret-mech-type=ntlm \ --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ { exitcode=1 ; echo test failed; } @@ -160,7 +161,7 @@ for arg in \ echo "no NTLM acceptor cred ${arg}" NTLM_ACCEPTOR_CCACHE="${cacheds}-no" - ${context} --mech-type=spnego --mech-types= \ + ${context} --mech-type=spnego --client-name=user1@${R} \ $arg \ --client-name=user1@TEST.H5L.SE \ --name-type=hostbased-service \ @@ -171,7 +172,7 @@ for arg in \ echo "no NTLM initiator cred ${arg}" NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no" - ${context} --mech-type=spnego --mech-types= \ + ${context} --mech-type=spnego --client-name=user1@${R} \ $arg \ --client-name=user1@TEST.H5L.SE \ --name-type=hostbased-service \ @@ -182,7 +183,7 @@ for arg in \ echo "no krb5 acceptor cred ${arg}" KRB5_KTNAME="${keytab}-no" - ${context} --mech-type=spnego --mech-types= \ + ${context} --mech-type=spnego --client-name=user1@${R} \ $arg \ --client-name=user1@TEST.H5L.SE \ --server-no-delegate \ @@ -194,7 +195,7 @@ for arg in \ echo "no krb5 initiator cred ${arg}" KRB5CCNAME="${cache}-no" - ${context} --mech-type=spnego --mech-types= \ + ${context} --mech-type=spnego --client-name=user1@${R} \ $arg \ --client-name=user1@TEST.H5L.SE \ --server-no-delegate \