oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Better test workaround for NTLM bug

Browse Source
This commit is contained in:
Nicolas Williams
2015-04-16 19:49:13 -05:00
parent e8e9cd9710
commit 5d50d06845
3 changed files with 15 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/gssapi/test_context.c
View File

@@ -598,9 +598,6 @@ main(int argc, char **argv)
* *
* - the NTLM gss_acquire_cred() refuses to work with * - the NTLM gss_acquire_cred() refuses to work with
* desired_name == GSS_C_NO_NAME * desired_name == GSS_C_NO_NAME
* - the NTLM gss_import_name() also fails, so that merely
* adding --client-name to this program's invocation doesn't
* work around that
* - gss_acquire_cred() with desired_mechs == GSS_C_NO_OID_SET * - gss_acquire_cred() with desired_mechs == GSS_C_NO_OID_SET
* does work here because we happen to have Kerberos * does work here because we happen to have Kerberos
* credentials in check-ntlm, and the subsequent * credentials in check-ntlm, and the subsequent
@@ -609,12 +606,11 @@ main(int argc, char **argv)
* NTLM gss_init_sec_context() just works. * NTLM gss_init_sec_context() just works.
* *
* In summary, there's some breakage in gss_init_sec_context() * In summary, there's some breakage in gss_init_sec_context()
* and some breakage in NTLM (and SPNEGO) that conspires against * and some breakage in NTLM that conspires against us here.
* us here.
* *
* We work around this in check-ntlm and check-spnego by adding * We work around this in check-ntlm and check-spnego by adding
* --mech-types='' to the invocations of this test program that * --client-name=user1@${R} to the invocations of this test
* require it. * program that require it.
*/ */
oids[0] = *mechoid; oids[0] = *mechoid;
mechoid_descs.elements = &oids[0]; mechoid_descs.elements = &oids[0];

6
tests/gss/check-ntlm.in
View File

@@ -134,7 +134,7 @@ KRB5CCNAME="$cache"
echo "no NTLM initiator creds" echo "no NTLM initiator creds"
${context} --mech-type=ntlm \ ${context} --mech-type=ntlm \
--mech-types= \ --client-name=user1@${R} \
--mutual \ --mutual \
--name-type=hostbased-service \ --name-type=hostbased-service \
--ret-mech-type=ntlm \ --ret-mech-type=ntlm \
@@ -146,7 +146,7 @@ ${kinit} --password-file=${objdir}/foopassword --ntlm-domain=TEST user1@${R} ||
echo "NTLM initiator krb5 creds" echo "NTLM initiator krb5 creds"
${context} --mech-type=ntlm \ ${context} --mech-type=ntlm \
--mech-types= \ --client-name=user1@${R} \
--mutual \ --mutual \
--name-type=hostbased-service \ --name-type=hostbased-service \
--ret-mech-type=ntlm \ --ret-mech-type=ntlm \
@@ -155,7 +155,7 @@ ${context} --mech-type=ntlm \
echo "NTLM initiator krb5 creds (getverifymic, wrapunwrap)" echo "NTLM initiator krb5 creds (getverifymic, wrapunwrap)"
${context} --mech-type=ntlm \ ${context} --mech-type=ntlm \
--mech-types= \ --client-name=user1@${R} \
--mutual \ --mutual \
--name-type=hostbased-service \ --name-type=hostbased-service \
--ret-mech-type=ntlm \ --ret-mech-type=ntlm \

17
tests/gss/check-spnego.in
View File

@@ -124,7 +124,8 @@ echo "======context building for each mech"
for mech in ntlm krb5 ; do for mech in ntlm krb5 ; do
echo "${mech}" echo "${mech}"
${context} --mech-type=${mech} --mech-types= --ret-mech-type=${mech} \ ${context} --mech-type=${mech} --client-name=user1@${R} \
--ret-mech-type=${mech} \
--name-type=hostbased-service host@host.test.h5l.se || \ --name-type=hostbased-service host@host.test.h5l.se || \
{ exitcode=1 ; echo test failed; } { exitcode=1 ; echo test failed; }
done done
@@ -132,18 +133,18 @@ done
echo "spnego" echo "spnego"
${context} \ ${context} \
--mech-type=spnego \ --mech-type=spnego \
--mech-types= \ --client-name=user1@${R} \
--ret-mech-type=krb5 \ --ret-mech-type=krb5 \
--name-type=hostbased-service \ --name-type=hostbased-service \
host@host.test.h5l.se || \ host@host.test.h5l.se || \
{ exitcode=1 ; echo test failed; } { exitcode=1 ; echo test failed; }
echo "test failure cases" echo "test failure cases"
${context} --mech-type=ntlm --mech-types= --ret-mech-type=krb5 \ ${context} --mech-type=ntlm --client-name=user1@${R} --ret-mech-type=krb5 \
--name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \
{ exitcode=1 ; echo test failed; } { exitcode=1 ; echo test failed; }
${context} --mech-type=krb5 --mech-types= --ret-mech-type=ntlm \ ${context} --mech-type=krb5 --client-name=user1@${R} --ret-mech-type=ntlm \
--name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \
{ exitcode=1 ; echo test failed; } { exitcode=1 ; echo test failed; }
@@ -160,7 +161,7 @@ for arg in \
echo "no NTLM acceptor cred ${arg}" echo "no NTLM acceptor cred ${arg}"
NTLM_ACCEPTOR_CCACHE="${cacheds}-no" NTLM_ACCEPTOR_CCACHE="${cacheds}-no"
${context} --mech-type=spnego --mech-types= \ ${context} --mech-type=spnego --client-name=user1@${R} \
$arg \ $arg \
--client-name=user1@TEST.H5L.SE \ --client-name=user1@TEST.H5L.SE \
--name-type=hostbased-service \ --name-type=hostbased-service \
@@ -171,7 +172,7 @@ for arg in \
echo "no NTLM initiator cred ${arg}" echo "no NTLM initiator cred ${arg}"
NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no" NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no"
${context} --mech-type=spnego --mech-types= \ ${context} --mech-type=spnego --client-name=user1@${R} \
$arg \ $arg \
--client-name=user1@TEST.H5L.SE \ --client-name=user1@TEST.H5L.SE \
--name-type=hostbased-service \ --name-type=hostbased-service \
@@ -182,7 +183,7 @@ for arg in \
echo "no krb5 acceptor cred ${arg}" echo "no krb5 acceptor cred ${arg}"
KRB5_KTNAME="${keytab}-no" KRB5_KTNAME="${keytab}-no"
${context} --mech-type=spnego --mech-types= \ ${context} --mech-type=spnego --client-name=user1@${R} \
$arg \ $arg \
--client-name=user1@TEST.H5L.SE \ --client-name=user1@TEST.H5L.SE \
--server-no-delegate \ --server-no-delegate \
@@ -194,7 +195,7 @@ for arg in \
echo "no krb5 initiator cred ${arg}" echo "no krb5 initiator cred ${arg}"
KRB5CCNAME="${cache}-no" KRB5CCNAME="${cache}-no"
${context} --mech-type=spnego --mech-types= \ ${context} --mech-type=spnego --client-name=user1@${R} \
$arg \ $arg \
--client-name=user1@TEST.H5L.SE \ --client-name=user1@TEST.H5L.SE \
--server-no-delegate \ --server-no-delegate \