krb5: Make test_cc w/ KEYRING more reliable

Joining a new keyring session every time seems to make it better.
2021-12-15 15:17:36 -06:00
parent 3da32ef699
commit af923957f6
3 changed files with 20 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -601,6 +601,7 @@ if test -n "$LIB_add_key"; then
    AC_CHECK_FUNCS(keyctl_get_persistent)
    LIBS="$saved_LIBS"
 fi
+AM_CONDITIONAL(HAVE_KEYUTILS, test "$ac_cv_func_keyctl_get_persistent" = yes)

 AC_CHECK_SIZEOF([time_t])

--- a/lib/krb5/Makefile.am
+++ b/lib/krb5/Makefile.am
@@ -59,6 +59,10 @@ LDADD = libkrb5.la \
 	$(top_builddir)/lib/wind/libwind.la \
 	$(LIB_heimbase) $(LIB_roken)

+if HAVE_KEYUTILS
+test_cc_LDADD = $(LDADD) -lkeyutils
+endif
+
 if PKINIT
 LIB_pkinit = ../hx509/libhx509.la
 endif
--- a/lib/krb5/test_cc.c
+++ b/lib/krb5/test_cc.c
@@ -30,10 +30,24 @@
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

+/*
+ * If this test fails with
+ *
+ *      krb5_cc_gen_new: KEYRING: Key has been revoked
+ *
+ * then run
+ *
+ *      keyctl new_session
+ */
+
 #include "krb5_locl.h"
 #include <getarg.h>
 #include <err.h>

+#ifdef HAVE_KEYUTILS_H
+#include <keyutils.h>
+#endif
+
 static const char *unlink_this;
 static const char *unlink_this2;
 static char *tmpdir;
@@ -979,7 +993,7 @@ main(int argc, char **argv)
    test_cache_remove(context, krb5_cc_type_scc);
 #endif
 #ifdef HAVE_KEYUTILS_H
-    system("keyctl new_session >/dev/null");
+    keyctl_join_session_keyring(NULL);
    test_cache_remove(context, krb5_cc_type_keyring);
 #endif