oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Compare commits

base: oysteikt:master
Branches Tags
oysteikt:master oysteikt:systemd-support oysteikt:kadmin-get-printf-debugging oysteikt:sd-notify
oysteikt:git2svn-syncpoint-master oysteikt:switch-from-svn-to-git
..
compare: oysteikt:systemd-support
Branches Tags
oysteikt:master oysteikt:systemd-support oysteikt:kadmin-get-printf-debugging oysteikt:sd-notify
oysteikt:git2svn-syncpoint-master oysteikt:switch-from-svn-to-git

2 Commits
master ... systemd-su

Author SHA1 Message Date
h7x4
3a17ecb3e5 WIP 2026-02-08 16:07:33 +09:00
h7x4
19156b61f1 Set up nix tooling 2026-02-08 15:58:06 +09:00
17 changed files with 185 additions and 64 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -720,6 +720,3 @@ asn1_*_asn1.c
/tools/krb5-gssapi.pc /tools/krb5-gssapi.pc
/tools/krb5.pc /tools/krb5.pc
/tools/krb5-config /tools/krb5-config
result
result-*

15
configure.ac
View File

@@ -230,6 +230,21 @@ AM_CONDITIONAL([HAVE_MICROHTTPD], [test "$with_microhttpd" != "no"])
AC_SUBST([MICROHTTPD_CFLAGS]) AC_SUBST([MICROHTTPD_CFLAGS])
AC_SUBST([MICROHTTPD_LIBS]) AC_SUBST([MICROHTTPD_LIBS])
dnl systemd sd_notify support
AC_ARG_WITH([systemd],
AC_HELP_STRING([--with-systemd], [use systemd sd_notify for readiness @<:@default=check@:>@]),
[],
[with_systemd=check])
if test "$with_systemd" != "no"; then
PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [with_systemd=yes],[with_systemd=no])
fi
if test "$with_systemd" = "yes"; then
AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [Define if libsystemd sd_notify is available])
fi
AM_CONDITIONAL([HAVE_SYSTEMD], [test "$with_systemd" != "no"])
AC_SUBST([SYSTEMD_CFLAGS])
AC_SUBST([SYSTEMD_LIBS])
dnl mitkrb5 dnl mitkrb5
AC_ARG_WITH([mitkrb5], AC_ARG_WITH([mitkrb5],
AC_HELP_STRING([--with-mitkrb5=PATH], [Path to MIT Kerberos for interop testing]), AC_HELP_STRING([--with-mitkrb5=PATH], [Path to MIT Kerberos for interop testing]),

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1770380644, "lastModified": 1769740369,
"narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a",
"type": "github" "type": "github"
}, },
"original": { "original": {

22
flake.nix
View File

@@ -22,27 +22,13 @@
default = pkgs.callPackage ./nix/shell.nix { }; default = pkgs.callPackage ./nix/shell.nix { };
}); });
packages = forAllSystems (system: pkgs: let packages = forAllSystems (system: pkgs: with pkgs; {
src = lib.fileset.toSource {
root = ./.;
fileset = lib.fileset.difference ./. (lib.fileset.unions [
./.github
./.gitignore
./.zed
./flake.nix
./flake.lock
./nix
]);
};
in {
default = self.packages.${system}.heimdal; default = self.packages.${system}.heimdal;
src = pkgs.runCommand "heimdal-src" {} "ln -s ${src} \"$out\""; heimdal = pkgs.callPackage ./nix/heimdal {
src = lib.cleanSource ./.;
heimdal = pkgs.callPackage ./nix/heimdal/package.nix {
inherit src;
inherit (pkgs.darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration; inherit (pkgs.darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
autoreconfHook = pkgs.buildPackages.autoreconfHook271; autoreconfHook = pkgs.buildPackages.autoreconfHook269;
}; };
nixosTest = pkgs.testers.runNixOSTest (import ./nix/nixosTest.nix { inherit nixpkgs; }); nixosTest = pkgs.testers.runNixOSTest (import ./nix/nixosTest.nix { inherit nixpkgs; });

7
kadmin/kadm_conn.c
View File

@@ -35,6 +35,9 @@
#ifdef HAVE_SYS_WAIT_H #ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h> #include <sys/wait.h>
#endif #endif
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
extern int daemon_child; extern int daemon_child;
@@ -304,6 +307,10 @@ start_server(krb5_context contextp, const char *port_str)
krb5_errx(contextp, 1, "no sockets to listen to - exiting"); krb5_errx(contextp, 1, "no sockets to listen to - exiting");
roken_detach_finish(NULL, daemon_child); roken_detach_finish(NULL, daemon_child);
#ifdef HAVE_SYSTEMD
if (getenv("NOTIFY_SOCKET") != NULL)
sd_notify(0, "READY=1");
#endif
wait_for_connection(contextp, socks, num_socks); wait_for_connection(contextp, socks, num_socks);
free(socks); free(socks);

4
kdc/Makefile.am
View File

@@ -4,7 +4,7 @@ include $(top_srcdir)/Makefile.am.common
WFLAGS += $(WFLAGS_ENUM_CONV) WFLAGS += $(WFLAGS_ENUM_CONV)
AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_openssl_crypto) -I$(srcdir)/../lib/krb5 AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_openssl_crypto) -I$(srcdir)/../lib/krb5 $(SYSTEMD_CFLAGS)
lib_LTLIBRARIES = ipc_csr_authorizer.la \ lib_LTLIBRARIES = ipc_csr_authorizer.la \
libkdc.la libkdc.la
@@ -174,7 +174,7 @@ hpropd_LDADD = \
$(LIB_kdb) \ $(LIB_kdb) \
$(top_builddir)/lib/asn1/libasn1.la \ $(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \ $(LIB_roken) \
$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB) $(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB) $(SYSTEMD_LIBS)
if PKINIT if PKINIT
LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la

9
kdc/connect.c
View File

@@ -32,6 +32,9 @@
*/ */
#include "kdc_locl.h" #include "kdc_locl.h"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
/* /*
* a tuple describing on what to listen * a tuple describing on what to listen
@@ -1208,6 +1211,12 @@ start_kdc(krb5_context context,
#endif #endif
roken_detach_finish(NULL, daemon_child); roken_detach_finish(NULL, daemon_child);
#ifdef HAVE_SYSTEMD
/* If built with systemd support and running under systemd, notify readiness.
We check NOTIFY_SOCKET to avoid unnecessary calls when not under systemd. */
if (getenv("NOTIFY_SOCKET") != NULL)
sd_notify(0, "READY=1");
#endif
#ifdef HAVE_FORK #ifdef HAVE_FORK
if (!testing_flag) { if (!testing_flag) {

8
kdc/hpropd.c
View File

@@ -32,6 +32,9 @@
*/ */
#include "hprop.h" #include "hprop.h"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
static int inetd_flag = -1; static int inetd_flag = -1;
static int help_flag; static int help_flag;
@@ -156,6 +159,11 @@ main(int argc, char **argv)
mini_inetd (krb5_getportbyname (context, "hprop", "tcp", mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
HPROP_PORT), &sock); HPROP_PORT), &sock);
} }
#ifdef HAVE_SYSTEMD
/* Notify systemd that the service is ready when running standalone */
if (getenv("NOTIFY_SOCKET") != NULL)
sd_notify(0, "READY=1");
#endif
socket_set_keepalive(sock, 1); socket_set_keepalive(sock, 1);
sin_len = sizeof(ss); sin_len = sizeof(ss);
if (getpeername(sock, sa, &sin_len) < 0) if (getpeername(sock, sa, &sin_len) < 0)

8
kpasswd/kpasswdd.c
View File

@@ -744,6 +744,14 @@ doit(krb5_keytab keytab, int port)
krb5_errx(context, 1, "No sockets!"); krb5_errx(context, 1, "No sockets!");
roken_detach_finish(NULL, daemon_child); roken_detach_finish(NULL, daemon_child);
#ifdef HAVE_SYSTEMD
/* If built with systemd support and running under systemd, notify readiness.
We check NOTIFY_SOCKET to avoid unnecessary calls when not under systemd. */
if (getenv("NOTIFY_SOCKET") != NULL) {
extern int sd_notify(int, const char *);
(void) sd_notify(0, "READY=1");
}
#endif
while (exit_flag == 0) { while (exit_flag == 0) {
krb5_ssize_t retx; krb5_ssize_t retx;

4
lib/roken/Makefile.am
View File

@@ -9,7 +9,7 @@ CLEANFILES = roken.h make-roken.c $(XHEADERS)
lib_LTLIBRARIES = libroken.la lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 20:0:1 libroken_la_LDFLAGS = -version-info 20:0:1
libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB $(SYSTEMD_CFLAGS)
if versionscript if versionscript
libroken_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map libroken_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
@@ -199,7 +199,7 @@ EXTRA_libroken_la_SOURCES = \
search.hin \ search.hin \
vis.hin vis.hin
libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt) $(LIB_pidfile) libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt) $(LIB_pidfile) $(SYSTEMD_LIBS)
if SUNOS if SUNOS
libroken_la_LIBADD += -lnsl -lsocket libroken_la_LIBADD += -lnsl -lsocket
endif endif

29
lib/roken/detach.c
View File

@@ -38,6 +38,10 @@
#endif #endif
#include "roken.h" #include "roken.h"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
#ifdef WIN32 #ifdef WIN32
#define dup2 _dup2 #define dup2 _dup2
#endif #endif
@@ -171,6 +175,24 @@ roken_detach_prep(int argc, char **argv, const char *special_arg)
#define dup2 _dup2 #define dup2 _dup2
#endif #endif
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
roken_sd_notify(const char *state)
{
#ifdef HAVE_SYSTEMD
int r;
if (state == NULL)
return -1;
r = sd_notify(0, state);
if (r > 0)
return 0;
return -1;
#else
(void)state;
return -1;
#endif
}
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
roken_detach_finish(const char *dir, int daemon_child_fd) roken_detach_finish(const char *dir, int daemon_child_fd)
{ {
@@ -203,6 +225,13 @@ roken_detach_finish(const char *dir, int daemon_child_fd)
err(1, "failed to chdir to /"); err(1, "failed to chdir to /");
#endif #endif
/*
* Notify systemd that we are ready (if built with systemd support).
* Do this after setsid/chdir and after pidfiles are written so that
* systemd sees the process in its final state.
*/
(void) roken_sd_notify("READY=1");
do { do {
bytes = write(pipefds[1], buf, sizeof(buf)); bytes = write(pipefds[1], buf, sizeof(buf));
} while (bytes == -1 && errno == EINTR); } while (bytes == -1 && errno == EINTR);

1
lib/roken/roken.h.in
View File

@@ -939,6 +939,7 @@ ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_detach_prep(int, char **, const char *); ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_detach_prep(int, char **, const char *);
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL roken_detach_finish(const char *, int); ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL roken_detach_finish(const char *, int);
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_sd_notify(const char *);
ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
net_write (rk_socket_t, const void *, size_t); net_write (rk_socket_t, const void *, size_t);

25
nix/heimdal/0001-Include-db.h-for-nbdb-compat-mode.patch Normal file
View File

@@ -0,0 +1,25 @@
From 749d9451293f9d9f8a3f506401cae369003aeebf Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
Date: Sun, 13 Oct 2024 17:16:13 -0400
Subject: [PATCH] Include db.h for nbdb compat mode
---
lib/otp/otp_db.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/otp/otp_db.c b/lib/otp/otp_db.c
index 036359c1d..32c04bc8c 100644
--- a/lib/otp/otp_db.c
+++ b/lib/otp/otp_db.c
@@ -39,7 +39,7 @@ RCSID("$Id$");
#include "otp_locl.h"
#if defined(HAVE_DB_NDBM)
-# include <ndbm.h>
+# include <db.h>
#elif !defined(HAVE_NDBM)
# include "ndbm_wrap.h"
#endif
--
2.46.0

51
nix/heimdal/0001-Link-tests-with-libresolv.patch Normal file
View File

@@ -0,0 +1,51 @@
From 862900febaec4a2c70257a39374b81138ee9f168 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
Date: Tue, 15 Oct 2024 16:06:33 -0400
Subject: [PATCH] Link tests with libresolv
---
lib/gssapi/Makefile.am | 1 +
lib/krb5/Makefile.am | 2 ++
lib/roken/Makefile.am | 1 +
3 files changed, 4 insertions(+)
diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am
index 3254866dc..db967e586 100644
--- a/lib/gssapi/Makefile.am
+++ b/lib/gssapi/Makefile.am
@@ -403,6 +403,7 @@ LDADD = libgssapi.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_roken)
+test_names_LDFLAGS = -lresolv
test_names_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la
test_context_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/wind/libwind.la
diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am
index ecce461dd..e22cfe87c 100644
--- a/lib/krb5/Makefile.am
+++ b/lib/krb5/Makefile.am
@@ -330,6 +330,8 @@ test_rfc3961_LDADD = \
$(LIB_hcrypto) \
$(LIB_roken)
+test_plugin_LDFLAGS = -lresolv
+
if DEVELOPER_MODE
headerdeps = $(dist_libkrb5_la_SOURCES)
endif
diff --git a/lib/roken/Makefile.am b/lib/roken/Makefile.am
index 1f530c7ae..8350d7034 100644
--- a/lib/roken/Makefile.am
+++ b/lib/roken/Makefile.am
@@ -54,6 +54,7 @@ libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
parse_reply_test_SOURCES = parse_reply-test.c resolve.c
parse_reply_test_CFLAGS = -DTEST_RESOLVE
+parse_reply_test_LDFLAGS = -lresolv
test_readenv_SOURCES = test-readenv.c test-mem.c
test_auxval_SOURCES = test-auxval.c
--
2.46.0

13
nix/heimdal/package.nix → nix/heimdal/default.nix
View File

@@ -22,6 +22,7 @@
pam, pam,
libmicrohttpd, libmicrohttpd,
cjson, cjson,
systemdLibs,
CoreFoundation, CoreFoundation,
Security, Security,
@@ -43,6 +44,7 @@
withOpenLDAPAsHDBModule ? false, withOpenLDAPAsHDBModule ? false,
withOpenSSL ? true, withOpenSSL ? true,
withSQLite3 ? true, withSQLite3 ? true,
withSystemd ? true,
}: }:
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) '' assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
@@ -89,9 +91,14 @@ stdenv.mkDerivation {
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ] ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
++ lib.optionals (withOpenLDAP) [ openldap ] ++ lib.optionals (withOpenLDAP) [ openldap ]
++ lib.optionals (withOpenSSL) [ openssl ] ++ lib.optionals (withOpenSSL) [ openssl ]
++ lib.optionals (withSQLite3) [ sqlite ]; ++ lib.optionals (withSQLite3) [ sqlite ]
++ lib.optionals (withSystemd) [ systemdLibs ];
doCheck = true; # env = {
# CHECK_LOCAL = "no-check-local";
# };
# doCheck = true;
nativeCheckInputs = [ nativeCheckInputs = [
curl curl
jdk_headless jdk_headless
@@ -142,8 +149,6 @@ stdenv.mkDerivation {
--replace-fail 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema ' --replace-fail 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
substituteInPlace tests/ldap/check-ldap.in \ substituteInPlace tests/ldap/check-ldap.in \
--replace-fail 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:' --replace-fail 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
substituteInPlace tests/ldap/Makefile.am \
--replace-fail 'TESTS = check-ldap' 'TESTS ='
substituteInPlace tests/kdc/check-iprop.in \ substituteInPlace tests/kdc/check-iprop.in \
--replace-fail '/bin/pwd' 'pwd' --replace-fail '/bin/pwd' 'pwd'
''; '';

3
nix/module/heimdal.nix
View File

@@ -71,6 +71,7 @@ in
partOf = [ "kerberos-server.target" ]; partOf = [ "kerberos-server.target" ];
wantedBy = [ "kerberos-server.target" ]; wantedBy = [ "kerberos-server.target" ];
serviceConfig = { serviceConfig = {
Type = "notify";
ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
Slice = "system-kerberos-server.slice"; Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal"; StateDirectory = "heimdal";
@@ -83,6 +84,7 @@ in
partOf = [ "kerberos-server.target" ]; partOf = [ "kerberos-server.target" ];
wantedBy = [ "kerberos-server.target" ]; wantedBy = [ "kerberos-server.target" ];
serviceConfig = { serviceConfig = {
Type = "notify";
ExecStart = "${package}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; ExecStart = "${package}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf";
Slice = "system-kerberos-server.slice"; Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal"; StateDirectory = "heimdal";
@@ -95,6 +97,7 @@ in
partOf = [ "kerberos-server.target" ]; partOf = [ "kerberos-server.target" ];
wantedBy = [ "kerberos-server.target" ]; wantedBy = [ "kerberos-server.target" ];
serviceConfig = { serviceConfig = {
Type = "notify";
ExecStart = "${package}/libexec/kpasswdd"; ExecStart = "${package}/libexec/kpasswdd";
Slice = "system-kerberos-server.slice"; Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal"; StateDirectory = "heimdal";

41
nix/nixosTest.nix
View File

@@ -159,26 +159,17 @@
alice_krb_pw = "alice_hunter2" alice_krb_pw = "alice_hunter2"
alice_old_krb_pw = "" alice_old_krb_pw = ""
alice_krb_admin_pw = "alice_admin_hunter2" alice_krb_admin_pw = "alice_admin_hunter2"
bob_krb_pw = "bob_hunter2"
def random_password(): def random_password():
password_chars = string.ascii_letters + string.digits + string.punctuation.replace('"', "") password_chars = string.ascii_letters + string.digits + string.punctuation.replace('"', "")
return "".join(random.choice(password_chars) for _ in range(16)) return "".join(random.choice(password_chars) for _ in range(16))
def clear_tty(node):
node.send_chars("clear\n")
ps1 = r"\[alice@\w+:~\]\$ "
node.wait_until_tty_matches("1", ps1)
with subtest("Server: initialize user principals and keytabs"): with subtest("Server: initialize user principals and keytabs"):
server.succeed(f'kadmin -l add --password="{alice_krb_admin_pw}" --use-defaults alice/admin') server.succeed(f'kadmin -l add --password="{alice_krb_admin_pw}" --use-defaults alice/admin')
# server.succeed("kadmin -l ext_keytab --keytab=admin.keytab alice/admin") server.succeed("kadmin -l ext_keytab --keytab=admin.keytab alice/admin")
server.succeed(f'kadmin -p alice/admin add --password="{alice_krb_pw}" --use-defaults alice') server.succeed(f'kadmin -p alice/admin -K admin.keytab add --password="{alice_krb_pw}" --use-defaults alice')
# server.succeed("kadmin -l ext_keytab --keytab=alice.keytab alice") server.succeed("kadmin -l ext_keytab --keytab=alice.keytab alice")
server.succeed("kadmin -p alice/admin add --password={bob_krb_pw} --use-defaults bob")
# server.succeed("kadmin -l ext_keytab --keytab=bob.keytab bob")
server.wait_for_unit("getty@tty1.service") server.wait_for_unit("getty@tty1.service")
server.wait_until_succeeds("pgrep -f 'agetty.*tty1'") server.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
@@ -196,7 +187,7 @@
if not "host/server.foo.bar" in ktutil_list: if not "host/server.foo.bar" in ktutil_list:
exit(1) exit(1)
clear_tty(server) server.send_chars("clear\n")
client.systemctl("start network-online.target") client.systemctl("start network-online.target")
client.wait_for_unit("network-online.target") client.wait_for_unit("network-online.target")
@@ -221,7 +212,7 @@
if not "host/client.foo.bar" in ktutil_list: if not "host/client.foo.bar" in ktutil_list:
exit(1) exit(1)
clear_tty(client) client.send_chars("clear\n")
with subtest("Client: kinit alice"): with subtest("Client: kinit alice"):
client.succeed( client.succeed(
@@ -230,7 +221,7 @@
) )
tickets = client.succeed("klist") tickets = client.succeed("klist")
assert "Principal: alice@FOO.BAR" in tickets assert "Principal: alice@FOO.BAR" in tickets
clear_tty(client) client.send_chars("clear\n")
with subtest("Client: kpasswd alice"): with subtest("Client: kpasswd alice"):
alice_old_krb_pw = alice_krb_pw alice_old_krb_pw = alice_krb_pw
@@ -245,14 +236,7 @@
client.wait_until_tty_matches("1", "Success : Password changed") client.wait_until_tty_matches("1", "Success : Password changed")
clear_tty(client) client.send_chars("clear\n")
with subtest("Client: kadmin get bob"):
client.send_chars("sudo kadmin -p alice/admin -K admin.keytab get bob\n")
client.wait_until_tty_matches("1", "alice/admin@FOO.BAR's Password:")
client.send_chars(f"{alice_krb_admin_pw}\n")
client.wait_until_tty_matches("1", "Principal: bob@FOO.BAR")
clear_tty(client)
with subtest("Server: kinit alice"): with subtest("Server: kinit alice"):
server.succeed( server.succeed(
@@ -261,7 +245,7 @@
) )
tickets = client.succeed("klist") tickets = client.succeed("klist")
assert "Principal: alice@FOO.BAR" in tickets assert "Principal: alice@FOO.BAR" in tickets
clear_tty(server) server.send_chars("clear\n")
with subtest("Server: kpasswd alice"): with subtest("Server: kpasswd alice"):
alice_old_krb_pw = alice_krb_pw alice_old_krb_pw = alice_krb_pw
@@ -276,14 +260,7 @@
server.wait_until_tty_matches("1", "Success : Password changed") server.wait_until_tty_matches("1", "Success : Password changed")
clear_tty(server) server.send_chars("clear\n")
with subtest("Server: kadmin get bob"):
server.send_chars("sudo kadmin -p alice/admin -K admin.keytab get bob\n")
server.wait_until_tty_matches("1", "alice/admin@FOO.BAR's Password:")
server.send_chars(f"{alice_krb_admin_pw}\n")
server.wait_until_tty_matches("1", "Principal: bob@FOO.BAR")
clear_tty(server)
''; '';
meta.maintainers = pkgs.heimdal.meta.maintainers; meta.maintainers = pkgs.heimdal.meta.maintainers;