krb5.git/src/tests, branch kinit-c MIT Kerberos patches Fix OTP tests with pyrad 2.x 2015-01-04T23:25:28+00:00 Greg Hudson ghudson@mit.edu 2014-12-22T23:37:36+00:00 57dc24093015d292189ef23313ef8ff2a81431e4 Declare User-Password as having type "octets" instead of "string" or pyrad 2.x will throw a decoding error when retrieving it. ticket: 8053 (new) target_version: 1.13.1 tags: pullup 
Declare User-Password as having type "octets" instead of "string" or
pyrad 2.x will throw a decoding error when retrieving it.

ticket: 8053 (new)
target_version: 1.13.1
tags: pullup
Include file ccache name in error messages 2014-12-15T22:33:46+00:00 Nicolas Williams nico@cryptonector.com 2014-10-30T00:42:49+00:00 98b55e86d7ec8b0a3b9b9f9b415ffdf78f4fd2e8 When a FILE ccache method returns an error, append the filename to the standard message for the code. Remove code to set extended messages in helper functions as they would just be overwritten. Also change the interpretation of errno values. Treat ENAMETOOLONG as KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external cause and a name that long can't be opened by normal means. Treat EROFS as KRB5_FCC_PERM. Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE instead of KRB5_FCC_PERM as both errors imply that the full pathname doesn't exist. Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of KRB5_FCC_PERM as they indicate a conflict rather than a permission issue. [ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed now-inoperative code to set extended messages in helper functions; trimmed changes to interpret_errno; clarified and shortened commit message] ticket: 8052 (new) 
When a FILE ccache method returns an error, append the filename to the
standard message for the code.  Remove code to set extended messages
in helper functions as they would just be overwritten.

Also change the interpretation of errno values.  Treat ENAMETOOLONG as
KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external
cause and a name that long can't be opened by normal means.  Treat
EROFS as KRB5_FCC_PERM.  Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE
instead of KRB5_FCC_PERM as both errors imply that the full pathname
doesn't exist.  Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of
KRB5_FCC_PERM as they indicate a conflict rather than a permission
issue.

[ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed
now-inoperative code to set extended messages in helper functions;
trimmed changes to interpret_errno; clarified and shortened commit
message]

ticket: 8052 (new)
Regression tests for keyless principals 2014-12-15T20:03:16+00:00 Ben Kaduk kaduk@mit.edu 2014-11-21T19:00:20+00:00 71201ced154fd3d1a87358ebdaf209d24885ed13 Confirm that kadmind does not crash when creating/modifying a principal to have no keys, and confirm that no keys are present after a purgekeys -all. 
Confirm that kadmind does not crash when creating/modifying a principal
to have no keys, and confirm that no keys are present after a
purgekeys -all.
Add tests for LDAP ticket/policy name misuse 2014-12-15T20:01:34+00:00 Greg Hudson ghudson@mit.edu 2014-12-05T19:02:04+00:00 e8df0458673071e56346730fa843c83aca88631f ticket: 8051 
ticket: 8051
Fix LDAP tests when sasl.h not found 2014-12-09T18:11:05+00:00 Greg Hudson ghudson@mit.edu 2014-12-08T20:30:25+00:00 8466003864b294cdb9e5547c2f8e574d2c156b13 Do not try to run the SASL EXTERNAL auth test if we could not define a useful interact function. With current libraries the interact function is asked for an authorization name, and the bind fails if it gets an unsuccessful result or if no interaction function is defined. ticket: 8049 (new) target_version: 1.13.1 tags: pullup 
Do not try to run the SASL EXTERNAL auth test if we could not define a
useful interact function.  With current libraries the interact
function is asked for an authorization name, and the bind fails if it
gets an unsuccessful result or if no interaction function is defined.

ticket: 8049 (new)
target_version: 1.13.1
tags: pullup
Test err_fmt 2014-12-07T20:11:02+00:00 Nicolas Williams nico@cryptonector.com 2014-11-11T02:43:12+00:00 aa39669d6e9d2f300777ba7cf8409ed7ef2ce2f7 [ghudson@mit.edu: move tests to new file; stop messing with KRB5CCNAME; use K5Realm.special_env instead of multiple K5Realm objects] ticket: 8047 
[ghudson@mit.edu: move tests to new file; stop messing with
KRB5CCNAME; use K5Realm.special_env instead of multiple K5Realm
objects]

ticket: 8047
Use new error message wrapping APIs 2014-12-07T20:11:01+00:00 Nicolas Williams nico@cryptonector.com 2014-11-12T21:49:37+00:00 ebcdf02f8ec212555b1762007fa8454615900f36 Define internal names k5_prendmsg and k5_wrapmsg and use them where we amend error messages. This slightly changes the error message when we fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store credentials in a gic_opts output ccache. Adjust the test suite for the latter of those changes. [ghudson@mit.edu: define and use internal names for brevity; pull in test fix from later commit; expand commit message; fix redundant separators in LDAP messages] ticket: 8046 
Define internal names k5_prendmsg and k5_wrapmsg and use them where we
amend error messages.  This slightly changes the error message when we
fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store
credentials in a gic_opts output ccache.  Adjust the test suite for
the latter of those changes.

[ghudson@mit.edu: define and use internal names for brevity; pull in
test fix from later commit; expand commit message; fix redundant
separators in LDAP messages]

ticket: 8046
Add tests for duplicate detection 2014-11-21T15:21:27+00:00 Ben Kaduk kaduk@mit.edu 2014-11-20T21:41:13+00:00 66497980e56b9c8bb5c94979d48f32ef69354c85 There's not an easy way to test for infinite loops other than making the test suite hang, unfortunately. 
There's not an easy way to test for infinite loops other than
making the test suite hang, unfortunately.
Fix input race condition in t_skew.py 2014-11-05T19:34:58+00:00 Greg Hudson ghudson@mit.edu 2014-11-05T19:12:35+00:00 2457bf66c466321dd36cd3c76bc36bb589d31587 In two of the kinit tests run by t_skew.py, we expect kinit to exit before reading the password. If we supply a password input for those commands, we can fail with a broken pipe exception if the master process tries to write the password after the slave process exits. Also correctly check the output of the last kinit invocation. ticket: 8034 (new) target_version: 1.13.1 tags: pullup 
In two of the kinit tests run by t_skew.py, we expect kinit to exit
before reading the password.  If we supply a password input for those
commands, we can fail with a broken pipe exception if the master
process tries to write the password after the slave process exits.

Also correctly check the output of the last kinit invocation.

ticket: 8034 (new)
target_version: 1.13.1
tags: pullup
Adjust asn1c test vector code for new asn1c 2014-10-31T17:01:44+00:00 Greg Hudson ghudson@mit.edu 2014-10-28T18:31:19+00:00 0558407467d9e35148f3c40babbc4551ef982e73 asn1c 0.9.22 added support for representing integers using unsigned types if they have appropriate constraints. This changes the representation of RFC4120's UInt32 type from Integer_t to unsigned long. In make-vectors.c, this means we can use a static initializer for kvno, and that the old method of calling asn_long2INTEGER doesn't work. Adjust make-vectors.c to assume the newer version of asn1c. 
asn1c 0.9.22 added support for representing integers using unsigned
types if they have appropriate constraints.  This changes the
representation of RFC4120's UInt32 type from Integer_t to unsigned
long.  In make-vectors.c, this means we can use a static initializer
for kvno, and that the old method of calling asn_long2INTEGER doesn't
work.  Adjust make-vectors.c to assume the newer version of asn1c.