Turn off some tests that master stopped doingkrb5-1.11.2-8.fc20

- pull in patches from master to not test GSSRPC-over-UDP and to not
  depend on the portmapper, which are areas where our build systems
  often give us trouble, too

4 files changed, 295 insertions, 17 deletions

diff --git a/krb5-1.11.1-rpcbind.patch b/krb5-1.11.1-rpcbind.patch
deleted file mode 100644
index 6379462..0000000
--- a/krb5-1.11.1-rpcbind.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-We sort of sabotage the test here, changing the result when the local
-portmapper is running but won't allow us to register so that it's treated the
-same as a portmapper-not-running case.
-
---- krb5/src/lib/rpc/unit-test/server.c
-+++ krb5/src/lib/rpc/unit-test/server.c
-@@ -116,6 +116,7 @@ main(int argc, char **argv)
-      if (!svc_register(transp, RPC_TEST_PROG, RPC_TEST_VERS_1,
- 		       rpc_test_prog_1_svc, prot)) {
- 	  fprintf(stderr,
-+		  "Cannot register service: " /* don't bail fatally just because rpcbind isn't obliging us */
- 		  "unable to register (RPC_TEST_PROG, RPC_TEST_VERS_1, %s).",
- 		  prot == IPPROTO_TCP ? "tcp" : "udp");
- 	  exit(1);
diff --git a/krb5-master-test_gss_no_udp.patch b/krb5-master-test_gss_no_udp.patch
new file mode 100644
index 0000000..866647d
--- /dev/null
+++ b/krb5-master-test_gss_no_udp.patch
@@ -0,0 +1,41 @@
+commit 11bd102c0e3793204111f712e5bd4bf54f2d9573
+Author: Greg Hudson <ghudson@mit.edu>
+Date:   Wed May 1 14:40:31 2013 -0400
+
+    Disable UDP pass of gssrpc tests on all platforms
+    
+    The AUTH_GSSAPI flavor of rpc authentication uses IP address channel
+    bindings.  These are broken over UDP, because svcudp_recv() fails to
+    get the destination address of incoming packets (it tries to use the
+    recvmsg() msg_name field to get the destination IP address, which
+    instead gets the source address; see ticket #5540).
+    
+    There is no simple or comprehensive way to fix this; using IP_PKTINFO
+    is a fair amount of code and only works on some platforms.  It's also
+    not very important--nobody should be using AUTH_GSSAPI except perhaps
+    for compatibility with really old kadmin, and kadmin only runs over
+    TCP.  Since the gssrpc tests are closely wedded to AUTH_GSSAPI, the
+    simplest fix is to only run the TCP pass.
+
+diff --git a/src/configure.in b/src/configure.in
+index 0c8111b..42a5fd5 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -984,16 +984,7 @@ extern void endrpcent();],
+ AC_MSG_RESULT($k5_cv_type_endrpcent)
+ AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
+ K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
+-changequote(<<, >>)
+-case "$krb5_cv_host" in
+-*-*-solaris2.[012345]*)
+-	PASS=tcp
+-	;;
+-*)
+-	PASS="tcp udp"
+-	;;
+-esac
+-changequote([, ])
++PASS=tcp
+ AC_SUBST(PASS)
+ 
+ # for pkinit
diff --git a/krb5-master-test_no_pmap.patch b/krb5-master-test_no_pmap.patch
new file mode 100644
index 0000000..bc6afed
--- /dev/null
+++ b/krb5-master-test_no_pmap.patch
@@ -0,0 +1,244 @@
+commit 5454da3bcaa383f5b47984283f11f010d3d2b73e
+Author: Greg Hudson <ghudson@mit.edu>
+Date:   Wed May 1 13:07:36 2013 -0400
+
+    Don't use portmapper in RPC tests
+    
+    On many Linux systems, due to what is arguably a bug in rpcbind, the
+    portmapper doesn't allow service registration from non-root processes.
+    This causes the RPC tests to be frequently skipped.  Modify the tests
+    so that they don't need the portmapper, by grabbing the port number
+    from the server process and passing it to the client.
+
+diff --git a/doc/build/doing_build.rst b/doc/build/doing_build.rst
+index bc438c8..3c686cc 100644
+--- a/doc/build/doing_build.rst
++++ b/doc/build/doing_build.rst
+@@ -149,9 +149,6 @@ However, there are several prerequisites that must be satisfied first:
+   **-**\ **-disable-rpath**, which renders the build tree less suitable for
+   installation, but allows testing without interference from
+   previously installed libraries.
+-* In order to test the RPC layer, the local system has to be running
+-  the portmap daemon and it has to be listening to the regular network
+-  interface (not just localhost).
+ 
+ There are additional regression tests available, which are not run
+ by ``make check``.  These tests require manual setup and teardown of
+diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
+index a70cf38..6ab4534 100644
+--- a/src/lib/rpc/unit-test/client.c
++++ b/src/lib/rpc/unit-test/client.c
+@@ -7,12 +7,15 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <netdb.h>
++#include <sys/socket.h>
+ #include "autoconf.h"
+ #ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
+ #include <gssrpc/rpc.h>
+ #include <gssapi/gssapi.h>
++#include <gssapi/gssapi_krb5.h>
+ #include <gssrpc/rpc.h>
+ #include <gssrpc/auth_gssapi.h>
+ #include "rpc_test.h"
+@@ -51,17 +54,19 @@ main(argc, argv)
+    int argc;
+    char **argv;
+ {
+-     char        *host, *target, *echo_arg, **echo_resp, buf[BIG_BUF];
+-     char	 *prot;
++     char        *host, *port, *target, *echo_arg, **echo_resp, buf[BIG_BUF];
+      CLIENT      *clnt;
+      AUTH	 *tmp_auth;
+      struct rpc_err e;
+-     int i, auth_once;
++     int i, auth_once, sock, use_tcp;
+      unsigned int count;
+      extern int optind;
+      extern char *optarg;
+      extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi;
+      int c;
++     struct sockaddr_in sin;
++     struct hostent *h;
++     struct timeval tv;
+ 
+      extern int krb5_gss_dbg_client_expcreds;
+      krb5_gss_dbg_client_expcreds = 1;
+@@ -69,7 +74,7 @@ main(argc, argv)
+      whoami = argv[0];
+      count = 1026;
+      auth_once = 0;
+-     prot = NULL;
++     use_tcp = -1;
+ 
+      while ((c = getopt(argc, argv, "a:m:os:tu")) != -1) {
+ 	  switch (c) {
+@@ -86,39 +91,60 @@ main(argc, argv)
+ 	       svc_debug_gssapi = atoi(optarg);
+ 	       break;
+ 	  case 't':
+-	       prot = "tcp";
++	       use_tcp = 1;
+ 	       break;
+ 	  case 'u':
+-	       prot = "udp";
++	       use_tcp = 0;
+ 	       break;
+ 	  case '?':
+ 	       usage();
+ 	       break;
+ 	  }
+      }
+-     if (prot == NULL)
++     if (use_tcp == -1)
+ 	  usage();
+ 
+      argv += optind;
+      argc -= optind;
+ 
+      switch (argc) {
+-     case 3:
+-	  count = atoi(argv[2]);
++     case 4:
++	  count = atoi(argv[3]);
+ 	  if (count > BIG_BUF-1) {
+ 	    fprintf(stderr, "Test count cannot exceed %d.\n", BIG_BUF-1);
+ 	    usage();
+ 	  }
+-     case 2:
++     case 3:
+ 	  host = argv[0];
+-	  target = argv[1];
++	  port = argv[1];
++	  target = argv[2];
+ 	  break;
+      default:
+ 	  usage();
+      }
+ 
++     /* get server address */
++     h = gethostbyname(host);
++     if (h == NULL) {
++	 fprintf(stderr, "Can't resolve hostname %s\n", host);
++	 exit(1);
++     }
++     memset(&sin, 0, sizeof(sin));
++     sin.sin_family = h->h_addrtype;
++     sin.sin_port = ntohs(atoi(port));
++     memmove(&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr));
++
+      /* client handle to rstat */
+-     clnt = clnt_create(host, RPC_TEST_PROG, RPC_TEST_VERS_1, prot);
++     sock = RPC_ANYSOCK;
++     if (use_tcp) {
++	 clnt = clnttcp_create(&sin, RPC_TEST_PROG, RPC_TEST_VERS_1, &sock, 0,
++			       0);
++     } else {
++	 tv.tv_sec = 5;
++	 tv.tv_usec = 0;
++	 clnt = clntudp_create(&sin, RPC_TEST_PROG, RPC_TEST_VERS_1, tv,
++			       &sock);
++     }
+      if (clnt == NULL) {
+ 	  clnt_pcreateerror(whoami);
+ 	  exit(1);
+diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp
+index f02116e..ba57b70 100644
+--- a/src/lib/rpc/unit-test/config/unix.exp
++++ b/src/lib/rpc/unit-test/config/unix.exp
+@@ -112,10 +112,6 @@ proc rpc_test_exit {} {
+ 	global server_started
+ 	global kill
+ 
+-        if { [info exists server_started] && $server_started == 0 } { 
+-	    return 
+-	}
+-
+  	if {[catch {
+ 		expect {
+ 			-i $server_id
+@@ -138,6 +134,7 @@ proc rpc_test_start { } {
+ 	global server_id
+ 	global server_pid
+ 	global server_started
++	global server_port
+ 	global env
+ 
+ 	if [info exists server_pid] { rpc_test_exit }
+@@ -148,25 +145,17 @@ proc rpc_test_start { } {
+ 	set server_pid [spawn $SERVER $PROT]
+ 	set server_id $spawn_id
+         set server_started 1
++	set server_port -1
+ 
+ 	unset env(KRB5_KTNAME)
+ 
+ 	set timeout 30
+ 
+ 	expect {
++		-re "port: (\[0-9\]*)\r\n" {
++			set server_port $expect_out(1,string)
++		}
+ 		"running" { }
+-	        "Cannot register service" {
+-		        send_error "Server cannot register with portmap/rpcbind!!\n"
+-		        note "+++"
+-		        note "+++ These tests require the ability to register with portmap/rpcbind"
+-		        note "+++ Either the server is not running or it does not"
+-		        note "+++  allow registration using a loopback connection"
+-		        note "+++"
+-		        verbose $expect_out(buffer) 1
+-		        set server_started 0
+-		        unsupported "Server registration"
+-		        return
+-	        }
+ 		eof { 
+ 			send_error "server exited!"
+ 			verbose $expect_out(buffer) 1
+diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp
+index 963fff4..a1b0783 100644
+--- a/src/lib/rpc/unit-test/lib/helpers.exp
++++ b/src/lib/rpc/unit-test/lib/helpers.exp
+@@ -170,7 +170,7 @@ proc flush_server {} {
+ 
+ proc start_client {testname ccname user password lifetime count
+ 		  {target ""}} {
+-	global env CLIENT PROT hostname spawn_id verbose
++	global env CLIENT PROT hostname server_port spawn_id verbose
+ 
+ 	if {$target == ""} {
+ 		set target "server@$hostname"
+@@ -180,9 +180,9 @@ proc start_client {testname ccname user password lifetime count
+ 	kinit $user $password $lifetime
+ 
+ 	if {$verbose > 0} {
+-		spawn $CLIENT -a 1 -s 1 -m 1 $PROT $hostname $target $count
++		spawn $CLIENT -a 1 -s 1 -m 1 $PROT $hostname $server_port $target $count
+ 	} else {
+-		spawn $CLIENT $PROT $hostname $target $count
++		spawn $CLIENT $PROT $hostname $server_port $target $count
+ 	}
+ 
+ 	verbose "$testname: client $ccname started"
+diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c
+index c2cb30c..7451558 100644
+--- a/src/lib/rpc/unit-test/server.c
++++ b/src/lib/rpc/unit-test/server.c
+@@ -114,12 +114,13 @@ main(int argc, char **argv)
+ 	  exit(1);
+      }
+      if (!svc_register(transp, RPC_TEST_PROG, RPC_TEST_VERS_1,
+-		       rpc_test_prog_1_svc, prot)) {
++		       rpc_test_prog_1_svc, 0)) {
+ 	  fprintf(stderr,
+ 		  "unable to register (RPC_TEST_PROG, RPC_TEST_VERS_1, %s).",
+ 		  prot == IPPROTO_TCP ? "tcp" : "udp");
+ 	  exit(1);
+      }
++     printf("port: %d\n", (int)transp->xp_port);
+ 
+      if (svcauth_gssapi_set_names(names, 0) == FALSE) {
+ 	  fprintf(stderr, "unable to set gssapi names\n");
diff --git a/krb5.spec b/krb5.spec
index d33d4f0..6d3d4f0 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -30,7 +30,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -75,7 +75,6 @@ Patch105: krb5-kvno-230379.patch
 Patch113: krb5-1.11-alpha1-init.patch
 Patch116: http://ausil.fedorapeople.org/aarch64/krb5/krb5-aarch64.patch
 Patch117: krb5-1.11-gss-client-keytab.patch
-Patch118: krb5-1.11.1-rpcbind.patch
 Patch119: krb5-fast-msg_type.patch
 Patch120: krb5-1.11.2-kpasswd_pingpong.patch
 Patch121: krb5-cccol-primary.patch
@@ -84,6 +83,8 @@ Patch123: krb5-1.11.2-empty_passwords.patch
 Patch124: krb5-1.11.2-arcfour_short.patch
 Patch125: krb5-1.11.2-skew1.patch
 Patch126: krb5-1.11.2-skew2.patch
+Patch127: krb5-master-test_gss_no_udp.patch
+Patch128: krb5-master-test_no_pmap.patch 
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -301,7 +302,6 @@ ln -s NOTICE LICENSE
 %patch113 -p1 -b .init
 %patch116 -p1 -b .aarch64
 %patch117 -p1 -b .gss-client-keytab
-%patch118 -p1 -b .rpcbind
 %patch119 -p1 -b .fast-msg_type
 %patch120 -p1 -b .kpasswd_pingpong
 %patch121 -p1 -b .cccol-primary
@@ -310,6 +310,8 @@ ln -s NOTICE LICENSE
 %patch124 -p1 -b .arcfour_short
 %patch125 -p1 -b .skew1
 %patch126 -p1 -b .skew2
+%patch127 -p1 -b .test_gss_no_udp
+%patch128 -p1 -b .test_no_pmap
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -835,6 +837,11 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-8
+- pull in patches from master to not test GSSRPC-over-UDP and to not
+  depend on the portmapper, which are areas where our build systems
+  often give us trouble, too
+
 * Tue May 28 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-7
 - backport fix for not being able to verify the list of transited realms
   in GSS acceptors (RT#7639, #959685)