upstream/oracle/userland-gate: components/krb5/patches/072-client-keytab-fix.patch@1d033832c5e7 (annotated)

6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	1	#
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	2	# Patch to fix the issue where the token expansion for the default client
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	3	# keytab path could fail and cause a core dump. Now the error is returned to
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	4	# krb5_kt_client_default() but in order for acquire_init_cred() to function
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	5	# properly it has to ignore the error returned by krb5_kt_client_default().
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	6	# This in turn means that a NULL value in the client_keytab field of a cred
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	7	# struct must be handled appropriately.
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	8	#
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	9	# I have submitted a pull request to MIT with these changes
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	10	# https://github.com/krb5/krb5/pull/487
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	11	# The final commit was
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	12	# https://github.com/krb5/krb5/commit/bd2c2a02e22c609b3c7e9f92d6634e151d14e478
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	13	#
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	14	# Patch source: in-house
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	15	#
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	16
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	17	diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	18	--- a/src/include/k5-trace.h
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	19	+++ b/src/include/k5-trace.h
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	20	@@ -180,6 +180,9 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	21	#define TRACE_GIC_PWD_MASTER(c) \
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	22	TRACE(c, "Retrying AS request with master KDC")
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	23
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	24	+#define TRACE_GSS_CLIENT_KEYTAB_FAIL(c, ret) \
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	25	+ TRACE(c, "Unable to resolve default client keytab: {kerr}", ret)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	26	+
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	27	#define TRACE_ENCTYPE_LIST_UNKNOWN(c, profvar, name) \
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	28	TRACE(c, "Unrecognized enctype name in {str}: {str}", profvar, name)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	29
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	30	diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	31	--- a/src/lib/gssapi/krb5/acquire_cred.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	32	+++ b/src/lib/gssapi/krb5/acquire_cred.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	33	@@ -348,6 +348,9 @@ can_get_initial_creds(krb5_context context, krb5_gss_cred_id_rec *cred)
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	34	if (cred->password != NULL)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	35	return TRUE;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	36
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	37	+ if (cred->client_keytab == NULL)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	38	+ return FALSE;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	39	+
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	40	/* If we don't know the client principal yet, check for any keytab keys. */
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	41	if (cred->name == NULL)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	42	return !krb5_kt_have_content(context, cred->client_keytab);
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	43	@@ -522,6 +525,10 @@ get_name_from_client_keytab(krb5_context context, krb5_gss_cred_id_rec *cred)
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	44	krb5_principal princ;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	45
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	46	assert(cred->name == NULL);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	47	+
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	48	+ if (cred->client_keytab == NULL)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	49	+ return KRB5_KT_NOTFOUND;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	50	+
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	51	code = k5_kt_get_principal(context, cred->client_keytab, &princ);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	52	if (code)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	53	return code;
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	54	@@ -601,9 +608,11 @@ get_initial_cred(krb5_context context, krb5_gss_cred_id_rec *cred)
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	55	code = krb5_get_init_creds_password(context, &creds, cred->name->princ,
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	56	cred->password, NULL, NULL, 0,
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	57	NULL, opt);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	58	- } else {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	59	+ } else if (cred->client_keytab != NULL) {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	60	code = krb5_get_init_creds_keytab(context, &creds, cred->name->princ,
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	61	cred->client_keytab, 0, NULL, opt);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	62	+ } else {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	63	+ code = KRB5_KT_NOTFOUND;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	64	}
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	65	if (code)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	66	goto cleanup;
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	67	@@ -680,10 +689,18 @@ acquire_init_cred(krb5_context context,
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	68	goto error;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	69	}
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	70
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	71	- if (client_keytab != NULL)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	72	+ if (client_keytab != NULL) {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	73	code = krb5_kt_dup(context, client_keytab, &cred->client_keytab);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	74	- else
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	75	+ } else {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	76	code = krb5_kt_client_default(context, &cred->client_keytab);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	77	+ if (code) {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	78	+ /* Treat resolution failure similarly to a client keytab which
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	79	+ * resolves but doesn't exist or has no content. */
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	80	+ TRACE_GSS_CLIENT_KEYTAB_FAIL(context, code);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	81	+ krb5_clear_error_message(context);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	82	+ code = 0;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	83	+ }
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	84	+ }
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	85	if (code)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	86	goto error;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	87
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	88	diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	89	--- a/src/lib/gssapi/krb5/iakerb.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	90	+++ b/src/lib/gssapi/krb5/iakerb.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	91	@@ -454,9 +454,11 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	92	if (cred->password != NULL) {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	93	code = krb5_init_creds_set_password(ctx->k5c, ctx->icc,
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	94	cred->password);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	95	- } else {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	96	+ } else if (cred->client_keytab != NULL) {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	97	code = krb5_init_creds_set_keytab(ctx->k5c, ctx->icc,
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	98	cred->client_keytab);
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	99	+ } else {
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	100	+ code = KRB5_KT_NOTFOUND;
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	101	}
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	102	if (code != 0)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	103	goto cleanup;
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	104	diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	105	--- a/src/tests/gssapi/t_client_keytab.py
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	106	+++ b/src/tests/gssapi/t_client_keytab.py
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 6456 diff changeset	107	@@ -141,4 +141,14 @@ if 'No credentials cache found' not in out:
6456 d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	108	fail('Expected error not seen')
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	109	realm.run([kdestroy, '-A'])
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	110
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	111	+# Test 16: default client keytab cannot be resolved, but valid
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	112	+# credentials exist in ccache.
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	113	+conf = {'libdefaults': {'default_client_keytab_name': '%{'}}
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	114	+bad_cktname = realm.special_env('bad_cktname', False, krb5_conf=conf)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	115	+del bad_cktname['KRB5_CLIENT_KTNAME']
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	116	+realm.kinit(realm.user_princ, password('user'))
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	117	+out = realm.run(['./t_ccselect', phost], env=bad_cktname)
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	118	+if realm.user_princ not in out:
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	119	+ fail('Expected principal not seen for bad client keytab name')
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	120	+
d36228d1492b 24299872 libkrb5.so.3.3: k5_expand_path_tokens_extra causes krb5_kt_resolve to dump core Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	121	success('Client keytab tests')

author	Shawn Emery <shawn.emery@oracle.com>
	Tue, 09 Aug 2016 21:10:38 -0700
changeset 6599	1d033832c5e7
parent 6456	d36228d1492b
child 6978	14cbeb78966a
permissions	-rw-r--r--