s4-auth-tests: Fix test_kerberos with MIT krb
authorJustin Stephenson <jstephen@redhat.com>
Thu, 8 Nov 2018 15:57:48 +0000 (10:57 -0500)
committerAlexander Bokovoy <ab@samba.org>
Sat, 10 Nov 2018 11:48:02 +0000 (12:48 +0100)
When a keytab of type MEMORY is used, the MIT kerberos krb5_kt_add_entry()
library function adds a keytab entry to the beginning of the keytab table,
instead of the end.

This adds a MIT kerberos conditional to reverse iterate through
the keytable entries to address this.

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Nov 10 12:48:02 CET 2018 on sn-devel-144

source4/auth/tests/kerberos.c

index fcc8ac4..7711eac 100644 (file)
@@ -51,6 +51,7 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
 
        code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
        assert_int_equal(code, 0);
+#ifdef SAMBA4_USES_HEIMDAL
        for (i=0; i<num_principals; i++) {
                expect_princ_name[4] = (char)i+48;
                for (j=0; j<num_kvnos; j++) {
@@ -59,6 +60,18 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
                                                  &kt_entry, &cursor);
                        assert_int_equal(code, 0);
                        assert_int_equal(kt_entry.vno, j+1);
+#else
+       /* MIT - For MEMORY type keytabs, krb5_kt_add_entry() adds an
+        * entry to the beginning of the keytab table, not the end */
+       for (i=num_principals-1; i>=0; i--) {
+               expect_princ_name[4] = (char)i+48;
+               for (j=num_kvnos; j>0; j--) {
+                       char *unparsed_name;
+                       code = krb5_kt_next_entry(krb5_ctx, keytab,
+                                                 &kt_entry, &cursor);
+                       assert_int_equal(code, 0);
+                       assert_int_equal(kt_entry.vno, j);
+#endif
                        krb5_unparse_name(krb5_ctx, kt_entry.principal,
                                          &unparsed_name);
                        assert_string_equal(expect_princ_name, unparsed_name);
@@ -72,7 +85,11 @@ static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
 
        code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
        assert_int_equal(code, 0);
+#ifdef SAMBA4_USES_HEIMDAL
        for (i=0; i<num_principals; i++) {
+#else /* MIT - reverse iterate through entries */
+       for (i=num_principals-1; i>=0; i--) {
+#endif
                char *unparsed_name;
                expect_princ_name[4] = (char)i+48;
                code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);