krb5 commit: Run KEYRING ccache tests in session wrapper
ghudson at mit.edu
ghudson at mit.edu
Fri Aug 1 19:37:11 EDT 2025
https://github.com/krb5/krb5/commit/820a7277ed1c553d33b2a7f3efb48655fb993b77
commit 820a7277ed1c553d33b2a7f3efb48655fb993b77
Author: Greg Hudson <ghudson at mit.edu>
Date: Sun Jul 27 12:44:16 2025 -0400
Run KEYRING ccache tests in session wrapper
Tests for the KEYRING ccache type can fail if the session keyring has
been revoked. When keyctl is present, run these tests within a keyctl
session wrapper to isolate them from the containing environment's
session keyring.
src/config/pre.in | 1 +
src/configure.ac | 8 ++++++++
src/lib/krb5/ccache/Makefile.in | 4 ++--
src/tests/Makefile.in | 2 +-
4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/config/pre.in b/src/config/pre.in
index 1197c1ffd..6a6a4adbb 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -178,6 +178,7 @@ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
FUZZ_LDFLAGS = @FUZZ_LDFLAGS@
+KEYCTL_SESSION = @KEYCTL_SESSION@
INSTALL=@INSTALL@
INSTALL_STRIP=
diff --git a/src/configure.ac b/src/configure.ac
index bf6cc14c5..7313bc552 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -351,6 +351,14 @@ if test "$with_keyutils" != no; then
fi
fi
+# Check for keyctl. If it is found, define a command prefix for
+# running a command inside a keyring session. Include "env" in the
+# wrapper to allow environment variable settings in the wrapped
+# command.
+AC_CHECK_PROG(KEYCTL,keyctl,keyctl)
+AS_IF([test x"$KEYCTL" != x], [KEYCTL_SESSION="keyctl session - env"])
+AC_SUBST([KEYCTL_SESSION])
+
# The SPAKE preauth plugin currently supports edwards25519 natively,
# and can support three NIST groups using OpenSSL.
HAVE_SPAKE_OPENSSL=no
diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in
index 2864e92b9..449f74bf4 100644
--- a/src/lib/krb5/ccache/Makefile.in
+++ b/src/lib/krb5/ccache/Makefile.in
@@ -145,11 +145,11 @@ t_marshal: $(T_MARSHAL_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ $(T_MARSHAL_OBJS) $(KRB5_BASE_LIBS)
check-unix: t_cc t_marshal
- $(RUN_TEST) ./t_cc
+ $(RUN_TEST) $(KEYCTL_SESSION) ./t_cc
$(RUN_TEST) ./t_marshal testcache
check-pytests: t_cccursor t_cccol
- $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
+ $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
clean-unix::
$(RM) t_cc t_cc.o t_cccursor t_cccursor.o t_cccol t_cccol.o
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 80ac35aac..52c5777b4 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -150,7 +150,7 @@ check-pytests: responder s2p s4u2proxy unlockiter s4u2self
$(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_renprinc.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
+ $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_sesskeynego.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_crossrealm.py $(PYTESTFLAGS)
More information about the cvs-krb5
mailing list