Add Kerberos specific GSS-API Extensions #261
Conversation
jborean93
force-pushed
the
krb5-apis
branch
3 times, most recently
from
b011ba7
to
a582dcc
Compare
gssapi/tests/test_raw.py
Outdated
| cls.KRB5_LIB_PATH = cls._get_krb5_lib_path() | ||
|
|
||
| @classmethod | ||
| def _get_krb5_lib_path(cls) -> str: |
There was a problem hiding this comment.
Yeah, this is just giving us your "find the right krb5" problem in the test suite. This won't work right if: libgssapi is statically built, the correct krb5-config isn't first in PATH (e.g. freeBSD), etc..
At the very least, all users of this need to gracefully handle when krb5 isn't found. More generally, testing krb5_import_cred() may just be more trouble than it's worth - right now I'm more inclined to skip it with a note.
Another thought is gss_krb5_copy_ccache() - you elected not to implement this, but I think if you did, we could just treat krb5_ccache as an opaque pointer and test the two function as a unit.
There was a problem hiding this comment.
Yea I couldn't figure out a way to avoid this. I thought at least having it tested in CI is better than no tests at all but if you prefer not to have this logic and just skip that is ok.
Another thought is to just read the value from an env var and skip it if it's not defined. This can allow the test suite to run normally without these tests locally and CI can have it set as we would know the correct paths beforehand. What do you think of that?
Another thought is gss_krb5_copy_ccache() - you elected not to implement this, but I think if you did, we could just treat krb5_ccache as an opaque pointer and test the two function as a unit.
Unfortunately that doesn't help and it has the same problem. gss_krb5_copy_ccache() takes in a pointer to the ccache and it doesn't set the pointer on return so it would also need this same logic to open the ccache using something like ctypes.
There was a problem hiding this comment.
Oh, good point about gss_krb5_copy_ccache(). Will think about the rest.
There was a problem hiding this comment.
I'll set the env var as it is definitely safer and at least keeps the tests running in CI. If you think of another way or want to do something different then let me know.
There was a problem hiding this comment.
The latest commit adds this and sets the env var in the distro specific section of ci/lib-setup.sh.
frozencemetery
force-pushed
the
krb5-apis
branch
2 times, most recently
from
0378a84
to
89545bb
Compare
Adds most of the Kerberos specific GSS-API extension methods. These methods are useful when migrating from the Kerberos API to GSS-API or when needing Kerberos specific functionality that is not exposed in GSS-API. Signed-off-by: Jordan Borean <jborean93@gmail.com> [rharwood@redhat.com: style and grammar things]
frozencemetery
force-pushed
the
krb5-apis
branch
from
89545bb
to
be33336
Compare
|
Thanks for the review! |
Adds some of the Kerberos specific GSS-API extension methods. These
methods are useful when migrating from the Kerberos API to GSS-API or
when needing Kerberos specific functionality that is not exposed in
GSS-API.
Partially fixes #75
Signed-off-by: Jordan Borean jborean93@gmail.com