Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The SOURCE and BUILD environment variables have been changed to
C_TAP_SOURCE and C_TAP_BUILD in the new version of c-tap-harness. The
runtests command syntax has changed as well.
Convert all of the old SOURCE and BUILD environment variables to the new
C_TAP_SOURCE and C_TAP_BUILD names.
Add the required -l command line option to specify the test list.
Add the new runtests -v option to run the tests in verbose mode to make
it easier to see which tests failed.
Change-Id: I209a6dc13d6cd1507519234fce1564fc4641e70b
Reviewed-on: https://gerrit.openafs.org/14295
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit "Build tests by default" 68f406436c
changes the build so tests are always built.
On Solaris 10 Update 10 and earlier the build fails because the mkdtemp
function is not available.
Introduce a wrapper 'afstest_mkdtemp' that uses mkdtemp if available,
otherwise uses mktemp/mkdir.
Change-Id: I0118f838ed9a89927e2ddac4cad822574601558a
Reviewed-on: https://gerrit.openafs.org/14243
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The auth/superuser-t test runs an Rx server and client in two child
processes. If the client process tries to contact the server before
the server has started listening on its port, some tests involving
RPCs can fail (notably test 39, "Can run a simple RPC").
Normally if we try to contact a server that's not there, Rx will try
resending its packets a few times, but on Linux with AFS_RXERRQ_ENV,
if the port isn't open at all, we can get an ICMP_PORT_UNREACH error,
which causes the relevant Rx call to die immediately with
RX_CALL_DEAD.
This means that if the auth/superuser-t client is only just a bit
faster than the server starting up, tests can fail, since the server's
port is not open yet.
To avoid this, we can wait until the server's port is open before
starting the client process. To do this, have the server process send
a SIGUSR1 to the parent after rx_Init() is called, and have the parent
process wait for the SIGUSR1 (waiting for a max of 5 seconds before
failing). This should guarantee that the server's port will be open by
the time the client starts running.
Note that before commit 086d1858 (LINUX: Include linux/time.h for
linux/errqueue.h), AFS_RXERRQ_ENV was mistakenly disabled on Linux
3.17+, so this issue was probably not possible on recent Linux before
that commit.
Change-Id: I0032a640b83c24f72c03e7bea100df5bc3d9ed4c
Reviewed-on: https://gerrit.openafs.org/14109
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
The vos tests start a temporary vlserver process, which is problematic
when the local system already has an installed vlserver. Attempt to
temporarily bind a socket to the vlserver port, and if unable to bind
with an EADDRINUSE error, assume the vlserver is already running and
skip these tests.
Change-Id: I1dd3bc4c7ebcd2c7bffc8aca422222a50058090e
Reviewed-on: https://gerrit.openafs.org/14021
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, in tests/volser/vos-t.c we call afs_com_err as
"authname-t", which is clearly a mistake during some code refactoring
(introduced in commit 2ce3fdc5, "tests: Abstract out code to produce a
Ubik client").
We could just change this to "vos-t", but instead of specifying
constant strings everywhere, change this to figure out what the
current command is called, and just use that. Put this code into a new
function, afstest_GetProgname, and convert existing tests to use that
instead of hard-coding the program name given to afs_com_err.
Change-Id: I3ed02c89f93798568783c7d717e8fb2e39dcce14
Reviewed-on: https://gerrit.openafs.org/13991
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, the volser/vos test starts a local vlserver to communicate
with. If the vlserver dies during startup, the spawned 'vos'
subprocesses take forever to run, since we need to wait for our Rx
calls to timeout for every operation.
To make it less annoying to detect and investigate errors that might
cause the vlserver to fail during startup, check if the vlserver dies
right away. We already sleep for 5 seconds when starting the vlserver,
so just check if the pid still exists after those 5 seconds.
Change-Id: I6c33059542fa975e4cb389b718f9da190cd13289
Reviewed-on: https://gerrit.openafs.org/13942
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Fix a few miscellaneous issues with building and running our tests in
objdir builds:
- Our C tests use -I$(srcdir)/../.. in the CFLAGS, so we can #include
<tests/tap/basic.h>. However, basic.h actually gets copied from
src/external/c-tap-harness/tests/tap/ to tests/tap/ during the
build, and so basic.h is available in the objdir, not srcdir. For
objdir builds, this causes building the tests to fail with failing
to find basic.h. Fix this to use TOP_OBJDIR as the include path
instead.
- Our 'make check' in tests/ tries to run ./libwrap; but our cwd will
be in the objdir for objdir builds, and libwrap is a script in our
srcdir. Fix this to run libwrap from the srcdir path.
- In tests/opr/softsig-t, it tries to find the 'softsig-helper' binary
in the same dir as 'softsig-t'. However, softsig-t is just a script
in the srcdir, but softsig-helper is a binary built in the objdir.
Fix this to use the BUILD env var provided by the tests wrapper, by
default.
Change-Id: Iff642613bfc88d0d7e348660dc62f59e6fa8af75
Reviewed-on: https://gerrit.openafs.org/13939
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The return value of asprintf() is the number of bytes printed, or -1 if there
was an error allocating a large enough buffer. In the latter case, the value
of the result string is undefined, and so it cannot be counted on to be NULL.
This change fixes numerous places where the result of asprintf is checked
incorrectly (by examining the output pointer and not the return value) or not
at all.
Change-Id: I9fef14d60c096795d59c42798f3906041fb18c86
Reviewed-on: http://gerrit.openafs.org/9978
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Make afstest_UnlinkTestConfig clean up and remove the specified
directory regardless of which files are present. This means
the function no longer has to track the current state of which
files may be present as tests are added and modified.
A sanity check is added to prevent damage in case the function is
called for an inappropriate directory.
As before, no cleaning is done if the test is run outside of a
"make check".
Change-Id: Idd092040496aaa2566c8693496fefd7d6f247565
Reviewed-on: http://gerrit.openafs.org/9703
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
In the case of a host where gethostbyname is unable to resolve
the hostname, afstest_BuildTestConfig() may return NULL which
can cause several tests to crash.
Add a common function to look out for this condition and use it where
appropriate. When it occurs, the current module is skipped and
the user gets an error message that indicates the configuration
problem.
Change-Id: I7216876eb2424368f415e5759e2b95009ad055b2
Reviewed-on: http://gerrit.openafs.org/9120
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Call the configuration directory cleanup function before exiting
so there are no files left behind, even in case of error.
Add KeyFileExt to the list of files that are removed.
Change-Id: Ie795bef0d44609b36950970244c02a6c6da1a843
Reviewed-on: http://gerrit.openafs.org/8142
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reformat the loopback tests to match our house style - 4 spaces for
first indent, a tab for the second, and so on, opening brace of a
function on a newline, spaces around assignments, and so on.
Change-Id: I54f168ca143e7ff46c9d82289331b8314849f848
Reviewed-on: http://gerrit.openafs.org/8229
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Remove the unused h_errno extern, which in turn removes the need
for disabling strict prototype warnings in the Makefile
Use roken.h, instead of hardcoding system libraries
Change-Id: Ie654c77ff60ed14fc3b659fa3eb527535be71164
Reviewed-on: http://gerrit.openafs.org/8228
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Lots of our tests want to start a test RPC server, and then run
commands against it. Start to abstract out the code to do this
by pulling the code to start a test RPC server into its own
function in the common test directory.
Change-Id: Ie7fa1fa1984113f3722def17a9fd4b98993bd6ff
Reviewed-on: http://gerrit.openafs.org/7584
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Move the token faking code out of superuser-t.c into its own file in
tests/common, so it can be used by other tests.
Change-Id: I7b420250ef974b4b80a8dde692d2666657bb82ca
Reviewed-on: http://gerrit.openafs.org/7259
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The StopVLServer function can be used to stop any server for which
we know the pid. So, rename it as afstest_StopServer to make this
apparent.
Change-Id: Ia5973342e81dc15a698e84e69b314cd6157831f7
Reviewed-on: http://gerrit.openafs.org/7258
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Abstract out the code which the volser test uses to produce a
ubik client so that it can be used to test other ubik services
Change-Id: I800fda9e53ad45c91f3de8eceea387cc011dda3c
Reviewed-on: http://gerrit.openafs.org/7257
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Add krb.conf and krb.excl support to the auth cell configuration
library. Provide a function to determine if the user is local to the
cell. Provide a function to set the local realms during application
initialization. These changes are intended to replace the functions
afs_krb_get_lrealm and afs_is_foreign_ticket_name.
Change-Id: Iba57e9ffc2c958f3a4565a9352ce172189276ce9
Reviewed-on: http://gerrit.openafs.org/5744
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
When creating the test CellServDB, use the IP address of the machine
that we are running on, rather than 127.0.0.1. This makes it possible
to actually start up ubik servers using this CellServDB.
Change-Id: Iec0be80921dd1f01825177562f8a3dcc59400b9a
Reviewed-on: http://gerrit.openafs.org/4808
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Make the code which adds a new (static) DES key to a cell's
configuration generally available, as this will also be useful in
constructing other tests
Change-Id: I5d284016628e9d25a198607ffd6f8f1a63ddf652
Reviewed-on: http://gerrit.openafs.org/4807
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Move code for faking up an OpenAFS configuration directory into its
own "common" directory, as it's going to be of use to more tests than
just those in auth.
Change-Id: I9c80dd66763e222deca98bc7744ff317111c6ed8
Reviewed-on: http://gerrit.openafs.org/4806
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
