Run KEYRING ccache tests in session wrapper

Tests for the KEYRING ccache type can fail if the session keyring has
been revoked.  When keyctl is present, run these tests within a keyctl
session wrapper to isolate them from the containing environment's
session keyring.

diff --git a/src/config/pre.in b/src/config/pre.in
index 1197c1ffd6bff50fb6e84cac7ffef6f7aab7bca0..6a6a4adbb179667d4e74fc96fa453bb89a7b463c 100644 (file)
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -178,6 +178,7 @@ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
 LDFLAGS = @LDFLAGS@
 LIBS = @LIBS@
 FUZZ_LDFLAGS = @FUZZ_LDFLAGS@
+KEYCTL_SESSION = @KEYCTL_SESSION@
 
 INSTALL=@INSTALL@
 INSTALL_STRIP=

diff --git a/src/configure.ac b/src/configure.ac
index bf6cc14c5291ddb63c5d830421ff50f7d7bb3000..7313bc5528968f5070c7c152e9714acea3bdcf18 100644 (file)
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -351,6 +351,14 @@ if test "$with_keyutils" != no; then
   fi
 fi
 
+# Check for keyctl.  If it is found, define a command prefix for
+# running a command inside a keyring session.  Include "env" in the
+# wrapper to allow environment variable settings in the wrapped
+# command.
+AC_CHECK_PROG(KEYCTL,keyctl,keyctl)
+AS_IF([test x"$KEYCTL" != x], [KEYCTL_SESSION="keyctl session - env"])
+AC_SUBST([KEYCTL_SESSION])
+
 # The SPAKE preauth plugin currently supports edwards25519 natively,
 # and can support three NIST groups using OpenSSL.
 HAVE_SPAKE_OPENSSL=no

diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in
index 2864e92b9667435902bf8fc27d4ca2ff5f359faf..449f74bf444e6d3ed65bdc0f0eec24103a9c1628 100644 (file)
--- a/src/lib/krb5/ccache/Makefile.in
+++ b/src/lib/krb5/ccache/Makefile.in
@@ -145,11 +145,11 @@ t_marshal: $(T_MARSHAL_OBJS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o $@ $(T_MARSHAL_OBJS) $(KRB5_BASE_LIBS)
 
 check-unix: t_cc t_marshal
-       $(RUN_TEST) ./t_cc
+       $(RUN_TEST) $(KEYCTL_SESSION) ./t_cc
        $(RUN_TEST) ./t_marshal testcache
 
 check-pytests: t_cccursor t_cccol
-       $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
+       $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
 
 clean-unix::
        $(RM) t_cc t_cc.o t_cccursor t_cccursor.o t_cccol t_cccol.o

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 80ac35aacc94e8434a83b28ddcebf553e2bd983d..52c5777b49c1c28c4e4c3f2975ee1a423ef9b5e8 100644 (file)
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -150,7 +150,7 @@ check-pytests: responder s2p s4u2proxy unlockiter s4u2self
        $(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_renprinc.py $(PYTESTFLAGS)
-       $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
+       $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_sesskeynego.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_crossrealm.py $(PYTESTFLAGS)