of service attack via the Kerberos string to key function. Thanks to
Florian Best for pointing out this issue and suggesting a good fix.
+ Ensure the module/basic test will run properly when the system
+ krb5.conf file does not specify a default realm. Reported by TBK.
+
Update to rra-c-util 8.2:
* Fix support for configuring the test suite with a krb5.conf file.
# which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
#
# Written by Russ Allbery <eagle@eyrie.org>
-# Copyright 2016 Russ Allbery <eagle@eyrie.org>
+# Copyright 2016, 2020 Russ Allbery <eagle@eyrie.org>
# Copyright 2006-2008, 2010-2011
# The Board of Trustees of the Leland Stanford Junior University
#
{ if (skip == 0) print }
' "$krb5conf" > tmp/krb5.conf.tmp
if [ -n "$realm" ] ; then
- sed -e "s/\\(default_realm.*=\\) .*/\\1 $realm/" \
- tmp/krb5.conf.tmp > tmp/krb5.conf
+ pattern='^[ ]*default_realm.*='
+ if grep "$pattern" tmp/krb5.conf.tmp >/dev/null 2>/dev/null; then
+ sed -e "s/\\(default_realm.*=\\) .*/\\1 $realm/" \
+ tmp/krb5.conf.tmp >tmp/krb5.conf
+ else
+ (
+ cat tmp/krb5.conf.tmp
+ echo "[libdefaults]"
+ echo " default_realm = $realm"
+ ) >tmp/krb5.conf
+ fi
rm tmp/krb5.conf.tmp
else
mv tmp/krb5.conf.tmp tmp/krb5.conf
#include <tests/fakepam/script.h>
#include <tests/tap/basic.h>
+#include <tests/tap/kerberos.h>
int
plan_lazy();
+ /*
+ * Generate a testing krb5.conf file with a nonexistent default realm so
+ * that this test will run on any system.
+ */
+ kerberos_generate_conf("bogus.example.com");
+
/* Attempt login as the root user to test ignore_root. */
memset(&config, 0, sizeof(config));
config.user = "root";