From 0b8c4dbb9e0c91bfeaf1501a17a11de8fae4f6eb Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Sat, 24 Oct 2015 00:41:23 +0300
Subject: [PATCH 1/3] selftest: Avoid system krb5.conf in testenv provisioning

Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 63c891938a2d3e1c222898d6dea5c640822b0191)
---
 selftest/target/Samba4.pm | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 16d4b28..c32830d 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -646,6 +646,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
 	$ctx->{smb_conf_extra_options} = "";
 
 	my @provision_options = ();
+	push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_config}\"");
 	push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
 	push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
 	push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
@@ -896,14 +897,18 @@ sub provision_raw_step2($$$)
 	}
 
 	my $testallowed_account = "testallowed";
-	my $samba_tool_cmd = Samba::bindir_path($self, "samba-tool") 
+	my $samba_tool_cmd = "";
+	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
 	    . " user add --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}";
 	unless (system($samba_tool_cmd) == 0) {
 		warn("Unable to add testallowed user: \n$samba_tool_cmd\n");
 		return undef;
 	}
 
-	my $ldbmodify = Samba::bindir_path($self, "ldbmodify");
+	my $ldbmodify = "";
+	$ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+	$ldbmodify .= Samba::bindir_path($self, "ldbmodify");
 	my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
 
 	if ($ctx->{server_role} ne "domain controller") {
@@ -932,7 +937,9 @@ servicePrincipalName: host/testallowed
 ";
 	close(LDIF);
 
-	$samba_tool_cmd = Samba::bindir_path($self, "samba-tool") 
+	$samba_tool_cmd = "";
+	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
 	    . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
 	unless (system($samba_tool_cmd) == 0) {
 		warn("Unable to add testdenied user: \n$samba_tool_cmd\n");
@@ -949,7 +956,9 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
 ";
 	close(LDIF);
 
-	$samba_tool_cmd = Samba::bindir_path($self, "samba-tool") 
+	$samba_tool_cmd = "";
+	$samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+	$samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
 	    . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'";
 	unless (system($samba_tool_cmd) == 0) {
 		warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n");
-- 
2.4.3


From 75301643bcc03a4470061429b149e5f882e5df11 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Sun, 25 Oct 2015 15:02:17 +0200
Subject: [PATCH 2/3] selftest: Avoid system krb5.conf in some test envs that
 don't use kerberos

Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 8d3106b1a4d9da5bf8b127fa70a77076d3dfeca8)
---
 selftest/target/Samba3.pm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 32f8f3d..774d7a0 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -172,6 +172,13 @@ sub setup_env($$$)
 	        return $self->{vars}->{$envname};
 	}
 
+	#
+	# Avoid hitting system krb5.conf -
+	# An env that needs Kerberos will reset this to the real
+	# value.
+	#
+	$ENV{KRB5_CONFIG} = "$path/no_krb5.conf";
+
 	if ($envname eq "nt4_dc") {
 		return $self->setup_nt4_dc("$path/nt4_dc");
 	} elsif ($envname eq "nt4_dc_schannel") {
@@ -1610,6 +1617,13 @@ domadmins:X:$gid_domadmins:
 	$ret{LOCAL_PATH} = "$shrdir";
         $ret{LOGDIR} = $logdir;
 
+	#
+	# Avoid hitting system krb5.conf -
+	# An env that needs Kerberos will reset this to the real
+	# value.
+	#
+	$ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf";
+
 	return \%ret;
 }
 
-- 
2.4.3


From 833c2de95aecbf9aa49b2868cd962bb125c06f3e Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Mon, 26 Oct 2015 07:38:08 +0200
Subject: [PATCH 3/3] selftest: Avoid system krb5.conf in "none" test env

Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit f9d6be3b749313a03e9097d848ce078f19197a0a)
---
 selftest/selftest.pl      |  5 +----
 selftest/target/Samba4.pm | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 779847f..db5da05 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -831,9 +831,7 @@ sub setup_env($$)
 
 	$option = "client" if $option eq "";
 
-	if ($envname eq "none") {
-		$testenv_vars = {};
-	} elsif (defined(get_running_env($envname))) {
+	if (defined(get_running_env($envname))) {
 		$testenv_vars = get_running_env($envname);
 		if (not $testenv_vars->{target}->check_env($testenv_vars)) {
 			print $testenv_vars->{target}->getlog_env($testenv_vars);
@@ -901,7 +899,6 @@ sub getlog_env($)
 sub check_env($)
 {
 	my ($envname) = @_;
-	return 1 if ($envname eq "none");
 	my $env = get_running_env($envname);
 	return $env->{target}->check_env($env);
 }
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c32830d..65308e2 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1999,8 +1999,11 @@ sub getlog_env($$)
 sub check_env($$)
 {
 	my ($self, $envvars) = @_;
+	my $samba_pid = $envvars->{SAMBA_PID};
 
-	my $childpid = Samba::cleanup_child($envvars->{SAMBA_PID}, "samba");
+	return 1 if $samba_pid == -1;
+
+	my $childpid = Samba::cleanup_child($samba_pid, "samba");
 
 	return ($childpid == 0);
 }
@@ -2077,6 +2080,8 @@ sub setup_env($$$)
 		}
 		return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
 							$self->{vars}->{ad_dc_ntvfs}, 34);
+	} elsif ($envname eq "none") {
+		return $self->setup_none("$path/none");
 	} else {
 		return "UNKNOWN";
 	}
@@ -2479,4 +2484,14 @@ sub setup_ad_dc($$)
 	return $env;
 }
 
+sub setup_none($$)
+{
+	my ($self, $path) = @_;
+
+	my $ret = {
+		KRB5_CONFIG => abs_path($path) . "/no_krb5.conf",
+		SAMBA_PID => -1,
+	}
+}
+
 1;
-- 
2.4.3