Commit Graph

6 Commits

Author SHA1 Message Date
Luca Boccassi
b239d99a2c Problem: test_security_gssapi does not close messages
Solution: do it to avoid leaks. Even though they are below 33 bytes so
it's all allocated on the stack, the small message size might change in
the future.
2017-08-20 11:54:49 +01:00
Luca Boccassi
cd09065c8a Problem: test_security_gssapi expects wrong event
Solution: fix it
2017-08-20 11:54:13 +01:00
Luca Boccassi
5b1c0cd0ac Problem: test_security_gssapi fails to build
Solution: monitor new events only if DRAFT APIs are enabled, and
convert to new event types. Same for DRAFT socket options.
2017-08-18 16:56:36 +01:00
Luca Boccassi
330856daec Problem: double definition in test_security_gssapi
Solution: remove the second one to fix build failure
2017-08-18 16:28:03 +01:00
Luca Boccassi
5934919f3e Problem: tests bind to hardcoded TCP ports
Solution: use ZMQ_LAST_ENDPOINT in most places. This alllows running
tests in paralle, and on over-booked shared machines where many of
the ports would be already in use.
Keep 3 tests with an hardcoded port, as there are some code paths that
require it (eg: connect before bind), but list those ports in
tests/testutil.hpp as macros so that they do not overlap and still
allow parallel runs.

These changes were inspired by a patch uploaded to Ubuntu by the
package maintainer, Steve Langasek <steve.langasek@ubuntu.com>.
Thank you Steve!
2017-05-01 22:57:05 +01:00
Jim Garlick
edd6b0ad01 gssapi: add a basic test for GSSAPI security
Problem: there is no test coverage for GSSAPI.

Solution: add a test structured like the CURVE test.

The test is not built if libzmq is not configured with
--with-libgssapi_krb5. It will report SKIPPED status
if the required environment is missing (see below).

Environment:  KRB5_KTNAME and KRB5_CLIENT_KTNAME
environment variables must point to a keytab file
containing creds for a host-based test principal
(see comment at top of source for details).
Kerberos must be configured and a KDC containing the
test principal must be running, otherwise the test
will fail/hang.

N.B. For now, the test must use the same principal for
both client and server roles because it seems impossible
to set them to different principals when they are
threads in the same process.  Once one principal is
cached in credential cache, attempts to acquire creds
for a different "desired name" seem to be ignored and
the cached principal is used instead.
2017-04-26 09:31:21 -07:00