winkerberos icon indicating copy to clipboard operation
winkerberos copied to clipboard
verified publisher icon mongodb

Add tests for the server side API

Open behackett opened this issue 6 years ago • 7 comments

Now that we have a server side API (added in #20) we need to add tests for it. Preferably, the client and server sides can start testing one another, removing the current MongoDB specific test suite.

behackett avatar Feb 12 '19 19:02 behackett

@wokis can you provide some hints for testing the server side API? Particularly any configuration changes you had to make to the dev machine, like running setspn to configure the server principal name, etc.

behackett avatar Feb 13 '19 23:02 behackett

I noticed that the spn passed to authGSSServerInit isn't actually used anywhere. Looking at other implementations, it seems that the spn should be passed to the principal field in AcquireCredentialsHandle (unlike on the client side where that parameter doesn't do anything at all). When using the code as provided I can test the client and server against one another, but the step functions never return AUTH_GSS_COMPLETE and eventually the server step function raises "The logon attempt failed". After changing the code to pass the spn, authGSSServerInit fails with "No credentials are available in the security package". I assume that's because I don't have the spn configured using setspn.

behackett avatar Feb 13 '19 23:02 behackett

@behackett I would really appreciate if 0.8 got released soon because I need the features that got added in this release.

This seems to be the only issue left in the milestone for 0.8.

Yrlish avatar May 29 '19 07:05 Yrlish

@Yrlish what features were added that you need?

behackett avatar May 29 '19 18:05 behackett

The server side stuff

Yrlish avatar May 29 '19 18:05 Yrlish

Good to hear. As you can probably tell from this ticket I have no environment to test the server side code in. If you can confirm that it works for you I'll release it as experimental.

behackett avatar May 29 '19 18:05 behackett

How would a dev machine be set up to be able to test the server-side stuff?

I currently have a Windows 10 machine joined to a AD domain. I have local admin on the Windows 10 machine. I do not have admin access to AD.

setspn -L gives the following output:

> setspn -L %COMPUTERNAME%
Registered ServicePrincipalNames for CN=...:
        WSMAN/hostname.domain.com
        WSMAN/hostname
        CmRcService/hostname
        CmRcService/hostname.domain.com
        TERMSRV/hostname
        TERMSRV/hostname.domain.com
        RestrictedKrbHost/hostname
        HOST/hostname
        RestrictedKrbHost/hostname.domain.com
        HOST/hostname.domain.com

Given my config, would I be able to write and run tests for the server-side stuff? @behackett ? @wokis ?

codeape2 avatar Jun 11 '19 08:06 codeape2