diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-08-10 13:04:06 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-08-10 13:05:44 -0400 |
| commit | 90da8924df96a682eca6c43ad8e36aeb5ac7ddab (patch) | |
| tree | ec247e6fd08ecc3a8d7fbe72c99e418fe4b6ba19 /src/tests/gssapi/t_gssapi.py | |
| parent | 6b26fec77ab8bb57f56537478c92371490ebc932 (diff) | |
| download | krb5-90da8924df96a682eca6c43ad8e36aeb5ac7ddab.tar.gz krb5-90da8924df96a682eca6c43ad8e36aeb5ac7ddab.tar.xz krb5-90da8924df96a682eca6c43ad8e36aeb5ac7ddab.zip | |
Add tests for gss_inquire_cred
Now that we're doing a kind of deferred credential acquisition for
krb5, the behavior of gss_inquire_cred is a bit more subtle because
(per RFC 2743 section 2.1.4) we have to choose a credential cache or
acceptor name sooner than we would otherwise do so. Add a C program
to invoke gss_acquire_cred/gss_inquire_cred and some Python tests
using it.
Diffstat (limited to 'src/tests/gssapi/t_gssapi.py')
| -rwxr-xr-x | src/tests/gssapi/t_gssapi.py | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index 005d2d2c54..4900bd6c56 100755 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -113,4 +113,47 @@ output = realm.run_as_client(['./t_accname', 'host/-nomatch-', if 'host/-nomatch-' not in output: fail('Expected host/-nomatch- in t_accname output') +realm.stop() + +### Test gss_inquire_cred behavior. + +realm = K5Realm() + +# Test deferred resolution of the default ccache for initiator creds. +output = realm.run_as_client(['./t_inq_cred']) +if realm.user_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.user_princ) +output = realm.run_as_client(['./t_inq_cred', '-k']) +if realm.user_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.user_princ) +output = realm.run_as_client(['./t_inq_cred', '-s']) +if realm.user_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.user_princ) + +# Test picking a name from the keytab for acceptor creds. +output = realm.run_as_client(['./t_inq_cred', '-a']) +if realm.host_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.host_princ) +output = realm.run_as_client(['./t_inq_cred', '-k', '-a']) +if realm.host_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.host_princ) +output = realm.run_as_client(['./t_inq_cred', '-s', '-a']) +if realm.host_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.host_princ) + +# Test client keytab initiation (non-deferred) with a specified name. +realm.extract_keytab(realm.user_princ, realm.client_keytab) +os.remove(realm.ccache) +output = realm.run_as_client(['./t_inq_cred', '-k']) +if realm.user_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.user_princ) + +# Test deferred client keytab initiation and GSS_C_BOTH cred usage. +os.remove(realm.client_keytab) +os.remove(realm.ccache) +shutil.copyfile(realm.keytab, realm.client_keytab) +output = realm.run_as_client(['./t_inq_cred', '-k', '-b']) +if realm.host_princ not in output: + fail('Expected %s in t_inq_cred output' % realm.host_princ) + success('GSSAPI tests') |