diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-12-16 16:55:29 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-12-20 11:45:20 -0500 |
commit | 966547dfeb011800d4b78b8e5d494813bc80559c (patch) | |
tree | 4226bd168056336c965a4aa77c845093ef723da3 /src/tests/t_sesskeynego.py | |
parent | 76c27cf7e3161e0f20f8935d82ae0f2feb77b01a (diff) | |
download | krb5-966547dfeb011800d4b78b8e5d494813bc80559c.tar.gz krb5-966547dfeb011800d4b78b8e5d494813bc80559c.tar.xz krb5-966547dfeb011800d4b78b8e5d494813bc80559c.zip |
Simplify k5test.py environments
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
Diffstat (limited to 'src/tests/t_sesskeynego.py')
-rw-r--r-- | src/tests/t_sesskeynego.py | 44 |
1 files changed, 18 insertions, 26 deletions
diff --git a/src/tests/t_sesskeynego.py b/src/tests/t_sesskeynego.py index 9239e12544..3a4a81452f 100644 --- a/src/tests/t_sesskeynego.py +++ b/src/tests/t_sesskeynego.py @@ -8,8 +8,8 @@ etypes_re = re.compile(r'server@[^\n]+\n\tEtype \(skey, tkt\): ' '([^,]+), ([^\s]+)') def test_kvno(realm, expected_skey, expected_tkt): realm.kinit(realm.user_princ, password('user')) - realm.run_as_client([kvno, 'server']) - output = realm.run_as_client([klist, '-e']) + realm.run([kvno, 'server']) + output = realm.run([klist, '-e']) m = etypes_re.search(output) if not m: fail('could not parse etypes from klist -e output') @@ -19,29 +19,21 @@ def test_kvno(realm, expected_skey, expected_tkt): if tkt != expected_tkt: fail('got ticket key type %s, expected %s' % (tkt, expected_tkt)) -krb5_conf1 = {'all': {'libdefaults': { - 'default_tgs_enctypes': 'aes128-cts,aes256-cts'}}} - -krb5_conf2 = {'all': {'libdefaults': { - 'default_tgs_enctypes': 'aes256-cts,aes128-cts'}}} - -krb5_conf3 = {'all': {'libdefaults': { - 'allow_weak_crypto': 'true', - 'default_tkt_enctypes': 'aes128-cts', - 'default_tgs_enctypes': 'rc4-hmac,aes128-cts,des-cbc-crc'}}} - -krb5_conf4 = {'all' :{ - 'libdefaults': { - 'allow_weak_crypto': 'true', - 'default_tkt_enctypes': 'aes256-cts', - 'default_tgs_enctypes': 'des-cbc-crc,rc4-hmac,aes256-cts' - }, - 'realms': {'$realm': { - 'des_crc_session_supported' : 'false'}}}} +conf1 = {'libdefaults': {'default_tgs_enctypes': 'aes128-cts,aes256-cts'}} +conf2 = {'libdefaults': {'default_tgs_enctypes': 'aes256-cts,aes128-cts'}} +conf3 = {'libdefaults': { + 'allow_weak_crypto': 'true', + 'default_tkt_enctypes': 'aes128-cts', + 'default_tgs_enctypes': 'rc4-hmac,aes128-cts,des-cbc-crc'}} +conf4 = {'libdefaults': { + 'allow_weak_crypto': 'true', + 'default_tkt_enctypes': 'aes256-cts', + 'default_tgs_enctypes': 'des-cbc-crc,rc4-hmac,aes256-cts'}, + 'realms': {'$realm': {'des_crc_session_supported': 'false'}}} # Test with client request and session_enctypes preferring aes128, but # aes256 long-term key. -realm = K5Realm(krb5_conf=krb5_conf1, create_host=False, get_creds=False) +realm = K5Realm(krb5_conf=conf1, create_host=False, get_creds=False) realm.run_kadminl('addprinc -randkey -e aes256-cts:normal server') realm.run_kadminl('setstr server session_enctypes aes128-cts,aes256-cts') test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') @@ -50,14 +42,14 @@ realm.stop() # Second go, almost same as first, but resulting session key must be aes256 # because of the difference in default_tgs_enctypes order. This tests that # session_enctypes doesn't change the order in which we negotiate. -realm = K5Realm(krb5_conf=krb5_conf2, create_host=False, get_creds=False) +realm = K5Realm(krb5_conf=conf2, create_host=False, get_creds=False) realm.run_kadminl('addprinc -randkey -e aes256-cts:normal server') realm.run_kadminl('setstr server session_enctypes aes128-cts,aes256-cts') test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') realm.stop() -# Next we use krb5_conf3 and try various things. -realm = K5Realm(krb5_conf=krb5_conf3, create_host=False, get_creds=False) +# Next we use conf3 and try various things. +realm = K5Realm(krb5_conf=conf3, create_host=False, get_creds=False) realm.run_kadminl('addprinc -randkey -e aes256-cts:normal server') # 3a: Negotiate aes128 session key when principal only has aes256 long-term. @@ -75,7 +67,7 @@ test_kvno(realm, 'des-cbc-crc', 'aes256-cts-hmac-sha1-96') realm.stop() # Last go: test that we can disable the des-cbc-crc assumption -realm = K5Realm(krb5_conf=krb5_conf4, get_creds=False) +realm = K5Realm(krb5_conf=conf4, get_creds=False) realm.run_kadminl('addprinc -randkey -e aes256-cts:normal server') test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') realm.stop() |