Python test framework

Add a framework for writing tests in Python.  Documentation is in the
initial docstring of util/k5test.py.  Inaugurate the framework with
two test scripts, t_general.py and t_anonypkinit.py, which together
test the same operations as standalone.exp from the dejagnu test
suite.

ticket: 6672

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23763 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 83 insertions, 0 deletions

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 87098c66fd..713dd17b24 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -2,6 +2,7 @@ mydir=tests
 BUILDTOP=$(REL)..
 SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
 	gss-threads misc mkeystash_compat
+PYTESTS = t_general.py t_anonpkinit.py
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
 KRB5_RUN_ENV= @KRB5_RUN_ENV@
diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py
new file mode 100644
index 0000000000..4ed03d9744
--- /dev/null
+++ b/src/tests/t_anonpkinit.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python
+from k5test import *
+
+# Skip this test if pkinit wasn't built.
+if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
+    success()
+    exit(0)
+
+# Construct a krb5.conf fragment configuring pkinit.
+certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')
+ca_pem = os.path.join(certs, 'ca.pem')
+kdc_pem = os.path.join(certs, 'kdc.pem')
+privkey_pem = os.path.join(certs, 'privkey.pem')
+pkinit_krb5_conf = {
+    'all' : {
+        'libdefaults' : {
+            'pkinit_anchors' : 'FILE:' + ca_pem
+        },
+        'realms' : {
+            '$realm' : {
+                'pkinit_anchors' : 'FILE:%s' % ca_pem,
+                'pkinit_identity' : 'FILE:%s,%s' % (kdc_pem, privkey_pem),
+            }
+        }
+    }
+}
+
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False,
+                create_host=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
+
+success()
diff --git a/src/tests/t_general.py b/src/tests/t_general.py
new file mode 100755
index 0000000000..fb0649d57c
--- /dev/null
+++ b/src/tests/t_general.py
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+from k5test import *
+
+for realm in multipass_realms(create_host=False):
+    # Create a policy and see if it survives a dump/load.
+    realm.run_kadminl('addpol fred')
+    dumpfile = os.path.join(realm.testdir, 'dump')
+    realm.run_as_master([kdb5_util, 'dump', dumpfile])
+    realm.run_as_master([kdb5_util, 'load', dumpfile])
+    output = realm.run_kadminl('getpols')
+    if 'fred\n' not in output:
+        fail('Policy not preserved across dump/load.')
+
+    # Check that kinit fails appropriatel with the wrong password.
+    output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n',
+                                 expected_code=1)
+    if 'Password incorrect while getting initial credentials' not in output:
+        fail('Expected error message not seen in kinit output')
+
+    # Check that we can kinit as a different principal.
+    realm.kinit(realm.admin_princ, password('admin'))
+    realm.klist(realm.admin_princ)
+
+    # Test FAST kinit.
+    fastpw = password('fast')
+    realm.run_kadminl('ank -pw %s +requires_preauth user/fast' % fastpw)
+    realm.kinit('user/fast', fastpw)
+    realm.kinit('user/fast', fastpw, flags=['-T', realm.ccache])
+    realm.klist('user/fast@%s' % realm.realm)
+
+    # Test kdestroy and klist of a non-existent ccache.
+    realm.run_as_client([kdestroy])
+    output = realm.run_as_client([klist], expected_code=1)
+    if 'No credentials cache found' not in output:
+        fail('Expected error message not seen in klist output')
+
+    # Test handling of kvno values beyond 255.
+    princ = 'foo/bar@%s' % realm.realm
+    realm.addprinc(princ)
+    realm.run_kadminl('modprinc -kvno 252 %s' % princ)
+    for kvno in range(253, 259):
+        realm.run_kadminl('ktadd -k %s %s' % (realm.keytab, princ))
+        realm.klist_keytab(princ)
+    output = realm.run_kadminl('getprinc %s' % princ)
+    if 'Key: vno 258,' not in output:
+        fail('Expected vno not seen in kadmin.local output')
+
+success()