diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-12-16 16:55:29 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-12-20 11:45:20 -0500 |
| commit | 966547dfeb011800d4b78b8e5d494813bc80559c (patch) | |
| tree | 4226bd168056336c965a4aa77c845093ef723da3 /src/lib/krb5 | |
| parent | 76c27cf7e3161e0f20f8935d82ae0f2feb77b01a (diff) | |
| download | krb5-966547dfeb011800d4b78b8e5d494813bc80559c.tar.gz krb5-966547dfeb011800d4b78b8e5d494813bc80559c.tar.xz krb5-966547dfeb011800d4b78b8e5d494813bc80559c.zip | |
Simplify k5test.py environments
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/ccache/t_cccol.py | 14 | ||||
| -rw-r--r-- | src/lib/krb5/krb/t_expire_warn.py | 12 | ||||
| -rw-r--r-- | src/lib/krb5/krb/t_in_ccache_patypes.py | 50 | ||||
| -rw-r--r-- | src/lib/krb5/krb/t_vfy_increds.py | 45 |
4 files changed, 57 insertions, 64 deletions
diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py index 8c459ddeb..acd2b6e76 100644 --- a/src/lib/krb5/ccache/t_cccol.py +++ b/src/lib/krb5/ccache/t_cccol.py @@ -16,7 +16,7 @@ realm.kinit('alice', password('alice'), flags=['-c', dalice]) realm.kinit('bob', password('bob'), flags=['-c', dbob]) def cursor_test(testname, args, expected): - outlines = realm.run_as_client(['./t_cccursor'] + args).splitlines() + outlines = realm.run(['./t_cccursor'] + args).splitlines() outlines.sort() expected.sort() if outlines != expected: @@ -37,14 +37,14 @@ cursor_test('filemem', [fccname, mfoo, mbar], [fccname, mfoo, mbar]) cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob, mfoo]) # Test krb5_cccol_have_content. -realm.run_as_client(['./t_cccursor', dccname, 'CONTENT']) -realm.run_as_client(['./t_cccursor', fccname, 'CONTENT']) -realm.run_as_client(['./t_cccursor', realm.ccache, 'CONTENT']) -realm.run_as_client(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1) +realm.run(['./t_cccursor', dccname, 'CONTENT']) +realm.run(['./t_cccursor', fccname, 'CONTENT']) +realm.run(['./t_cccursor', realm.ccache, 'CONTENT']) +realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1) # Make sure FILE doesn't yield a nonexistent default cache. -realm.run_as_client([kdestroy]) +realm.run([kdestroy]) cursor_test('noexist', [], []) -realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'], expected_code=1) +realm.run(['./t_cccursor', fccname, 'CONTENT'], expected_code=1) success('Renewing credentials') diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py index f803b4595..4c9b5cc7a 100644 --- a/src/lib/krb5/krb/t_expire_warn.py +++ b/src/lib/krb5/krb/t_expire_warn.py @@ -34,28 +34,28 @@ realm.run_kadminl('addprinc -pw pass -pwexpire "12 hours" hours') realm.run_kadminl('addprinc -pw pass -pwexpire "3 days" days') # Check for expected prompter warnings when no expire callback is used. -output = realm.run_as_client(['./t_expire_warn', 'noexpire', 'pass', '0']) +output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0']) if output: fail('Unexpected output for noexpire') -output = realm.run_as_client(['./t_expire_warn', 'minutes', 'pass', '0']) +output = realm.run(['./t_expire_warn', 'minutes', 'pass', '0']) if ' less than one hour on ' not in output: fail('Expected warning not seen for minutes') -output = realm.run_as_client(['./t_expire_warn', 'hours', 'pass', '0']) +output = realm.run(['./t_expire_warn', 'hours', 'pass', '0']) if ' hours on ' not in output: fail('Expected warning not seen for hours') -output = realm.run_as_client(['./t_expire_warn', 'days', 'pass', '0']) +output = realm.run(['./t_expire_warn', 'days', 'pass', '0']) if ' days on ' not in output: fail('Expected warning not seen for days') # Check for expected expire callback behavior. These tests are # carefully agnostic about whether the KDC supports last_req fields, # and could be made more specific if last_req support is added. -output = realm.run_as_client(['./t_expire_warn', 'noexpire', 'pass', '1']) +output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1']) if 'password_expiration = 0\n' not in output or \ 'account_expiration = 0\n' not in output or \ 'is_last_req = ' not in output: fail('Expected callback output not seen for noexpire') -output = realm.run_as_client(['./t_expire_warn', 'days', 'pass', '1']) +output = realm.run(['./t_expire_warn', 'days', 'pass', '1']) if 'password_expiration = ' not in output or \ 'password_expiration = 0\n' in output: fail('Expected non-zero password expiration not seen for days') diff --git a/src/lib/krb5/krb/t_in_ccache_patypes.py b/src/lib/krb5/krb/t_in_ccache_patypes.py index f040b8e76..7e3c7b033 100644 --- a/src/lib/krb5/krb/t_in_ccache_patypes.py +++ b/src/lib/krb5/krb/t_in_ccache_patypes.py @@ -33,58 +33,52 @@ realm.run_kadminl('addprinc -pw pass +requires_preauth preauth') # Check that we can get creds without preauth without an in_ccache. This is # the default behavior for kinit. -realm.run_as_client(['./t_in_ccache', 'nopreauth', 'pass']) +realm.run(['./t_in_ccache', 'nopreauth', 'pass']) # Check that we can get creds with preauth without an in_ccache. This is the # default behavior for kinit. -realm.run_as_client(['./t_in_ccache', 'preauth', 'pass']) +realm.run(['./t_in_ccache', 'preauth', 'pass']) # Check that we can get creds while supplying a now-populated input ccache that # doesn't contain any relevant configuration. -realm.run_as_client(['./t_in_ccache', 'nopreauth', 'pass']) -realm.run_as_client(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) +realm.run(['./t_in_ccache', 'nopreauth', 'pass']) +realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) # Check that we can get creds while supplying a now-populated input ccache. -realm.run_as_client(['./t_in_ccache', 'preauth', 'pass']) -realm.run_as_client(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) +realm.run(['./t_in_ccache', 'preauth', 'pass']) +realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) # Check that we can't get creds while specifying patypes that aren't available # in a FAST tunnel while using a FAST tunnel. Expect the client-end # preauth-failed error. -realm.run_as_client(['./t_in_ccache', 'nopreauth', 'pass']) -realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type', '2']) -realm.run_as_client(['./t_in_ccache', '-A', realm.ccache, '-I', realm.ccache, - 'preauth', 'pass'], expected_code=210) +realm.run(['./t_in_ccache', 'nopreauth', 'pass']) +realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '2']) +realm.run(['./t_in_ccache', '-A', realm.ccache, '-I', realm.ccache, + 'preauth', 'pass'], expected_code=210) # Check that we can't get creds while specifying patypes that are only # available in a FAST tunnel while not using a FAST tunnel. Expect the # client-end preauth-failed error. -realm.run_as_client(['./t_in_ccache', 'nopreauth', 'pass']) -realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type', '138']) -realm.run_as_client(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'], - expected_code=210) +realm.run(['./t_in_ccache', 'nopreauth', 'pass']) +realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '138']) +realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'], + expected_code=210) # Check that we can get creds using FAST, and that we end up using # encrypted_challenge when we do. -realm.run_as_client(['./t_in_ccache', 'preauth', 'pass']) -realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type', '138']) -realm.run_as_client(['./t_in_ccache', '-A', realm.ccache, 'preauth', 'pass']) -output = realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type']) +realm.run(['./t_in_ccache', 'preauth', 'pass']) +realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '138']) +realm.run(['./t_in_ccache', '-A', realm.ccache, 'preauth', 'pass']) +output = realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type']) # We should have selected and used encrypted_challenge. if output != '138': fail('Unexpected pa_type value in out_ccache: "%s"' % output) # Check that we can get creds while specifying the right patypes. -realm.run_as_client(['./t_in_ccache', 'nopreauth', 'pass']) -realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type', '2']) -realm.run_as_client(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) -output = realm.run_as_client(['./t_cc_config', '-p', realm.krbtgt_princ, - 'pa_type']) +realm.run(['./t_in_ccache', 'nopreauth', 'pass']) +realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '2']) +realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass']) +output = realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type']) # We should have selected and used encrypted_timestamp. if output != '2': fail('Unexpected pa_type value in out_ccache') diff --git a/src/lib/krb5/krb/t_vfy_increds.py b/src/lib/krb5/krb/t_vfy_increds.py index a06b740fc..a17b4784b 100644 --- a/src/lib/krb5/krb/t_vfy_increds.py +++ b/src/lib/krb5/krb/t_vfy_increds.py @@ -27,20 +27,20 @@ from k5test import * realm = K5Realm() # Verify the default test realm credentials with the default keytab. -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n']) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n']) # Verify after updating the keytab (so the keytab contains an outdated # version 1 key followed by an up-to-date version 2 key). realm.run_kadminl('ktadd ' + realm.host_princ) -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n']) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n']) # Bump the host key without updating the keytab and make sure that # verification fails as we expect it to. realm.run_kadminl('change_password -randkey ' + realm.host_princ) -realm.run_as_server(['./t_vfy_increds'], expected_code=1) -realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) +realm.run(['./t_vfy_increds'], expected_code=1) +realm.run(['./t_vfy_increds', '-n'], expected_code=1) # Simulate a system where the hostname has changed and the keytab # contains host service principals with a hostname that no longer @@ -49,14 +49,14 @@ realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) # test. Verify should succeed, with or without nofail. realm.run_kadminl('addprinc -randkey host/wrong.hostname') realm.run_kadminl('ktadd host/wrong.hostname') -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n']) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n']) # Remove the keytab and verify again. This should succeed if nofail # is not set, and fail if it is set. os.remove(realm.keytab) -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n'], expected_code=1) # Create an empty keytab file and verify again. This simulates a # system where an admin ran "touch krb5.keytab" to work around a @@ -66,8 +66,8 @@ realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) # causing a KRB5_KEYTAB_BADVNO error, so any tightening of the # krb5_verify_init_creds semantics needs to take this into account.) open(realm.keytab, 'w').close() -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n'], expected_code=1) os.remove(realm.keytab) # Add an NFS service principal to keytab. Verify should ignore it by @@ -75,27 +75,26 @@ os.remove(realm.keytab) # when it is specifically requested. realm.run_kadminl('addprinc -randkey ' + realm.nfs_princ) realm.run_kadminl('ktadd ' + realm.nfs_princ) -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) -realm.run_as_server(['./t_vfy_increds', realm.nfs_princ]) -realm.run_as_server(['./t_vfy_increds', '-n', realm.nfs_princ]) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n'], expected_code=1) +realm.run(['./t_vfy_increds', realm.nfs_princ]) +realm.run(['./t_vfy_increds', '-n', realm.nfs_princ]) # Invalidating the NFS keys in the keytab. We should get the same # results with the default principal argument, but verification should # now fail if we request it specifically. realm.run_kadminl('change_password -randkey ' + realm.nfs_princ) -realm.run_as_server(['./t_vfy_increds']) -realm.run_as_server(['./t_vfy_increds', '-n'], expected_code=1) -realm.run_as_server(['./t_vfy_increds', realm.nfs_princ], expected_code=1) -realm.run_as_server(['./t_vfy_increds', '-n', realm.nfs_princ], - expected_code=1) +realm.run(['./t_vfy_increds']) +realm.run(['./t_vfy_increds', '-n'], expected_code=1) +realm.run(['./t_vfy_increds', realm.nfs_princ], expected_code=1) +realm.run(['./t_vfy_increds', '-n', realm.nfs_princ], expected_code=1) # Spot-check that verify_ap_req_nofail works equivalently to the # programmatic nofail option. realm.stop() -conf = { 'server' : { 'libdefaults' : { 'verify_ap_req_nofail' : 'true' } } } +conf = {'libdefaults': {'verify_ap_req_nofail': 'true'}} realm = K5Realm(krb5_conf=conf) os.remove(realm.keytab) -realm.run_as_server(['./t_vfy_increds'], expected_code=1) +realm.run(['./t_vfy_increds'], expected_code=1) success('krb5_verify_init_creds tests') |