diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-09-13 12:27:04 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-09-13 12:27:16 -0400 |
| commit | d81d68ebd8ade84e240f7d95edf0a562f6931ea2 (patch) | |
| tree | 81d13948ae392081571fa97f60d001cc9cf5a598 /src/tests/gssapi/t_s4u.py | |
| parent | d9af383d069b571457849dea77dbef01ccb55370 (diff) | |
| download | krb5-d81d68ebd8ade84e240f7d95edf0a562f6931ea2.tar.gz krb5-d81d68ebd8ade84e240f7d95edf0a562f6931ea2.tar.xz krb5-d81d68ebd8ade84e240f7d95edf0a562f6931ea2.zip | |
Tidy up GSSAPI test programs
Factor out some common functions used by multiple test programs. Use
a common argument format for importing names (p:princname,
h:hostbasedname, or u:username) and adjust the Python tests to match
it. Use more consistent conventions in test programs and fix some
coding style issues. Normalize how the test programs are built.
Diffstat (limited to 'src/tests/gssapi/t_s4u.py')
| -rw-r--r-- | src/tests/gssapi/t_s4u.py | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py index 4c68c961a..d6a0f2b8d 100644 --- a/src/tests/gssapi/t_s4u.py +++ b/src/tests/gssapi/t_s4u.py @@ -13,6 +13,10 @@ service2 = 'service/2@%s' % realm.realm realm.addprinc(service2) realm.extract_keytab(service2, realm.keytab) +puser = 'p:' + realm.user_princ +pservice1 = 'p:' + service1 +pservice2 = 'p:' + service2 + # Get forwardable creds for service1 in the default cache. realm.kinit(service1, None, ['-f', '-k']) @@ -21,7 +25,7 @@ realm.kinit(service1, None, ['-f', '-k']) # support for allowing it. realm.kinit(realm.user_princ, password('user'), ['-f', '-c', usercache]) output = realm.run_as_server(['./t_s4u2proxy_krb5', usercache, storagecache, - service1, service2], expected_code=1) + pservice1, pservice2], expected_code=1) if ('auth1: ' + realm.user_princ not in output or 'NOT_ALLOWED_TO_DELEGATE' not in output): fail('krb5 -> s4u2proxy') @@ -29,7 +33,7 @@ if ('auth1: ' + realm.user_princ not in output or # Again with SPNEGO. Bug #7045 prevents us from checking the error # message, but we can at least exercise the code. output = realm.run_as_server(['./t_s4u2proxy_krb5', '--spnego', usercache, - storagecache, service1, service2], + storagecache, pservice1, pservice2], expected_code=1) if ('auth1: ' + realm.user_princ not in output): fail('krb5 -> s4u2proxy (SPNEGO)') @@ -39,27 +43,25 @@ if ('auth1: ' + realm.user_princ not in output): # accept_sec_context. realm.kinit(realm.user_princ, password('user'), ['-c', usercache]) output = realm.run_as_server(['./t_s4u2proxy_krb5', usercache, storagecache, - service1, service2]) + pservice1, pservice2]) if 'no credential delegated' not in output: fail('krb5 -> no delegated cred') # Try S4U2Self. Ask for an S4U2Proxy step; this won't happen because # service/1 isn't allowed to get a forwardable S4U2Self ticket. -output = realm.run_as_server(['./t_s4u', realm.user_princ, service2]) -if ('Warning: no delegated credentials handle' not in output or +output = realm.run_as_server(['./t_s4u', puser, pservice2]) +if ('Warning: no delegated cred handle' not in output or 'Source name:\t' + realm.user_princ not in output): fail('s4u2self') -output = realm.run_as_server(['./t_s4u', '--spnego', realm.user_princ, - service2]) -if ('Warning: no delegated credentials handle' not in output or +output = realm.run_as_server(['./t_s4u', '--spnego', puser, pservice2]) +if ('Warning: no delegated cred handle' not in output or 'Source name:\t' + realm.user_princ not in output): fail('s4u2self (SPNEGO)') # Correct that problem and try again. As above, the S4U2Proxy step # won't actually succeed since we don't support that in DB2. realm.run_kadminl('modprinc +ok_to_auth_as_delegate ' + service1) -output = realm.run_as_server(['./t_s4u', realm.user_princ, service2], - expected_code=1) +output = realm.run_as_server(['./t_s4u', puser, pservice2], expected_code=1) if 'NOT_ALLOWED_TO_DELEGATE' not in output: fail('s4u2self') @@ -68,8 +70,8 @@ if 'NOT_ALLOWED_TO_DELEGATE' not in output: # a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred # directly rather than saving and reacquiring it) so bug #7045 does # not apply and we can verify the error message. -output = realm.run_as_server(['./t_s4u', '--spnego', realm.user_princ, - service2], expected_code=1) +output = realm.run_as_server(['./t_s4u', '--spnego', puser, pservice2], + expected_code=1) if 'NOT_ALLOWED_TO_DELEGATE' not in output: fail('s4u2self') |