diff options
| author | Greg Hudson <ghudson@mit.edu> | 2014-03-21 18:07:41 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-03-26 18:12:31 -0400 |
| commit | 54c97cd0c435f78880d80541a20cf7f08928705d (patch) | |
| tree | 2487b4ccf15dcaaaec76fe5969fe28bbcbb274f1 /src/tests | |
| parent | 3890d1dff87a839efec38a77dcc88574ed65f4a9 (diff) | |
Improve salt type display in kadmin getprinc
In krb5_salttype_to_string, output the salt type name we would
recognize as input.
In the output of getprinc, display the enctype and salt type in a form
we would accept--either enctype:salttype if the salt type is not the
default, or just the enctype if it is.
Update t_mkey.py and t_salt.py to expect the new output format.
Update documentation examples to show the new format.
ticket: 5958
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/t_mkey.py | 2 | ||||
| -rwxr-xr-x | src/tests/t_salt.py | 26 |
2 files changed, 13 insertions, 15 deletions
diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py index 3cecabffa..5c90dad9b 100644 --- a/src/tests/t_mkey.py +++ b/src/tests/t_mkey.py @@ -49,7 +49,7 @@ def check_mkey_list(*expected): # Get the K/M principal. Verify that it has the expected mkvno. Each # remaining argment must be a sequence of two elements: an expected # key version and an expected enctype. -keyline_re = re.compile(r'^Key: vno (\d+), (\S+), ') +keyline_re = re.compile(r'^Key: vno (\d+), (\S+)$') def check_master_dbent(expected_mkvno, *expected_keys): outlines = realm.run_kadminl('getprinc K/M').splitlines() mkeyline = [l for l in outlines if l.startswith('MKey: vno ')] diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py index c07a5740f..e468a216f 100755 --- a/src/tests/t_salt.py +++ b/src/tests/t_salt.py @@ -4,28 +4,26 @@ import re realm = K5Realm(create_user=False) -# Check that a non-default salt type applies only to the key it is matched -# with and not to subsequent keys. e1 is a enctype:salt string with -# non-default salt, and e2 is an enctype:salt string with default salt. -# The string argument corresponds to the salt type of e1, and must appear -# exactly once in the getprinc output, corresponding to just the first key. -def test_salt(realm, e1, string, e2): - query = 'ank -e ' + e1 + ',' + e2 + ' -pw password user' +# Check that a non-default salt type applies only to the key it is +# matched with and not to subsequent keys. e1 and e2 are enctypes, +# and salt is a non-default salt type. +def test_salt(realm, e1, salt, e2): + query = 'ank -e %s:%s,%s -pw password user' % (e1, salt, e2) realm.run_kadminl(query) out = realm.run_kadminl('getprinc user') - if len(re.findall(string, out)) != 1: - fail(string + ' present in second enctype or not present') + if len(re.findall(':' + salt, out)) != 1: + fail(salt + ' present in second enctype or not present') realm.run_kadminl('delprinc -force user') # Enctype/salt pairs chosen with non-default salt types. # The enctypes are mostly arbitrary, though afs3 must only be used with des. # We do not enforce that v4 salts must only be used with des, but it seems # like a good idea. -salts = [('des-cbc-crc:afs3', 'AFS version 3'), - ('des3-cbc-sha1:norealm', 'Version 5 - No Realm'), - ('arcfour-hmac:onlyrealm', 'Version 5 - Realm Only'), - ('des-cbc-crc:v4', 'Version 4'), - ('aes128-cts-hmac-sha1-96:special', 'Special')] +salts = [('des-cbc-crc', 'afs3'), + ('des3-cbc-sha1', 'norealm'), + ('arcfour-hmac', 'onlyrealm'), + ('des-cbc-crc', 'v4'), + ('aes128-cts-hmac-sha1-96', 'special')] # These enctypes are chosen to cover the different string-to-key routines. # Omit ":normal" from aes256 to check that salttype defaulting works. second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal', |