diff options
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/Makefile.in | 1 | ||||
| -rw-r--r-- | src/tests/t_anonpkinit.py | 34 | ||||
| -rwxr-xr-x | src/tests/t_general.py | 48 |
3 files changed, 83 insertions, 0 deletions
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 87098c66f..713dd17b2 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -2,6 +2,7 @@ mydir=tests BUILDTOP=$(REL).. SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \ gss-threads misc mkeystash_compat +PYTESTS = t_general.py t_anonpkinit.py RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf KRB5_RUN_ENV= @KRB5_RUN_ENV@ diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py new file mode 100644 index 000000000..4ed03d974 --- /dev/null +++ b/src/tests/t_anonpkinit.py @@ -0,0 +1,34 @@ +#!/usr/bin/python +from k5test import * + +# Skip this test if pkinit wasn't built. +if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')): + success() + exit(0) + +# Construct a krb5.conf fragment configuring pkinit. +certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs') +ca_pem = os.path.join(certs, 'ca.pem') +kdc_pem = os.path.join(certs, 'kdc.pem') +privkey_pem = os.path.join(certs, 'privkey.pem') +pkinit_krb5_conf = { + 'all' : { + 'libdefaults' : { + 'pkinit_anchors' : 'FILE:' + ca_pem + }, + 'realms' : { + '$realm' : { + 'pkinit_anchors' : 'FILE:%s' % ca_pem, + 'pkinit_identity' : 'FILE:%s,%s' % (kdc_pem, privkey_pem), + } + } + } +} + +realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False, + create_host=False) +realm.addprinc('WELLKNOWN/ANONYMOUS') +realm.kinit('@%s' % realm.realm, flags=['-n']) +realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS') + +success() diff --git a/src/tests/t_general.py b/src/tests/t_general.py new file mode 100755 index 000000000..fb0649d57 --- /dev/null +++ b/src/tests/t_general.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +from k5test import * + +for realm in multipass_realms(create_host=False): + # Create a policy and see if it survives a dump/load. + realm.run_kadminl('addpol fred') + dumpfile = os.path.join(realm.testdir, 'dump') + realm.run_as_master([kdb5_util, 'dump', dumpfile]) + realm.run_as_master([kdb5_util, 'load', dumpfile]) + output = realm.run_kadminl('getpols') + if 'fred\n' not in output: + fail('Policy not preserved across dump/load.') + + # Check that kinit fails appropriatel with the wrong password. + output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n', + expected_code=1) + if 'Password incorrect while getting initial credentials' not in output: + fail('Expected error message not seen in kinit output') + + # Check that we can kinit as a different principal. + realm.kinit(realm.admin_princ, password('admin')) + realm.klist(realm.admin_princ) + + # Test FAST kinit. + fastpw = password('fast') + realm.run_kadminl('ank -pw %s +requires_preauth user/fast' % fastpw) + realm.kinit('user/fast', fastpw) + realm.kinit('user/fast', fastpw, flags=['-T', realm.ccache]) + realm.klist('user/fast@%s' % realm.realm) + + # Test kdestroy and klist of a non-existent ccache. + realm.run_as_client([kdestroy]) + output = realm.run_as_client([klist], expected_code=1) + if 'No credentials cache found' not in output: + fail('Expected error message not seen in klist output') + + # Test handling of kvno values beyond 255. + princ = 'foo/bar@%s' % realm.realm + realm.addprinc(princ) + realm.run_kadminl('modprinc -kvno 252 %s' % princ) + for kvno in range(253, 259): + realm.run_kadminl('ktadd -k %s %s' % (realm.keytab, princ)) + realm.klist_keytab(princ) + output = realm.run_kadminl('getprinc %s' % princ) + if 'Key: vno 258,' not in output: + fail('Expected vno not seen in kadmin.local output') + +success() |