2 files changed, 28 insertions, 22 deletions

diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py
index e76262566..e6d715cba 100644
--- a/src/lib/krb5/ccache/t_cccol.py
+++ b/src/lib/krb5/ccache/t_cccol.py
@@ -11,30 +11,33 @@ test_keyring = (keyctl is not None and
 # Run the collection test program against each collection-enabled type.
 realm.run(['./t_cccol', 'DIR:' + os.path.join(realm.testdir, 'cc')])
 if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
     # Use the test directory as the collection name to avoid colliding
     # with other build trees.
     cname = realm.testdir
+    col_ringname = '_krb_' + cname
 
     # Remove any keys left behind by previous failed test runs.
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', cname])
-    out = realm.run(['keyctl', 'list', '@u'])
-    if ('keyring: _krb_' + cname + '\n') in out:
-        id = realm.run(['keyctl', 'search', '@u', 'keyring', '_krb_' + cname])
-        realm.run(['keyctl', 'unlink', id.strip(), '@u'])
+    cleanup_keyring('@s', cname)
+    cleanup_keyring('@s', col_ringname)
+    cleanup_keyring('@u', col_ringname)
 
     # Run test program over each subtype, cleaning up as we go.  Don't
     # test the persistent subtype, since it supports only one
     # collection and might be in actual use.
     realm.run(['./t_cccol', 'KEYRING:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:legacy:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:session:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:user:' + cname])
-    id = realm.run(['keyctl', 'search', '@u', 'keyring', '_krb_' + cname])
-    realm.run(['keyctl', 'unlink', id.strip(), '@u'])
+    cleanup_keyring('@u', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:process:abcd'])
     realm.run(['./t_cccol', 'KEYRING:thread:abcd'])
 
@@ -57,8 +60,7 @@ realm.kinit('alice', password('alice'), flags=['-c', dalice])
 realm.kinit('bob', password('bob'), flags=['-c', dbob])
 
 if test_keyring:
-    cname = realm.testdir
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     krccname = 'KEYRING:session:' + cname
     kruser = '%s:tkt1' % krccname
     kralice = '%s:tkt2' % krccname
@@ -105,7 +107,7 @@ realm.run(['./t_cccursor', realm.ccache, 'CONTENT'])
 realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
 if test_keyring:
     realm.run(['./t_cccursor', krccname, 'CONTENT'])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
 # Make sure FILE doesn't yield a nonexistent default cache.
 realm.run([kdestroy])
diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py
index eedd29af8..dd20e1139 100644
--- a/src/tests/t_ccache.py
+++ b/src/tests/t_ccache.py
@@ -85,13 +85,20 @@ def collection_test(realm, ccname):
 
 collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc'))
 if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
     # Use realm.testdir as the collection name to avoid conflicts with
     # other build trees.
     cname = realm.testdir
+    col_ringname = '_krb_' + cname
 
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     collection_test(realm, 'KEYRING:session:' + cname)
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
     # Test legacy keyring cache linkage.
     realm.env['KRB5CCNAME'] = 'KEYRING:' + cname
@@ -108,12 +115,10 @@ if test_keyring:
     # Remove the collection keyring.  When the collection is
     # reinitialized, the legacy cache should reappear inside it
     # automatically as the primary cache.
-    out = realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
-    if 'purged 1 keys' not in out:
-        fail('Could not purge collection keyring')
+    cleanup_keyring('@s', col_ringname)
     out = realm.run([klist])
     if realm.user_princ not in out:
-        fail('Cannot see legacy cache after purging collection')
+        fail('Cannot see legacy cache after removing collection')
     coll_id = realm.run([keyctl, 'search', '@s', 'keyring', '_krb_' + cname])
     out = realm.run([keyctl, 'list', coll_id.strip()])
     if (id.strip() + ':') not in out:
@@ -121,8 +126,7 @@ if test_keyring:
     # Destroy the cache and check that it is unlinked from the session keyring.
     realm.run([kdestroy])
     realm.run([keyctl, 'search', '@s', 'keyring', cname], expected_code=1)
-    # Clean up the collection key.
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
 # Test parameter expansion in default_ccache_name
 realm.stop()