Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/clients/kvno/t_kvno.py
34889 views
1
from k5test import *

2


3
realm = K5Realm()

4


5
def check_cache(ccache, expected_services):

6
    # Fetch the klist output and skip past the header.

7
    lines = realm.run([klist, '-c', ccache]).splitlines()

8
    lines = lines[4:]

9


10
    # For each line not beginning with an indent, match against the

11
    # expected service principals.

12
    svcs = {x: True for x in expected_services}

13
    for l in lines:

14
        if not l.startswith('\t'):

15
            svcprinc = l.split()[4]

16
            if svcprinc in svcs:

17
                del svcs[svcprinc]

18
            else:

19
                fail('unexpected service princ ' + svcprinc)

20


21
    if svcs:

22
        fail('services not found in klist output: ' + ' '.join(svcs.keys()))

23


24


25
mark('no options')

26
realm.run([kvno, realm.user_princ], expected_msg='[email protected]: kvno = 1')

27
check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])

28


29
mark('-e')

30
msgs = ('etypes requested in TGS request: camellia128-cts',

31
        '/KDC has no support for encryption type')

32
realm.run([kvno, '-e', 'camellia128-cts', realm.host_princ],

33
          expected_code=1, expected_trace=msgs)

34


35
mark('--cached-only')

36
realm.run([kvno, '--cached-only', realm.user_princ], expected_msg='kvno = 1')

37
realm.run([kvno, '--cached-only', realm.host_princ],

38
          expected_code=1, expected_msg='Matching credential not found')

39
check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])

40


41
mark('--no-store')

42
realm.run([kvno, '--no-store', realm.host_princ], expected_msg='kvno = 1')

43
check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])

44


45
mark('--out-cache') # and multiple services

46
out_ccache = os.path.join(realm.testdir, 'ccache.out')

47
realm.run([kvno, '--out-cache', out_ccache,

48
           realm.host_princ, realm.admin_princ])

49
check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])

50
check_cache(out_ccache, [realm.host_princ, realm.admin_princ])

51


52
mark('--out-cache --cached-only') # tests out-cache overwriting, and -q

53
realm.run([kvno, '--out-cache', out_ccache, '--cached-only', realm.host_princ],

54
          expected_code=1, expected_msg='Matching credential not found')

55
out = realm.run([kvno, '-q', '--out-cache', out_ccache, '--cached-only',

56
                 realm.user_princ])

57
if out:

58
    fail('unexpected kvno output with -q')

59
check_cache(out_ccache, [realm.user_princ])

60


61
mark('-U') # and -c

62
svc_ccache = os.path.join(realm.testdir, 'ccache.svc')

63
realm.run([kinit, '-k', '-c', svc_ccache, realm.host_princ])

64
realm.run([kvno, '-c', svc_ccache, '-U', 'user', realm.host_princ])

65
realm.run([klist, '-c', svc_ccache], expected_msg='for client user@')

66
realm.run([kvno, '-c', svc_ccache, '-U', 'user', '--out-cache', out_ccache,

67
           realm.host_princ])

68
out = realm.run([klist, '-c', out_ccache])

69
if ('Default principal: [email protected]' not in out):

70
    fail('wrong default principal in klist output')

71


72
# More S4U options are tested in tests/gssapi/t_s4u.py.

73
# --u2u is tested in tests/t_u2u.py.

74


75
success('kvno tests')

76


77