Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/gssapi/t_authind.py
34889 views
1
from k5test import *

2


3
# Test authentication indicators.  Load the test preauth module so we

4
# can control the indicators asserted.

5
testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')

6
conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},

7
                    'clpreauth': {'module': 'test:' + testpreauth}}}

8
realm = K5Realm(krb5_conf=conf)

9
realm.run([kadminl, 'addprinc', '-randkey', 'service/1'])

10
realm.run([kadminl, 'addprinc', '-randkey', 'service/2'])

11
realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])

12
realm.run([kadminl, 'setstr', 'service/1', 'require_auth', 'superstrong'])

13
realm.run([kadminl, 'setstr', 'service/2', 'require_auth', 'one two'])

14
realm.run([kadminl, 'xst', 'service/1'])

15
realm.run([kadminl, 'xst', 'service/2'])

16


17
realm.kinit(realm.user_princ, password('user'),

18
            ['-X', 'indicators=superstrong'])

19
out = realm.run(['./t_srcattrs', 'p:service/1'])

20
if ('Attribute auth-indicators Authenticated Complete') not in out:

21
    fail('Expected attribute type data not seen')

22
# UTF8 "superstrong"

23
if '73757065727374726f6e67' not in out:

24
    fail('Expected auth indicator not seen in name attributes')

25


26
msg = 'gss_init_sec_context: KDC policy rejects request'

27
realm.run(['./t_srcattrs', 'p:service/2'], expected_code=1, expected_msg=msg)

28


29
realm.kinit(realm.user_princ, password('user'), ['-X', 'indicators=one two'])

30
out = realm.run(['./t_srcattrs', 'p:service/2'])

31
# Hexadecimal "one" and "two"

32
if '6f6e65' not in out or '74776f' not in out:

33
    fail('Expected auth indicator not seen in name attributes')

34


35
realm.stop()

36


37
# Test the FAST encrypted challenge auth indicator.

38
kdcconf = {'realms': {'$realm': {'encrypted_challenge_indicator': 'fast'}}}

39
realm = K5Realm(kdc_conf=kdcconf)

40
realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])

41
realm.run([kadminl, 'xst', realm.host_princ])

42
realm.kinit(realm.user_princ, password('user'))

43
realm.kinit(realm.user_princ, password('user'), ['-T', realm.ccache])

44
out = realm.run(['./t_srcattrs', 'p:' + realm.host_princ])

45
if ('Attribute auth-indicators Authenticated Complete') not in out:

46
    fail('Expected attribute type not seen')

47
if '66617374' not in out:

48
    fail('Expected auth indicator not seen in name attributes')

49


50
realm.stop()

51
success('GSSAPI auth indicator tests')

52


53