1
from k5test import *
2

3
# Test gss_export_cred and gss_import_cred for initiator creds,
4
# acceptor creds, and traditional delegated creds.  t_s4u.py tests
5
# exporting and importing a synthesized S4U2Proxy delegated
6
# credential.
7

8
# Make up a filename to hold user's initial credentials.
9
def ccache_savefile(realm):
10
    return os.path.join(realm.testdir, 'ccache.copy')
11

12
# Move user's initial credentials into the save file.
13
def ccache_save(realm):
14
    os.rename(realm.ccache, ccache_savefile(realm))
15

16
# Copy user's initial credentials from the save file into the ccache.
17
def ccache_restore(realm):
18
    shutil.copyfile(ccache_savefile(realm), realm.ccache)
19

20
# Run t_export_cred with the saved ccache and verify that it stores a
21
# forwarded cred into the default ccache.
22
def check(realm, args):
23
    ccache_restore(realm)
24
    realm.run(['./t_export_cred'] + args)
25
    realm.run([klist, '-f'], expected_msg='Flags: Ff')
26

27
# Check a given set of arguments with no specified mech and with krb5
28
# and SPNEGO as the specified mech.
29
def check_mechs(realm, args):
30
    check(realm, args)
31
    check(realm, ['-k'] + args)
32
    check(realm, ['-s'] + args)
33

34
# Make a realm, get forwardable tickets, and save a copy for each test.
35
realm = K5Realm(get_creds=False)
36
realm.kinit(realm.user_princ, password('user'), ['-f'])
37
ccache_save(realm)
38

39
# Test with default initiator and acceptor cred.
40
tname = 'p:' + realm.host_princ
41
check_mechs(realm, [tname])
42

43
# Test with principal-named initiator and acceptor cred.
44
iname = 'p:' + realm.user_princ
45
check_mechs(realm, ['-i', iname, '-a', tname, tname])
46

47
# Test with host-based acceptor cred.
48
check_mechs(realm, ['-a', 'h:host', tname])
49

50
success('gss_export_cred/gss_import_cred tests')
51

52