Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/gssapi/t_store_cred.py
34889 views
1
from k5test import *

2


3
realm = K5Realm(create_user=False)

4


5
alice = 'alice@' + realm.realm

6
bob = 'bob@' + realm.realm

7
cc_alice = realm.ccache + '.alice'

8
cc_bob = realm.ccache + '.bob'

9
realm.addprinc(alice)

10
realm.addprinc(bob)

11
realm.extract_keytab(alice, realm.keytab)

12
realm.extract_keytab(bob, realm.keytab)

13
realm.kinit(alice, flags=['-k', '-c', cc_alice])

14
realm.kinit(bob, flags=['-k', '-c', cc_bob])

15


16
mark('FILE, default output ccache')

17
realm.run(['./t_store_cred', cc_alice])

18
realm.klist(alice)

19
# Overwriting should fail by default, whether or not the principal matches.

20
realm.run(['./t_store_cred', cc_alice], expected_code=1,

21
          expected_msg='The requested credential element already exists')

22
realm.run(['./t_store_cred', cc_bob], expected_code=1,

23
          expected_msg='The requested credential element already exists')

24
# Overwriting should succeed with overwrite_cred set.

25
realm.run(['./t_store_cred', '-o', cc_bob])

26
realm.klist(bob)

27
# default_cred has no effect without a collection.

28
realm.run(['./t_store_cred', '-d', '-o', cc_alice])

29
realm.klist(alice)

30


31
mark('FILE, gss_krb5_ccache_name()')

32
cc_alternate = realm.ccache + '.alternate'

33
realm.run(['./t_store_cred', cc_alice, cc_alternate])

34
realm.klist(alice, ccache=cc_alternate)

35
realm.run(['./t_store_cred', cc_bob, cc_alternate], expected_code=1,

36
          expected_msg='The requested credential element already exists')

37


38
mark('FILE, gss_store_cred_into()')

39
os.remove(cc_alternate)

40
realm.run(['./t_store_cred', '-i', cc_alice, cc_alternate])

41
realm.klist(alice, ccache=cc_alternate)

42
realm.run(['./t_store_cred', '-i', cc_bob, cc_alternate], expected_code=1,

43
          expected_msg='The requested credential element already exists')

44


45
mark('DIR, gss_krb5_ccache_name()')

46
cc_dir = 'DIR:' + os.path.join(realm.testdir, 'cc')

47
realm.run(['./t_store_cred', cc_alice, cc_dir])

48
realm.run([klist, '-c', cc_dir], expected_code=1,

49
          expected_msg='No credentials cache found')

50
realm.run([klist, '-l', '-c', cc_dir], expected_msg=alice)

51
realm.run(['./t_store_cred', cc_alice, cc_dir], expected_code=1,

52
          expected_msg='The requested credential element already exists')

53
realm.run(['./t_store_cred', '-o', cc_alice, cc_dir])

54
realm.run([klist, '-c', cc_dir], expected_code=1,

55
          expected_msg='No credentials cache found')

56
realm.run([klist, '-l', cc_dir], expected_msg=alice)

57
realm.run(['./t_store_cred', '-d', cc_bob, cc_dir])

58
# The k5test klist method does not currently work with a collection name.

59
realm.run([klist, cc_dir], expected_msg=bob)

60
realm.run([klist, '-l', cc_dir], expected_msg=alice)

61
realm.run(['./t_store_cred', '-o', '-d', cc_alice, cc_dir])

62
realm.run([klist, cc_dir], expected_msg=alice)

63
realm.run([kdestroy, '-A', '-c', cc_dir])

64


65
mark('DIR, gss_store_cred_into()')

66
realm.run(['./t_store_cred', '-i', cc_alice, cc_dir])

67
realm.run(['./t_store_cred', '-i', '-d', cc_bob, cc_dir])

68
realm.run([klist, cc_dir], expected_msg=bob)

69
realm.run([klist, '-l', cc_dir], expected_msg=alice)

70
realm.run([kdestroy, '-A', '-c', cc_dir])

71


72
mark('DIR, default output ccache')

73
realm.ccache = cc_dir

74
realm.env['KRB5CCNAME'] = cc_dir

75
realm.run(['./t_store_cred', '-i', cc_alice, cc_dir])

76
realm.run(['./t_store_cred', '-i', '-d', cc_bob, cc_dir])

77
realm.run([klist], expected_msg=bob)

78
realm.run([klist, '-l'], expected_msg=alice)

79


80
success('gss_store_cred() tests')

81


82