1 files changed, 27 insertions, 0 deletions

diff --git a/src/tests/t_preauth.py b/src/tests/t_preauth.py
new file mode 100644
index 0000000000000..0ef8bbca4c4f5
--- /dev/null
+++ b/src/tests/t_preauth.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+from k5test import *
+
+# Test that the kdcpreauth client_keyblock() callback matches the key
+# indicated by the etype info, and returns NULL if no key was selected.
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                    'clpreauth': {'module': 'test:' + testpreauth}}}
+realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
+realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])
+realm.run([kadminl, 'setstr', realm.user_princ, 'teststring', 'testval'])
+realm.run([kadminl, 'addprinc', '-nokey', '+requires_preauth', 'nokeyuser'])
+out = realm.run([kinit, realm.user_princ], input=password('user')+'\n')
+if 'testval' not in out:
+    fail('Decrypted string attribute not in kinit output')
+out = realm.run([kinit, 'nokeyuser'], input=password('user')+'\n',
+                expected_code=1)
+if 'no key' not in out:
+    fail('Expected "no key" message not in kinit output')
+
+# Exercise KDC_ERR_MORE_PREAUTH_DATA_REQUIRED and secure cookies.
+realm.run([kadminl, 'setstr', realm.user_princ, '2rt', 'secondtrip'])
+out = realm.run([kinit, realm.user_princ], input=password('user')+'\n')
+if '2rt: secondtrip' not in out:
+    fail('multi round-trip cookie test')
+
+success('Pre-authentication framework tests')