diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
| commit | 33a9b234e7087f573ef08cd7318c6497ba08b439 (patch) | |
| tree | d0ea40ad3bf5463a3c55795977c71bcb7d781b4b /src/tests/gssapi/t_export_cred.py | |
Diffstat (limited to 'src/tests/gssapi/t_export_cred.py')
| -rwxr-xr-x | src/tests/gssapi/t_export_cred.py | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py new file mode 100755 index 000000000000..698835928901 --- /dev/null +++ b/src/tests/gssapi/t_export_cred.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +from k5test import * + +# Test gss_export_cred and gss_import_cred for initiator creds, +# acceptor creds, and traditional delegated creds. t_s4u.py tests +# exporting and importing a synthesized S4U2Proxy delegated +# credential. + +# Make up a filename to hold user's initial credentials. +def ccache_savefile(realm): + return os.path.join(realm.testdir, 'ccache.copy') + +# Move user's initial credentials into the save file. +def ccache_save(realm): + os.rename(realm.ccache, ccache_savefile(realm)) + +# Copy user's initial credentials from the save file into the ccache. +def ccache_restore(realm): + shutil.copyfile(ccache_savefile(realm), realm.ccache) + +# Run t_export_cred with the saved ccache and verify that it stores a +# forwarded cred into the default ccache. +def check(realm, args): + ccache_restore(realm) + realm.run(['./t_export_cred'] + args) + output = realm.run([klist, '-f']) + if 'Flags: Ff' not in output: + fail('Forwarded tickets not found in ccache after t_export_cred') + +# Check a given set of arguments with no specified mech and with krb5 +# and SPNEGO as the specified mech. +def check_mechs(realm, args): + check(realm, args) + check(realm, ['-k'] + args) + check(realm, ['-s'] + args) + +# Make a realm, get forwardable tickets, and save a copy for each test. +realm = K5Realm(get_creds=False) +realm.kinit(realm.user_princ, password('user'), ['-f']) +ccache_save(realm) + +# Test with default initiator and acceptor cred. +tname = 'p:' + realm.host_princ +check_mechs(realm, [tname]) + +# Test with principal-named initiator and acceptor cred. +iname = 'p:' + realm.user_princ +check_mechs(realm, ['-i', iname, '-a', tname, tname]) + +# Test with host-based acceptor cred. +check_mechs(realm, ['-a', 'h:host', tname]) + +success('gss_export_cred/gss_import_cred tests') |