diff options
Diffstat (limited to 'src/tests/gssapi/t_client_keytab.py')
| -rwxr-xr-x | src/tests/gssapi/t_client_keytab.py | 60 |
1 files changed, 18 insertions, 42 deletions
diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py index 4c8747a506c1..2da87f45b5b2 100755 --- a/src/tests/gssapi/t_client_keytab.py +++ b/src/tests/gssapi/t_client_keytab.py @@ -15,9 +15,7 @@ realm.extract_keytab(realm.user_princ, realm.client_keytab) realm.extract_keytab(bob, realm.client_keytab) # Test 1: no name/cache specified, pick first principal from client keytab -out = realm.run(['./t_ccselect', phost]) -if realm.user_princ not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost], expected_msg=realm.user_princ) realm.run([kdestroy]) # Test 2: no name/cache specified, pick principal from k5identity @@ -25,36 +23,27 @@ k5idname = os.path.join(realm.testdir, '.k5identity') k5id = open(k5idname, 'w') k5id.write('%s service=host host=%s\n' % (bob, hostname)) k5id.close() -out = realm.run(['./t_ccselect', gssserver]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', gssserver], expected_msg=bob) os.remove(k5idname) realm.run([kdestroy]) # Test 3: no name/cache specified, default ccache has name but no creds realm.run(['./ccinit', realm.ccache, bob]) -out = realm.run(['./t_ccselect', phost]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost], expected_msg=bob) # Leave tickets for next test. # Test 4: name specified, non-collectable default cache doesn't match -out = realm.run(['./t_ccselect', phost, puser], expected_code=1) -if 'Principal in credential cache does not match desired name' not in out: - fail('Expected error not seen') +msg = 'Principal in credential cache does not match desired name' +realm.run(['./t_ccselect', phost, puser], expected_code=1, expected_msg=msg) realm.run([kdestroy]) # Test 5: name specified, nonexistent default cache -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) # Leave tickets for next test. # Test 6: name specified, matches default cache, time to refresh realm.run(['./ccrefresh', realm.ccache, '1']) -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) out = realm.run(['./ccrefresh', realm.ccache]) if int(out) < 1000: fail('Credentials apparently not refreshed') @@ -67,9 +56,8 @@ realm.run([kdestroy]) # Test 8: ccache specified with name but no creds; name not in client keytab realm.run(['./ccinit', realm.ccache, realm.host_princ]) -out = realm.run(['./t_imp_cred', phost], expected_code=1) -if 'Credential cache is empty' not in out: - fail('Expected error not seen') +realm.run(['./t_imp_cred', phost], expected_code=1, + expected_msg='Credential cache is empty') realm.run([kdestroy]) # Test 9: ccache specified with name but no creds; name in client keytab @@ -104,16 +92,12 @@ realm.env['KRB5CCNAME'] = ccname # Test 12: name specified, matching cache in collection with no creds bobcache = os.path.join(ccdir, 'tktbob') realm.run(['./ccinit', bobcache, bob]) -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) # Leave tickets for next test. # Test 13: name specified, matching cache in collection, time to refresh realm.run(['./ccrefresh', bobcache, '1']) -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) out = realm.run(['./ccrefresh', bobcache]) if int(out) < 1000: fail('Credentials apparently not refreshed') @@ -121,22 +105,15 @@ realm.run([kdestroy, '-A']) # Test 14: name specified, collection has default for different principal realm.kinit(realm.user_princ, password('user')) -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') -out = realm.run([klist]) -if 'Default principal: %s\n' % realm.user_princ not in out: - fail('Default cache overwritten by acquire_cred') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) +msg = 'Default principal: %s\n' % realm.user_princ +realm.run([klist], expected_msg=msg) realm.run([kdestroy, '-A']) # Test 15: name specified, collection has no default cache -out = realm.run(['./t_ccselect', phost, pbob]) -if bob not in out: - fail('Authenticated as wrong principal') +realm.run(['./t_ccselect', phost, pbob], expected_msg=bob) # Make sure the tickets we acquired didn't become the default -out = realm.run([klist], expected_code=1) -if 'No credentials cache found' not in out: - fail('Expected error not seen') +realm.run([klist], expected_code=1, expected_msg='No credentials cache found') realm.run([kdestroy, '-A']) # Test 16: default client keytab cannot be resolved, but valid @@ -145,8 +122,7 @@ conf = {'libdefaults': {'default_client_keytab_name': '%{'}} bad_cktname = realm.special_env('bad_cktname', False, krb5_conf=conf) del bad_cktname['KRB5_CLIENT_KTNAME'] realm.kinit(realm.user_princ, password('user')) -out = realm.run(['./t_ccselect', phost], env=bad_cktname) -if realm.user_princ not in out: - fail('Expected principal not seen for bad client keytab name') +realm.run(['./t_ccselect', phost], env=bad_cktname, + expected_msg=realm.user_princ) success('Client keytab tests') |