summaryrefslogtreecommitdiff
path: root/src/tests/gssapi/t_export_cred.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/gssapi/t_export_cred.py')
-rwxr-xr-xsrc/tests/gssapi/t_export_cred.py53
1 files changed, 53 insertions, 0 deletions
diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py
new file mode 100755
index 000000000000..698835928901
--- /dev/null
+++ b/src/tests/gssapi/t_export_cred.py
@@ -0,0 +1,53 @@
+#!/usr/bin/python
+from k5test import *
+
+# Test gss_export_cred and gss_import_cred for initiator creds,
+# acceptor creds, and traditional delegated creds. t_s4u.py tests
+# exporting and importing a synthesized S4U2Proxy delegated
+# credential.
+
+# Make up a filename to hold user's initial credentials.
+def ccache_savefile(realm):
+ return os.path.join(realm.testdir, 'ccache.copy')
+
+# Move user's initial credentials into the save file.
+def ccache_save(realm):
+ os.rename(realm.ccache, ccache_savefile(realm))
+
+# Copy user's initial credentials from the save file into the ccache.
+def ccache_restore(realm):
+ shutil.copyfile(ccache_savefile(realm), realm.ccache)
+
+# Run t_export_cred with the saved ccache and verify that it stores a
+# forwarded cred into the default ccache.
+def check(realm, args):
+ ccache_restore(realm)
+ realm.run(['./t_export_cred'] + args)
+ output = realm.run([klist, '-f'])
+ if 'Flags: Ff' not in output:
+ fail('Forwarded tickets not found in ccache after t_export_cred')
+
+# Check a given set of arguments with no specified mech and with krb5
+# and SPNEGO as the specified mech.
+def check_mechs(realm, args):
+ check(realm, args)
+ check(realm, ['-k'] + args)
+ check(realm, ['-s'] + args)
+
+# Make a realm, get forwardable tickets, and save a copy for each test.
+realm = K5Realm(get_creds=False)
+realm.kinit(realm.user_princ, password('user'), ['-f'])
+ccache_save(realm)
+
+# Test with default initiator and acceptor cred.
+tname = 'p:' + realm.host_princ
+check_mechs(realm, [tname])
+
+# Test with principal-named initiator and acceptor cred.
+iname = 'p:' + realm.user_princ
+check_mechs(realm, ['-i', iname, '-a', tname, tname])
+
+# Test with host-based acceptor cred.
+check_mechs(realm, ['-a', 'h:host', tname])
+
+success('gss_export_cred/gss_import_cred tests')
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 17:52:12 +0000