|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test gss_export_cred and gss_import_cred for initiator creds,
|
|
Packit |
fd8b60 |
# acceptor creds, and traditional delegated creds. t_s4u.py tests
|
|
Packit |
fd8b60 |
# exporting and importing a synthesized S4U2Proxy delegated
|
|
Packit |
fd8b60 |
# credential.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make up a filename to hold user's initial credentials.
|
|
Packit |
fd8b60 |
def ccache_savefile(realm):
|
|
Packit |
fd8b60 |
return os.path.join(realm.testdir, 'ccache.copy')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Move user's initial credentials into the save file.
|
|
Packit |
fd8b60 |
def ccache_save(realm):
|
|
Packit |
fd8b60 |
os.rename(realm.ccache, ccache_savefile(realm))
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Copy user's initial credentials from the save file into the ccache.
|
|
Packit |
fd8b60 |
def ccache_restore(realm):
|
|
Packit |
fd8b60 |
shutil.copyfile(ccache_savefile(realm), realm.ccache)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Run t_export_cred with the saved ccache and verify that it stores a
|
|
Packit |
fd8b60 |
# forwarded cred into the default ccache.
|
|
Packit |
fd8b60 |
def check(realm, args):
|
|
Packit |
fd8b60 |
ccache_restore(realm)
|
|
Packit |
fd8b60 |
realm.run(['./t_export_cred'] + args)
|
|
Packit |
fd8b60 |
realm.run([klist, '-f'], expected_msg='Flags: Ff')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Check a given set of arguments with no specified mech and with krb5
|
|
Packit |
fd8b60 |
# and SPNEGO as the specified mech.
|
|
Packit |
fd8b60 |
def check_mechs(realm, args):
|
|
Packit |
fd8b60 |
check(realm, args)
|
|
Packit |
fd8b60 |
check(realm, ['-k'] + args)
|
|
Packit |
fd8b60 |
check(realm, ['-s'] + args)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make a realm, get forwardable tickets, and save a copy for each test.
|
|
Packit |
fd8b60 |
realm = K5Realm(get_creds=False)
|
|
Packit |
fd8b60 |
realm.kinit(realm.user_princ, password('user'), ['-f'])
|
|
Packit |
fd8b60 |
ccache_save(realm)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test with default initiator and acceptor cred.
|
|
Packit |
fd8b60 |
tname = 'p:' + realm.host_princ
|
|
Packit |
fd8b60 |
check_mechs(realm, [tname])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test with principal-named initiator and acceptor cred.
|
|
Packit |
fd8b60 |
iname = 'p:' + realm.user_princ
|
|
Packit |
fd8b60 |
check_mechs(realm, ['-i', iname, '-a', tname, tname])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test with host-based acceptor cred.
|
|
Packit |
fd8b60 |
check_mechs(realm, ['-a', 'h:host', tname])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('gss_export_cred/gss_import_cred tests')
|