xref: /freebsd/crypto/krb5/src/lib/krb5/ccache/t_cccol.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1from k5test import *
2
3realm = K5Realm(create_kdb=False)
4
5keyctl = which('keyctl')
6out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1)
7test_keyring = (keyctl is not None and
8                'Unknown credential cache type' not in out)
9if not test_keyring:
10    skipped('keyring collection tests', 'keyring support not built')
11
12# Run the collection test program against each collection-enabled type.
13realm.run(['./t_cccol', 'DIR:' + os.path.join(realm.testdir, 'cc')])
14if test_keyring:
15    def cleanup_keyring(anchor, name):
16        out = realm.run(['keyctl', 'list', anchor])
17        if ('keyring: ' + name + '\n') in out:
18            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
19            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
20
21    # Use the test directory as the collection name to avoid colliding
22    # with other build trees.
23    cname = realm.testdir
24    col_ringname = '_krb_' + cname
25
26    # Remove any keys left behind by previous failed test runs.
27    cleanup_keyring('@s', cname)
28    cleanup_keyring('@s', col_ringname)
29    cleanup_keyring('@u', col_ringname)
30
31    # Run test program over each subtype, cleaning up as we go.  Don't
32    # test the persistent subtype, since it supports only one
33    # collection and might be in actual use.
34    realm.run(['./t_cccol', 'KEYRING:' + cname])
35    cleanup_keyring('@s', col_ringname)
36    realm.run(['./t_cccol', 'KEYRING:legacy:' + cname])
37    cleanup_keyring('@s', col_ringname)
38    realm.run(['./t_cccol', 'KEYRING:session:' + cname])
39    cleanup_keyring('@s', col_ringname)
40    realm.run(['./t_cccol', 'KEYRING:user:' + cname])
41    cleanup_keyring('@u', col_ringname)
42    realm.run(['./t_cccol', 'KEYRING:process:abcd'])
43    realm.run(['./t_cccol', 'KEYRING:thread:abcd'])
44
45realm.stop()
46
47# Test cursor semantics using real ccaches.
48realm = K5Realm(create_host=False)
49
50realm.addprinc('alice', password('alice'))
51realm.addprinc('bob', password('bob'))
52
53ccdir = os.path.join(realm.testdir, 'cc')
54dccname = 'DIR:%s' % ccdir
55duser = 'DIR::%s/tkt1' % ccdir
56dalice = 'DIR::%s/tkt2' % ccdir
57dbob = 'DIR::%s/tkt3' % ccdir
58dnoent = 'DIR::%s/noent' % ccdir
59realm.kinit('user', password('user'), flags=['-c', duser])
60realm.kinit('alice', password('alice'), flags=['-c', dalice])
61realm.kinit('bob', password('bob'), flags=['-c', dbob])
62
63if test_keyring:
64    cleanup_keyring('@s', col_ringname)
65    krccname = 'KEYRING:session:' + cname
66    kruser = '%s:tkt1' % krccname
67    kralice = '%s:tkt2' % krccname
68    krbob = '%s:tkt3' % krccname
69    krnoent = '%s:noent' % krccname
70    realm.kinit('user', password('user'), flags=['-c', kruser])
71    realm.kinit('alice', password('alice'), flags=['-c', kralice])
72    realm.kinit('bob', password('bob'), flags=['-c', krbob])
73
74def cursor_test(testname, args, expected):
75    outlines = realm.run(['./t_cccursor'] + args).splitlines()
76    outlines.sort()
77    expected.sort()
78    if outlines != expected:
79        fail('Output not expected for %s\n' % testname +
80             'Expected output:\n\n' + '\n'.join(expected) + '\n\n' +
81             'Actual output:\n\n' + '\n'.join(outlines))
82
83mark('FILE cursor')
84fccname = 'FILE:%s' % realm.ccache
85cursor_test('file-default', [], [fccname])
86cursor_test('file-default2', [realm.ccache], [fccname])
87cursor_test('file-default3', [fccname], [fccname])
88
89mark('DIR cursor')
90cursor_test('dir', [dccname], [duser, dalice, dbob])
91cursor_test('dir-subsidiary', [duser], [duser])
92cursor_test('dir-nofile', [dnoent], [])
93
94if test_keyring:
95    mark('KEYRING cursor')
96    cursor_test('keyring', [krccname], [kruser, kralice, krbob])
97    cursor_test('keyring-subsidiary', [kruser], [kruser])
98    cursor_test('keyring-noent', [krnoent], [])
99
100mark('MEMORY cursor')
101mfoo = 'MEMORY:foo'
102mbar = 'MEMORY:bar'
103cursor_test('filemem', [fccname, mfoo], [fccname])
104cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob])
105cursor_test('mem', [mfoo, mbar], [mfoo])
106if test_keyring:
107    cursor_test('keyringmem', [krccname, mfoo], [kruser, kralice, krbob])
108
109# Test krb5_cccol_have_content.
110mark('krb5_cccol_have_content')
111realm.run(['./t_cccursor', dccname, 'CONTENT'])
112realm.run(['./t_cccursor', fccname, 'CONTENT'])
113realm.run(['./t_cccursor', realm.ccache, 'CONTENT'])
114realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
115if test_keyring:
116    realm.run(['./t_cccursor', krccname, 'CONTENT'])
117    cleanup_keyring('@s', col_ringname)
118
119# Make sure FILE doesn't yield a nonexistent default cache.
120mark('FILE nonexistent')
121realm.run([kdestroy])
122cursor_test('noexist', [], [])
123realm.run(['./t_cccursor', fccname, 'CONTENT'], expected_code=1)
124
125success('Renewing credentials')
126