xref: /freebsd/crypto/krb5/src/clients/kvno/t_kvno.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1from k5test import *
2
3realm = K5Realm()
4
5def check_cache(ccache, expected_services):
6    # Fetch the klist output and skip past the header.
7    lines = realm.run([klist, '-c', ccache]).splitlines()
8    lines = lines[4:]
9
10    # For each line not beginning with an indent, match against the
11    # expected service principals.
12    svcs = {x: True for x in expected_services}
13    for l in lines:
14        if not l.startswith('\t'):
15            svcprinc = l.split()[4]
16            if svcprinc in svcs:
17                del svcs[svcprinc]
18            else:
19                fail('unexpected service princ ' + svcprinc)
20
21    if svcs:
22        fail('services not found in klist output: ' + ' '.join(svcs.keys()))
23
24
25mark('no options')
26realm.run([kvno, realm.user_princ], expected_msg='user@KRBTEST.COM: kvno = 1')
27check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
28
29mark('-e')
30msgs = ('etypes requested in TGS request: camellia128-cts',
31        '/KDC has no support for encryption type')
32realm.run([kvno, '-e', 'camellia128-cts', realm.host_princ],
33          expected_code=1, expected_trace=msgs)
34
35mark('--cached-only')
36realm.run([kvno, '--cached-only', realm.user_princ], expected_msg='kvno = 1')
37realm.run([kvno, '--cached-only', realm.host_princ],
38          expected_code=1, expected_msg='Matching credential not found')
39check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
40
41mark('--no-store')
42realm.run([kvno, '--no-store', realm.host_princ], expected_msg='kvno = 1')
43check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
44
45mark('--out-cache') # and multiple services
46out_ccache = os.path.join(realm.testdir, 'ccache.out')
47realm.run([kvno, '--out-cache', out_ccache,
48           realm.host_princ, realm.admin_princ])
49check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
50check_cache(out_ccache, [realm.host_princ, realm.admin_princ])
51
52mark('--out-cache --cached-only') # tests out-cache overwriting, and -q
53realm.run([kvno, '--out-cache', out_ccache, '--cached-only', realm.host_princ],
54          expected_code=1, expected_msg='Matching credential not found')
55out = realm.run([kvno, '-q', '--out-cache', out_ccache, '--cached-only',
56                 realm.user_princ])
57if out:
58    fail('unexpected kvno output with -q')
59check_cache(out_ccache, [realm.user_princ])
60
61mark('-U') # and -c
62svc_ccache = os.path.join(realm.testdir, 'ccache.svc')
63realm.run([kinit, '-k', '-c', svc_ccache, realm.host_princ])
64realm.run([kvno, '-c', svc_ccache, '-U', 'user', realm.host_princ])
65realm.run([klist, '-c', svc_ccache], expected_msg='for client user@')
66realm.run([kvno, '-c', svc_ccache, '-U', 'user', '--out-cache', out_ccache,
67           realm.host_princ])
68out = realm.run([klist, '-c', out_ccache])
69if ('Default principal: user@KRBTEST.COM' not in out):
70    fail('wrong default principal in klist output')
71
72# More S4U options are tested in tests/gssapi/t_s4u.py.
73# --u2u is tested in tests/t_u2u.py.
74
75success('kvno tests')
76