1from k5test import * 2 3# Test gss_export_cred and gss_import_cred for initiator creds, 4# acceptor creds, and traditional delegated creds. t_s4u.py tests 5# exporting and importing a synthesized S4U2Proxy delegated 6# credential. 7 8# Make up a filename to hold user's initial credentials. 9def ccache_savefile(realm): 10 return os.path.join(realm.testdir, 'ccache.copy') 11 12# Move user's initial credentials into the save file. 13def ccache_save(realm): 14 os.rename(realm.ccache, ccache_savefile(realm)) 15 16# Copy user's initial credentials from the save file into the ccache. 17def ccache_restore(realm): 18 shutil.copyfile(ccache_savefile(realm), realm.ccache) 19 20# Run t_export_cred with the saved ccache and verify that it stores a 21# forwarded cred into the default ccache. 22def check(realm, args): 23 ccache_restore(realm) 24 realm.run(['./t_export_cred'] + args) 25 realm.run([klist, '-f'], expected_msg='Flags: Ff') 26 27# Check a given set of arguments with no specified mech and with krb5 28# and SPNEGO as the specified mech. 29def check_mechs(realm, args): 30 check(realm, args) 31 check(realm, ['-k'] + args) 32 check(realm, ['-s'] + args) 33 34# Make a realm, get forwardable tickets, and save a copy for each test. 35realm = K5Realm(get_creds=False) 36realm.kinit(realm.user_princ, password('user'), ['-f']) 37ccache_save(realm) 38 39# Test with default initiator and acceptor cred. 40tname = 'p:' + realm.host_princ 41check_mechs(realm, [tname]) 42 43# Test with principal-named initiator and acceptor cred. 44iname = 'p:' + realm.user_princ 45check_mechs(realm, ['-i', iname, '-a', tname, tname]) 46 47# Test with host-based acceptor cred. 48check_mechs(realm, ['-a', 'h:host', tname]) 49 50success('gss_export_cred/gss_import_cred tests') 51