1from k5test import * 2 3realm = K5Realm(create_user=False, create_host=False) 4 5# Create a principal with no keys. 6realm.run([kadminl, 'addprinc', '-nokey', 'user']) 7realm.run([kadminl, 'getprinc', 'user'], expected_msg='Number of keys: 0') 8 9# Change its password and check the resulting kvno. 10realm.run([kadminl, 'cpw', '-pw', 'password', 'user']) 11realm.run([kadminl, 'getprinc', 'user'], expected_msg='vno 1') 12 13# Delete all of its keys. 14realm.run([kadminl, 'purgekeys', '-all', 'user']) 15realm.run([kadminl, 'getprinc', 'user'], expected_msg='Number of keys: 0') 16 17# Randomize its keys and check the resulting kvno. 18realm.run([kadminl, 'cpw', '-randkey', 'user']) 19realm.run([kadminl, 'getprinc', 'user'], expected_msg='vno 1') 20 21# Return true if patype appears to have been received in a hint list 22# from a KDC error message, based on the trace file fname. 23def preauth_type_received(trace, patype): 24 found = False 25 for line in trace.splitlines(): 26 if 'Processing preauth types:' in line: 27 ind = line.find('types:') 28 patypes = line[ind + 6:].split(', ') 29 if str(patype) in patypes: 30 found = True 31 return found 32 33# Make sure the KDC doesn't offer encrypted timestamp for a principal 34# with no keys. 35realm.run([kadminl, 'purgekeys', '-all', 'user']) 36realm.run([kadminl, 'modprinc', '+requires_preauth', 'user']) 37out, trace = realm.run([kinit, 'user'], expected_code=1, return_trace=True) 38if preauth_type_received(trace, 2): 39 fail('encrypted timestamp') 40 41# Make sure it doesn't offer encrypted challenge either. 42realm.run([kadminl, 'addprinc', '-pw', 'fast', 'armor']) 43realm.kinit('armor', 'fast') 44out, trace = realm.run([kinit, '-T', realm.ccache, 'user'], expected_code=1, 45 return_trace=True) 46if preauth_type_received(trace, 138): 47 fail('encrypted challenge') 48 49success('Key data tests') 50