Add test for KDC client logging

Add a test case which performed a TGS request with an expired ticket
and checks that the client principal is logged.

ticket: 7910

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 536f5cb0b5108af2a4156032fcbec248805a653f..abd431d0728489851ae69c156e7099159e7c8833 100644 (file)
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -134,6 +134,7 @@ check-pytests:: t_init_creds t_localauth
                        -i au.log
        $(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
+       $(RUNPYTEST) $(srcdir)/t_kdc_log.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_proxy.py $(PYTESTFLAGS)
 
 clean::

diff --git a/src/tests/t_kdc_log.py b/src/tests/t_kdc_log.py
new file mode 100644 (file)
index 0000000..8ddb769
--- /dev/null
+++ b/src/tests/t_kdc_log.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+from k5test import *
+
+# Make a TGS request with an expired ticket.
+realm = K5Realm()
+realm.stop()
+realm.start_kdc(['-T', '3600'])
+realm.run([kvno, realm.host_princ], expected_code=1)
+
+kdc_logfile = os.path.join(realm.testdir, 'kdc.log')
+f = open(kdc_logfile, 'r')
+found_skew = False
+for line in f:
+    if 'Clock skew too great' in line:
+        found_skew = True
+        if realm.user_princ not in line:
+            fail('Client principal not logged in expired-ticket TGS request')
+f.close()
+if not found_skew:
+    fail('Did not find KDC log line for expired-ticket TGS request')
+
+success('KDC logging tests')