From: Greg Hudson Date: Sun, 25 Apr 2010 03:03:30 +0000 (+0000) Subject: On the iakerb branch, modify t_gss_sample.py to exercise different X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf07e0cde5b561d43636eb4ffe043f1efc0f1099;p=thirdparty%2Fkrb5.git On the iakerb branch, modify t_gss_sample.py to exercise different mechs, including IAKERB. Currently does not pass due to unresolved bugs. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23941 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gss-sample/t_gss_sample.py b/src/appl/gss-sample/t_gss_sample.py index 8a09b21239..517472a5ae 100644 --- a/src/appl/gss-sample/t_gss_sample.py +++ b/src/appl/gss-sample/t_gss_sample.py @@ -27,14 +27,57 @@ appdir = os.path.join(buildtop, 'appl', 'gss-sample') gss_client = os.path.join(appdir, 'gss-client') gss_server = os.path.join(appdir, 'gss-server') -for realm in multipass_realms(): +# Run a gss-server process and a gss-client process, with additional +# gss-client flags given by options. Verify that gss-client displayed +# the expected output for a successful negotiation. +def server_client_test(realm, options): portstr = str(realm.server_port()) server = realm.start_server([gss_server, '-port', portstr, 'host'], 'starting...') - output = realm.run_as_client([gss_client, '-port', portstr, - hostname, 'host', 'testmsg']) + output = realm.run_as_client([gss_client, '-port', portstr] + options + + [hostname, 'host', 'testmsg']) if 'Signature verified.' not in output: fail('Expected message not seen in gss-client output') stop_daemon(server) +# Make up a filename to hold user's initial credentials. +def ccache_savefile(realm): + return os.path.join(realm.testdir, 'ccache.copy') + +# Move user's initial credentials into the save file. +def ccache_save(realm): + os.rename(realm.ccache, ccache_savefile(realm)) + +# Copy user's initial credentials from the save file into the ccache. +def ccache_restore(realm): + shutil.copyfile(ccache_savefile(realm), realm.ccache) + +# Perform a regular (TGS path) test of the server and client. +def tgs_test(realm, options): + ccache_restore(realm) + server_client_test(realm, options) + realm.klist(realm.user_princ, realm.host_princ) + +# Perform a test of the server and client with initial credentials +# obtained through gss_acquire_cred_with_password(). +def as_test(realm, options): + if os.path.exists(realm.ccache): + os.remove(realm.ccache) + server_client_test(realm, options + ['-user', realm.user_princ, + '-pass', password('user')]) + # Currently, gss_acquire_cred_with_password() doesn't cache the + # resulting creds if the default ccache doesn't exist. + # realm.klist(realm.user_princ, realm.host_princ) + +for realm in multipass_realms(): + ccache_save(realm) + + tgs_test(realm, ['-krb5']) + tgs_test(realm, ['-spnego']) + tgs_test(realm, ['-iakerb']) + + as_test(realm, ['-krb5']) + as_test(realm, ['-spnego']) + as_test(realm, ['-iakerb']) + success('GSS sample application')