From 4799121941cfd846f9d3d7a905ac4c84342ff306 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 Jun 2014 17:07:28 -0400
Subject: [PATCH] Add test for KDC client logging

Add a test case which performed a TGS request with an expired ticket
and checks that the client principal is logged.

ticket: 7910
---
 src/tests/Makefile.in  |  1 +
 src/tests/t_kdc_log.py | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 src/tests/t_kdc_log.py

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 536f5cb0b5..abd431d072 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -134,6 +134,7 @@ check-pytests:: t_init_creds t_localauth
 			-i au.log
 	$(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdc_log.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_proxy.py $(PYTESTFLAGS)
 
 clean::
diff --git a/src/tests/t_kdc_log.py b/src/tests/t_kdc_log.py
new file mode 100644
index 0000000000..8ddb7691b9
--- /dev/null
+++ b/src/tests/t_kdc_log.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+from k5test import *
+
+# Make a TGS request with an expired ticket.
+realm = K5Realm()
+realm.stop()
+realm.start_kdc(['-T', '3600'])
+realm.run([kvno, realm.host_princ], expected_code=1)
+
+kdc_logfile = os.path.join(realm.testdir, 'kdc.log')
+f = open(kdc_logfile, 'r')
+found_skew = False
+for line in f:
+    if 'Clock skew too great' in line:
+        found_skew = True
+        if realm.user_princ not in line:
+            fail('Client principal not logged in expired-ticket TGS request')
+f.close()
+if not found_skew:
+    fail('Did not find KDC log line for expired-ticket TGS request')
+
+success('KDC logging tests')
-- 
2.47.2