From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 Jun 2014 21:07:28 +0000 (-0400)
Subject: Add test for KDC client logging
X-Git-Tag: krb5-1.13-alpha1~95
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4799121941cfd846f9d3d7a905ac4c84342ff306;p=thirdparty%2Fkrb5.git

Add test for KDC client logging

Add a test case which performed a TGS request with an expired ticket
and checks that the client principal is logged.

ticket: 7910
---

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 536f5cb0b5..abd431d072 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -134,6 +134,7 @@ check-pytests:: t_init_creds t_localauth
 			-i au.log
 	$(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdc_log.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_proxy.py $(PYTESTFLAGS)
 
 clean::
diff --git a/src/tests/t_kdc_log.py b/src/tests/t_kdc_log.py
new file mode 100644
index 0000000000..8ddb7691b9
--- /dev/null
+++ b/src/tests/t_kdc_log.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+from k5test import *
+
+# Make a TGS request with an expired ticket.
+realm = K5Realm()
+realm.stop()
+realm.start_kdc(['-T', '3600'])
+realm.run([kvno, realm.host_princ], expected_code=1)
+
+kdc_logfile = os.path.join(realm.testdir, 'kdc.log')
+f = open(kdc_logfile, 'r')
+found_skew = False
+for line in f:
+    if 'Clock skew too great' in line:
+        found_skew = True
+        if realm.user_princ not in line:
+            fail('Client principal not logged in expired-ticket TGS request')
+f.close()
+if not found_skew:
+    fail('Did not find KDC log line for expired-ticket TGS request')
+
+success('KDC logging tests')