4 realm = K5Realm(create_kdb=False)
6 keyctl = which('keyctl')
7 out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1)
8 test_keyring = (keyctl is not None and
9 'Unknown credential cache type' not in out)
11 skipped('keyring collection tests', 'keyring support not built')
13 # Run the collection test program against each collection-enabled type.
14 realm.run(['./t_cccol', 'DIR:' + os.path.join(realm.testdir, 'cc')])
16 def cleanup_keyring(anchor, name):
17 out = realm.run(['keyctl', 'list', anchor])
18 if ('keyring: ' + name + '\n') in out:
19 keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
20 realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
22 # Use the test directory as the collection name to avoid colliding
23 # with other build trees.
25 col_ringname = '_krb_' + cname
27 # Remove any keys left behind by previous failed test runs.
28 cleanup_keyring('@s', cname)
29 cleanup_keyring('@s', col_ringname)
30 cleanup_keyring('@u', col_ringname)
32 # Run test program over each subtype, cleaning up as we go. Don't
33 # test the persistent subtype, since it supports only one
34 # collection and might be in actual use.
35 realm.run(['./t_cccol', 'KEYRING:' + cname])
36 cleanup_keyring('@s', col_ringname)
37 realm.run(['./t_cccol', 'KEYRING:legacy:' + cname])
38 cleanup_keyring('@s', col_ringname)
39 realm.run(['./t_cccol', 'KEYRING:session:' + cname])
40 cleanup_keyring('@s', col_ringname)
41 realm.run(['./t_cccol', 'KEYRING:user:' + cname])
42 cleanup_keyring('@u', col_ringname)
43 realm.run(['./t_cccol', 'KEYRING:process:abcd'])
44 realm.run(['./t_cccol', 'KEYRING:thread:abcd'])
48 # Test cursor semantics using real ccaches.
49 realm = K5Realm(create_host=False)
51 realm.addprinc('alice', password('alice'))
52 realm.addprinc('bob', password('bob'))
54 ccdir = os.path.join(realm.testdir, 'cc')
55 dccname = 'DIR:%s' % ccdir
56 duser = 'DIR::%s/tkt1' % ccdir
57 dalice = 'DIR::%s/tkt2' % ccdir
58 dbob = 'DIR::%s/tkt3' % ccdir
59 dnoent = 'DIR::%s/noent' % ccdir
60 realm.kinit('user', password('user'), flags=['-c', duser])
61 realm.kinit('alice', password('alice'), flags=['-c', dalice])
62 realm.kinit('bob', password('bob'), flags=['-c', dbob])
65 cleanup_keyring('@s', col_ringname)
66 krccname = 'KEYRING:session:' + cname
67 kruser = '%s:tkt1' % krccname
68 kralice = '%s:tkt2' % krccname
69 krbob = '%s:tkt3' % krccname
70 krnoent = '%s:noent' % krccname
71 realm.kinit('user', password('user'), flags=['-c', kruser])
72 realm.kinit('alice', password('alice'), flags=['-c', kralice])
73 realm.kinit('bob', password('bob'), flags=['-c', krbob])
75 def cursor_test(testname, args, expected):
76 outlines = realm.run(['./t_cccursor'] + args).splitlines()
79 if outlines != expected:
80 fail('Output not expected for %s\n' % testname +
81 'Expected output:\n\n' + '\n'.join(expected) + '\n\n' +
82 'Actual output:\n\n' + '\n'.join(outlines))
84 fccname = 'FILE:%s' % realm.ccache
85 cursor_test('file-default', [], [fccname])
86 cursor_test('file-default2', [realm.ccache], [fccname])
87 cursor_test('file-default3', [fccname], [fccname])
89 cursor_test('dir', [dccname], [duser, dalice, dbob])
90 cursor_test('dir-subsidiary', [duser], [duser])
91 cursor_test('dir-nofile', [dnoent], [])
94 cursor_test('keyring', [krccname], [kruser, kralice, krbob])
95 cursor_test('keyring-subsidiary', [kruser], [kruser])
96 cursor_test('keyring-noent', [krnoent], [])
100 cursor_test('filemem', [fccname, mfoo, mbar], [fccname, mfoo, mbar])
101 cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob, mfoo])
103 cursor_test('keyringmem', [krccname, mfoo], [kruser, kralice, krbob, mfoo])
105 # Test krb5_cccol_have_content.
106 realm.run(['./t_cccursor', dccname, 'CONTENT'])
107 realm.run(['./t_cccursor', fccname, 'CONTENT'])
108 realm.run(['./t_cccursor', realm.ccache, 'CONTENT'])
109 realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
111 realm.run(['./t_cccursor', krccname, 'CONTENT'])
112 cleanup_keyring('@s', col_ringname)
114 # Make sure FILE doesn't yield a nonexistent default cache.
115 realm.run([kdestroy])
116 cursor_test('noexist', [], [])
117 realm.run(['./t_cccursor', fccname, 'CONTENT'], expected_code=1)
119 success('Renewing credentials')