svn rev #23941: branches/iakerb/src/appl/gss-sample/

ghudson@MIT.EDU ghudson at MIT.EDU
Sat Apr 24 23:03:31 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23941
Commit By: ghudson
Log Message:
On the iakerb branch, modify t_gss_sample.py to exercise different
mechs, including IAKERB.  Currently does not pass due to unresolved
bugs.



Changed Files:
U   branches/iakerb/src/appl/gss-sample/t_gss_sample.py
Modified: branches/iakerb/src/appl/gss-sample/t_gss_sample.py
===================================================================
--- branches/iakerb/src/appl/gss-sample/t_gss_sample.py	2010-04-25 00:31:32 UTC (rev 23940)
+++ branches/iakerb/src/appl/gss-sample/t_gss_sample.py	2010-04-25 03:03:30 UTC (rev 23941)
@@ -27,14 +27,57 @@
 gss_client = os.path.join(appdir, 'gss-client')
 gss_server = os.path.join(appdir, 'gss-server')
 
-for realm in multipass_realms():
+# Run a gss-server process and a gss-client process, with additional
+# gss-client flags given by options.  Verify that gss-client displayed
+# the expected output for a successful negotiation.
+def server_client_test(realm, options):
     portstr = str(realm.server_port())
     server = realm.start_server([gss_server, '-port', portstr, 'host'],
                                 'starting...')
-    output = realm.run_as_client([gss_client, '-port', portstr,
-                                  hostname, 'host', 'testmsg'])
+    output = realm.run_as_client([gss_client, '-port', portstr] + options +
+                                 [hostname, 'host', 'testmsg'])
     if 'Signature verified.' not in output:
         fail('Expected message not seen in gss-client output')
     stop_daemon(server)
 
+# Make up a filename to hold user's initial credentials.
+def ccache_savefile(realm):
+    return os.path.join(realm.testdir, 'ccache.copy')
+
+# Move user's initial credentials into the save file.
+def ccache_save(realm):
+    os.rename(realm.ccache, ccache_savefile(realm))
+
+# Copy user's initial credentials from the save file into the ccache.
+def ccache_restore(realm):
+    shutil.copyfile(ccache_savefile(realm), realm.ccache)
+
+# Perform a regular (TGS path) test of the server and client.
+def tgs_test(realm, options):
+    ccache_restore(realm)
+    server_client_test(realm, options)
+    realm.klist(realm.user_princ, realm.host_princ)
+
+# Perform a test of the server and client with initial credentials
+# obtained through gss_acquire_cred_with_password().
+def as_test(realm, options):
+    if os.path.exists(realm.ccache):
+        os.remove(realm.ccache)
+    server_client_test(realm, options + ['-user', realm.user_princ,
+                                         '-pass', password('user')])
+    # Currently, gss_acquire_cred_with_password() doesn't cache the
+    # resulting creds if the default ccache doesn't exist.
+    # realm.klist(realm.user_princ, realm.host_princ)
+
+for realm in multipass_realms():
+    ccache_save(realm)
+
+    tgs_test(realm, ['-krb5'])
+    tgs_test(realm, ['-spnego'])
+    tgs_test(realm, ['-iakerb'])
+
+    as_test(realm, ['-krb5'])
+    as_test(realm, ['-spnego'])
+    as_test(realm, ['-iakerb'])
+
 success('GSS sample application')

More information about the cvs-krb5 mailing list