krb5 commit: Avoid keyctl purge in keyring ccache tests

Greg Hudson ghudson at MIT.EDU
Sat Dec 21 00:05:39 EST 2013


https://github.com/krb5/krb5/commit/94da4584645475272abec6259d1666e34bd59594
commit 94da4584645475272abec6259d1666e34bd59594
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Dec 20 15:19:06 2013 -0500

    Avoid keyctl purge in keyring ccache tests
    
    keyctl purge was added in keyutils 1.5 (released in March 2011).  Use
    keyctl unlink to clean up keys instead, as it is more universal.
    
    ticket: 7810
    target_version: 1.12.1
    tags: pullup

 src/lib/krb5/ccache/t_cccol.py |   30 ++++++++++++++++--------------
 src/tests/t_ccache.py          |   20 ++++++++++++--------
 2 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py
index e762625..e6d715c 100644
--- a/src/lib/krb5/ccache/t_cccol.py
+++ b/src/lib/krb5/ccache/t_cccol.py
@@ -11,30 +11,33 @@ test_keyring = (keyctl is not None and
 # Run the collection test program against each collection-enabled type.
 realm.run(['./t_cccol', 'DIR:' + os.path.join(realm.testdir, 'cc')])
 if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
     # Use the test directory as the collection name to avoid colliding
     # with other build trees.
     cname = realm.testdir
+    col_ringname = '_krb_' + cname
 
     # Remove any keys left behind by previous failed test runs.
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', cname])
-    out = realm.run(['keyctl', 'list', '@u'])
-    if ('keyring: _krb_' + cname + '\n') in out:
-        id = realm.run(['keyctl', 'search', '@u', 'keyring', '_krb_' + cname])
-        realm.run(['keyctl', 'unlink', id.strip(), '@u'])
+    cleanup_keyring('@s', cname)
+    cleanup_keyring('@s', col_ringname)
+    cleanup_keyring('@u', col_ringname)
 
     # Run test program over each subtype, cleaning up as we go.  Don't
     # test the persistent subtype, since it supports only one
     # collection and might be in actual use.
     realm.run(['./t_cccol', 'KEYRING:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:legacy:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:session:' + cname])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:user:' + cname])
-    id = realm.run(['keyctl', 'search', '@u', 'keyring', '_krb_' + cname])
-    realm.run(['keyctl', 'unlink', id.strip(), '@u'])
+    cleanup_keyring('@u', col_ringname)
     realm.run(['./t_cccol', 'KEYRING:process:abcd'])
     realm.run(['./t_cccol', 'KEYRING:thread:abcd'])
 
@@ -57,8 +60,7 @@ realm.kinit('alice', password('alice'), flags=['-c', dalice])
 realm.kinit('bob', password('bob'), flags=['-c', dbob])
 
 if test_keyring:
-    cname = realm.testdir
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     krccname = 'KEYRING:session:' + cname
     kruser = '%s:tkt1' % krccname
     kralice = '%s:tkt2' % krccname
@@ -105,7 +107,7 @@ realm.run(['./t_cccursor', realm.ccache, 'CONTENT'])
 realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
 if test_keyring:
     realm.run(['./t_cccursor', krccname, 'CONTENT'])
-    realm.run(['keyctl', 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
 # Make sure FILE doesn't yield a nonexistent default cache.
 realm.run([kdestroy])
diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py
index eedd29a..dd20e11 100644
--- a/src/tests/t_ccache.py
+++ b/src/tests/t_ccache.py
@@ -85,13 +85,20 @@ def collection_test(realm, ccname):
 
 collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc'))
 if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
     # Use realm.testdir as the collection name to avoid conflicts with
     # other build trees.
     cname = realm.testdir
+    col_ringname = '_krb_' + cname
 
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
     collection_test(realm, 'KEYRING:session:' + cname)
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
     # Test legacy keyring cache linkage.
     realm.env['KRB5CCNAME'] = 'KEYRING:' + cname
@@ -108,12 +115,10 @@ if test_keyring:
     # Remove the collection keyring.  When the collection is
     # reinitialized, the legacy cache should reappear inside it
     # automatically as the primary cache.
-    out = realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
-    if 'purged 1 keys' not in out:
-        fail('Could not purge collection keyring')
+    cleanup_keyring('@s', col_ringname)
     out = realm.run([klist])
     if realm.user_princ not in out:
-        fail('Cannot see legacy cache after purging collection')
+        fail('Cannot see legacy cache after removing collection')
     coll_id = realm.run([keyctl, 'search', '@s', 'keyring', '_krb_' + cname])
     out = realm.run([keyctl, 'list', coll_id.strip()])
     if (id.strip() + ':') not in out:
@@ -121,8 +126,7 @@ if test_keyring:
     # Destroy the cache and check that it is unlinked from the session keyring.
     realm.run([kdestroy])
     realm.run([keyctl, 'search', '@s', 'keyring', cname], expected_code=1)
-    # Clean up the collection key.
-    realm.run([keyctl, 'purge', 'keyring', '_krb_' + cname])
+    cleanup_keyring('@s', col_ringname)
 
 # Test parameter expansion in default_ccache_name
 realm.stop()


More information about the cvs-krb5 mailing list