krb5 commit: Combine PKINIT test scripts

Greg Hudson ghudson at MIT.EDU
Fri Jul 19 18:14:56 EDT 2013 

https://github.com/krb5/krb5/commit/2757800b5b0043b635634fad0551d07c112ab54a
commit 2757800b5b0043b635634fad0551d07c112ab54a
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Jul 18 20:46:35 2013 -0400

    Combine PKINIT test scripts

 src/tests/Makefile.in     |    3 +-
 src/tests/t_anonpkinit.py |   42 ------
 src/tests/t_authpkinit.py |  311 ------------------------------------------
 src/tests/t_pkinit.py     |  333 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 334 insertions(+), 355 deletions(-)

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 204941b..5828a90 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -89,9 +89,8 @@ check-pytests:: gcred hist kdbtest plugorder responder t_init_creds t_localauth
 	$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
-	$(RUNPYTEST) $(srcdir)/t_anonpkinit.py $(PYTESTFLAGS)
-	$(RUNPYTEST) $(srcdir)/t_authpkinit.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py
deleted file mode 100644
index 03b2fdd..0000000
--- a/src/tests/t_anonpkinit.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/python
-from k5test import *
-
-# Skip this test if pkinit wasn't built.
-if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
-    success('Warning: not testing pkinit because it is not built')
-    exit(0)
-
-# Construct a krb5.conf fragment configuring pkinit.
-certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')
-ca_pem = os.path.join(certs, 'ca.pem')
-kdc_pem = os.path.join(certs, 'kdc.pem')
-privkey_pem = os.path.join(certs, 'privkey.pem')
-pkinit_krb5_conf = {
-    'libdefaults': {
-        'pkinit_anchors': 'FILE:' + ca_pem},
-    'realms': {'$realm': {
-            'pkinit_anchors': 'FILE:%s' % ca_pem,
-            'pkinit_identity': 'FILE:%s,%s' % (kdc_pem, privkey_pem)}}}
-
-restrictive_kdc_conf = {
-    'realms': {'$realm' : {
-            'restrict_anonymous_to_tgt': 'true' }}}
-
-# In the basic test, anonymous is not restricted, so kvno should succeed.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-realm.klist('WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS')
-realm.run([kvno, realm.host_princ])
-realm.stop()
-
-# Now try again with anonymous restricted; kvno should fail.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
-                create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-# now try FAST
-realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
-realm.run([kvno, realm.host_princ], expected_code=1)
-
-success('Anonymous PKINIT')
diff --git a/src/tests/t_authpkinit.py b/src/tests/t_pkinit.py
similarity index 93%
rename from src/tests/t_authpkinit.py
rename to src/tests/t_pkinit.py
index ec7be50..e9915eb 100644
--- a/src/tests/t_authpkinit.py
+++ b/src/tests/t_pkinit.py
@@ -73,6 +73,28 @@ realm.klist('user@%s' % realm.realm)
 realm.run([kvno, realm.host_princ])
 realm.stop()
 
+restrictive_kdc_conf = {
+    'realms': {'$realm' : {
+            'restrict_anonymous_to_tgt': 'true' }}}
+
+# Test anonymous PKINIT.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.klist('WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS')
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
+# Now try again with anonymous restricted; kvno should fail.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
+                create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+# now try FAST
+realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
+realm.run([kvno, realm.host_princ], expected_code=1)
+realm.stop()
+
 # Run the basic test - PKINIT with FILE: identity, with no password on the key.
 realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
                 get_creds=False)

More information about the cvs-krb5 mailing list