diff options
| author | Greg Hudson <ghudson@mit.edu> | 2017-01-18 11:22:58 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2017-01-19 18:16:56 -0500 |
| commit | d406afa363554097ac48646a29249c04f498c88e (patch) | |
| tree | 1d0aca608941aa92afa33759ac021682dd157738 /src/tests/gssapi/t_s4u.py | |
| parent | 7b7e5d964e5d020fdda3fb9843d9b8cf8b29a6f8 (diff) | |
| download | krb5-d406afa363554097ac48646a29249c04f498c88e.zip krb5-d406afa363554097ac48646a29249c04f498c88e.tar.gz krb5-d406afa363554097ac48646a29249c04f498c88e.tar.bz2 | |
Use expected_msg in test scripts
Diffstat (limited to 'src/tests/gssapi/t_s4u.py')
| -rwxr-xr-x | src/tests/gssapi/t_s4u.py | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py index 7366e39..e4cd684 100755 --- a/src/tests/gssapi/t_s4u.py +++ b/src/tests/gssapi/t_s4u.py @@ -42,10 +42,8 @@ if ('auth1: ' + realm.user_princ not in output or # result in no delegated credential being created by # accept_sec_context. realm.kinit(realm.user_princ, password('user'), ['-c', usercache]) -output = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, pservice1, - pservice1, pservice2]) -if 'no credential delegated' not in output: - fail('krb5 -> no delegated cred') +realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, pservice1, + pservice1, pservice2], expected_msg='no credential delegated') # Try S4U2Self. Ask for an S4U2Proxy step; this won't happen because # service/1 isn't allowed to get a forwardable S4U2Self ticket. @@ -61,17 +59,15 @@ if ('Warning: no delegated cred handle' not in output or # Correct that problem and try again. As above, the S4U2Proxy step # won't actually succeed since we don't support that in DB2. realm.run([kadminl, 'modprinc', '+ok_to_auth_as_delegate', service1]) -output = realm.run(['./t_s4u', puser, pservice2], expected_code=1) -if 'NOT_ALLOWED_TO_DELEGATE' not in output: - fail('s4u2self') +realm.run(['./t_s4u', puser, pservice2], expected_code=1, + expected_msg='NOT_ALLOWED_TO_DELEGATE') # Again with SPNEGO. This uses SPNEGO for the initial authentication, # but still uses krb5 for S4U2Proxy--the delegated cred is returned as # a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred # directly rather than saving and reacquiring it. -output = realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1) -if 'NOT_ALLOWED_TO_DELEGATE' not in output: - fail('s4u2self') +realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1, + expected_msg='NOT_ALLOWED_TO_DELEGATE') realm.stop() @@ -148,9 +144,8 @@ realm.stop() # fail, but we can check that the right server principal was used. r1, r2 = cross_realms(2, create_user=False) r1.run([kinit, '-k', r1.host_princ]) -out = r1.run(['./t_s4u', 'p:' + r2.host_princ], expected_code=1) -if 'Server not found in Kerberos database' not in out: - fail('cross-realm s4u2self (t_s4u output)') +r1.run(['./t_s4u', 'p:' + r2.host_princ], expected_code=1, + expected_msg='Server not found in Kerberos database') r1.stop() r2.stop() with open(os.path.join(r2.testdir, 'kdc.log')) as f: |