diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-08-19 19:09:24 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-08-21 20:52:33 -0400 |
commit | 09acbd91efc6df54e1572285ffc94c6acb3a9113 (patch) | |
tree | d1ed39cf7bc396dbb3907bb9d183d519875fb1cb /src/tests/t_kdcpolicy.py | |
parent | d9e8bdc9858a1dbe135db2d12c70854ef1851ce8 (diff) | |
download | krb5-09acbd91efc6df54e1572285ffc94c6acb3a9113.zip krb5-09acbd91efc6df54e1572285ffc94c6acb3a9113.tar.gz krb5-09acbd91efc6df54e1572285ffc94c6acb3a9113.tar.bz2 |
Fix bugs in kdcpolicy commit
Commit d0969f6a8170344031ef58fd2a161190f1edfb96 added tests using
"klist ccachname -e", which does not work with a POSIX-conformant
getopt() implementation such as the one in Solaris. Fix
t_kdcpolicy.py to use "klist -e ccachename" instead.
The tests could fail if the clock second rolled over between kinit and
kvno. Divide service ticket maximum lifetimes by 2 in the test module
to correctly exercise TGS policy restrictions and ensure that service
tickets are not constrained by the TGT end time.
Also use the correct trace macro when a kdcpolicy module declines to
initialize (my mistake when revising the commit, noted by rharwood).
ticket: 8606
Diffstat (limited to 'src/tests/t_kdcpolicy.py')
-rw-r--r-- | src/tests/t_kdcpolicy.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/tests/t_kdcpolicy.py b/src/tests/t_kdcpolicy.py index 6a745b9..b5d3084 100644 --- a/src/tests/t_kdcpolicy.py +++ b/src/tests/t_kdcpolicy.py @@ -18,16 +18,21 @@ realm.run([kadminl, 'addprinc', '-pw', password('fail'), 'fail']) def verify_time(out, target_time): times = re.findall(r'\d\d/\d\d/\d\d \d\d:\d\d:\d\d', out) times = [datetime.strptime(t, '%m/%d/%y %H:%M:%S') for t in times] + divisor = 1 while len(times) > 0: starttime = times.pop(0) endtime = times.pop(0) renewtime = times.pop(0) - if str(endtime - starttime) != target_time: + if str((endtime - starttime) * divisor) != target_time: fail('unexpected lifetime value') - if str(renewtime - endtime) != target_time: + if str((renewtime - endtime) * divisor) != target_time: fail('unexpected renewable value') + # Service tickets should have half the lifetime of initial + # tickets. + divisor = 2 + rflags = ['-r', '1d', '-l', '12h'] # Test AS+TGS success path. @@ -35,7 +40,7 @@ realm.kinit(realm.user_princ, password('user'), rflags + ['-X', 'indicators=SEVEN_HOURS']) realm.run([kvno, realm.host_princ]) realm.run(['./adata', realm.host_princ], expected_msg='+97: [SEVEN_HOURS]') -out = realm.run([klist, realm.ccache, '-e']) +out = realm.run([klist, '-e', realm.ccache]) verify_time(out, '7:00:00') # Test AS+TGS success path with different values. @@ -43,7 +48,7 @@ realm.kinit(realm.user_princ, password('user'), rflags + ['-X', 'indicators=ONE_HOUR']) realm.run([kvno, realm.host_princ]) realm.run(['./adata', realm.host_princ], expected_msg='+97: [ONE_HOUR]') -out = realm.run([klist, realm.ccache, '-e']) +out = realm.run([klist, '-e', realm.ccache]) verify_time(out, '1:00:00') # Test TGS failure path (using previous creds). |