diff options
| -rw-r--r-- | src/kdc/policy.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdcpolicy/test/main.c | 10 | ||||
| -rw-r--r-- | src/tests/t_kdcpolicy.py | 13 |
3 files changed, 15 insertions, 10 deletions
diff --git a/src/kdc/policy.c b/src/kdc/policy.c index e49644e..26c16f9 100644 --- a/src/kdc/policy.c +++ b/src/kdc/policy.c @@ -222,7 +222,7 @@ load_kdcpolicy_plugins(krb5_context context) if (h->vt.init != NULL) { ret = h->vt.init(context, &h->moddata); if (ret == KRB5_PLUGIN_NO_HANDLE) { - TRACE_KADM5_AUTH_INIT_SKIP(context, h->vt.name); + TRACE_KDCPOLICY_INIT_SKIP(context, h->vt.name); free(h); continue; } diff --git a/src/plugins/kdcpolicy/test/main.c b/src/plugins/kdcpolicy/test/main.c index eb8fde0..86c8089 100644 --- a/src/plugins/kdcpolicy/test/main.c +++ b/src/plugins/kdcpolicy/test/main.c @@ -35,7 +35,7 @@ #include <krb5/kdcpolicy_plugin.h> static krb5_error_code -output_from_indicator(const char *const *auth_indicators, +output_from_indicator(const char *const *auth_indicators, int divisor, krb5_deltat *lifetime_out, krb5_deltat *renew_lifetime_out, const char **status) @@ -46,11 +46,11 @@ output_from_indicator(const char *const *auth_indicators, } if (strcmp(auth_indicators[0], "ONE_HOUR") == 0) { - *lifetime_out = 3600; + *lifetime_out = 3600 / divisor; *renew_lifetime_out = *lifetime_out * 2; return 0; } else if (strcmp(auth_indicators[0], "SEVEN_HOURS") == 0) { - *lifetime_out = 7 * 3600; + *lifetime_out = 7 * 3600 / divisor; *renew_lifetime_out = *lifetime_out * 2; return 0; } @@ -71,7 +71,7 @@ test_check_as(krb5_context context, krb5_kdcpolicy_moddata moddata, *status = "LOCAL_POLICY"; return KRB5KDC_ERR_POLICY; } - return output_from_indicator(auth_indicators, lifetime_out, + return output_from_indicator(auth_indicators, 1, lifetime_out, renew_lifetime_out, status); } @@ -87,7 +87,7 @@ test_check_tgs(krb5_context context, krb5_kdcpolicy_moddata moddata, *status = "LOCAL_POLICY"; return KRB5KDC_ERR_POLICY; } - return output_from_indicator(auth_indicators, lifetime_out, + return output_from_indicator(auth_indicators, 2, lifetime_out, renew_lifetime_out, status); } diff --git a/src/tests/t_kdcpolicy.py b/src/tests/t_kdcpolicy.py index 6a745b9..b5d3084 100644 --- a/src/tests/t_kdcpolicy.py +++ b/src/tests/t_kdcpolicy.py @@ -18,16 +18,21 @@ realm.run([kadminl, 'addprinc', '-pw', password('fail'), 'fail']) def verify_time(out, target_time): times = re.findall(r'\d\d/\d\d/\d\d \d\d:\d\d:\d\d', out) times = [datetime.strptime(t, '%m/%d/%y %H:%M:%S') for t in times] + divisor = 1 while len(times) > 0: starttime = times.pop(0) endtime = times.pop(0) renewtime = times.pop(0) - if str(endtime - starttime) != target_time: + if str((endtime - starttime) * divisor) != target_time: fail('unexpected lifetime value') - if str(renewtime - endtime) != target_time: + if str((renewtime - endtime) * divisor) != target_time: fail('unexpected renewable value') + # Service tickets should have half the lifetime of initial + # tickets. + divisor = 2 + rflags = ['-r', '1d', '-l', '12h'] # Test AS+TGS success path. @@ -35,7 +40,7 @@ realm.kinit(realm.user_princ, password('user'), rflags + ['-X', 'indicators=SEVEN_HOURS']) realm.run([kvno, realm.host_princ]) realm.run(['./adata', realm.host_princ], expected_msg='+97: [SEVEN_HOURS]') -out = realm.run([klist, realm.ccache, '-e']) +out = realm.run([klist, '-e', realm.ccache]) verify_time(out, '7:00:00') # Test AS+TGS success path with different values. @@ -43,7 +48,7 @@ realm.kinit(realm.user_princ, password('user'), rflags + ['-X', 'indicators=ONE_HOUR']) realm.run([kvno, realm.host_princ]) realm.run(['./adata', realm.host_princ], expected_msg='+97: [ONE_HOUR]') -out = realm.run([klist, realm.ccache, '-e']) +out = realm.run([klist, '-e', realm.ccache]) verify_time(out, '1:00:00') # Test TGS failure path (using previous creds). |