File: t_get_etype_info.py

package info (click to toggle)
krb5 1.17-6
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 55,116 kB
  • sloc: ansic: 303,225; exp: 13,198; cpp: 9,731; python: 8,927; makefile: 7,178; sh: 6,279; perl: 2,289; asm: 1,460; yacc: 1,005; awk: 396; csh: 147; xml: 135; lisp: 104; sed: 41
file content (63 lines) | stat: -rw-r--r-- 2,982 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
from k5test import *

conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
realm = K5Realm(create_host=False, krb5_conf=conf)

realm.run([kadminl, 'ank', '-pw', 'pw', '+preauth', 'puser'])
realm.run([kadminl, 'ank', '-nokey', 'nokey'])
realm.run([kadminl, 'ank', '-nokey', '+preauth', 'pnokey'])
realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
           'pexp'])
realm.run([kadminl, 'ank', '-e', 'des3-cbc-sha1:afs3', '-pw', 'pw', 'afs'])
realm.run([kadminl, 'ank', '-e', 'des3-cbc-sha1:afs3', '-pw', 'pw', '+preauth',
           'pafs'])

# Extract the explicit salt values from the database.
out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])
salt_dict = {f[0]: f[5] for f in [l.split('\t') for l in out.splitlines()]}
exp_salt = bytes.fromhex(salt_dict['exp@KRBTEST.COM']).decode('ascii')
pexp_salt = bytes.fromhex(salt_dict['pexp@KRBTEST.COM']).decode('ascii')

# Test an error reply (other than PREAUTH_REQUIRED).
out = realm.run(['./t_get_etype_info', 'notfound'], expected_code=1,
                expected_msg='Client not found in Kerberos database')

# Test with default salt and no specific options, with and without
# preauth.  (Our KDC always sends an explicit salt, so unfortunately
# we aren't really testing client handling of the default salt.)
realm.run(['./t_get_etype_info', 'user'],
          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
realm.run(['./t_get_etype_info', 'puser'],
          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')

# Test with a specified request enctype.
msg = 'etype: aes128-cts\nsalt: KRBTEST.COMuser\n'
realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'user'],
          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMuser\n')
realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'puser'],
          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMpuser\n')

# Test with FAST.
msg = 'etype: aes256-cts\nsalt: KRBTEST.COMuser\n'
realm.run(['./t_get_etype_info', '-T', realm.ccache, 'user'],
          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
realm.run(['./t_get_etype_info', '-T', realm.ccache, 'puser'],
          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')

# Test with no available etype-info.
realm.run(['./t_get_etype_info', 'nokey'], expected_code=1,
          expected_msg='KDC has no support for encryption type')
realm.run(['./t_get_etype_info', 'pnokey'], expected_msg='no etype-info')

# Test with explicit salt.
realm.run(['./t_get_etype_info', 'exp'],
          expected_msg='etype: aes256-cts\nsalt: ' + exp_salt + '\n')
realm.run(['./t_get_etype_info', 'pexp'],
          expected_msg='etype: aes256-cts\nsalt: ' + pexp_salt + '\n')

msg = 'etype: des3-cbc-sha1\nsalt: KRBTEST.COM'
realm.run(['./t_get_etype_info', 'afs'], expected_msg=msg)
realm.run(['./t_get_etype_info', 'pafs'], expected_msg=msg)

success('krb5_get_etype_info() tests')