support keytab testing (and use it)

2011-11-22 10:59:31 -08:00
parent f2319c2458
commit 72e88209f8
5 changed files with 45 additions and 11 deletions
--- a/kdc/kdc-tester.c
+++ b/kdc/kdc-tester.c
@@ -79,9 +79,10 @@ send_to_kdc(krb5_context c, void *ptr, krb5_krbhst_info *hi, time_t timeout,
 static void
 eval_kinit(heim_dict_t o)
 {
-    heim_string_t user, password;
+    heim_string_t user, password, keytab;
    krb5_init_creds_context ctx;
    krb5_principal client;
    krb5_keytab kt = NULL;
    krb5_error_code ret;
    if (ptop)
@@ -90,9 +91,11 @@ eval_kinit(heim_dict_t o)
    user = heim_dict_get_value(o, HSTR("client"));
    if (user == NULL)
 	krb5_errx(kdc_context, 1, "no client");
    password = heim_dict_get_value(o, HSTR("password"));
-    if (password == NULL)
+    keytab = heim_dict_get_value(o, HSTR("keytab"));
-	krb5_errx(kdc_context, 1, "no password");
+    if (password == NULL && keytab == NULL)
 	krb5_errx(kdc_context, 1, "no password nor keytab");
    ret = krb5_parse_name(kdc_context, heim_string_get_utf8(user), &client);
    if (ret)
@@ -102,11 +105,21 @@ eval_kinit(heim_dict_t o)
    if (ret)
 	krb5_err(kdc_context, 1, ret, "krb5_init_creds_init");
-    ret = krb5_init_creds_set_password(kdc_context, ctx, 
+    if (password) {
-				       heim_string_get_utf8(password));
+	ret = krb5_init_creds_set_password(kdc_context, ctx, 
-    if (ret)
+					   heim_string_get_utf8(password));
-	krb5_err(kdc_context, 1, ret, "krb5_init_creds_set_password");
+	if (ret)
 	    krb5_err(kdc_context, 1, ret, "krb5_init_creds_set_password");
    }
    if (keytab) {
 	ret = krb5_kt_resolve(kdc_context, heim_string_get_utf8(keytab), &kt);
 	if (ret)
 	    krb5_err(kdc_context, 1, ret, "krb5_kt_resolve");
 	ret = krb5_init_creds_set_keytab(kdc_context, ctx, kt);
 	if (ret)
 	    krb5_err(kdc_context, 1, ret, "krb5_init_creds_set_keytab");
    }
    ret = krb5_init_creds_get(kdc_context, ctx);
    if (ret)
@@ -114,6 +127,8 @@ eval_kinit(heim_dict_t o)
    krb5_init_creds_free(kdc_context, ctx);
    if (kt)
 	krb5_kt_close(kdc_context, kt);
 #if 0
    printf("kinit success %s\n", heim_string_get_utf8(user));
 #endif
--- a/tests/kdc/Makefile.am
+++ b/tests/kdc/Makefile.am
@@ -259,6 +259,8 @@ EXTRA_DIST = \
 	donotexists.txt \
 	heimdal.acl \
 	iprop-acl \
 	kdc-tester1.json \
 	kdc-tester2.json \
 	krb5-pkinit.conf.in \
 	krb5.conf.in \
 	krb5-canon.conf.in \
--- a/tests/kdc/check-tester.in
+++ b/tests/kdc/check-tester.in
@@ -48,6 +48,9 @@ ${have_db} || exit 77
 R=TEST.H5L.SE
 keytabfile=${objdir}/server.keytab
 keytab="FILE:${keytabfile}"
 kadmin="${kadmin} -l -r $R"
 server=host/datan.test.h5l.se
@@ -68,11 +71,13 @@ ${kadmin} \
    ${R} || exit 1
 ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
 ${kadmin} ext -k ${keytab} foo@${R} || exit 1
-echo "Doing database check"
+echo "password"
 ${kadmin} check ${R} || exit 1
 ${kdc_tester} ${srcdir}/kdc-tester1.json || exit 1
 echo "keytab"
 ${kdc_tester} ${srcdir}/kdc-tester2.json || exit 1
 exit $ec
--- a/tests/kdc/kdc-tester1.json
+++ b/tests/kdc/kdc-tester1.json
@@ -1,7 +1,7 @@
 [
 	{
 	"op" : "repeat",
-	"num" : 100,
+	"num" : 333,
 	"value" : {
 		"op" : "kinit",
 		"client" : "foo@TEST.H5L.SE",
--- a/tests/kdc/kdc-tester2.json
+++ b/tests/kdc/kdc-tester2.json
@@ -0,0 +1,12 @@
 [
 	{
 	"op" : "repeat",
 	"num" : 333,
 	"value" : {
 		"op" : "kinit",
 		"client" : "foo@TEST.H5L.SE",
 		"keytab" : "FILE:server.keytab"
 		}
 	}
 ]