From 8f92cc94b4ead9758de70907139fe4813c10351e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 24 Jul 2008 20:03:13 +0000 Subject: [PATCH] Build a service without aes, build context and see that we still got an aes session key thanks to EtypeList. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23382 ec53bebd-3082-4978-b11e-865c3cabbd6b --- tests/gss/check-context.in | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index a19d5b7d3..3bce1a1fd 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -80,10 +80,20 @@ ${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1 ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1 ${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1 ${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1 + ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1 ${kadmin} add -p u1 --use-defaults user1@${R} || exit 1 +# Create a server principal with no AES +${kadmin} add -p p1 --use-defaults host/no-aes.test.h5l.se@${R} || exit 1 +${kadmin} get host/no-aes.test.h5l.se@${R} > tempfile || exit 1 +${kadmin} del_enctype host/no-aes.test.h5l.se@${R} \ + aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 || exit 1 +${kadmin} ext -k ${keytab} host/no-aes.test.h5l.se@${R} || exit 1 +echo "E: ${enctype_sans_aes}" + + echo "Doing database check" ${kadmin} check ${R} || exit 1 @@ -216,6 +226,19 @@ rm ${keytabfile}.new # { exitcode=1 ; echo "test failed"; } +# this will break when oneone invents a cooler enctype then aes256-cts-hmac-sha1-96 +coolenctype="aes256-cts-hmac-sha1-96" + +echo "Getting client initial tickets" +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { echo "kinit failed"; exitcode=1; } + +echo "Building context on cred w/o aes, but still aes session key" +${context} --mech-type=${mech} \ + --session-enctype=${coolenctype} \ + --name-type=hostbased-service host@no-aes.test.h5l.se || \ + { exitcode=1 ; echo "test failed"; } + trap "" EXIT echo "killing kdc (${kdcpid})"