tests: check PAC client name in the non-canon case

and fixed the existing test to match the actual behavior,
I think it used to fail just because it used enterprise name
style without specifying it.
This commit is contained in:
Isaac Boukris
2021-09-23 14:51:19 +03:00
committed by Luke Howard
parent fe71574be3
commit d0e6ab43bc

View File

@@ -58,10 +58,13 @@ kinit="${kinit} -c $cache ${afs_no_afslog}"
klist="${klist} -c $cache"
kgetcred="${kgetcred} -c $cache"
kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
keytabfile=${objdir}/server.keytab
keytab="FILE:${keytabfile}"
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
rm -f ${keytabfile}
rm -f current-db*
rm -f out-*
rm -f mkey.file*
@@ -93,6 +96,8 @@ ${kadmin} add -p foo --use-defaults 'baz\@realm.foo@'${R} || exit 1
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
${kadmin} ext -k ${keytab} krbtgt/${R}@${R} || exit 1
echo "Doing database check"
${kadmin} check ${R} || exit 1
${kadmin} check ${R2} || exit 1
@@ -143,6 +148,9 @@ ${kinit} --canonicalize --enterprise \
echo "checking that we got back right principal"
${klist} | grep "Principal: foo@${R}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we got back right principal inside the PAC"
${test_ap_req} krbtgt/${R}@${R} ${keytab} ${cache} || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Getting client alias1 tickets"; > messages.log
@@ -152,6 +160,9 @@ ${kinit} --canonicalize --enterprise \
echo "checking that we got back right principal"
${klist} | grep "Principal: foo@${R}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we got back right principal inside the PAC"
${test_ap_req} krbtgt/${R}@${R} ${keytab} ${cache} || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
@@ -162,11 +173,19 @@ ${kinit} --canonicalize --enterprise \
echo "checking that we got back right principal"
${klist} | grep "Principal: foo@${R}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we got back right principal inside the PAC"
${test_ap_req} krbtgt/${R}@${R} ${keytab} ${cache} || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Getting client alias1 tickets (non canon case)"; > messages.log
${kinit} --password-file=${objdir}/foopassword \
alias1@${R}@${R} > /dev/null 2>/dev/null && \
${kinit} --password-file=${objdir}/foopassword alias1@${R} || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we got back right principal"
${klist} | grep "Principal: alias1@${R}" > /dev/null || \
{ ec=1 ; eval "${testfailed}"; }
echo "checking that we got back right principal inside the PAC"
${test_ap_req} krbtgt/${R}@${R} ${keytab} ${cache} || \
{ ec=1 ; eval "${testfailed}"; }
echo "Getting client alias2 tickets (removed)"; > messages.log