[28649] in CVS-changelog-for-Kerberos-V5
krb5 commit: Add tests for duplicate detection
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Fri Nov 21 16:09:59 2014
Date: Fri, 21 Nov 2014 16:09:54 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201411212109.sALL9sUS007923@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/66497980e56b9c8bb5c94979d48f32ef69354c85
commit 66497980e56b9c8bb5c94979d48f32ef69354c85
Author: Ben Kaduk <kaduk@mit.edu>
Date: Thu Nov 20 16:41:13 2014 -0500
Add tests for duplicate detection
There's not an easy way to test for infinite loops other than
making the test suite hang, unfortunately.
src/tests/t_salt.py | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py
index e468a21..4302ed2 100755
--- a/src/tests/t_salt.py
+++ b/src/tests/t_salt.py
@@ -35,6 +35,29 @@ for e1, string in salts:
for e2 in second_kstypes:
test_salt(realm, e1, string, e2)
+def test_dup(realm, ks):
+ query = 'ank -e ' + ks + ' -pw password ks_princ'
+ realm.run_kadminl(query)
+ out = realm.run_kadminl('getprinc ks_princ')
+ lines = out.split('\n')
+ keys = [l for l in lines if 'Key: ' in l]
+ uniq = set(keys)
+ # 'Key:' matches 'MKey:' as well so len(keys) has one extra
+ if (len(uniq) != len(keys)) or len(keys) > len(ks.split(',')):
+ fail('Duplicate keysalt detection failed for keysalt ' + ks)
+ realm.run_kadminl('delprinc -force ks_princ')
+
+# All in-tree callers request duplicate suppression from
+# krb5_string_to_keysalts(); we should check that it works, respects
+# aliases, and doesn't result in an infinite loop.
+dup_kstypes = ['arcfour-hmac-md5:normal,rc4-hmac:normal',
+ 'aes256-cts-hmac-sha1-96:normal,aes128-cts,aes256-cts',
+ 'aes256-cts-hmac-sha1-96:normal,aes256-cts:special,' +
+ 'aes256-cts-hmac-sha1-96:normal']
+
+for ks in dup_kstypes:
+ test_dup(realm, ks)
+
# Attempt to create a principal with a non-des enctype and the afs3 salt,
# verifying that the expected error is received and the principal creation
# fails.
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5