rkerberos 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGES +3 -0
- data/MANIFEST +16 -0
- data/README +51 -0
- data/Rakefile +148 -0
- data/ext/rkerberos/ccache.c +250 -0
- data/ext/rkerberos/config.c +312 -0
- data/ext/rkerberos/context.c +77 -0
- data/ext/rkerberos/extconf.rb +14 -0
- data/ext/rkerberos/kadm5.c +991 -0
- data/ext/rkerberos/keytab.c +509 -0
- data/ext/rkerberos/keytab_entry.c +84 -0
- data/ext/rkerberos/policy.c +196 -0
- data/ext/rkerberos/principal.c +263 -0
- data/ext/rkerberos/rkerberos.c +566 -0
- data/ext/rkerberos/rkerberos.h +95 -0
- data/rkerberos.gemspec +28 -0
- data/test/test_config.rb +129 -0
- data/test/test_context.rb +33 -0
- data/test/test_credentials_cache.rb +153 -0
- data/test/test_kadm5.rb +424 -0
- data/test/test_keytab_entry.rb +66 -0
- data/test/test_krb5.rb +198 -0
- data/test/test_krb5_keytab.rb +294 -0
- data/test/test_policy.rb +123 -0
- data/test/test_principal.rb +134 -0
- metadata +155 -0
@@ -0,0 +1,66 @@
|
|
1
|
+
#######################################################################
|
2
|
+
# test_keytab_entry.rb
|
3
|
+
#
|
4
|
+
# Test suite for the Kerberos::Krb5::KeytabEntry class.
|
5
|
+
#######################################################################
|
6
|
+
require 'rubygems'
|
7
|
+
gem 'test-unit'
|
8
|
+
|
9
|
+
require 'test/unit'
|
10
|
+
require 'rkerberos'
|
11
|
+
|
12
|
+
class TC_Krb5_KeytabEntry < Test::Unit::TestCase
|
13
|
+
def setup
|
14
|
+
@kte = Kerberos::Krb5::Keytab::Entry.new
|
15
|
+
end
|
16
|
+
|
17
|
+
test "principal getter basic functionality" do
|
18
|
+
assert_respond_to(@kte, :principal)
|
19
|
+
assert_nothing_raised{ @kte.principal }
|
20
|
+
end
|
21
|
+
|
22
|
+
test "principal setter basic functionality" do
|
23
|
+
assert_respond_to(@kte, :principal)
|
24
|
+
assert_nothing_raised{ @kte.principal = "test" }
|
25
|
+
assert_equal("test", @kte.principal)
|
26
|
+
end
|
27
|
+
|
28
|
+
test "timestamp getter basic functionality" do
|
29
|
+
assert_respond_to(@kte, :timestamp)
|
30
|
+
assert_nothing_raised{ @kte.timestamp }
|
31
|
+
end
|
32
|
+
|
33
|
+
test "timestamp setter basic functionality" do
|
34
|
+
time = Time.now
|
35
|
+
assert_respond_to(@kte, :timestamp=)
|
36
|
+
assert_nothing_raised{ @kte.timestamp = time }
|
37
|
+
assert_equal(time, @kte.timestamp)
|
38
|
+
end
|
39
|
+
|
40
|
+
test "vno getter basic functionality" do
|
41
|
+
assert_respond_to(@kte, :vno)
|
42
|
+
assert_nothing_raised{ @kte.vno }
|
43
|
+
end
|
44
|
+
|
45
|
+
test "vno setter basic functionality" do
|
46
|
+
time = Time.now
|
47
|
+
assert_respond_to(@kte, :vno=)
|
48
|
+
assert_nothing_raised{ @kte.vno = time }
|
49
|
+
assert_equal(time, @kte.vno)
|
50
|
+
end
|
51
|
+
|
52
|
+
test "key getter basic functionality" do
|
53
|
+
assert_respond_to(@kte, :vno)
|
54
|
+
assert_nothing_raised{ @kte.vno }
|
55
|
+
end
|
56
|
+
|
57
|
+
test "key setter basic functionality" do
|
58
|
+
assert_respond_to(@kte, :key=)
|
59
|
+
assert_nothing_raised{ @kte.key = 23 }
|
60
|
+
assert_equal(23, @kte.key)
|
61
|
+
end
|
62
|
+
|
63
|
+
def teardown
|
64
|
+
@kte = nil
|
65
|
+
end
|
66
|
+
end
|
data/test/test_krb5.rb
ADDED
@@ -0,0 +1,198 @@
|
|
1
|
+
########################################################################
|
2
|
+
# test_krb5.rb
|
3
|
+
#
|
4
|
+
# Test suite for the Kerberos::Krb5 class. At the moment, this suite
|
5
|
+
# requires that you export "testuser1" to a local keytab file called
|
6
|
+
# "test.keytab" in the "test" directory for certain tests to pass.
|
7
|
+
########################################################################
|
8
|
+
require 'rubygems'
|
9
|
+
gem 'test-unit'
|
10
|
+
|
11
|
+
require 'open3'
|
12
|
+
require 'test/unit'
|
13
|
+
require 'rkerberos'
|
14
|
+
|
15
|
+
class TC_Krb5 < Test::Unit::TestCase
|
16
|
+
def self.startup
|
17
|
+
@@cache_found = true
|
18
|
+
|
19
|
+
Open3.popen3('klist') do |stdin, stdout, stderr|
|
20
|
+
@@cache_found = false unless stderr.gets.nil?
|
21
|
+
end
|
22
|
+
|
23
|
+
@@krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
|
24
|
+
@@realm = IO.read(@@krb5_conf).grep(/default_realm/).first.split('=').last.lstrip.chomp
|
25
|
+
end
|
26
|
+
|
27
|
+
def setup
|
28
|
+
@krb5 = Kerberos::Krb5.new
|
29
|
+
@keytab = Kerberos::Krb5::Keytab.new.default_name.split(':').last
|
30
|
+
@user = "testuser1@" + @@realm
|
31
|
+
@service = "kadmin/admin"
|
32
|
+
end
|
33
|
+
|
34
|
+
test "version constant" do
|
35
|
+
assert_equal('0.1.0', Kerberos::Krb5::VERSION)
|
36
|
+
end
|
37
|
+
|
38
|
+
test "constructor accepts a block and yields itself" do
|
39
|
+
assert_nothing_raised{ Kerberos::Krb5.new{} }
|
40
|
+
Kerberos::Krb5.new{ |krb5| assert_kind_of(Kerberos::Krb5, krb5) }
|
41
|
+
end
|
42
|
+
|
43
|
+
test "get_default_realm basic functionality" do
|
44
|
+
assert_respond_to(@krb5, :get_default_realm)
|
45
|
+
assert_nothing_raised{ @krb5.get_default_realm }
|
46
|
+
assert_kind_of(String, @krb5.get_default_realm)
|
47
|
+
end
|
48
|
+
|
49
|
+
test "get_default_realm takes no arguments" do
|
50
|
+
assert_raise(ArgumentError){ @krb5.get_default_realm('localhost') }
|
51
|
+
end
|
52
|
+
|
53
|
+
test "get_default_realm matches what we found in the krb5.conf file" do
|
54
|
+
assert_equal(@@realm, @krb5.get_default_realm)
|
55
|
+
end
|
56
|
+
|
57
|
+
test "default_realm is an alias for get_default_realm" do
|
58
|
+
assert_alias_method(@krb5, :default_realm, :get_default_realm)
|
59
|
+
end
|
60
|
+
|
61
|
+
test "set_default_realm basic functionality" do
|
62
|
+
assert_respond_to(@krb5, :set_default_realm)
|
63
|
+
end
|
64
|
+
|
65
|
+
test "set_default_realm with no arguments uses the default realm" do
|
66
|
+
assert_nothing_raised{ @krb5.set_default_realm }
|
67
|
+
assert_equal(@@realm, @krb5.get_default_realm)
|
68
|
+
end
|
69
|
+
|
70
|
+
test "set_default_realm with an argument sets the default realm as expected" do
|
71
|
+
assert_nothing_raised{ @krb5.set_default_realm('TEST.REALM') }
|
72
|
+
assert_equal('TEST.REALM', @krb5.get_default_realm)
|
73
|
+
end
|
74
|
+
|
75
|
+
test "argument to set_default_realm must be a string" do
|
76
|
+
assert_raise(TypeError){ @krb5.set_default_realm(1) }
|
77
|
+
end
|
78
|
+
|
79
|
+
test "set_default_realm accepts a maximum of one argument" do
|
80
|
+
assert_raise(ArgumentError){ @krb5.set_default_realm('FOO', 'BAR') }
|
81
|
+
end
|
82
|
+
|
83
|
+
test "get_init_creds_password basic functionality" do
|
84
|
+
assert_respond_to(@krb5, :get_init_creds_password)
|
85
|
+
end
|
86
|
+
|
87
|
+
test "get_init_creds_password requires two arguments" do
|
88
|
+
assert_raise(ArgumentError){ @krb5.get_init_creds_password }
|
89
|
+
assert_raise(ArgumentError){ @krb5.get_init_creds_password('test') }
|
90
|
+
end
|
91
|
+
|
92
|
+
test "get_init_creds_password requires string arguments" do
|
93
|
+
assert_raise(TypeError){ @krb5.get_init_creds_password(1, 2) }
|
94
|
+
assert_raise(TypeError){ @krb5.get_init_creds_password('test', 1) }
|
95
|
+
end
|
96
|
+
|
97
|
+
test "calling get_init_creds_password after closing the object raises an error" do
|
98
|
+
@krb5.close
|
99
|
+
assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_password('foo', 'xxx') }
|
100
|
+
end
|
101
|
+
|
102
|
+
test "calling get_init_creds_password after closing the object raises a specific error message" do
|
103
|
+
@krb5.close
|
104
|
+
assert_raise_message('no context has been established'){ @krb5.get_init_creds_password('foo', 'xxx') }
|
105
|
+
end
|
106
|
+
|
107
|
+
test "get_init_creds_keytab basic functionality" do
|
108
|
+
assert_respond_to(@krb5, :get_init_creds_keytab)
|
109
|
+
end
|
110
|
+
|
111
|
+
test "get_init_creds_keytab uses a default keytab if no keytab file is specified" do
|
112
|
+
omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
|
113
|
+
assert_nothing_raised{ @krb5.get_init_creds_keytab(@user) }
|
114
|
+
end
|
115
|
+
|
116
|
+
test "get_init_creds_keytab accepts a keytab" do
|
117
|
+
omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
|
118
|
+
assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab) }
|
119
|
+
end
|
120
|
+
|
121
|
+
# This test will probably fail (since it defaults to "host") so I've commented it out for now.
|
122
|
+
#test "get_init_creds_keytab uses default service principal if no arguments are provided" do
|
123
|
+
# omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
|
124
|
+
# assert_nothing_raised{ @krb5.get_init_creds_keytab }
|
125
|
+
#end
|
126
|
+
|
127
|
+
test "get_init_creds_keytab accepts a service name" do
|
128
|
+
omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
|
129
|
+
assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service) }
|
130
|
+
end
|
131
|
+
|
132
|
+
test "get_init_creds_keytab requires string arguments" do
|
133
|
+
assert_raise(TypeError){ @krb5.get_init_creds_keytab(1) }
|
134
|
+
assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, 1) }
|
135
|
+
assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, @keytab, 1) }
|
136
|
+
end
|
137
|
+
|
138
|
+
test "calling get_init_creds_keytab after closing the object raises an error" do
|
139
|
+
@krb5.close
|
140
|
+
assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_keytab(@user, @keytab) }
|
141
|
+
end
|
142
|
+
|
143
|
+
test "change_password basic functionality" do
|
144
|
+
assert_respond_to(@krb5, :change_password)
|
145
|
+
end
|
146
|
+
|
147
|
+
test "change_password requires two arguments" do
|
148
|
+
assert_raise(ArgumentError){ @krb5.change_password }
|
149
|
+
assert_raise(ArgumentError){ @krb5.change_password('XXXXXXXX') }
|
150
|
+
end
|
151
|
+
|
152
|
+
test "change_password requires two strings" do
|
153
|
+
assert_raise(TypeError){ @krb5.change_password(1, 'XXXXXXXX') }
|
154
|
+
assert_raise(TypeError){ @krb5.change_password('XXXXXXXX', 1) }
|
155
|
+
end
|
156
|
+
|
157
|
+
test "change_password fails if there is no context or principal" do
|
158
|
+
assert_raise(Kerberos::Krb5::Exception){ @krb5.change_password("XXX", "YYY") }
|
159
|
+
assert_raise_message('no principal has been established'){ @krb5.change_password("XXX", "YYY") }
|
160
|
+
end
|
161
|
+
|
162
|
+
test "get_default_principal basic functionality" do
|
163
|
+
assert_respond_to(@krb5, :get_default_principal)
|
164
|
+
end
|
165
|
+
|
166
|
+
test "get_default_principal returns a string if cache found" do
|
167
|
+
omit_unless(@@cache_found, "No credentials cache found, skipping")
|
168
|
+
assert_nothing_raised{ @krb5.get_default_principal }
|
169
|
+
assert_kind_of(String, @krb5.get_default_principal)
|
170
|
+
end
|
171
|
+
|
172
|
+
test "get_default_principal raises an error if no cache is found" do
|
173
|
+
omit_if(@@cache_found, "Credential cache found, skipping")
|
174
|
+
assert_raise(Kerberos::Krb5::Exception){ @krb5.get_default_principal }
|
175
|
+
end
|
176
|
+
|
177
|
+
test "get_permitted_enctypes basic functionality" do
|
178
|
+
assert_respond_to(@krb5, :get_permitted_enctypes)
|
179
|
+
assert_nothing_raised{ @krb5.get_permitted_enctypes }
|
180
|
+
assert_kind_of(Hash, @krb5.get_permitted_enctypes)
|
181
|
+
end
|
182
|
+
|
183
|
+
test "get_permitted_enctypes returns expected results" do
|
184
|
+
hash = @krb5.get_permitted_enctypes
|
185
|
+
assert_kind_of(Fixnum, hash.keys.first)
|
186
|
+
assert_kind_of(String, hash.values.first)
|
187
|
+
assert_true(hash.values.first.size > 0)
|
188
|
+
end
|
189
|
+
|
190
|
+
def teardown
|
191
|
+
@krb5.close
|
192
|
+
@krb5 = nil
|
193
|
+
end
|
194
|
+
|
195
|
+
def self.shutdown
|
196
|
+
@@cache_found = nil
|
197
|
+
end
|
198
|
+
end
|
@@ -0,0 +1,294 @@
|
|
1
|
+
########################################################################
|
2
|
+
# test_krb5_keytab.rb
|
3
|
+
#
|
4
|
+
# Test suite for the Kerberos::Krb5::Keytab class.
|
5
|
+
#
|
6
|
+
# At the moment this test suite assumes that there are two or more
|
7
|
+
# principals in the keytab. Temporary keytab creation is handled using
|
8
|
+
# pty + expect.
|
9
|
+
########################################################################
|
10
|
+
require 'rubygems'
|
11
|
+
gem 'test-unit'
|
12
|
+
|
13
|
+
require 'tmpdir'
|
14
|
+
require 'fileutils'
|
15
|
+
require 'test/unit'
|
16
|
+
require 'rkerberos'
|
17
|
+
require 'pty'
|
18
|
+
require 'expect'
|
19
|
+
|
20
|
+
class TC_Krb5_Keytab < Test::Unit::TestCase
|
21
|
+
def self.startup
|
22
|
+
file = Dir.tmpdir + "/test.keytab"
|
23
|
+
|
24
|
+
PTY.spawn('kadmin.local') do |reader, writer, pid|
|
25
|
+
reader.gets
|
26
|
+
reader.expect(/local:\s+/)
|
27
|
+
|
28
|
+
writer.puts("ktadd -k #{file} testuser1")
|
29
|
+
reader.expect(/local:\s+/)
|
30
|
+
|
31
|
+
writer.puts("ktadd -k #{file} testuser2")
|
32
|
+
reader.expect(/local:\s+/)
|
33
|
+
end
|
34
|
+
|
35
|
+
@@key_file = "FILE:" + file
|
36
|
+
@@home_dir = ENV['HOME'] || ENV['USER_PROFILE']
|
37
|
+
end
|
38
|
+
|
39
|
+
def setup
|
40
|
+
@keytab = Kerberos::Krb5::Keytab.new
|
41
|
+
@realm = Kerberos::Kadm5::Config.new.realm
|
42
|
+
@entry = nil
|
43
|
+
@name = nil
|
44
|
+
end
|
45
|
+
|
46
|
+
test "constructor takes an optional name" do
|
47
|
+
assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/usr/local/var/keytab") }
|
48
|
+
assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/bogus/keytab") }
|
49
|
+
end
|
50
|
+
|
51
|
+
test "using an invalid residual type causes an error" do
|
52
|
+
omit("Invalid residual type test skipped for now")
|
53
|
+
assert_raise(Kerberos::Krb5::Keytab::Exception){
|
54
|
+
@keytab = Kerberos::Krb5::Keytab.new("BOGUS:/bogus/keytab")
|
55
|
+
}
|
56
|
+
end
|
57
|
+
|
58
|
+
test "keytab name passed to constructor must be a string" do
|
59
|
+
assert_raise(TypeError){ Kerberos::Krb5::Keytab.new(1) }
|
60
|
+
end
|
61
|
+
|
62
|
+
test "name basic functionality" do
|
63
|
+
assert_respond_to(@keytab, :name)
|
64
|
+
assert_kind_of(String, @keytab.name)
|
65
|
+
end
|
66
|
+
|
67
|
+
test "name is set to default name if no argument is passed to constructor" do
|
68
|
+
assert_equal(@keytab.name, @keytab.default_name)
|
69
|
+
end
|
70
|
+
|
71
|
+
test "name is set to value passed to constructor" do
|
72
|
+
temp = "FILE:" + Dir.tmpdir + "/test.keytab"
|
73
|
+
@keytab = Kerberos::Krb5::Keytab.new(temp)
|
74
|
+
assert_equal(@keytab.name, temp)
|
75
|
+
end
|
76
|
+
|
77
|
+
test "default_name basic functionality" do
|
78
|
+
assert_respond_to(@keytab, :default_name)
|
79
|
+
assert_nothing_raised{ @keytab.default_name }
|
80
|
+
assert_kind_of(String, @keytab.default_name)
|
81
|
+
end
|
82
|
+
|
83
|
+
test "close basic functionality" do
|
84
|
+
assert_respond_to(@keytab, :close)
|
85
|
+
assert_nothing_raised{ @keytab.close }
|
86
|
+
assert_boolean(@keytab.close)
|
87
|
+
end
|
88
|
+
|
89
|
+
test "each basic functionality" do
|
90
|
+
assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
|
91
|
+
assert_respond_to(@keytab, :each)
|
92
|
+
assert_nothing_raised{ @keytab.each{} }
|
93
|
+
end
|
94
|
+
|
95
|
+
test "each method yields a keytab entry object" do
|
96
|
+
array = []
|
97
|
+
assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
|
98
|
+
assert_nothing_raised{ @keytab.each{ |entry| array << entry } }
|
99
|
+
assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
|
100
|
+
assert_true(array.size >= 1)
|
101
|
+
end
|
102
|
+
|
103
|
+
test "get_entry basic functionality" do
|
104
|
+
assert_respond_to(@keytab, :get_entry)
|
105
|
+
end
|
106
|
+
|
107
|
+
test "get_entry returns an entry if found in the keytab" do
|
108
|
+
@user = "testuser1@" + @realm
|
109
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
110
|
+
assert_nothing_raised{ @entry = @keytab.get_entry(@user) }
|
111
|
+
assert_kind_of(Kerberos::Krb5::Keytab::Entry, @entry)
|
112
|
+
end
|
113
|
+
|
114
|
+
test "get_entry raises an error if no entry is found" do
|
115
|
+
@user = "bogus_user@" + @realm
|
116
|
+
assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
|
117
|
+
assert_raise(Kerberos::Krb5::Exception){ @keytab.get_entry(@user) }
|
118
|
+
end
|
119
|
+
|
120
|
+
test "find is an alias for get_entry" do
|
121
|
+
assert_respond_to(@keytab, :find)
|
122
|
+
assert_alias_method(@keytab, :find, :get_entry)
|
123
|
+
end
|
124
|
+
|
125
|
+
test "foreach singleton method basic functionality" do
|
126
|
+
assert_respond_to(Kerberos::Krb5::Keytab, :foreach)
|
127
|
+
assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){} }
|
128
|
+
end
|
129
|
+
|
130
|
+
test "foreach singleton method yields keytab entry objects" do
|
131
|
+
array = []
|
132
|
+
assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){ |entry| array << entry } }
|
133
|
+
assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
|
134
|
+
assert_true(array.size >= 1)
|
135
|
+
end
|
136
|
+
|
137
|
+
=begin
|
138
|
+
# These tests skipped until further notice.
|
139
|
+
|
140
|
+
test "add_entry basic functionality" do
|
141
|
+
assert_respond_to(@keytab, :add_entry)
|
142
|
+
end
|
143
|
+
|
144
|
+
test "add_entry can add a valid principal" do
|
145
|
+
@user = "testuser2@" + @realm
|
146
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
147
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
148
|
+
end
|
149
|
+
|
150
|
+
test "add_entry accepts a vno" do
|
151
|
+
@user = "testuser2@" + @realm
|
152
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
153
|
+
assert_nothing_raised{ @keytab.add_entry(@user, 1) }
|
154
|
+
end
|
155
|
+
|
156
|
+
test "add_entry accepts a encoding type" do
|
157
|
+
@user = "testuser2@" + @realm
|
158
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
159
|
+
enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
|
160
|
+
assert_nothing_raised{ @keytab.add_entry(@user, 1, enctype) }
|
161
|
+
end
|
162
|
+
|
163
|
+
test "add_entry requires at least one argument" do
|
164
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
165
|
+
assert_raise(ArgumentError){ @keytab.add_entry }
|
166
|
+
end
|
167
|
+
|
168
|
+
test "first argument add_entry must be a string" do
|
169
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
170
|
+
assert_raise(TypeError){ @keytab.add_entry(1) }
|
171
|
+
end
|
172
|
+
|
173
|
+
test "second argument to add_entry must be a number" do
|
174
|
+
@user = "testuser2@" + @realm
|
175
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
176
|
+
assert_raise(TypeError){ @keytab.add_entry(@user, "test") }
|
177
|
+
end
|
178
|
+
|
179
|
+
test "third argument to add_entry must be a number" do
|
180
|
+
@user = "testuser2@" + @realm
|
181
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
182
|
+
assert_raise(TypeError){ @keytab.add_entry(@user, 0, "test") }
|
183
|
+
end
|
184
|
+
|
185
|
+
test "add_entry accepts a maximum of three arguments" do
|
186
|
+
@user = "testuser2@" + @realm
|
187
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
188
|
+
assert_raise(ArgumentError){ @keytab.add_entry(@user, 0, 0, 0) }
|
189
|
+
end
|
190
|
+
|
191
|
+
test "add_entry does not fail if an bogus user is added" do
|
192
|
+
@user = "bogususer@" + @realm
|
193
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
194
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
195
|
+
end
|
196
|
+
|
197
|
+
test "add_entry can be called multiple times" do
|
198
|
+
@user = "bogususer@" + @realm
|
199
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
200
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
201
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
202
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
203
|
+
end
|
204
|
+
|
205
|
+
test "remove_entry basic functionality" do
|
206
|
+
assert_respond_to(@keytab, :remove_entry)
|
207
|
+
end
|
208
|
+
|
209
|
+
test "remove_entry can add a valid principal" do
|
210
|
+
@user = "testuser2@" + @realm
|
211
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
212
|
+
@keytab.add_entry(@user)
|
213
|
+
|
214
|
+
assert_nothing_raised{ @keytab.remove_entry(@user) }
|
215
|
+
end
|
216
|
+
|
217
|
+
test "remove_entry accepts a vno" do
|
218
|
+
@user = "testuser2@" + @realm
|
219
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
220
|
+
@keytab.add_entry(@user, 1)
|
221
|
+
assert_nothing_raised{ @keytab.remove_entry(@user, 1) }
|
222
|
+
end
|
223
|
+
|
224
|
+
test "remove_entry accepts a encoding type" do
|
225
|
+
@user = "testuser2@" + @realm
|
226
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
227
|
+
enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
|
228
|
+
@keytab.add_entry(@user, 1, enctype)
|
229
|
+
assert_nothing_raised{ @keytab.remove_entry(@user, 1, enctype) }
|
230
|
+
end
|
231
|
+
|
232
|
+
test "remove_entry requires at least one argument" do
|
233
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
234
|
+
assert_raise(ArgumentError){ @keytab.remove_entry }
|
235
|
+
end
|
236
|
+
|
237
|
+
test "first argument remove_entry must be a string" do
|
238
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
239
|
+
assert_raise(TypeError){ @keytab.remove_entry(1) }
|
240
|
+
end
|
241
|
+
|
242
|
+
test "second argument to remove_entry must be a number" do
|
243
|
+
@user = "testuser2@" + @realm
|
244
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
245
|
+
assert_raise(TypeError){ @keytab.remove_entry(@user, "test") }
|
246
|
+
end
|
247
|
+
|
248
|
+
test "third argument to remove_entry must be a number" do
|
249
|
+
@user = "testuser2@" + @realm
|
250
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
251
|
+
assert_raise(TypeError){ @keytab.remove_entry(@user, 0, "test") }
|
252
|
+
end
|
253
|
+
|
254
|
+
test "remove_entry accepts a maximum of three arguments" do
|
255
|
+
@user = "testuser2@" + @realm
|
256
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
257
|
+
assert_raise(ArgumentError){ @keytab.remove_entry(@user, 0, 0, 0) }
|
258
|
+
end
|
259
|
+
|
260
|
+
test "remove_entry does not fail if an bogus user is removed" do
|
261
|
+
@user = "bogususer@" + @realm
|
262
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
263
|
+
assert_nothing_raised{ @keytab.remove_entry(@user) }
|
264
|
+
end
|
265
|
+
|
266
|
+
test "remove_entry can be called multiple times" do
|
267
|
+
@user = "testuser1@" + @realm
|
268
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
269
|
+
@keytab.add_entry(@user)
|
270
|
+
assert_nothing_raised{ @keytab.remove_entry(@user) }
|
271
|
+
assert_nothing_raised{ @keytab.remove_entry(@user) }
|
272
|
+
end
|
273
|
+
|
274
|
+
test "a principal can be added and removed" do
|
275
|
+
@user = "testuser1@" + @realm
|
276
|
+
@keytab = Kerberos::Krb5::Keytab.new(@@key_file)
|
277
|
+
assert_nothing_raised{ @keytab.add_entry(@user) }
|
278
|
+
assert_nothing_raised{ @keytab.remove_entry(@user) }
|
279
|
+
end
|
280
|
+
=end
|
281
|
+
|
282
|
+
def teardown
|
283
|
+
@keytab.close if @keytab
|
284
|
+
@keytab = nil
|
285
|
+
@entry = nil
|
286
|
+
@realm = nil
|
287
|
+
end
|
288
|
+
|
289
|
+
def self.shutdown
|
290
|
+
File.delete(@@key_file) if File.exists?(@@key_file)
|
291
|
+
@@key_file = nil
|
292
|
+
@@home_dir = nil
|
293
|
+
end
|
294
|
+
end
|