diff options
| author | Russ Allbery <eagle@eyrie.org> | 2016-01-03 21:25:40 -0800 | 
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2016-01-03 21:25:40 -0800 | 
| commit | 423792510f017d36580eb6d96342f6d09433a078 (patch) | |
| tree | 07bc3c83e698e52ed2ecc4c2d862b52da59ffe0f | |
| parent | 4eceb97d077503e1022b9bcdc703398cace78ff3 (diff) | |
Fix t/object/keytab.t MIT enctype recognition
New versions of MIT now use the actual enctype in klist -ke output.
Also add 128-bit AES.
Also add some additional debugging that was useful when chasing
another problem.
| -rwxr-xr-x | perl/t/object/keytab.t | 26 | 
1 files changed, 20 insertions, 6 deletions
| diff --git a/perl/t/object/keytab.t b/perl/t/object/keytab.t index 69db438..111b7d0 100755 --- a/perl/t/object/keytab.t +++ b/perl/t/object/keytab.t @@ -12,7 +12,7 @@ use strict;  use warnings;  use POSIX qw(strftime); -use Test::More tests => 141; +use Test::More tests => 142;  BEGIN { $Wallet::Config::KEYTAB_TMP = '.' } @@ -25,15 +25,28 @@ use Wallet::Object::Keytab;  use lib 't/lib';  use Util; -# Mapping of klist -ke encryption type names to the strings that Kerberos uses -# internally.  It's very annoying to have to maintain this, and it probably -# breaks with Heimdal. +# Mapping of klist -ke output from old MIT Kerberos implementations to to the +# strings that Kerberos uses internally.  It's very annoying to have to +# maintain this, and it probably breaks with Heimdal. +# +# Newer versions of MIT Kerberos just print out the canonical enctype names +# and don't need this logic, but the current test requires that they still +# have entries.  That's why the second set where the key and value are the +# same.  my %enctype =      ('triple des cbc mode with hmac/sha1'      => 'des3-cbc-sha1',       'des cbc mode with crc-32'                => 'des-cbc-crc',       'des cbc mode with rsa-md5'               => 'des-cbc-md5', +     'aes-128 cts mode with 96-bit sha-1 hmac' => 'aes128-cts-hmac-sha1-96',       'aes-256 cts mode with 96-bit sha-1 hmac' => 'aes256-cts-hmac-sha1-96', -     'arcfour with hmac/md5'                   => 'rc4-hmac'); +     'arcfour with hmac/md5'                   => 'rc4-hmac', + +     'des3-cbc-sha1'                           => 'des3-cbc-sha1', +     'des-cbc-crc'                             => 'des-cbc-crc', +     'des-cbc-md5'                             => 'des-cbc-md5', +     'aes128-cts-hmac-sha1-96'                 => 'aes128-cts-hmac-sha1-96', +     'aes256-cts-hmac-sha1-96'                 => 'aes256-cts-hmac-sha1-96', +     'rc4-hmac'                                => 'rc4-hmac');  # Some global defaults to use.  my $user = 'admin@EXAMPLE.COM'; @@ -159,7 +172,7 @@ my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);  # Basic keytab creation and manipulation tests.  SKIP: { -    skip 'no keytab configuration', 52 unless -f 't/data/test.keytab'; +    skip 'no keytab configuration', 53 unless -f 't/data/test.keytab';      # Set up our configuration.      $Wallet::Config::KEYTAB_FILE      = 't/data/test.keytab'; @@ -296,6 +309,7 @@ EOO                                          @trace)        };      ok (defined ($object), 'Creating good principal succeeds'); +    is ($@, '', ' with no error');      ok (created ('wallet/one'), ' and the principal was created');    SKIP: {          skip 'no kadmin program test for Heimdal', 2 | 
