Add tests for the Kerberos v5 to Kerberos v4 name mapping and do more

tests of the machinery around kaserver synchronization even if we don't
have a full configuration.

2 files changed, 55 insertions, 17 deletions

diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 4ae8e10..5f128b0 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -185,11 +185,9 @@ sub kaserver_name {
     my %host = map { $_ => 1 } qw(host ident imap pop smtp);
     $k5 =~ s/\@.*//;
     my @parts = split ('/', $k5);
-    if (@parts == 1) {
-        return $parts[0];
-    } elsif (@parts > 2) {
+    if (@parts > 2) {
         return undef;
-    } elsif ($host{$parts[0]}) {
+    } elsif (@parts == 2 and $host{$parts[0]}) {
         $parts[1] =~ s/\..*//;
         $parts[0] = 'rcmd' if $parts[0] eq 'host';
     }
diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index b348316..14e1df7 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -3,7 +3,7 @@
 #
 # t/keytab.t -- Tests for the keytab object implementation.
 
-use Test::More tests => 106;
+use Test::More tests => 158;
 
 use Wallet::Config;
 use Wallet::Object::Keytab;
@@ -397,23 +397,53 @@ SKIP: {
 
 # Tests for kaserver synchronization support.
 SKIP: {
-    skip 'no keytab configuration', 40 unless -f 't/data/test.keytab';
-    skip 'no AFS kaserver configuration', 40 unless -f 't/data/test.srvtab';
+    skip 'no keytab configuration', 92 unless -f 't/data/test.keytab';
 
-    # Set up our configuration.
-    $Wallet::Config::KEYTAB_FILE         = 't/data/test.keytab';
-    $Wallet::Config::KEYTAB_PRINCIPAL    = contents ('t/data/test.principal');
-    $Wallet::Config::KEYTAB_REALM        = contents ('t/data/test.realm');
-    $Wallet::Config::KEYTAB_TMP          = '.';
-    $Wallet::Config::KEYTAB_AFS_KASETKEY = '../kasetkey/kasetkey';
-    my $realm = $Wallet::Config::KEYTAB_REALM;
-    my $k5 = "wallet/one\@$realm";
-
-    # Create an object for testing and set the sync attribute.
+    # Test the principal mapping.  We can do this without having a kaserver
+    # configuration.  We only need a basic keytab object configuration.  Do
+    # this as white-box testing since we don't want to fill the test realm
+    # with a bunch of random principals.
     my $one = eval {
         Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
       };
     ok (defined ($one), 'Creating wallet/one succeeds');
+    my %princs =
+        (foo                     => 'foo',
+         host                    => 'host',
+         rcmd                    => 'rcmd',
+         'rcmd.foo'              => 'rcmd.foo',
+         'host/foo.example.org'  => 'rcmd.foo',
+         'ident/foo.example.org' => 'ident.foo',
+         'imap/foo.example.org'  => 'imap.foo',
+         'pop/foo.example.org'   => 'pop.foo',
+         'smtp/foo.example.org'  => 'smtp.foo',
+         'service/foo'           => 'service.foo',
+         'foo/bar'               => 'foo.bar');
+    for my $princ (sort keys %princs) {
+        my $result = $princs{$princ};
+        is ($one->kaserver_name ($princ), $result, "Name mapping: $princ");
+        is ($one->kaserver_name ("$princ\@EXAMPLE.ORG"), $result,
+            ' with K5 realm');
+        $Wallet::Config::KEYTAB_AFS_REALM = 'AFS.EXAMPLE.ORG';
+        is ($one->kaserver_name ($princ), "$result\@AFS.EXAMPLE.ORG",
+            ' with K4 realm');
+        is ($one->kaserver_name ("$princ\@EXAMPLE.ORG"),
+            "$result\@AFS.EXAMPLE.ORG", ' with K5 and K4 realm');
+        undef $Wallet::Config::KEYTAB_AFS_REALM;
+    }
+    for my $princ (qw{service/foo/bar foo/bar/baz}) {
+        is ($one->kaserver_name ($princ), undef, "Name mapping: $princ");
+        is ($one->kaserver_name ("$princ\@EXAMPLE.ORG"), undef,
+            ' with K5 realm');
+        $Wallet::Config::KEYTAB_AFS_REALM = 'AFS.EXAMPLE.ORG';
+        is ($one->kaserver_name ($princ), undef, ' with K4 realm');
+        is ($one->kaserver_name ("$princ\@EXAMPLE.ORG"), undef,
+            ' with K5 and K4 realm');
+        undef $Wallet::Config::KEYTAB_AFS_REALM;
+    }
+
+    # Test setting synchronization attributes, which can also be done without
+    # configuration.
     is ($one->attr ('foo', [ 'bar' ], @trace), undef,
         'Setting unknown attribute fails');
     is ($one->error, 'unknown attribute foo', ' with the right error');
@@ -435,6 +465,16 @@ SKIP: {
     is ($targets[0], 'kaserver', ' and it is correct');
     is ($one->error, undef, ' and there is no error');
 
+    # Set up our configuration.
+    skip 'no AFS kaserver configuration', 27 unless -f 't/data/test.srvtab';
+    $Wallet::Config::KEYTAB_FILE         = 't/data/test.keytab';
+    $Wallet::Config::KEYTAB_PRINCIPAL    = contents ('t/data/test.principal');
+    $Wallet::Config::KEYTAB_REALM        = contents ('t/data/test.realm');
+    $Wallet::Config::KEYTAB_TMP          = '.';
+    $Wallet::Config::KEYTAB_AFS_KASETKEY = '../kasetkey/kasetkey';
+    my $realm = $Wallet::Config::KEYTAB_REALM;
+    my $k5 = "wallet/one\@$realm";
+
     # Finally, we can test.
     is ($one->get (@trace), undef, 'Get without configuration fails');
     is ($one->error, 'kaserver synchronization not configured',