From 24ee5aa91d69e3ecb97272b643e0974cf41643d9 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 25 Sep 2007 23:18:45 +0000
Subject: If synchronization is enabled, destroy the principal out of K4 when
 the keytab object is destroyed.

---
 perl/t/keytab.t | 39 +++++++++++++++++----------------------
 1 file changed, 17 insertions(+), 22 deletions(-)

(limited to 'perl/t')

diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index d90699c..93eea1d 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -3,7 +3,7 @@
 #
 # t/keytab.t -- Tests for the keytab object implementation.
 
-use Test::More tests => 96;
+use Test::More tests => 100;
 
 use Wallet::Config;
 use Wallet::Object::Keytab;
@@ -96,21 +96,6 @@ sub created {
     return (system_quiet ('kvno', $principal) == 0);
 }
 
-# Check whether a principal exists in the kaserver.  Requires that the admin
-# and srvtab variables be set up already.
-sub created_kaserver {
-    my ($principal) = @_;
-    my $admin = $Wallet::Config::KEYTAB_AFS_ADMIN;
-    my $srvtab = $Wallet::Config::KEYTAB_AFS_SRVTAB;
-    my $realm = $Wallet::Config::KEYTAB_AFS_REALM;
-    my ($name, $instance) = split (/\./, $principal);
-    $ENV{KRBTKFILE} = 'krb4cc_temp';
-    system ("k4start -f $srvtab -r $realm -S $name -I $instance $admin"
-            . " 2>&1 >/dev/null </dev/null");
-    unlink 'krb4cc_temp';
-    return ($? == 0) ? 1 : 0;
-}
-
 # Given keytab data and the principal, write it to a file and try
 # authenticating using kinit.
 sub valid {
@@ -412,8 +397,8 @@ SKIP: {
 
 # Tests for kaserver synchronization support.
 SKIP: {
-    skip 'no keytab configuration', 30 unless -f 't/data/test.keytab';
-    skip 'no AFS kaserver configuration', 30 unless -f 't/data/test.srvtab';
+    skip 'no keytab configuration', 34 unless -f 't/data/test.keytab';
+    skip 'no AFS kaserver configuration', 34 unless -f 't/data/test.srvtab';
 
     # Set up our configuration.
     $Wallet::Config::KEYTAB_FILE         = 't/data/test.keytab';
@@ -477,12 +462,20 @@ SKIP: {
     @targets = $one->attr ('sync');
     is (scalar (@targets), 0, ' and now there is no attribute');
     is ($one->error, undef, ' and no error');
-    $keytab = $one->get (@trace);
-    ok (defined ($keytab), ' and get still works');
-    ok (! valid_srvtab ($one, $keytab, $k5, $k4), ' but the srvtab does not');
-    ok (created_kaserver ('wallet.one'), ' and the principal is still there');
+    my $new_keytab = $one->get (@trace);
+    ok (defined ($new_keytab), ' and get still works');
+    ok (! valid_srvtab ($one, $new_keytab, $k5, $k4),
+        ' but the srvtab does not');
+    ok (valid_srvtab ($one, $keytab, $k5, $k4), ' and the old one does');
+    is ($one->destroy (@trace), 1, ' and destroying wallet/one works');
+    ok (valid_srvtab ($one, $keytab, $k5, $k4),
+        ' and the principal is still there');
 
     # Put it back and make sure it works again.
+    $one = eval {
+        Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+      };
+    ok (defined ($one), 'Creating wallet/one succeeds');
     is ($one->attr ('sync', [ 'kaserver' ], @trace), 1, 'Setting sync works');
     $keytab = $one->get (@trace);
     ok (defined ($keytab), ' and get works');
@@ -490,6 +483,8 @@ SKIP: {
 
     # Destroy the principal.
     is ($one->destroy (@trace), 1, 'Destroying wallet/one works');
+    ok (! valid_srvtab ($one, $keytab, $k5, $k4),
+        ' and the principal is gone');
 }
 
 # Clean up.
-- 
cgit v1.2.3