1from k5test import * 2 3conf = {'libdefaults': {'allow_weak_crypto': 'true'}} 4realm = K5Realm(create_host=False, krb5_conf=conf) 5 6realm.run([kadminl, 'ank', '-pw', 'pw', '+preauth', 'puser']) 7realm.run([kadminl, 'ank', '-nokey', 'nokey']) 8realm.run([kadminl, 'ank', '-nokey', '+preauth', 'pnokey']) 9realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp']) 10realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth', 11 'pexp']) 12 13# Extract the explicit salt values from the database. 14out = realm.run([kdb5_util, 'tabdump', 'keyinfo']) 15salt_dict = {f[0]: f[5] for f in [l.split('\t') for l in out.splitlines()]} 16exp_salt = bytes.fromhex(salt_dict['exp@KRBTEST.COM']).decode('ascii') 17pexp_salt = bytes.fromhex(salt_dict['pexp@KRBTEST.COM']).decode('ascii') 18 19# Test an error reply (other than PREAUTH_REQUIRED). 20out = realm.run(['./t_get_etype_info', 'notfound'], expected_code=1, 21 expected_msg='Client not found in Kerberos database') 22 23# Test with default salt and no specific options, with and without 24# preauth. (Our KDC always sends an explicit salt, so unfortunately 25# we aren't really testing client handling of the default salt.) 26realm.run(['./t_get_etype_info', 'user'], 27 expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n') 28realm.run(['./t_get_etype_info', 'puser'], 29 expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n') 30 31# Test with a specified request enctype. 32msg = 'etype: aes128-cts\nsalt: KRBTEST.COMuser\n' 33realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'user'], 34 expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMuser\n') 35realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'puser'], 36 expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMpuser\n') 37 38# Test with FAST. 39msg = 'etype: aes256-cts\nsalt: KRBTEST.COMuser\n' 40realm.run(['./t_get_etype_info', '-T', realm.ccache, 'user'], 41 expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n') 42realm.run(['./t_get_etype_info', '-T', realm.ccache, 'puser'], 43 expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n') 44 45# Test with no available etype-info. 46realm.run(['./t_get_etype_info', 'nokey'], expected_code=1, 47 expected_msg='KDC has no support for encryption type') 48realm.run(['./t_get_etype_info', 'pnokey'], expected_msg='no etype-info') 49 50# Test with explicit salt. 51realm.run(['./t_get_etype_info', 'exp'], 52 expected_msg='etype: aes256-cts\nsalt: ' + exp_salt + '\n') 53realm.run(['./t_get_etype_info', 'pexp'], 54 expected_msg='etype: aes256-cts\nsalt: ' + pexp_salt + '\n') 55 56success('krb5_get_etype_info() tests') 57