1from k5test import *
2
3conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
4realm = K5Realm(create_host=False, krb5_conf=conf)
5
6realm.run([kadminl, 'ank', '-pw', 'pw', '+preauth', 'puser'])
7realm.run([kadminl, 'ank', '-nokey', 'nokey'])
8realm.run([kadminl, 'ank', '-nokey', '+preauth', 'pnokey'])
9realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
10realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
11           'pexp'])
12
13# Extract the explicit salt values from the database.
14out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])
15salt_dict = {f[0]: f[5] for f in [l.split('\t') for l in out.splitlines()]}
16exp_salt = bytes.fromhex(salt_dict['exp@KRBTEST.COM']).decode('ascii')
17pexp_salt = bytes.fromhex(salt_dict['pexp@KRBTEST.COM']).decode('ascii')
18
19# Test an error reply (other than PREAUTH_REQUIRED).
20out = realm.run(['./t_get_etype_info', 'notfound'], expected_code=1,
21                expected_msg='Client not found in Kerberos database')
22
23# Test with default salt and no specific options, with and without
24# preauth.  (Our KDC always sends an explicit salt, so unfortunately
25# we aren't really testing client handling of the default salt.)
26realm.run(['./t_get_etype_info', 'user'],
27          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
28realm.run(['./t_get_etype_info', 'puser'],
29          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')
30
31# Test with a specified request enctype.
32msg = 'etype: aes128-cts\nsalt: KRBTEST.COMuser\n'
33realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'user'],
34          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMuser\n')
35realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'puser'],
36          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMpuser\n')
37
38# Test with FAST.
39msg = 'etype: aes256-cts\nsalt: KRBTEST.COMuser\n'
40realm.run(['./t_get_etype_info', '-T', realm.ccache, 'user'],
41          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
42realm.run(['./t_get_etype_info', '-T', realm.ccache, 'puser'],
43          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')
44
45# Test with no available etype-info.
46realm.run(['./t_get_etype_info', 'nokey'], expected_code=1,
47          expected_msg='KDC has no support for encryption type')
48realm.run(['./t_get_etype_info', 'pnokey'], expected_msg='no etype-info')
49
50# Test with explicit salt.
51realm.run(['./t_get_etype_info', 'exp'],
52          expected_msg='etype: aes256-cts\nsalt: ' + exp_salt + '\n')
53realm.run(['./t_get_etype_info', 'pexp'],
54          expected_msg='etype: aes256-cts\nsalt: ' + pexp_salt + '\n')
55
56success('krb5_get_etype_info() tests')
57