From d85fbcebd2d4880972e8565a3d5aba492ef59431 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 26 Apr 2012 04:33:48 +0000 Subject: [PATCH] Flip the default of start_kadmind in k5test.py Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/t_emptytgt.py | 2 +- src/kdc/t_workers.py | 2 +- src/lib/krb5/ccache/t_cccol.py | 2 +- src/lib/krb5/krb/t_expire_warn.py | 2 +- src/lib/krb5/krb/t_vfy_increds.py | 4 ++-- src/tests/gssapi/t_ccselect.py | 6 +++--- src/tests/gssapi/t_gssapi.py | 4 ++-- src/tests/gssapi/t_s4u.py | 2 +- src/tests/t_cccol.py | 2 +- src/tests/t_crossrealm.py | 17 ++++++----------- src/tests/t_general.py | 4 ++-- src/tests/t_keyrollover.py | 2 +- src/tests/t_keytab.py | 2 +- src/tests/t_lockout.py | 2 +- src/tests/t_pwhist.py | 2 +- src/tests/t_renew.py | 2 +- src/tests/t_renprinc.py | 2 +- src/tests/t_skew.py | 4 ++-- src/tests/t_stringattr.py | 2 +- src/util/k5test.py | 6 +++--- src/util/testrealm.py | 4 ++-- 21 files changed, 35 insertions(+), 40 deletions(-) diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py index 1760bcd5a..d532debc1 100644 --- a/src/kdc/t_emptytgt.py +++ b/src/kdc/t_emptytgt.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(start_kadmind=False, create_host=False) +realm = K5Realm(create_host=False) output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1) if 'not found in Kerberos database' not in output: fail('TGT lookup for empty realm failed in unexpected way') diff --git a/src/kdc/t_workers.py b/src/kdc/t_workers.py index 7af3acfa1..6dd4f6805 100644 --- a/src/kdc/t_workers.py +++ b/src/kdc/t_workers.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(start_kdc=False, start_kadmind=False, create_host=False) +realm = K5Realm(start_kdc=False, create_host=False) realm.start_kdc(['-w', '3']) realm.kinit(realm.user_princ, password('user')) realm.klist(realm.user_princ) diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py index 4399ce79c..4c4d239d4 100644 --- a/src/lib/krb5/ccache/t_cccol.py +++ b/src/lib/krb5/ccache/t_cccol.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(create_host=False, start_kadmind=False) +realm = K5Realm(create_host=False) realm.addprinc('alice', password('alice')) realm.addprinc('bob', password('bob')) diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py index 660ed2ecc..f803b4595 100644 --- a/src/lib/krb5/krb/t_expire_warn.py +++ b/src/lib/krb5/krb/t_expire_warn.py @@ -25,7 +25,7 @@ from k5test import * # Create a bare-bones KDC. -realm = K5Realm(create_user=False, create_host=False, start_kadmind=False) +realm = K5Realm(create_user=False, create_host=False) # Create principals with various password expirations. realm.run_kadminl('addprinc -pw pass noexpire') diff --git a/src/lib/krb5/krb/t_vfy_increds.py b/src/lib/krb5/krb/t_vfy_increds.py index 1eab89363..6bac646dc 100644 --- a/src/lib/krb5/krb/t_vfy_increds.py +++ b/src/lib/krb5/krb/t_vfy_increds.py @@ -24,7 +24,7 @@ from k5test import * -realm = K5Realm(start_kadmind=False) +realm = K5Realm() # Verify the default. realm.run_as_server(['./t_vfy_increds']) @@ -47,7 +47,7 @@ realm.run_as_server(['./t_vfy_increds']) # Try with verify_ap_req_nofail set and no keytab. This should fail. realm.stop() conf = { 'server' : { 'libdefaults' : { 'verify_ap_req_nofail' : 'true' } } } -realm = K5Realm(start_kadmind=False, krb5_conf=conf) +realm = K5Realm(krb5_conf=conf) os.remove(realm.keytab) realm.run_as_server(['./t_vfy_increds'], expected_code=1) diff --git a/src/tests/gssapi/t_ccselect.py b/src/tests/gssapi/t_ccselect.py index 0d36d7a35..a3a1330d6 100644 --- a/src/tests/gssapi/t_ccselect.py +++ b/src/tests/gssapi/t_ccselect.py @@ -24,9 +24,9 @@ from k5test import * # Create two independent realms (no cross-realm TGTs). -r1 = K5Realm(start_kadmind=False, create_user=False) -r2 = K5Realm(start_kadmind=False, create_user=False, realm='KRBTEST2.COM', - testdir=os.path.join(r1.testdir, 'r2'), portbase=62000) +r1 = K5Realm(create_user=False) +r2 = K5Realm(create_user=False, realm='KRBTEST2.COM', portbase=62000, + testdir=os.path.join(r1.testdir, 'r2')) # gsserver specifies the target as a GSS name. The resulting # principal will have the host-based type, but the realm won't be diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index e640e0231..3ace215db 100644 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -7,7 +7,7 @@ for realm in multipass_realms(): ### Test acceptor name behavior. -realm = K5Realm(start_kadmind=False) +realm = K5Realm() # Create some host-based principals and put most of them into the # keytab. Rename one principal so that the keytab name matches the @@ -84,7 +84,7 @@ realm.stop() # and the principal for the mismatching hostname in the keytab. ignore_conf = { 'all' : { 'libdefaults' : { 'ignore_acceptor_hostname' : 'true' } } } -realm = K5Realm(krb5_conf=ignore_conf, start_kadmind=False) +realm = K5Realm(krb5_conf=ignore_conf) realm.run_kadminl('addprinc -randkey host/-nomatch-') realm.run_kadminl('xst host/-nomatch-') output = realm.run_as_client(['./t_accname', 'host/-nomatch-', diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py index bd958f9f4..4c68c961a 100644 --- a/src/tests/gssapi/t_s4u.py +++ b/src/tests/gssapi/t_s4u.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(start_kadmind=False, create_host=False, get_creds=False) +realm = K5Realm(create_host=False, get_creds=False) usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache') storagecache = 'FILE:' + os.path.join(realm.testdir, 'save') diff --git a/src/tests/t_cccol.py b/src/tests/t_cccol.py index b30cbcf9b..06e190293 100644 --- a/src/tests/t_cccol.py +++ b/src/tests/t_cccol.py @@ -23,7 +23,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(start_kadmind=False, create_user=False, create_host=False) +realm = K5Realm(create_user=False, create_host=False) # Make a directory collection and use it for client commands in both realms. ccdir = os.path.join(realm.testdir, 'cc') diff --git a/src/tests/t_crossrealm.py b/src/tests/t_crossrealm.py index afefb8592..c0c3ccb15 100644 --- a/src/tests/t_crossrealm.py +++ b/src/tests/t_crossrealm.py @@ -36,7 +36,7 @@ def stop(*realms): # Basic two-realm test with cross TGTs in both directions. -r1, r2 = cross_realms(2, start_kadmind=False) +r1, r2 = cross_realms(2) test_kvno(r1, r2.host_princ, 'basic r1->r2') test_kvno(r2, r1.host_princ, 'basic r2->r1') stop(r1, r2) @@ -47,8 +47,7 @@ stop(r1, r2) # instead. The client will use that to get a TGT for B.X. r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)), args=({'realm': 'A.X'}, {'realm': 'X'}, - {'realm': 'B.X'}), - start_kadmind=False) + {'realm': 'B.X'})) test_kvno(r1, r3.host_princ, 'KDC domain walk') stop(r1, r2, r3) @@ -65,8 +64,7 @@ r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)), {'realm': 'C', 'krb5_conf': {'master': capaths}}, {'realm': 'D', - 'krb5_conf': {'master': capaths}}), - start_kadmind=False) + 'krb5_conf': {'master': capaths}})) test_kvno(r1, r4.host_princ, 'client capaths') stop(r1, r2, r3, r4) @@ -79,8 +77,7 @@ r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)), args=({'realm': 'A', 'krb5_conf': conf}, {'realm': 'B', 'krb5_conf': conf}, {'realm': 'C', 'krb5_conf': conf}, - {'realm': 'D', 'krb5_conf': conf}), - start_kadmind=False) + {'realm': 'D', 'krb5_conf': conf})) test_kvno(r1, r4.host_princ, 'KDC capaths') stop(r1, r2, r3, r4) @@ -91,8 +88,7 @@ capaths = {'capaths': {'A': {'C': 'B'}}} r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)), args=({'realm': 'A', 'krb5_conf': {'client': capaths}}, - {'realm': 'B'}, {'realm': 'C'}), - start_kadmind=False) + {'realm': 'B'}, {'realm': 'C'})) output = r1.run_as_client([kvno, r3.host_princ], expected_code=1) if 'KDC policy rejects request' not in output: fail('transited 1: Expected error message not in output') @@ -107,8 +103,7 @@ r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)), args=({'realm': 'A', 'krb5_conf': conf}, {'realm': 'B', 'krb5_conf': conf}, {'realm': 'C', 'krb5_conf': conf}, - {'realm': 'D'}), - start_kadmind=False) + {'realm': 'D'})) output = r1.run_as_client([kvno, r4.host_princ], expected_code=1) if 'Illegal cross-realm ticket' not in output: fail('transited 2: Expected error message not in output') diff --git a/src/tests/t_general.py b/src/tests/t_general.py index 046f957f4..cbad32d4c 100755 --- a/src/tests/t_general.py +++ b/src/tests/t_general.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -for realm in multipass_realms(create_host=False, start_kadmind=False): +for realm in multipass_realms(create_host=False): # Check that kinit fails appropriately with the wrong password. output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n', expected_code=1) @@ -22,7 +22,7 @@ for realm in multipass_realms(create_host=False, start_kadmind=False): # Test kinit against kdb keytab realm.run_as_master([kinit, "-k", "-t", "KDB:", realm.user_princ]) -realm = K5Realm(create_host=False, start_kadmind=False) +realm = K5Realm(create_host=False) # Create a policy and see if it survives a dump/load. realm.run_kadminl('addpol fred') diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py index af38b8e18..9f9346aca 100644 --- a/src/tests/t_keyrollover.py +++ b/src/tests/t_keyrollover.py @@ -70,7 +70,7 @@ realm.stop() # TGT with the old key, and the second kvno invocation sends it to # r2's KDC with no kvno to identify it, forcing the KDC to try # multiple keys. -r1, r2 = cross_realms(2, start_kadmind=False) +r1, r2 = cross_realms(2) r1.run_kadminl('modprinc -kvno 0 krbtgt/%s' % r2.realm) r1.run_as_client([kvno, r2.host_princ]) r2.run_kadminl('cpw -pw newcross -keepold krbtgt/%s@%s' % (r2.realm, r1.realm)) diff --git a/src/tests/t_keytab.py b/src/tests/t_keytab.py index 7faf23cbf..f56c7bba3 100644 --- a/src/tests/t_keytab.py +++ b/src/tests/t_keytab.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(start_kadmind=False) +realm = K5Realm() # Test kinit with a keytab. realm.kinit(realm.host_princ, flags=['-k']) diff --git a/src/tests/t_lockout.py b/src/tests/t_lockout.py index 377e9ba5e..e3d1dd415 100644 --- a/src/tests/t_lockout.py +++ b/src/tests/t_lockout.py @@ -23,7 +23,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(create_host=False, start_kadmind=False) +realm = K5Realm(create_host=False) realm.run_kadminl('addpol -maxfailure 2 -failurecountinterval 5m lockout') realm.run_kadminl('modprinc +requires_preauth -policy lockout user') diff --git a/src/tests/t_pwhist.py b/src/tests/t_pwhist.py index 4ae546668..bfb9f0045 100644 --- a/src/tests/t_pwhist.py +++ b/src/tests/t_pwhist.py @@ -4,7 +4,7 @@ from k5test import * # Regression test for issue #7099: databases created prior to krb5 1.3 have # multiple history keys, and kadmin prior to 1.7 didn't necessarily use the # first one to create history entries. -realm = K5Realm(start_kadmind=False, start_kdc=False) +realm = K5Realm(start_kdc=False) # Create a history principal with two keys. realm.run_as_master(['./hist', 'make']) realm.run_kadminl('addpol -history 2 pol') diff --git a/src/tests/t_renew.py b/src/tests/t_renew.py index af83007a8..ce36a5b20 100644 --- a/src/tests/t_renew.py +++ b/src/tests/t_renew.py @@ -1,7 +1,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(create_host=False, start_kadmind=False, get_creds=False) +realm = K5Realm(create_host=False, get_creds=False) # Configure the realm to allow renewable tickets and acquire some. realm.run_kadminl('modprinc -maxrenewlife "2 days" user') diff --git a/src/tests/t_renprinc.py b/src/tests/t_renprinc.py index e29eb194c..64c9be78f 100644 --- a/src/tests/t_renprinc.py +++ b/src/tests/t_renprinc.py @@ -25,7 +25,7 @@ from k5test import * enctype = "aes128-cts" -realm = K5Realm(create_host=False, create_user=False, start_kadmind=False) +realm = K5Realm(create_host=False, create_user=False) salttypes = ('normal', 'v4', 'norealm', 'onlyrealm') # For a variety of salt types, test that we can rename a principal and diff --git a/src/tests/t_skew.py b/src/tests/t_skew.py index f831035ac..668e553a1 100644 --- a/src/tests/t_skew.py +++ b/src/tests/t_skew.py @@ -2,7 +2,7 @@ from k5test import * # Create a realm with the KDC one hour in the past. -realm = K5Realm(start_kadmind=False, start_kdc=False) +realm = K5Realm(start_kdc=False) realm.start_kdc(['-T', '-3600']) # kinit (no preauth) should work, and should set a clock skew allowing @@ -25,7 +25,7 @@ realm.stop() # Repeat the above tests with kdc_timesync disabled. conf = {'all': {'libdefaults': {'kdc_timesync': '0'}}} -realm = K5Realm(start_kadmind=False, start_kdc=False, krb5_conf=conf) +realm = K5Realm(start_kdc=False, krb5_conf=conf) realm.start_kdc(['-T', '-3600']) # kinit (no preauth) should work, but kvno should not. kinit with diff --git a/src/tests/t_stringattr.py b/src/tests/t_stringattr.py index 9d6fbe0a2..3f5c506df 100644 --- a/src/tests/t_stringattr.py +++ b/src/tests/t_stringattr.py @@ -27,7 +27,7 @@ def run_kadmin(query): global realm return realm.run_as_master([kadmin, '-c', realm.ccache, '-q', query]) -realm = K5Realm(create_host=False, get_creds=False) +realm = K5Realm(start_kadmind=True, create_host=False, get_creds=False) realm.kinit(realm.admin_princ, password('admin'), flags=['-S', 'kadmin/admin']) diff --git a/src/util/k5test.py b/src/util/k5test.py index 1cd274a1e..0d0405290 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -53,7 +53,7 @@ By default, the realm will have: self-contained test operation * Two different kdc.conf files for the master and slave KDCs * A fresh DB2 KDB -* Running krb5kdc and kadmind processes +* Running krb5kdc (but not kadmind) * Principals named realm.user_princ and realm.admin_princ; call password('user') and password('admin') to get the password * Credentials for realm.user_princ in realm.ccache @@ -119,7 +119,7 @@ keyword arguments: * start_kdc=False: Don't start the KDC. Implies get_creds=False. -* start_kadmind=False: Don't start kadmind. +* start_kadmind=True: Start kadmind. * get_creds=False: Don't get user credentials. @@ -677,7 +677,7 @@ class K5Realm(object): def __init__(self, realm='KRBTEST.COM', portbase=61000, testdir='testdir', krb5_conf=None, kdc_conf=None, create_kdb=True, krbtgt_keysalt=None, create_user=True, get_creds=True, - create_host=True, start_kdc=True, start_kadmind=True): + create_host=True, start_kdc=True, start_kadmind=False): global hostname, _default_krb5_conf, _default_kdc_conf self.realm = realm diff --git a/src/util/testrealm.py b/src/util/testrealm.py index 53f062250..0bf976d40 100644 --- a/src/util/testrealm.py +++ b/src/util/testrealm.py @@ -56,10 +56,10 @@ def supplement_path(env): env['PATH'] = path_prefix + env['PATH'] if args: - realms = cross_realms(int(args[0])) + realms = cross_realms(int(args[0]), start_kadmind=True) realm = realms[0] else: - realm = K5Realm() + realm = K5Realm(start_kadmind=True) env = realm.env_master.copy() supplement_path(env) -- 2.26.2