Check GSS-API TKEY against non configured server

Check for the expected error message which includes rcode REFUSED then reload the server to specify the keytab for the rest of the GSSAPI tests.
2023-07-27 17:08:34 +10:00
parent f244619680
commit 3a2a24903c
4 changed files with 71 additions and 1 deletions
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -1762,6 +1762,24 @@ wait_for_log 10 "too many DNS UPDATEs queued" ns1/named.run || ret=1
 if ! $FEATURETEST --gssapi ; then
  echo_i "SKIPPED: GSSAPI tests"
 else
+  n=$((n + 1))
+  ret=0
+  echo_i "check GSS-API TKEY request rcode against a non configured server ($n)"
+  KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
+  export KRB5CCNAME
+  $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
+  gsstsig
+  realm EXAMPLE.COM
+  server 10.53.0.7 ${PORT}
+  zone example.com
+  send
+EOF
+  grep "response to GSS-TSIG query was unsuccessful (REFUSED)" nsupdate.out.test$n > /dev/null  || ret=1
+  [ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+  copy_setports ns7/named2.conf.in ns7/named.conf
+  rndc_reload ns7 10.53.0.7
+
  n=$((n + 1))
  ret=0
  echo_i "check krb5-self match ($n)"