.

gssapi/tests/test_raw.py

@@ -846,35 +846,53 @@ def test_inquire_sec_context_by_oid_should_raise_error(self):
     @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
     @ktu.gssapi_extension_test('password', 'Add Credential with Password')
     def test_set_sec_context_option(self):
-        if not os.path.exists('/etc/gss/mech.d/ntlmssp.conf'):
-            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
-                          'installed')
-
         ntlm_mech = gb.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
-        reset_mech = gb.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")
-
         username = gb.import_name(name=b"user",
                                   name_type=gb.NameType.user)
+        try:
+            cred = gb.acquire_cred_with_password(name=username,
+                                                password=b"password",
+                                                mechs=[ntlm_mech])
+        except gb.GSSError:
+            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
+                          'installed')
+
         server = gb.import_name(name=b"server",
                                 name_type=gb.NameType.hostbased_service)
-        cred = gb.acquire_cred_with_password(name=username,
-                                             password=b"password",
-                                             mechs=[ntlm_mech])
         orig_context = gb.init_sec_context(server, creds=cred.creds,
                                            mech=ntlm_mech)[0]
 
+        # GSS_NTLMSSP_RESET_CRYPTO_OID_STRING
+        reset_mech = gb.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")
         out_context = gb.set_sec_context_option(reset_mech,
                                                 context=orig_context,
                                                 value=b"\x00" * 4)
         out_context.should_be_a(gb.SecurityContext)
 
     @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
+    @ktu.gssapi_extension_test('password', 'Add Credential with Password')
     def test_set_sec_context_option_fail(self):
-        # because MIT krb5 doesn't implement any OID's for
-        # gss_set_sec_context_option, we just need to query any OID and it will
-        # raise an exception
-        gb.set_sec_context_option.should_raise(gb.GSSError,
-                                               gb.OID.from_int_seq("1.2.3.4"))
+        ntlm_mech = gb.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
+        username = gb.import_name(name=b"user",
+                                  name_type=gb.NameType.user)
+        try:
+            cred = gb.acquire_cred_with_password(name=username,
+                                                 password=b"password",
+                                                 mechs=[ntlm_mech])
+        except gb.GSSError:
+            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
+                          'installed')
+
+        server = gb.import_name(name=b"server",
+                                name_type=gb.NameType.hostbased_service)
+        orig_context = gb.init_sec_context(server, creds=cred.creds,
+                                           mech=ntlm_mech)[0]
+
+        # GSS_NTLMSSP_RESET_CRYPTO_OID_STRING
+        reset_mech = gb.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")
+
+        # will raise a GSSError if no data was passed in
+        gb.set_sec_context_option.should_raise(gb.GSSError, reset_mech)
 
     @ktu.gssapi_extension_test('set_cred_opt', 'Kitten Set Credential Option')
     @ktu.krb_minversion_test('1.14',