mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Add framework for other command-line tests, starting with ipa-getkeytab.
This commit is contained in:
parent
e874b41c5b
commit
4ea34d5910
61
tests/test_cmdline/cmdline.py
Normal file
61
tests/test_cmdline/cmdline.py
Normal file
@ -0,0 +1,61 @@
|
||||
# Authors:
|
||||
# Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2010 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
"""
|
||||
Base class for all cmdline tests
|
||||
"""
|
||||
|
||||
import nose
|
||||
import ldap
|
||||
import krbV
|
||||
from ipalib import api, request
|
||||
from ipalib import errors
|
||||
from tests.test_xmlrpc.xmlrpc_test import XMLRPC_test
|
||||
from ipaserver.plugins.ldap2 import ldap2
|
||||
|
||||
# See if our LDAP server is up and we can talk to it over GSSAPI
|
||||
ccache = krbV.default_context().default_ccache().name
|
||||
|
||||
try:
|
||||
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn)
|
||||
conn.connect(ccache=ccache)
|
||||
conn.disconnect()
|
||||
server_available = True
|
||||
except errors.DatabaseError:
|
||||
server_available = False
|
||||
except Exception, e:
|
||||
server_available = False
|
||||
|
||||
class cmdline_test(XMLRPC_test):
|
||||
"""
|
||||
Base class for all command-line tests
|
||||
"""
|
||||
|
||||
def setUp(self):
|
||||
super(cmdline_test, self).setUp()
|
||||
if not server_available:
|
||||
raise nose.SkipTest(
|
||||
'Server not available: %r' % api.env.xmlrpc_uri
|
||||
)
|
||||
|
||||
def tearDown(self):
|
||||
"""
|
||||
nose tear-down fixture.
|
||||
"""
|
||||
super(cmdline_test, self).tearDown()
|
149
tests/test_cmdline/test_ipagetkeytab.py
Normal file
149
tests/test_cmdline/test_ipagetkeytab.py
Normal file
@ -0,0 +1,149 @@
|
||||
# Authors:
|
||||
# Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2010 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
"""
|
||||
Test `ipa-getkeytab`
|
||||
"""
|
||||
|
||||
import os
|
||||
import shutil
|
||||
from cmdline import cmdline_test
|
||||
from ipalib import api
|
||||
from ipalib import errors
|
||||
import tempfile
|
||||
from ipapython import ipautil
|
||||
import nose
|
||||
import tempfile
|
||||
import krbV
|
||||
from ipaserver.plugins.ldap2 import ldap2
|
||||
|
||||
def use_keytab(principal, keytab):
|
||||
try:
|
||||
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
|
||||
ccache_file = 'FILE:%s/ccache' % tmpdir
|
||||
krbcontext = krbV.default_context()
|
||||
principal = str(principal)
|
||||
keytab = krbV.Keytab(name=keytab, context=krbcontext)
|
||||
principal = krbV.Principal(name=principal, context=krbcontext)
|
||||
os.environ['KRB5CCNAME'] = ccache_file
|
||||
ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal)
|
||||
ccache.init(principal)
|
||||
ccache.init_creds_keytab(keytab=keytab, principal=principal)
|
||||
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn)
|
||||
conn.connect(ccache=ccache.name)
|
||||
conn.disconnect()
|
||||
except krbV.Krb5Error, e:
|
||||
raise StandardError('Unable to bind to LDAP. Error initializing principal %s in %s: %s' % (principal.name, keytab, str(e)))
|
||||
finally:
|
||||
del os.environ['KRB5CCNAME']
|
||||
if tmpdir:
|
||||
shutil.rmtree(tmpdir)
|
||||
|
||||
class test_ipagetkeytab(cmdline_test):
|
||||
"""
|
||||
Test `ipa-getkeytab`.
|
||||
"""
|
||||
host_fqdn = u'ipatest.%s' % api.env.domain
|
||||
service_princ = u'test/%s@%s' % (host_fqdn, api.env.realm)
|
||||
subject = 'CN=%s,O=IPA' % host_fqdn
|
||||
[keytabfd, keytabname] = tempfile.mkstemp()
|
||||
os.close(keytabfd)
|
||||
|
||||
def test_0_setup(self):
|
||||
"""
|
||||
Create a host to test against.
|
||||
"""
|
||||
# Create the service
|
||||
try:
|
||||
api.Command['host_add'](self.host_fqdn)
|
||||
except errors.DuplicateEntry:
|
||||
# it already exists, no problem
|
||||
pass
|
||||
|
||||
def test_1_run(self):
|
||||
"""
|
||||
Create a keytab with `ipa-getkeytab` for a non-existent service.
|
||||
"""
|
||||
new_args = ["ipa-client/ipa-getkeytab",
|
||||
"-s", api.env.host,
|
||||
"-p", "test/notfound.example.com",
|
||||
"-k", self.keytabname,
|
||||
]
|
||||
(out, err, rc) = ipautil.run(new_args, stdin=None, raiseonerr=False)
|
||||
assert err == 'Operation failed! PrincipalName not found.\n\n'
|
||||
|
||||
def test_2_run(self):
|
||||
"""
|
||||
Create a keytab with `ipa-getkeytab` for an existing service.
|
||||
"""
|
||||
# Create the service
|
||||
try:
|
||||
api.Command['service_add'](self.service_princ)
|
||||
except errors.DuplicateEntry:
|
||||
# it already exists, no problem
|
||||
pass
|
||||
|
||||
os.unlink(self.keytabname)
|
||||
new_args = ["ipa-client/ipa-getkeytab",
|
||||
"-s", api.env.host,
|
||||
"-p", self.service_princ,
|
||||
"-k", self.keytabname,
|
||||
]
|
||||
try:
|
||||
(out, err, rc) = ipautil.run(new_args, None)
|
||||
assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname
|
||||
except ipautil.CalledProcessError, e:
|
||||
assert (False)
|
||||
|
||||
def test_3_use(self):
|
||||
"""
|
||||
Try to use the service keytab.
|
||||
"""
|
||||
use_keytab(self.service_princ, self.keytabname)
|
||||
|
||||
def test_4_disable(self):
|
||||
"""
|
||||
Disable a kerberos principal
|
||||
"""
|
||||
# Verify that it has a principal key
|
||||
entry = api.Command['service_show'](self.service_princ)['result']
|
||||
assert(entry['has_keytab'] == True)
|
||||
|
||||
# Disable it
|
||||
api.Command['service_disable'](self.service_princ)
|
||||
|
||||
# Verify that it looks disabled
|
||||
entry = api.Command['service_show'](self.service_princ)['result']
|
||||
assert(entry['has_keytab'] == False)
|
||||
|
||||
def test_5_use_disabled(self):
|
||||
"""
|
||||
Try to use the disabled keytab
|
||||
"""
|
||||
try:
|
||||
use_keytab(self.service_princ, self.keytabname)
|
||||
except StandardError, errmsg:
|
||||
assert('Unable to bind to LDAP. Error initializing principal' in str(errmsg))
|
||||
|
||||
def test_9_cleanup(self):
|
||||
"""
|
||||
Clean up test data
|
||||
"""
|
||||
# First create the host that will use this policy
|
||||
os.unlink(self.keytabname)
|
||||
api.Command['host_del'](self.host_fqdn)
|
Loading…
Reference in New Issue
Block a user