summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--tests/test_cmdline/cmdline.py61
-rw-r--r--tests/test_cmdline/test_ipagetkeytab.py149
2 files changed, 210 insertions, 0 deletions
diff --git a/tests/test_cmdline/cmdline.py b/tests/test_cmdline/cmdline.py
new file mode 100644
index 000000000..4de06850c
--- /dev/null
+++ b/tests/test_cmdline/cmdline.py
@@ -0,0 +1,61 @@
+# Authors:
+# Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+"""
+Base class for all cmdline tests
+"""
+
+import nose
+import ldap
+import krbV
+from ipalib import api, request
+from ipalib import errors
+from tests.test_xmlrpc.xmlrpc_test import XMLRPC_test
+from ipaserver.plugins.ldap2 import ldap2
+
+# See if our LDAP server is up and we can talk to it over GSSAPI
+ccache = krbV.default_context().default_ccache().name
+
+try:
+ conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn)
+ conn.connect(ccache=ccache)
+ conn.disconnect()
+ server_available = True
+except errors.DatabaseError:
+ server_available = False
+except Exception, e:
+ server_available = False
+
+class cmdline_test(XMLRPC_test):
+ """
+ Base class for all command-line tests
+ """
+
+ def setUp(self):
+ super(cmdline_test, self).setUp()
+ if not server_available:
+ raise nose.SkipTest(
+ 'Server not available: %r' % api.env.xmlrpc_uri
+ )
+
+ def tearDown(self):
+ """
+ nose tear-down fixture.
+ """
+ super(cmdline_test, self).tearDown()
diff --git a/tests/test_cmdline/test_ipagetkeytab.py b/tests/test_cmdline/test_ipagetkeytab.py
new file mode 100644
index 000000000..5c9d58cd8
--- /dev/null
+++ b/tests/test_cmdline/test_ipagetkeytab.py
@@ -0,0 +1,149 @@
+# Authors:
+# Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+"""
+Test `ipa-getkeytab`
+"""
+
+import os
+import shutil
+from cmdline import cmdline_test
+from ipalib import api
+from ipalib import errors
+import tempfile
+from ipapython import ipautil
+import nose
+import tempfile
+import krbV
+from ipaserver.plugins.ldap2 import ldap2
+
+def use_keytab(principal, keytab):
+ try:
+ tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+ ccache_file = 'FILE:%s/ccache' % tmpdir
+ krbcontext = krbV.default_context()
+ principal = str(principal)
+ keytab = krbV.Keytab(name=keytab, context=krbcontext)
+ principal = krbV.Principal(name=principal, context=krbcontext)
+ os.environ['KRB5CCNAME'] = ccache_file
+ ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal)
+ ccache.init(principal)
+ ccache.init_creds_keytab(keytab=keytab, principal=principal)
+ conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn)
+ conn.connect(ccache=ccache.name)
+ conn.disconnect()
+ except krbV.Krb5Error, e:
+ raise StandardError('Unable to bind to LDAP. Error initializing principal %s in %s: %s' % (principal.name, keytab, str(e)))
+ finally:
+ del os.environ['KRB5CCNAME']
+ if tmpdir:
+ shutil.rmtree(tmpdir)
+
+class test_ipagetkeytab(cmdline_test):
+ """
+ Test `ipa-getkeytab`.
+ """
+ host_fqdn = u'ipatest.%s' % api.env.domain
+ service_princ = u'test/%s@%s' % (host_fqdn, api.env.realm)
+ subject = 'CN=%s,O=IPA' % host_fqdn
+ [keytabfd, keytabname] = tempfile.mkstemp()
+ os.close(keytabfd)
+
+ def test_0_setup(self):
+ """
+ Create a host to test against.
+ """
+ # Create the service
+ try:
+ api.Command['host_add'](self.host_fqdn)
+ except errors.DuplicateEntry:
+ # it already exists, no problem
+ pass
+
+ def test_1_run(self):
+ """
+ Create a keytab with `ipa-getkeytab` for a non-existent service.
+ """
+ new_args = ["ipa-client/ipa-getkeytab",
+ "-s", api.env.host,
+ "-p", "test/notfound.example.com",
+ "-k", self.keytabname,
+ ]
+ (out, err, rc) = ipautil.run(new_args, stdin=None, raiseonerr=False)
+ assert err == 'Operation failed! PrincipalName not found.\n\n'
+
+ def test_2_run(self):
+ """
+ Create a keytab with `ipa-getkeytab` for an existing service.
+ """
+ # Create the service
+ try:
+ api.Command['service_add'](self.service_princ)
+ except errors.DuplicateEntry:
+ # it already exists, no problem
+ pass
+
+ os.unlink(self.keytabname)
+ new_args = ["ipa-client/ipa-getkeytab",
+ "-s", api.env.host,
+ "-p", self.service_princ,
+ "-k", self.keytabname,
+ ]
+ try:
+ (out, err, rc) = ipautil.run(new_args, None)
+ assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname
+ except ipautil.CalledProcessError, e:
+ assert (False)
+
+ def test_3_use(self):
+ """
+ Try to use the service keytab.
+ """
+ use_keytab(self.service_princ, self.keytabname)
+
+ def test_4_disable(self):
+ """
+ Disable a kerberos principal
+ """
+ # Verify that it has a principal key
+ entry = api.Command['service_show'](self.service_princ)['result']
+ assert(entry['has_keytab'] == True)
+
+ # Disable it
+ api.Command['service_disable'](self.service_princ)
+
+ # Verify that it looks disabled
+ entry = api.Command['service_show'](self.service_princ)['result']
+ assert(entry['has_keytab'] == False)
+
+ def test_5_use_disabled(self):
+ """
+ Try to use the disabled keytab
+ """
+ try:
+ use_keytab(self.service_princ, self.keytabname)
+ except StandardError, errmsg:
+ assert('Unable to bind to LDAP. Error initializing principal' in str(errmsg))
+
+ def test_9_cleanup(self):
+ """
+ Clean up test data
+ """
+ # First create the host that will use this policy
+ os.unlink(self.keytabname)
+ api.Command['host_del'](self.host_fqdn)