1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#!/usr/bin/python2
import unittest
import os
import os.path
import sys
import tempfile
import subprocess
import shutil
import signal
from fake_kdc import mock_kdc
test_bin = '../../../krb5-child-test'
class Krb5ChildTest(unittest.TestCase):
def setUp(self):
# No point in running the tests without wrappers in place
self.assertWrappers()
# It would be nice to not pollute /tmp with testing data, but
# it's not really possible to chown a directory to the test user
# either
self.ccache_dir = '/tmp'
self.realm = 'SSSD.MOCK'
self.users = { 'root/admin' : 'TurboGoesToRocket',
'foobar' : 'Secret123' }
self.wdir = tempfile.mkdtemp(prefix='sssd_mock_kdc')
self.krb5_conf, self.kdc_pid = mock_kdc(self.wdir, self.users)
self.env = dict(os.environ)
self.env['KRB5_CONFIG'] = self.krb5_conf
def tearDown(self):
os.kill(self.kdc_pid, signal.SIGTERM)
shutil.rmtree(self.wdir)
def testKinit(self):
username = 'foobar'
child_test = subprocess.Popen([test_bin, '-u', username,
'-w', self.users[username],
'-r', self.realm,
'--debug', '10',
'-c', 'FILE:%s' % self.ccache_path(username),
'-k'],
env = self.env)
child_test.communicate()
self.assertEqual(child_test.returncode, 0)
self.assertPrincipalInCcache(self.principal(username, self.realm),
self.ccache_path(username))
def testKinitBadPassword(self):
username = 'foobar'
child_test = subprocess.Popen([test_bin, '-u', username,
'-w', 'NotTheRightOne',
'-r', self.realm,
'--debug', '10',
'-c', 'FILE:%s' % self.ccache_path(username)],
env = self.env)
child_test.communicate()
self.assertEqual(child_test.returncode, 6)
#def testChpass(self):
# username = 'foobar'
# oldpass = self.users[username]
# self.users[username] = 'ThisIsANewPassword'
# child_test = subprocess.Popen([test_bin, '--chpass', '-u', username,
# '-w', oldpass,
# '--new-password', self.users[username],
# '-r', self.realm,
# '--debug', '10',
# '-c', 'FILE:%s' % self.ccache_path(username),
# '-k'],
# env = self.env)
# child_test.communicate()
# self.assertEqual(child_test.returncode, 0)
# self.assertPrincipalInCcache(self.principal(username, self.realm),
# self.ccache_path(username))
def assertPrincipalInCcache(self, principal, ccache):
klist = subprocess.Popen(['klist', ccache], stdout=subprocess.PIPE)
klist.communicate()
# FIXME - open the ccache with python-kerberos and check the contents
self.assertEqual(klist.returncode, 0)
def assertWrappers(self):
required_vars = [ 'UID_WRAPPER', 'UID_WRAPPER_ROOT',
'NSS_WRAPPER_PASSWD', 'NSS_WRAPPER_GROUP' ]
for v in required_vars:
assert v in os.environ
def principal(self, username, realm):
return '%s@%s' % (username, realm)
def ccache_path(self, username):
return os.path.join(self.ccache_dir, "%s_ccache" % username)
if __name__ == "__main__":
error = 0
try:
subprocess.call(["krb5kdc"])
except OSError as e:
if e.errno == os.errno.ENOENT:
print "KRB5KDC not found, cannot run tests!\n"
sys.exit(error)
else:
# Something else went wrong while trying to run `wget`
raise
suite = unittest.TestLoader().loadTestsFromTestCase(Krb5ChildTest)
res = unittest.TextTestRunner().run(suite)
if not res.wasSuccessful():
error |= 0x1
sys.exit(error)
|