diff options
Diffstat (limited to 'ipa-server/xmlrpc-server/test')
| -rw-r--r-- | ipa-server/xmlrpc-server/test/Makefile.am | 12 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/test/README | 60 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/test/test.py | 41 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/test/test_methods.py | 57 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/test/test_mod_python.py | 52 |
5 files changed, 0 insertions, 222 deletions
diff --git a/ipa-server/xmlrpc-server/test/Makefile.am b/ipa-server/xmlrpc-server/test/Makefile.am deleted file mode 100644 index 310d9d47..00000000 --- a/ipa-server/xmlrpc-server/test/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -NULL = - -EXTRA_DIST = \ - README \ - test_methods.py \ - test_mod_python.py \ - test.py \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/ipa-server/xmlrpc-server/test/README b/ipa-server/xmlrpc-server/test/README deleted file mode 100644 index 544efa52..00000000 --- a/ipa-server/xmlrpc-server/test/README +++ /dev/null @@ -1,60 +0,0 @@ -Diagnosing Kerberos credentials cache problems is difficult. - -The first thing to try is to set LogLevel to debug in -/etc/httpd/conf/httpd.conf and restart Apache. - -Look in /var/log/httpd/error_log for any problems. - -Also check out /var/log/krb5kdc.log - -To simplify things and test just Kerberos ticket forwarding: - -The first test is with a CGI: - -- copy test.py /var/www/cgi-bin -- chmod +x /var/www/cgi-bin/test.py -- kinit admin (or some other existing user) -- curl -u : --negotiate http://yourhost.fqdn/cgi-bin/test.py - -For yourhost.fqdn use the fully-qualified hostname of your webserver. - -The output should look something like: - -KRB5CCNAME is FILE:/tmp/krb5cc_apache_TiMAbq -Sucessfully bound to LDAP using SASL mechanism GSSAPI - -This CGI uses the forwarded credentials to make an authenticated LDAP -connection. If this fails it means that Apache is not properly storing -the kerberos credentials. - -If that works, the second test more closely models the way that IPA works. - -- mkdir /usr/share/ipa/ipatest -- cp test_mod_python.py /usr/share/ipa/ipatest -- uncomment the entries for ipatest in /etc/httpd/conf.d/ipa.conf. There are - entries for ProxyPass and ProxyReversePass, an Alias and a Directory -- restart Apache -- curl -u : --negotiate http://yourhost.fqdn/ipatest/ - -For yourhost.fqdn use the fully-qualified hostname of your webserver. - -The output should look something like: - -KRB5CCNAME: FILE:/tmp/krb5cc_apache_c0MU9o<br> -GATEWAY_INTERFACE: CGI/1.1<br> -... -SCRIPT_FILENAME: /usr/share/ipa/ipaserver/<br> -REMOTE_PORT: 45691<br> -REMOTE_USER: rcrit@GREYOAK.COM<br> -AUTH_TYPE: Negotiate<br> -KRB5CCNAME is FILE:/tmp/krb5cc_apache_c0MU9o<br> -Sucessfully bound to LDAP using SASL mechanism GSSAPI<br> - -It should print all of the environment variables available to mod_python -and do a GSSAPI LDAP connection. - -A final test, which lists the capabilities of the XML-RPC server is -test_methods.py. This is more a sanity check that new functions added -to the server work as expected. - -Note that opts is added by the server itself and is not passed in by the user. diff --git a/ipa-server/xmlrpc-server/test/test.py b/ipa-server/xmlrpc-server/test/test.py deleted file mode 100644 index 7c05f8d2..00000000 --- a/ipa-server/xmlrpc-server/test/test.py +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/python - -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -# A test CGI that tests that the Kerberos credentials cache was created -# properly in Apache. - -import ldap -import ldap.sasl -import os - -sasl_auth = ldap.sasl.sasl({}, "GSSAPI") -conn = ldap.initialize("ldap://localhost:389/") -conn.protocol_version = 3 - -print "Content-type: text/plain" -print "" - -try: - print "KRB5CCNAME is", os.environ["KRB5CCNAME"] - - try: - conn.sasl_interactive_bind_s("", sasl_auth) - except ldap.LDAPError,e: - print "Error using SASL mechanism", sasl_auth.mech, str(e) - else: - print "Sucessfully bound to LDAP using SASL mechanism", sasl_auth.mech - conn.unbind() -except KeyError,e: - print "not set." diff --git a/ipa-server/xmlrpc-server/test/test_methods.py b/ipa-server/xmlrpc-server/test/test_methods.py deleted file mode 100644 index 88fcd933..00000000 --- a/ipa-server/xmlrpc-server/test/test_methods.py +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/python - -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -# Simple program to interrogate the XML-RPC server for information on what -# it can do. - -import sys -import xmlrpclib -from ipa.krbtransport import KerbTransport -import ipa -from ipa import config - -ipa.config.init_config() - -serverlist = config.config.get_server() -url = "http://" + serverlist[0] + "/ipa" -s = xmlrpclib.Server(url, KerbTransport()) - -print "A list of all methods available on the server." -print "system.listMethods: ", s.system.listMethods() -print "" - -print "Signatures are not supported." -print "system.methodSignature: ", s.system.methodSignature("get_user_by_uid") -print "" - -print "Help on a specific method" -print "system.methodHelp: ", s.system.methodHelp("get_user_by_uid") - -print "The entire API:" -result = s._listapi() -for item in result: - print item['name'], - print "(", - i = len(item['args']) - p = 0 - for a in item['args']: - if isinstance(a, list): - print "%s=%s" % (a[0], a[1]), - else: - print a, - if p < i - 1: - print ",", - p = p + 1 - print ")" diff --git a/ipa-server/xmlrpc-server/test/test_mod_python.py b/ipa-server/xmlrpc-server/test/test_mod_python.py deleted file mode 100644 index 6136b541..00000000 --- a/ipa-server/xmlrpc-server/test/test_mod_python.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/python - -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -# A test CGI that tests that the Kerberos credentials cache was created -# properly in Apache. - -import ldap -import ldap.sasl -import os -from mod_python import apache - -def handler(req): - req.content_type = "text/plain" - req.send_http_header() - do_request(req) - return apache.OK - -def do_request(req): - sasl_auth = ldap.sasl.sasl({}, "GSSAPI") - conn = ldap.initialize("ldap://localhost:389/") - conn.protocol_version = 3 - - req.add_common_vars() - - for e in req.subprocess_env: - req.write("%s: %s<br>\n" % (e, req.subprocess_env[e])) - - try: - req.write("KRB5CCNAME is %s<br>\n" % req.subprocess_env["KRB5CCNAME"]) - os.environ["KRB5CCNAME"] = req.subprocess_env["KRB5CCNAME"] - - try: - conn.sasl_interactive_bind_s("", sasl_auth) - except ldap.LDAPError,e: - req.write("Error using SASL mechanism %s %s<br>\n" % (sasl_auth.mech, str(e))) - else: - req.write("Sucessfully bound to LDAP using SASL mechanism %s<br>\n" % sasl_auth.mech) - conn.unbind() - except KeyError,e: - req.write("KRB5CCNAME is not set.") |