From b34a4553cf8c60453fbef245d7d844a30339c734 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 28 Apr 2015 10:52:55 -0400
Subject: Configure a KDC, add test for GSSAPI/Kerberos

Using nss_wrappers so we can control host names we can
setup a KDC and test GSSAPI, including fallback to
forms-based auth.

This also means that fetch_page() needs to handle 401
a bit better, so it can re-try a failed authentication or
fall back to forms-based auth.

Note for posterity: if gss_localname() fails this is likely
due to using the wrong krb5.conf in Apache, so pass in all
environment variables.

The KDC setup code was based heavily on the tests in the
gssproxy project.

https://fedorahosted.org/ipsilon/ticket/116

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 tests/tests.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'tests/tests.py')

diff --git a/tests/tests.py b/tests/tests.py
index a8b42e4..65bbcba 100755
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -25,6 +25,7 @@ import sys
 import subprocess
 import time
 import traceback
+from helpers.common import WRAP_HOSTNAME  # pylint: disable=relative-import
 
 
 logger = None
@@ -63,12 +64,27 @@ def try_wrappers(base, wrappers):
         else:
             raise ValueError('Socket Wrappers not available')
 
+    pkgcfg = subprocess.Popen(['pkg-config', '--exists', 'nss_wrapper'])
+    pkgcfg.wait()
+    if pkgcfg.returncode != 0:
+        if wrappers == 'auto':
+            return {}
+        else:
+            raise ValueError('Nss Wrappers not available')
+
     wrapdir = os.path.join(base, 'wrapdir')
     os.mkdir(wrapdir)
 
-    wenv = {'LD_PRELOAD': 'libsocket_wrapper.so',
+    hosts_file = os.path.join(base, 'hosts')
+    with open(hosts_file, 'w+') as f:
+        f.write('127.0.0.9 %s\n' % WRAP_HOSTNAME)
+
+    wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so',
             'SOCKET_WRAPPER_DIR': wrapdir,
-            'SOCKET_WRAPPER_DEFAULT_IFACE': '9'}
+            'SOCKET_WRAPPER_DEFAULT_IFACE': '9',
+            'SOCKET_WRAPPER_DEBUGLEVEL': '1',
+            'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME,
+            'NSS_WRAPPER_HOSTS': hosts_file}
 
     return wenv
 
@@ -90,6 +106,7 @@ if __name__ == '__main__':
 
     env = try_wrappers(test.testdir, args['wrappers'])
     env['PYTHONPATH'] = test.rootdir
+    env['TESTDIR'] = test.testdir
 
     try:
         test.setup_servers(env)
-- 
cgit