Test: basic kerberos over http functionality

https://fedorahosted.org/freeipa/ticket/6446 Reviewed-By: Milan Kubik <mkubik@redhat.com>
author: Oleg Fayans <ofayans@redhat.com> 2016-11-01 09:25:16 +0100
committer: Martin Basti <mbasti@redhat.com> 2016-11-30 16:29:18 +0100
commit: 503d0929e9265dfc0c6c28ac49146b72a0a7edea (patch)
tree: 15a400fb4011494a8d56e2b89681453c8d24d7e2
parent: c7fd46e42a9f5b4676415910b800e0340f77dc88 (diff)
download: freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.tar.gz
freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.tar.xz
freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.zip
1 files changed, 58 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_http_kdc_proxy.py b/ipatests/test_integration/test_http_kdc_proxy.py
new file mode 100644
index 000000000..a5eb5db91
--- /dev/null
+++ b/ipatests/test_integration/test_http_kdc_proxy.py
@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+#
+
+import six
+from ipatests.test_integration import tasks
+from ipatests.test_integration.base import IntegrationTest
+from ipaplatform.paths import paths
+
+
+if six.PY3:
+    unicode = str
+
+
+class TestHttpKdcProxy(IntegrationTest):
+    topology = "line"
+    num_clients = 1
+
+    @classmethod
+    def install(cls, mh):
+        super(TestHttpKdcProxy, cls).install(mh)
+        # Block access from client to master's port 88
+        cls.clients[0].run_command([
+            'iptables', '-A', 'OUTPUT', '-p', 'tcp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'iptables', '-A', 'OUTPUT', '-p', 'udp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'ip6tables', '-A', 'OUTPUT', '-p', 'tcp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'ip6tables', '-A', 'OUTPUT', '-p', 'udp',
+            '--dport', '88', '-j', 'DROP'])
+        # configure client
+        cls.clients[0].run_command(
+            "sed -i 's/ kdc = .*$/ kdc = https:\/\/%s\/KdcProxy/' %s" % (
+                cls.master.hostname, paths.KRB5_CONF)
+            )
+        cls.clients[0].run_command(
+            "sed -i 's/master_kdc = .*$/master_kdc"
+            " = https:\/\/%s\/KdcProxy/' %s" % (
+                cls.master.hostname, paths.KRB5_CONF)
+            )
+        # Workaround for https://fedorahosted.org/freeipa/ticket/6443
+        cls.clients[0].run_command(['systemctl', 'restart', 'sssd.service'])
+        # End of workaround
+
+    @classmethod
+    def uninstall(cls, mh):
+        super(TestHttpKdcProxy, cls).uninstall(mh)
+        cls.clients[0].run_command(['iptables', '-F'])
+
+    def test_http_kdc_proxy_works(self):
+        result = tasks.kinit_admin(self.clients[0], raiseonerr=False)
+        assert(result.returncode == 0), (
+            "Unable to kinit using KdcProxy: %s" % result.stderr_text
+            )
author	Oleg Fayans <ofayans@redhat.com>	2016-11-01 09:25:16 +0100
committer	Martin Basti <mbasti@redhat.com>	2016-11-30 16:29:18 +0100
commit	503d0929e9265dfc0c6c28ac49146b72a0a7edea (patch)
tree	15a400fb4011494a8d56e2b89681453c8d24d7e2
parent	c7fd46e42a9f5b4676415910b800e0340f77dc88 (diff)
download	freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.tar.gz freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.tar.xz freeipa-503d0929e9265dfc0c6c28ac49146b72a0a7edea.zip