1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#
# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
#
import six
from ipatests.test_integration import tasks
from ipatests.test_integration.base import IntegrationTest
from ipaplatform.paths import paths
if six.PY3:
unicode = str
class TestHttpKdcProxy(IntegrationTest):
topology = "line"
num_clients = 1
@classmethod
def install(cls, mh):
super(TestHttpKdcProxy, cls).install(mh)
# Block access from client to master's port 88
cls.clients[0].run_command([
'iptables', '-A', 'OUTPUT', '-p', 'tcp',
'--dport', '88', '-j', 'DROP'])
cls.clients[0].run_command([
'iptables', '-A', 'OUTPUT', '-p', 'udp',
'--dport', '88', '-j', 'DROP'])
cls.clients[0].run_command([
'ip6tables', '-A', 'OUTPUT', '-p', 'tcp',
'--dport', '88', '-j', 'DROP'])
cls.clients[0].run_command([
'ip6tables', '-A', 'OUTPUT', '-p', 'udp',
'--dport', '88', '-j', 'DROP'])
# configure client
cls.clients[0].run_command(
"sed -i 's/ kdc = .*$/ kdc = https:\/\/%s\/KdcProxy/' %s" % (
cls.master.hostname, paths.KRB5_CONF)
)
cls.clients[0].run_command(
"sed -i 's/master_kdc = .*$/master_kdc"
" = https:\/\/%s\/KdcProxy/' %s" % (
cls.master.hostname, paths.KRB5_CONF)
)
# Workaround for https://fedorahosted.org/freeipa/ticket/6443
cls.clients[0].run_command(['systemctl', 'restart', 'sssd.service'])
# End of workaround
@classmethod
def uninstall(cls, mh):
super(TestHttpKdcProxy, cls).uninstall(mh)
cls.clients[0].run_command(['iptables', '-F'])
def test_http_kdc_proxy_works(self):
result = tasks.kinit_admin(self.clients[0], raiseonerr=False)
assert(result.returncode == 0), (
"Unable to kinit using KdcProxy: %s" % result.stderr_text
)
|
