diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2015-08-09 18:14:57 +0300 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-09-03 09:37:25 -0400 |
| commit | 5e720934614c152fc00f4e02180d99b0b7dfdbe5 (patch) | |
| tree | 570d6f304a814316d2f65b81ca86e268b85736a7 | |
| parent | 7aed3f2080561c603bc2dc6e44dcce3f6f09a09e (diff) | |
| download | mod_auth_gssapi-5e720934614c152fc00f4e02180d99b0b7dfdbe5.tar.gz mod_auth_gssapi-5e720934614c152fc00f4e02180d99b0b7dfdbe5.tar.xz mod_auth_gssapi-5e720934614c152fc00f4e02180d99b0b7dfdbe5.zip | |
Add test for Proxy SPNEGO auth
Add appropairate authorization headers to test with SPNEGO too as
discussed in #48
Requires recent version of python-gssapi module, see:
https://github.com/pythongssapi/python-gssapi/pull/74
Simo: Squashed original patches in one, removed trailing whitespaces
and reworded the commit message.
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #49
| -rwxr-xr-x | tests/magtests.py | 10 | ||||
| -rwxr-xr-x | tests/t_spnego_proxy.py | 35 |
2 files changed, 45 insertions, 0 deletions
diff --git a/tests/magtests.py b/tests/magtests.py index 3e2f4fc..8075197 100755 --- a/tests/magtests.py +++ b/tests/magtests.py @@ -273,6 +273,16 @@ def test_spnego_auth(testdir, testenv, testlog): else: sys.stderr.write('SPNEGO: SUCCESS\n') + with (open(testlog, 'a')) as logfile: + spnego = subprocess.Popen(["tests/t_spnego_proxy.py"], + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) + spnego.wait() + if spnego.returncode != 0: + sys.stderr.write('SPNEGO Proxy Auth: FAILED\n') + else: + sys.stderr.write('SPNEGO Proxy Auth: SUCCESS\n') + def test_basic_auth_krb5(testdir, testenv, testlog): diff --git a/tests/t_spnego_proxy.py b/tests/t_spnego_proxy.py new file mode 100755 index 0000000..e2ac7f9 --- /dev/null +++ b/tests/t_spnego_proxy.py @@ -0,0 +1,35 @@ +#!/usr/bin/python +# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license. + +import os +import requests +import gssapi +from base64 import b64encode + +def getAuthToken(target): + spnego_mech = gssapi.raw.OID.from_int_seq('1.3.6.1.5.5.2') + + name = gssapi.Name('HTTP@%s' % target, + gssapi.NameType.hostbased_service) + + ctx = gssapi.SecurityContext(name=name, mech=spnego_mech) + token = ctx.step() + + return 'Negotiate %s' % b64encode(token) + + +if __name__ == '__main__': + s = requests.Session() + + target = os.environ['NSS_WRAPPER_HOSTNAME'] + url = 'http://%s/spnego/' % target + + proxy = 'http://%s:%s' % (target, os.environ['WRAP_PROXY_PORT']) + proxies = { "http" : proxy, } + + s.headers.update({'Proxy-Authorization': getAuthToken(target)}) + s.headers.update({'Authorization': getAuthToken(target)}) + + r = s.get(url, proxies=proxies) + if r.status_code != 200: + raise ValueError('Spnego Proxy Auth Failed') |