diff options
| -rw-r--r-- | tests/httpd.conf | 2 | ||||
| -rwxr-xr-x | tests/magtests.py | 3 | ||||
| -rwxr-xr-x | tests/t_spnego.py | 7 |
3 files changed, 10 insertions, 2 deletions
diff --git a/tests/httpd.conf b/tests/httpd.conf index f10a7ca..d0194ed 100644 --- a/tests/httpd.conf +++ b/tests/httpd.conf @@ -132,6 +132,8 @@ CoreDumpDirectory /tmp GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache GssapiCredStore client_keytab:${HTTPROOT}/http.keytab GssapiCredStore keytab:${HTTPROOT}/http.keytab + GssapiDelegCcacheDir ${HTTPROOT} + GssapiDelegCcachePerms mode:0666 GssapiBasicAuth Off GssapiAllowedMech krb5 Require valid-user diff --git a/tests/magtests.py b/tests/magtests.py index 0065b7b..074e2f0 100755 --- a/tests/magtests.py +++ b/tests/magtests.py @@ -257,7 +257,6 @@ def kinit_user(testdir, kdcenv): kinit.wait() if kinit.returncode != 0: raise ValueError('kinit failed') - return testenv @@ -388,6 +387,8 @@ if __name__ == '__main__': keysenv = setup_keys(testdir, kdcenv) testenv = kinit_user(testdir, kdcenv) + testenv['DELEGCCACHE'] = os.path.join(testdir, 'httpd', + USR_NAME + '@' + TESTREALM) test_spnego_auth(testdir, testenv, testlog) test_spnego_negotiate_once(testdir, testenv, testlog) diff --git a/tests/t_spnego.py b/tests/t_spnego.py index d6f77ca..a010089 100755 --- a/tests/t_spnego.py +++ b/tests/t_spnego.py @@ -3,16 +3,21 @@ import os import requests +from stat import ST_MODE from requests_kerberos import HTTPKerberosAuth, OPTIONAL if __name__ == '__main__': sess = requests.Session() url = 'http://%s/spnego/' % os.environ['NSS_WRAPPER_HOSTNAME'] - r = sess.get(url, auth=HTTPKerberosAuth()) + r = sess.get(url, auth=HTTPKerberosAuth(delegate=True)) if r.status_code != 200: raise ValueError('Spnego failed') c = r.cookies if not c.get("gssapi_session").startswith("MagBearerToken="): raise ValueError('gssapi_session not set') + + data = os.stat(os.environ['DELEGCCACHE']) + if data[ST_MODE] != 0100666: + raise ValueError('Incorrect perm on ccache: %o' % data[ST_MODE]) |