diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/httpd.conf | 17 | ||||
| -rwxr-xr-x | tests/magtests.py | 21 | ||||
| -rwxr-xr-x | tests/t_spnego_rewrite.py | 18 |
3 files changed, 56 insertions, 0 deletions
diff --git a/tests/httpd.conf b/tests/httpd.conf index 66054c1..60d23c8 100644 --- a/tests/httpd.conf +++ b/tests/httpd.conf @@ -148,6 +148,23 @@ CoreDumpDirectory /tmp Require valid-user </Location> +<Location /spnego_rewrite> + Options +Includes + AddOutputFilter INCLUDES .html + + AuthType GSSAPI + AuthName "Login" + GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache + GssapiCredStore keytab:${HTTPROOT}/http.keytab + GssapiAllowedMech krb5 + Require valid-user + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule . /spnego_rewrite/index.html [L] +</Location> + <Location /spnego_negotiate_once> AuthType GSSAPI AuthName "Login Negotiate Once" diff --git a/tests/magtests.py b/tests/magtests.py index 3a29365..b60e648 100755 --- a/tests/magtests.py +++ b/tests/magtests.py @@ -306,6 +306,24 @@ def test_spnego_auth(testdir, testenv, testlog): sys.stderr.write('SPNEGO No Auth: SUCCESS\n') +def test_spnego_rewrite(testdir, testenv, testlog): + + spnego_rewrite_dir = os.path.join(testdir, 'httpd', 'html', + 'spnego_rewrite') + os.mkdir(spnego_rewrite_dir) + shutil.copy('tests/index.html', spnego_rewrite_dir) + + with (open(testlog, 'a')) as logfile: + spnego = subprocess.Popen(["tests/t_spnego_rewrite.py"], + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) + spnego.wait() + if spnego.returncode != 0: + sys.stderr.write('SPNEGO Rewrite: FAILED\n') + else: + sys.stderr.write('SPNEGO Rewrite: SUCCESS\n') + + def test_spnego_negotiate_once(testdir, testenv, testlog): spnego_negotiate_once_dir = os.path.join(testdir, 'httpd', 'html', @@ -400,6 +418,9 @@ if __name__ == '__main__': USR_NAME + '@' + TESTREALM) test_spnego_auth(testdir, testenv, testlog) + testenv['MAG_GSS_NAME'] = USR_NAME + '@' + TESTREALM + test_spnego_rewrite(testdir, testenv, testlog) + test_spnego_negotiate_once(testdir, testenv, testlog) testenv = {'MAG_USER_NAME': USR_NAME, diff --git a/tests/t_spnego_rewrite.py b/tests/t_spnego_rewrite.py new file mode 100755 index 0000000..0014bf5 --- /dev/null +++ b/tests/t_spnego_rewrite.py @@ -0,0 +1,18 @@ +#!/usr/bin/python +# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license. + +import os +import requests +from requests_kerberos import HTTPKerberosAuth, OPTIONAL + + +if __name__ == '__main__': + sess = requests.Session() + url = 'http://%s/spnego_rewrite/xxx' % os.environ['NSS_WRAPPER_HOSTNAME'] + r = sess.get(url, auth=HTTPKerberosAuth()) + + if r.status_code != 200: + raise ValueError('Spnego Rewrite failed') + + if r.text.rstrip() != os.environ['MAG_GSS_NAME']: + raise ValueError('Spnego Rewrite, GSS_NAME check failed') |