Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# Authors: # Rob Crittenden <rcritten@redhat.com> # # Copyright (C) 2010 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. Test `ipa-getkeytab` """
try: tmpdir = tempfile.mkdtemp(prefix = "tmp-") ccache_file = 'FILE:%s/ccache' % tmpdir krbcontext = krbV.default_context() principal = str(principal) keytab = krbV.Keytab(name=keytab, context=krbcontext) principal = krbV.Principal(name=principal, context=krbcontext) os.environ['KRB5CCNAME'] = ccache_file ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) ccache.init(principal) ccache.init_creds_keytab(keytab=keytab, principal=principal) conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri, base_dn=api.env.basedn) conn.connect(ccache=ccache.name) conn.disconnect() except krbV.Krb5Error, e: raise StandardError('Unable to bind to LDAP. Error initializing principal %s in %s: %s' % (principal.name, keytab, str(e))) finally: del os.environ['KRB5CCNAME'] if tmpdir: shutil.rmtree(tmpdir)
""" Test `ipa-getkeytab`. """
""" Create a host to test against. """ # Create the service try: api.Command['host_add'](self.host_fqdn, force=True) except errors.DuplicateEntry: # it already exists, no problem pass
""" Create a keytab with `ipa-getkeytab` for a non-existent service. """ new_args = [self.command, "-s", api.env.host, "-p", "test/notfound.example.com", "-k", self.keytabname, ] (out, err, rc) = ipautil.run(new_args, stdin=None, raiseonerr=False) assert err == 'Operation failed! PrincipalName not found.\n\n'
""" Create a keytab with `ipa-getkeytab` for an existing service. """ # Create the service try: api.Command['service_add'](self.service_princ, force=True) except errors.DuplicateEntry: # it already exists, no problem pass
os.unlink(self.keytabname) new_args = [self.command, "-s", api.env.host, "-p", self.service_princ, "-k", self.keytabname, ] try: (out, err, rc) = ipautil.run(new_args, None) assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname except ipautil.CalledProcessError, e: assert (False)
""" Try to use the service keytab. """ use_keytab(self.service_princ, self.keytabname)
""" Disable a kerberos principal """ # Verify that it has a principal key entry = api.Command['service_show'](self.service_princ)['result'] assert(entry['has_keytab'] == True)
# Disable it api.Command['service_disable'](self.service_princ)
# Verify that it looks disabled entry = api.Command['service_show'](self.service_princ)['result'] assert(entry['has_keytab'] == False)
""" Try to use the disabled keytab """ try: use_keytab(self.service_princ, self.keytabname) except StandardError, errmsg: assert('Unable to bind to LDAP. Error initializing principal' in str(errmsg))
""" Clean up test data """ # First create the host that will use this policy os.unlink(self.keytabname) api.Command['host_del'](self.host_fqdn) |