URL: https://github.com/freeipa/freeipa/pull/200 Author: ofayans Title: #200: Test: basic kerberos over http functionality Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/200/head:pr200 git checkout pr200
From 4175d282f80ff04849526211e2deae211b8a605b Mon Sep 17 00:00:00 2001 From: Oleg Fayans <ofay...@redhat.com> Date: Tue, 1 Nov 2016 09:54:12 +0100 Subject: [PATCH 1/2] Test: made kinit_admin a returning function In some cases we need to check the result of kinit and print out the error message. Therefore we need it to return the result. --- ipatests/test_integration/tasks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index c6aab32..72a0f36 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -673,8 +673,8 @@ def disconnect_replica(master, replica, domain_level=None): def kinit_admin(host, raiseonerr=True): - host.run_command(['kinit', 'admin'], raiseonerr=raiseonerr, - stdin_text=host.config.admin_password) + return host.run_command(['kinit', 'admin'], raiseonerr=raiseonerr, + stdin_text=host.config.admin_password) def uninstall_master(host, ignore_topology_disconnect=True, From 4615f59003f4bdee3204013937b71ee9a3853ec1 Mon Sep 17 00:00:00 2001 From: Oleg Fayans <ofay...@redhat.com> Date: Tue, 1 Nov 2016 09:25:16 +0100 Subject: [PATCH 2/2] Test: basic kerberos over http functionality https://fedorahosted.org/freeipa/ticket/6446 --- ipatests/test_integration/test_http_kdc_proxy.py | 58 ++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 ipatests/test_integration/test_http_kdc_proxy.py diff --git a/ipatests/test_integration/test_http_kdc_proxy.py b/ipatests/test_integration/test_http_kdc_proxy.py new file mode 100644 index 0000000..a5eb5db --- /dev/null +++ b/ipatests/test_integration/test_http_kdc_proxy.py @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +import six +from ipatests.test_integration import tasks +from ipatests.test_integration.base import IntegrationTest +from ipaplatform.paths import paths + + +if six.PY3: + unicode = str + + +class TestHttpKdcProxy(IntegrationTest): + topology = "line" + num_clients = 1 + + @classmethod + def install(cls, mh): + super(TestHttpKdcProxy, cls).install(mh) + # Block access from client to master's port 88 + cls.clients[0].run_command([ + 'iptables', '-A', 'OUTPUT', '-p', 'tcp', + '--dport', '88', '-j', 'DROP']) + cls.clients[0].run_command([ + 'iptables', '-A', 'OUTPUT', '-p', 'udp', + '--dport', '88', '-j', 'DROP']) + cls.clients[0].run_command([ + 'ip6tables', '-A', 'OUTPUT', '-p', 'tcp', + '--dport', '88', '-j', 'DROP']) + cls.clients[0].run_command([ + 'ip6tables', '-A', 'OUTPUT', '-p', 'udp', + '--dport', '88', '-j', 'DROP']) + # configure client + cls.clients[0].run_command( + "sed -i 's/ kdc = .*$/ kdc = https:\/\/%s\/KdcProxy/' %s" % ( + cls.master.hostname, paths.KRB5_CONF) + ) + cls.clients[0].run_command( + "sed -i 's/master_kdc = .*$/master_kdc" + " = https:\/\/%s\/KdcProxy/' %s" % ( + cls.master.hostname, paths.KRB5_CONF) + ) + # Workaround for https://fedorahosted.org/freeipa/ticket/6443 + cls.clients[0].run_command(['systemctl', 'restart', 'sssd.service']) + # End of workaround + + @classmethod + def uninstall(cls, mh): + super(TestHttpKdcProxy, cls).uninstall(mh) + cls.clients[0].run_command(['iptables', '-F']) + + def test_http_kdc_proxy_works(self): + result = tasks.kinit_admin(self.clients[0], raiseonerr=False) + assert(result.returncode == 0), ( + "Unable to kinit using KdcProxy: %s" % result.stderr_text + )
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
