|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
conf = {'plugins': {'audit': {
|
|
Packit |
fd8b60 |
'module': 'test:$plugins/audit/test/k5audit_test.so'}}}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm(krb5_conf=conf, get_creds=False)
|
|
Packit |
fd8b60 |
realm.addprinc('target')
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', '+ok_to_auth_as_delegate', realm.host_princ])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make normal AS and TGS requests so they will be audited.
|
|
Packit |
fd8b60 |
realm.kinit(realm.host_princ, flags=['-k', '-f'])
|
|
Packit |
fd8b60 |
realm.run([kvno, 'target'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make S4U2Self and S4U2Proxy requests so they will be audited. The
|
|
Packit |
fd8b60 |
# S4U2Proxy request is expected to fail.
|
|
Packit |
fd8b60 |
realm.run([kvno, '-k', realm.keytab, '-U', 'user', '-P', 'target'],
|
|
Packit |
fd8b60 |
expected_code=1, expected_msg='KDC can\'t fulfill requested option')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make a U2U request so it will be audited.
|
|
Packit |
fd8b60 |
uuserver = os.path.join(buildtop, 'appl', 'user_user', 'uuserver')
|
|
Packit |
fd8b60 |
uuclient = os.path.join(buildtop, 'appl', 'user_user', 'uuclient')
|
|
Packit |
fd8b60 |
port_arg = str(realm.server_port())
|
|
Packit |
fd8b60 |
realm.start_server([uuserver, port_arg], 'Server started')
|
|
Packit |
fd8b60 |
realm.run([uuclient, hostname, 'testing message', port_arg],
|
|
Packit |
fd8b60 |
expected_msg='Hello')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('Audit tests')
|