|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
plugin = os.path.join(buildtop, "plugins", "hostrealm", "test",
|
|
Packit |
fd8b60 |
"hostrealm_test.so")
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Disable the "dns" module (we can't easily test TXT lookups) and
|
|
Packit |
fd8b60 |
# arrange the remaining modules in an order which makes sense for most
|
|
Packit |
fd8b60 |
# tests.
|
|
Packit |
fd8b60 |
conf = {'plugins': {'hostrealm': {'module': ['test1:' + plugin,
|
|
Packit |
fd8b60 |
'test2:' + plugin],
|
|
Packit |
fd8b60 |
'enable_only': ['test2', 'profile',
|
|
Packit |
fd8b60 |
'domain', 'test1']}},
|
|
Packit |
fd8b60 |
'domain_realm': {'.x': 'DOTMATCH', 'x': 'MATCH', '.1': 'NUMMATCH'}}
|
|
Packit |
fd8b60 |
realm = K5Realm(krb5_conf=conf, create_kdb=False)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def test(realm, args, expected_realms, msg, env=None):
|
|
Packit |
fd8b60 |
out = realm.run(['./hrealm'] + args, env=env)
|
|
Packit |
fd8b60 |
if out.split('\n') != expected_realms + ['']:
|
|
Packit |
fd8b60 |
fail(msg)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def test_error(realm, args, expected_error, msg, env=None):
|
|
Packit |
fd8b60 |
realm.run(['./hrealm'] + args, env=env, expected_code=1,
|
|
Packit |
fd8b60 |
expected_msg=expected_error)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def testh(realm, host, expected_realms, msg, env=None):
|
|
Packit |
fd8b60 |
test(realm, ['-h', host], expected_realms, msg, env=env)
|
|
Packit |
fd8b60 |
def testf(realm, host, expected_realms, msg, env=None):
|
|
Packit |
fd8b60 |
test(realm, ['-f', host], expected_realms, msg, env=env)
|
|
Packit |
fd8b60 |
def testd(realm, expected_realm, msg, env=None):
|
|
Packit |
fd8b60 |
test(realm, ['-d'], [expected_realm], msg, env=env)
|
|
Packit |
fd8b60 |
def testh_error(realm, host, expected_error, msg, env=None):
|
|
Packit |
fd8b60 |
test_error(realm, ['-h', host], expected_error, msg, env=env)
|
|
Packit |
fd8b60 |
def testf_error(realm, host, expected_error, msg, env=None):
|
|
Packit |
fd8b60 |
test_error(realm, ['-f', host], expected_error, msg, env=env)
|
|
Packit |
fd8b60 |
def testd_error(realm, expected_error, msg, env=None):
|
|
Packit |
fd8b60 |
test_error(realm, ['-d'], expected_error, msg, env=env)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
### krb5_get_host_realm tests
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The test2 module returns a fatal error on hosts beginning with 'z',
|
|
Packit |
fd8b60 |
# and an answer on hosts begining with 'a'.
|
|
Packit |
fd8b60 |
mark('test2 module')
|
|
Packit |
fd8b60 |
testh_error(realm, 'zoo', 'service not available', 'host_realm test2 z')
|
|
Packit |
fd8b60 |
testh(realm, 'abacus', ['a'], 'host_realm test2 a')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The profile module gives answers for hostnames equal to or ending in
|
|
Packit |
fd8b60 |
# 'X', due to [domain_realms]. There is also an entry for hostnames
|
|
Packit |
fd8b60 |
# ending in '1', but hostnames which appear to be IP or IPv6 addresses
|
|
Packit |
fd8b60 |
# should instead fall through to test1.
|
|
Packit |
fd8b60 |
mark('profile module')
|
|
Packit |
fd8b60 |
testh(realm, 'x', ['MATCH'], 'host_realm profile x')
|
|
Packit |
fd8b60 |
testh(realm, '.x', ['DOTMATCH'], 'host_realm profile .x')
|
|
Packit |
fd8b60 |
testh(realm, 'b.x', ['DOTMATCH'], 'host_realm profile b.x')
|
|
Packit |
fd8b60 |
testh(realm, '.b.c.x', ['DOTMATCH'], 'host_realm profile .b.c.x')
|
|
Packit |
fd8b60 |
testh(realm, 'b.1', ['NUMMATCH'], 'host_realm profile b.1')
|
|
Packit |
fd8b60 |
testh(realm, '4.3.2.1', ['4', '3', '2', '1'], 'host_realm profile 4.3.2.1')
|
|
Packit |
fd8b60 |
testh(realm, 'b:c.x', ['b:c', 'x'], 'host_realm profile b:c.x')
|
|
Packit |
fd8b60 |
# hostname cleaning should convert "X." to "x" before matching.
|
|
Packit |
fd8b60 |
testh(realm, 'X.', ['MATCH'], 'host_realm profile X.')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The test1 module returns a list of the hostname components.
|
|
Packit |
fd8b60 |
mark('test1 module')
|
|
Packit |
fd8b60 |
testh(realm, 'b.c.d', ['b', 'c', 'd'], 'host_realm test1')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# If no module returns a result, we should get the referral realm.
|
|
Packit |
fd8b60 |
mark('no result')
|
|
Packit |
fd8b60 |
testh(realm, '', [''], 'host_realm referral realm')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
### krb5_get_fallback_host_realm tests
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Return a special environment with realm_try_domains set to n.
|
|
Packit |
fd8b60 |
def try_env(realm, testname, n):
|
|
Packit |
fd8b60 |
conf = {'libdefaults': {'realm_try_domains': str(n)}}
|
|
Packit |
fd8b60 |
return realm.special_env(testname, False, krb5_conf=conf)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The domain module will answer with the uppercased parent domain,
|
|
Packit |
fd8b60 |
# with no special configuration.
|
|
Packit |
fd8b60 |
mark('fallback: domain module')
|
|
Packit |
fd8b60 |
testf(realm, 'a.b.c', ['B.C'], 'fallback_realm domain a.b.c')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# With realm_try_domains = 0, the hostname itself will be looked up as
|
|
Packit |
fd8b60 |
# a realm and returned if found.
|
|
Packit |
fd8b60 |
mark('fallback: realm_try_domains = 0')
|
|
Packit |
fd8b60 |
try0 = try_env(realm, 'try0', 0)
|
|
Packit |
fd8b60 |
testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try0', env=try0)
|
|
Packit |
fd8b60 |
testf(realm, 'a.b.krbtest.com', ['B.KRBTEST.COM'],
|
|
Packit |
fd8b60 |
'fallback_realm try0 grandparent', env=try0)
|
|
Packit |
fd8b60 |
testf(realm, 'a.b.c', ['B.C'], 'fallback_realm try0 nomatch', env=try0)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# With realm_try_domains = 2, the parent and grandparent will be
|
|
Packit |
fd8b60 |
# checked as well, but it stops there.
|
|
Packit |
fd8b60 |
mark('fallback: realm_try_domains = 2')
|
|
Packit |
fd8b60 |
try2 = try_env(realm, 'try2', 2)
|
|
Packit |
fd8b60 |
testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try2', env=try2)
|
|
Packit |
fd8b60 |
testf(realm, 'a.b.krbtest.com', ['KRBTEST.COM'],
|
|
Packit |
fd8b60 |
'fallback_realm try2 grandparent', env=try2)
|
|
Packit |
fd8b60 |
testf(realm, 'a.b.c.krbtest.com', ['B.C.KRBTEST.COM'],
|
|
Packit |
fd8b60 |
'fallback_realm try2 great-grandparent', env=try2)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The test1 module answers with a list of components. Use an IPv4
|
|
Packit |
fd8b60 |
# address to bypass the domain module.
|
|
Packit |
fd8b60 |
mark('fallback: test1 module')
|
|
Packit |
fd8b60 |
testf(realm, '1.2.3.4', ['1', '2', '3', '4'], 'fallback_realm test1')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# If no module answers, the default realm is returned. The test2
|
|
Packit |
fd8b60 |
# module returns an error when we try to look that up.
|
|
Packit |
fd8b60 |
mark('fallback: default realm')
|
|
Packit |
fd8b60 |
testf_error(realm, '', 'service not available', 'fallback_realm default')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
### krb5_get_default_realm tests
|
|
Packit |
fd8b60 |
###
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The test2 module returns an error.
|
|
Packit |
fd8b60 |
mark('default_realm: test2 module')
|
|
Packit |
fd8b60 |
testd_error(realm, 'service not available', 'default_realm test2')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The profile module returns the default realm from the profile.
|
|
Packit |
fd8b60 |
# Disable test2 to expose this behavior.
|
|
Packit |
fd8b60 |
mark('default_realm: profile module')
|
|
Packit |
fd8b60 |
disable_conf = {'plugins': {'hostrealm': {'disable': 'test2'}}}
|
|
Packit |
fd8b60 |
notest2 = realm.special_env('notest2', False, krb5_conf=disable_conf)
|
|
Packit |
fd8b60 |
testd(realm, 'KRBTEST.COM', 'default_realm profile', env=notest2)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# The test1 module returns a list of two realms, of which we can only
|
|
Packit |
fd8b60 |
# see the first. Remove the profile default_realm setting to expose
|
|
Packit |
fd8b60 |
# this behavior.
|
|
Packit |
fd8b60 |
mark('default_realm: test1 module')
|
|
Packit |
fd8b60 |
remove_default = {'libdefaults': {'default_realm': None}}
|
|
Packit |
fd8b60 |
# Python 3.5+: nodefault_conf = {**disable_conf, **remove_default}
|
|
Packit |
fd8b60 |
nodefault_conf = dict(list(disable_conf.items()) +
|
|
Packit |
fd8b60 |
list(remove_default.items()))
|
|
Packit |
fd8b60 |
nodefault = realm.special_env('nodefault', False, krb5_conf=nodefault_conf)
|
|
Packit |
fd8b60 |
testd(realm, 'one', 'default_realm test1', env=nodefault)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('hostrealm interface tests')
|