|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Create a realm with the welcomer and bouncer kadm5_auth test modules
|
|
Packit |
fd8b60 |
# in place of the builtin modules.
|
|
Packit |
fd8b60 |
modpath = os.path.join(buildtop, 'plugins', 'kadm5_auth', 'test',
|
|
Packit |
fd8b60 |
'kadm5_auth_test.so')
|
|
Packit |
fd8b60 |
conf = {'plugins': {'kadm5_auth': {'module': ['welcomer:' + modpath,
|
|
Packit |
fd8b60 |
'bouncer:' + modpath],
|
|
Packit |
fd8b60 |
'enable_only': ['welcomer', 'bouncer']}}}
|
|
Packit |
fd8b60 |
realm = K5Realm(krb5_conf=conf, create_host=False)
|
|
Packit |
fd8b60 |
realm.start_kadmind()
|
|
Packit |
fd8b60 |
realm.prep_kadmin()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# addprinc: welcomer accepts with policy VIP, bouncer denies maxlife.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addprinc', '-randkey', 'princ'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addprinc', '-randkey', '-policy', 'VIP', 'princ'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addprinc', '-randkey', '-policy', 'VIP', '-maxlife', '3',
|
|
Packit |
fd8b60 |
'princ'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# modprinc: welcomer accepts with only maxrenewlife, bouncer denies
|
|
Packit |
fd8b60 |
# with even-component target principal.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modprinc', '-maxlife', '3', 'princ'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modprinc', '-maxrenewlife', '3', 'princ'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modprinc', '-maxrenewlife', '3', 'user/admin'],
|
|
Packit |
fd8b60 |
expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# setstr: welcomer accepts with key 'note', bouncer denies with value
|
|
Packit |
fd8b60 |
# length > 10.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['setstr', 'princ', 'somekey', 'someval'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['setstr', 'princ', 'note', 'abc'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['setstr', 'princ', 'note', 'abcdefghijkl'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# delprinc: welcomer accepts with target principal beginning with 'd',
|
|
Packit |
fd8b60 |
# bouncer denies with "nodelete" string attribute.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['delprinc', 'user'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addprinc', '-randkey', 'deltest'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['delprinc', 'deltest'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addprinc', '-randkey', 'deltest'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'setstr', 'deltest', 'nodelete', 'yes'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['delprinc', 'deltest'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# renprinc: welcomer accepts with same-length first components, bouncer
|
|
Packit |
fd8b60 |
# refuses with source principal beginning with 'a'.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['renprinc', 'princ', 'xyz'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['renprinc', 'princ', 'abcde'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['renprinc', 'abcde', 'fghij'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# addpol: welcomer accepts with minlength 3, bouncer denies with name
|
|
Packit |
fd8b60 |
# length <= 3.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addpol', 'testpol'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addpol', '-minlength', '3', 'testpol'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['addpol', '-minlength', '3', 'abc'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# modpol: welcomer accepts changes to minlife, bouncer denies with
|
|
Packit |
fd8b60 |
# minlife > 10.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modpol', '-minlength', '4', 'testpol'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modpol', '-minlife', '8', 'testpol'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modpol', '-minlife', '11', 'testpol'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# getpol: welcomer accepts if policy and client policy have same length,
|
|
Packit |
fd8b60 |
# bouncer denies if policy name begins with 'x'.
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addpol', 'aaaa'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addpol', 'bbbb'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addpol', 'xxxx'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', '-policy', 'aaaa', 'user/admin'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['getpol', 'testpol'], expected_code=1)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['getpol', 'bbbb'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['getpol', 'xxxx'], expected_code=1)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# end: welcomer counts operations using "ends" string attribute on
|
|
Packit |
fd8b60 |
# "opcount" principal. kadmind is dumb and invokes the end method for
|
|
Packit |
fd8b60 |
# every RPC operation including init, so we expect four calls to the
|
|
Packit |
fd8b60 |
# end operation.
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addprinc', '-nokey', 'opcount'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'setstr', 'opcount', 'ends', '0'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['getprinc', 'user'])
|
|
Packit |
fd8b60 |
realm.run_kadmin(['getpol', 'bbbb'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'getstrs', 'opcount'], expected_msg='ends: 4')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('kadm5_auth pluggable interface tests')
|