[29333] in CVS-changelog-for-Kerberos-V5
krb5 commit: Add auth indicator LDAP KDB tests
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Mar 9 15:05:27 2016
Date: Wed, 9 Mar 2016 15:05:21 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201603092005.u29K5LoS026397@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/18252584fd8cbfb43144337833fc83d4d2d12da5
commit 18252584fd8cbfb43144337833fc83d4d2d12da5
Author: Matt Rogers <mrogers@redhat.com>
Date: Mon Feb 29 16:41:01 2016 -0500
Add auth indicator LDAP KDB tests
Check the setstr results with an ldapsearch, then verify the getstrs
output.
ticket: 8379
src/tests/t_kdb.py | 27 +++++++++++++++++++++++++--
1 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
index 132869d..4653a1c 100755
--- a/src/tests/t_kdb.py
+++ b/src/tests/t_kdb.py
@@ -114,8 +114,17 @@ def kldaputil(args, **kw):
kldaputil(['destroy', '-f'])
ldapmodify = which('ldapmodify')
-if not ldapmodify:
- skip_rest('some LDAP KDB tests', 'ldapmodify not found')
+ldapsearch = which('ldapsearch')
+if not ldapmodify or not ldapsearch:
+ skip_rest('some LDAP KDB tests', 'ldapmodify or ldapsearch not found')
+
+def ldap_search(args):
+ proc = subprocess.Popen([ldapsearch, '-H', ldap_uri, '-b', top_dn,
+ '-D', admin_dn, '-w', admin_pw, args],
+ stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+ (out, dummy) = proc.communicate()
+ return out
def ldap_modify(ldif, args=[]):
proc = subprocess.Popen([ldapmodify, '-H', ldap_uri, '-D', admin_dn,
@@ -276,6 +285,20 @@ realm.kinit(realm.user_princ, password('user'))
realm.run([kvno, realm.host_princ])
realm.klist(realm.user_princ, realm.host_princ)
+# Test auth indicator support
+realm.addprinc('authind', password('authind'))
+realm.run([kadminl, 'setstr', 'authind', 'require_auth', 'otp radius'])
+
+out = ldap_search('(krbPrincipalName=authind*)')
+if 'krbPrincipalAuthInd: otp' not in out:
+ fail('Expected krbPrincipalAuthInd value not in output')
+if 'krbPrincipalAuthInd: radius' not in out:
+ fail('Expected krbPrincipalAuthInd value not in output')
+
+out = realm.run([kadminl, 'getstrs', 'authind'])
+if 'require_auth: otp radius' not in out:
+ fail('Expected auth indicators value not in output')
+
# Test service principal aliases.
realm.addprinc('canon', password('canon'))
ldap_modify('dn: krbPrincipalName=canon@KRBTEST.COM,cn=t1,cn=krb5\n'
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
