From 2273ffa241daf4eb1075699ddea72d6f376c51bd Mon Sep 17 00:00:00 2001
From: Max Erenberg <merenber@csclub.uwaterloo.ca>
Date: Thu, 19 Aug 2021 06:21:30 +0000
Subject: [PATCH] add test for krb5

---
 tests/ceo_common/__init__.py       |  0
 tests/ceo_common/krb5/__init__.py  |  0
 tests/ceo_common/krb5/test_krb5.py | 43 ++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 tests/ceo_common/__init__.py
 create mode 100644 tests/ceo_common/krb5/__init__.py
 create mode 100644 tests/ceo_common/krb5/test_krb5.py

diff --git a/tests/ceo_common/__init__.py b/tests/ceo_common/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/ceo_common/krb5/__init__.py b/tests/ceo_common/krb5/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/ceo_common/krb5/test_krb5.py b/tests/ceo_common/krb5/test_krb5.py
new file mode 100644
index 0000000..0f876a3
--- /dev/null
+++ b/tests/ceo_common/krb5/test_krb5.py
@@ -0,0 +1,43 @@
+import os
+import subprocess
+from subprocess import DEVNULL
+import tempfile
+
+import ldap3
+
+from ceo_common.krb5.utils import get_fwd_tgt, store_fwd_tgt_creds
+
+
+def test_fwd_tgt(cfg):
+    realm = cfg.get('ldap_sasl_realm')
+    ldap_server = cfg.get('ldap_server_url')
+    old_krb5ccname = os.environ['KRB5CCNAME']
+    f1 = tempfile.NamedTemporaryFile()
+    d2 = tempfile.TemporaryDirectory()
+
+    try:
+        subprocess.run(
+            ['kinit', '-c', 'FILE:' + f1.name, 'regular1'],
+            text=True, input='krb5', check=True, stdout=DEVNULL)
+        subprocess.run(
+            ['kinit', '-c', 'DIR:' + d2.name, 'ctdalek'],
+            text=True, input='krb5', check=True, stdout=DEVNULL)
+        os.environ['KRB5CCNAME'] = 'FILE:' + f1.name
+        b = get_fwd_tgt('phosphoric-acid')
+        os.environ['KRB5CCNAME'] = 'DIR:' + d2.name
+        # make sure that we can import the creds from regular1 into the
+        # cache collection
+        with store_fwd_tgt_creds(b) as name:
+            assert name == 'regular1@' + realm
+
+            kwargs = {
+                'server': ldap_server, 'auto_bind': True,
+                'authentication': ldap3.SASL, 'sasl_mechanism': ldap3.KERBEROS,
+            }
+            conn = ldap3.Connection(**kwargs, user='regular1')
+            assert conn.extend.standard.who_am_i().startswith('dn:uid=regular1,')
+            conn.unbind()
+    finally:
+        os.environ['KRB5CCNAME'] = old_krb5ccname
+        f1.close()
+        d2.cleanup()