46 lines
1.5 KiB
Python
46 lines
1.5 KiB
Python
import os
|
|
import socket
|
|
import subprocess
|
|
from subprocess import DEVNULL
|
|
import tempfile
|
|
|
|
import ldap3
|
|
|
|
from ceo_common.krb5.utils import get_fwd_tgt, store_fwd_tgt_creds
|
|
|
|
|
|
def test_fwd_tgt(cfg):
|
|
realm = cfg.get('ldap_sasl_realm')
|
|
ldap_server = cfg.get('ldap_server_url')
|
|
hostname = socket.gethostname()
|
|
old_krb5ccname = os.environ['KRB5CCNAME']
|
|
f1 = tempfile.NamedTemporaryFile()
|
|
d2 = tempfile.TemporaryDirectory()
|
|
|
|
try:
|
|
subprocess.run(
|
|
['kinit', '-c', 'FILE:' + f1.name, 'regular1'],
|
|
text=True, input='krb5', check=True, stdout=DEVNULL)
|
|
subprocess.run(
|
|
['kinit', '-c', 'DIR:' + d2.name, 'ctdalek'],
|
|
text=True, input='krb5', check=True, stdout=DEVNULL)
|
|
os.environ['KRB5CCNAME'] = 'FILE:' + f1.name
|
|
b = get_fwd_tgt(hostname)
|
|
os.environ['KRB5CCNAME'] = 'DIR:' + d2.name
|
|
# make sure that we can import the creds from regular1 into the
|
|
# cache collection
|
|
with store_fwd_tgt_creds(b) as name:
|
|
assert name == 'regular1@' + realm
|
|
|
|
kwargs = {
|
|
'server': ldap_server, 'auto_bind': True,
|
|
'authentication': ldap3.SASL, 'sasl_mechanism': ldap3.KERBEROS,
|
|
}
|
|
conn = ldap3.Connection(**kwargs, user='regular1')
|
|
assert conn.extend.standard.who_am_i().startswith('dn:uid=regular1,')
|
|
conn.unbind()
|
|
finally:
|
|
os.environ['KRB5CCNAME'] = old_krb5ccname
|
|
f1.close()
|
|
d2.cleanup()
|