Imported Upstream version 4.6.2

2021-07-25 07:32:41 +02:00
commit 8ff3be4216
1788 changed files with 1900965 additions and 0 deletions
--- a/ipatests/test_integration/test_http_kdc_proxy.py
+++ b/ipatests/test_integration/test_http_kdc_proxy.py
@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+#
+
+import six
+from ipatests.pytest_plugins.integration import tasks
+from ipatests.test_integration.base import IntegrationTest
+from ipaplatform.paths import paths
+
+
+if six.PY3:
+    unicode = str
+
+
+class TestHttpKdcProxy(IntegrationTest):
+    topology = "line"
+    num_clients = 1
+
+    @classmethod
+    def install(cls, mh):
+        super(TestHttpKdcProxy, cls).install(mh)
+        # Block access from client to master's port 88
+        cls.clients[0].run_command([
+            'iptables', '-A', 'OUTPUT', '-p', 'tcp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'iptables', '-A', 'OUTPUT', '-p', 'udp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'ip6tables', '-A', 'OUTPUT', '-p', 'tcp',
+            '--dport', '88', '-j', 'DROP'])
+        cls.clients[0].run_command([
+            'ip6tables', '-A', 'OUTPUT', '-p', 'udp',
+            '--dport', '88', '-j', 'DROP'])
+        # configure client
+        cls.clients[0].run_command(
+            "sed -i 's/ kdc = .*$/ kdc = https:\/\/%s\/KdcProxy/' %s" % (
+                cls.master.hostname, paths.KRB5_CONF)
+            )
+        cls.clients[0].run_command(
+            "sed -i 's/master_kdc = .*$/master_kdc"
+            " = https:\/\/%s\/KdcProxy/' %s" % (
+                cls.master.hostname, paths.KRB5_CONF)
+            )
+        # Workaround for https://fedorahosted.org/freeipa/ticket/6443
+        cls.clients[0].run_command(['systemctl', 'restart', 'sssd.service'])
+        # End of workaround
+
+    @classmethod
+    def uninstall(cls, mh):
+        super(TestHttpKdcProxy, cls).uninstall(mh)
+        cls.clients[0].run_command(['iptables', '-F'])
+
+    def test_http_kdc_proxy_works(self):
+        result = tasks.kinit_admin(self.clients[0], raiseonerr=False)
+        assert(result.returncode == 0), (
+            "Unable to kinit using KdcProxy: %s" % result.stderr_text
+            )