1from k5test import * 2 3plugin = os.path.join(buildtop, "plugins", "hostrealm", "test", 4 "hostrealm_test.so") 5 6# Disable the "dns" module (we can't easily test TXT lookups) and 7# arrange the remaining modules in an order which makes sense for most 8# tests. 9conf = {'plugins': {'hostrealm': {'module': ['test1:' + plugin, 10 'test2:' + plugin], 11 'enable_only': ['test2', 'profile', 12 'domain', 'test1']}}, 13 'domain_realm': {'.x': 'DOTMATCH', 'x': 'MATCH', '.1': 'NUMMATCH'}} 14realm = K5Realm(krb5_conf=conf, create_kdb=False) 15 16def test(realm, args, expected_realms, msg, env=None): 17 out = realm.run(['./hrealm'] + args, env=env) 18 if out.split('\n') != expected_realms + ['']: 19 fail(msg) 20 21def test_error(realm, args, expected_error, msg, env=None): 22 realm.run(['./hrealm'] + args, env=env, expected_code=1, 23 expected_msg=expected_error) 24 25def testh(realm, host, expected_realms, msg, env=None): 26 test(realm, ['-h', host], expected_realms, msg, env=env) 27def testf(realm, host, expected_realms, msg, env=None): 28 test(realm, ['-f', host], expected_realms, msg, env=env) 29def testd(realm, expected_realm, msg, env=None): 30 test(realm, ['-d'], [expected_realm], msg, env=env) 31def testh_error(realm, host, expected_error, msg, env=None): 32 test_error(realm, ['-h', host], expected_error, msg, env=env) 33def testf_error(realm, host, expected_error, msg, env=None): 34 test_error(realm, ['-f', host], expected_error, msg, env=env) 35def testd_error(realm, expected_error, msg, env=None): 36 test_error(realm, ['-d'], expected_error, msg, env=env) 37 38### 39### krb5_get_host_realm tests 40### 41 42# The test2 module returns a fatal error on hosts beginning with 'z', 43# and an answer on hosts beginning with 'a'. 44mark('test2 module') 45testh_error(realm, 'zoo', 'service not available', 'host_realm test2 z') 46testh(realm, 'abacus', ['a'], 'host_realm test2 a') 47 48# The profile module gives answers for hostnames equal to or ending in 49# 'X', due to [domain_realms]. There is also an entry for hostnames 50# ending in '1', but hostnames which appear to be IP or IPv6 addresses 51# should instead fall through to test1. 52mark('profile module') 53testh(realm, 'x', ['MATCH'], 'host_realm profile x') 54testh(realm, '.x', ['DOTMATCH'], 'host_realm profile .x') 55testh(realm, 'b.x', ['DOTMATCH'], 'host_realm profile b.x') 56testh(realm, '.b.c.x', ['DOTMATCH'], 'host_realm profile .b.c.x') 57testh(realm, 'b.1', ['NUMMATCH'], 'host_realm profile b.1') 58testh(realm, '4.3.2.1', ['4', '3', '2', '1'], 'host_realm profile 4.3.2.1') 59testh(realm, 'b:c.x', ['b:c', 'x'], 'host_realm profile b:c.x') 60# hostname cleaning should convert "X." to "x" before matching. 61testh(realm, 'X.', ['MATCH'], 'host_realm profile X.') 62 63# The test1 module returns a list of the hostname components. 64mark('test1 module') 65testh(realm, 'b.c.d', ['b', 'c', 'd'], 'host_realm test1') 66 67# If no module returns a result, we should get the referral realm. 68mark('no result') 69testh(realm, '', [''], 'host_realm referral realm') 70 71### 72### krb5_get_fallback_host_realm tests 73### 74 75# Return a special environment with realm_try_domains set to n. 76def try_env(realm, testname, n): 77 conf = {'libdefaults': {'realm_try_domains': str(n)}} 78 return realm.special_env(testname, False, krb5_conf=conf) 79 80# The domain module will answer with the uppercased parent domain, 81# with no special configuration. 82mark('fallback: domain module') 83testf(realm, 'a.b.c', ['B.C'], 'fallback_realm domain a.b.c') 84 85# With realm_try_domains = 0, the hostname itself will be looked up as 86# a realm and returned if found. 87mark('fallback: realm_try_domains = 0') 88try0 = try_env(realm, 'try0', 0) 89testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try0', env=try0) 90testf(realm, 'a.b.krbtest.com', ['B.KRBTEST.COM'], 91 'fallback_realm try0 grandparent', env=try0) 92testf(realm, 'a.b.c', ['B.C'], 'fallback_realm try0 nomatch', env=try0) 93 94# With realm_try_domains = 2, the parent and grandparent will be 95# checked as well, but it stops there. 96mark('fallback: realm_try_domains = 2') 97try2 = try_env(realm, 'try2', 2) 98testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try2', env=try2) 99testf(realm, 'a.b.krbtest.com', ['KRBTEST.COM'], 100 'fallback_realm try2 grandparent', env=try2) 101testf(realm, 'a.b.c.krbtest.com', ['B.C.KRBTEST.COM'], 102 'fallback_realm try2 great-grandparent', env=try2) 103 104# The test1 module answers with a list of components. Use an IPv4 105# address to bypass the domain module. 106mark('fallback: test1 module') 107testf(realm, '1.2.3.4', ['1', '2', '3', '4'], 'fallback_realm test1') 108 109# If no module answers, the default realm is returned. The test2 110# module returns an error when we try to look that up. 111mark('fallback: default realm') 112testf_error(realm, '', 'service not available', 'fallback_realm default') 113 114### 115### krb5_get_default_realm tests 116### 117 118# The test2 module returns an error. 119mark('default_realm: test2 module') 120testd_error(realm, 'service not available', 'default_realm test2') 121 122# The profile module returns the default realm from the profile. 123# Disable test2 to expose this behavior. 124mark('default_realm: profile module') 125disable_conf = {'plugins': {'hostrealm': {'disable': 'test2'}}} 126notest2 = realm.special_env('notest2', False, krb5_conf=disable_conf) 127testd(realm, 'KRBTEST.COM', 'default_realm profile', env=notest2) 128 129# The test1 module returns a list of two realms, of which we can only 130# see the first. Remove the profile default_realm setting to expose 131# this behavior. 132mark('default_realm: test1 module') 133remove_default = {'libdefaults': {'default_realm': None}} 134# Python 3.5+: nodefault_conf = {**disable_conf, **remove_default} 135nodefault_conf = dict(list(disable_conf.items()) + 136 list(remove_default.items())) 137nodefault = realm.special_env('nodefault', False, krb5_conf=nodefault_conf) 138testd(realm, 'one', 'default_realm test1', env=nodefault) 139 140success('hostrealm interface tests') 141