rkerberos 0.1.0

data/test/test_keytab_entry.rb

@@ -0,0 +1,66 @@
+#######################################################################
+# test_keytab_entry.rb
+#
+# Test suite for the Kerberos::Krb5::KeytabEntry class.
+#######################################################################
+require 'rubygems'
+gem 'test-unit'
+
+require 'test/unit'
+require 'rkerberos'
+
+class TC_Krb5_KeytabEntry < Test::Unit::TestCase
+  def setup
+    @kte = Kerberos::Krb5::Keytab::Entry.new
+  end
+
+  test "principal getter basic functionality" do
+    assert_respond_to(@kte, :principal)
+    assert_nothing_raised{ @kte.principal }
+  end
+
+  test "principal setter basic functionality" do
+    assert_respond_to(@kte, :principal)
+    assert_nothing_raised{ @kte.principal = "test" }
+    assert_equal("test", @kte.principal)
+  end
+
+  test "timestamp getter basic functionality" do
+    assert_respond_to(@kte, :timestamp)
+    assert_nothing_raised{ @kte.timestamp }
+  end
+
+  test "timestamp setter basic functionality" do
+    time = Time.now
+    assert_respond_to(@kte, :timestamp=)
+    assert_nothing_raised{ @kte.timestamp = time }
+    assert_equal(time, @kte.timestamp)
+  end
+
+  test "vno getter basic functionality" do
+    assert_respond_to(@kte, :vno)
+    assert_nothing_raised{ @kte.vno }
+  end
+
+  test "vno setter basic functionality" do
+    time = Time.now
+    assert_respond_to(@kte, :vno=)
+    assert_nothing_raised{ @kte.vno = time }
+    assert_equal(time, @kte.vno)
+  end
+
+  test "key getter basic functionality" do
+    assert_respond_to(@kte, :vno)
+    assert_nothing_raised{ @kte.vno }
+  end
+
+  test "key setter basic functionality" do
+    assert_respond_to(@kte, :key=)
+    assert_nothing_raised{ @kte.key = 23 }
+    assert_equal(23, @kte.key)
+  end
+
+  def teardown
+    @kte = nil
+  end
+end

data/test/test_krb5.rb

@@ -0,0 +1,198 @@
+########################################################################
+# test_krb5.rb
+#
+# Test suite for the Kerberos::Krb5 class. At the moment, this suite
+# requires that you export "testuser1" to a local keytab file called
+# "test.keytab" in the "test" directory for certain tests to pass.
+########################################################################
+require 'rubygems'
+gem 'test-unit'
+
+require 'open3'
+require 'test/unit'
+require 'rkerberos'
+
+class TC_Krb5 < Test::Unit::TestCase
+  def self.startup
+    @@cache_found = true
+
+    Open3.popen3('klist') do |stdin, stdout, stderr|
+      @@cache_found = false unless stderr.gets.nil?
+    end
+
+    @@krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
+    @@realm = IO.read(@@krb5_conf).grep(/default_realm/).first.split('=').last.lstrip.chomp
+  end
+
+  def setup
+    @krb5    = Kerberos::Krb5.new
+    @keytab  = Kerberos::Krb5::Keytab.new.default_name.split(':').last
+    @user    = "testuser1@" + @@realm
+    @service = "kadmin/admin"
+  end
+
+  test "version constant" do
+    assert_equal('0.1.0', Kerberos::Krb5::VERSION)
+  end
+
+  test "constructor accepts a block and yields itself" do
+    assert_nothing_raised{ Kerberos::Krb5.new{} }
+    Kerberos::Krb5.new{ |krb5| assert_kind_of(Kerberos::Krb5, krb5) }
+  end
+
+  test "get_default_realm basic functionality" do
+    assert_respond_to(@krb5, :get_default_realm)
+    assert_nothing_raised{ @krb5.get_default_realm }
+    assert_kind_of(String, @krb5.get_default_realm)
+  end
+
+  test "get_default_realm takes no arguments" do
+    assert_raise(ArgumentError){ @krb5.get_default_realm('localhost') }
+  end
+
+  test "get_default_realm matches what we found in the krb5.conf file" do
+    assert_equal(@@realm, @krb5.get_default_realm)
+  end
+
+  test "default_realm is an alias for get_default_realm" do
+    assert_alias_method(@krb5, :default_realm, :get_default_realm)
+  end
+
+  test "set_default_realm basic functionality" do
+    assert_respond_to(@krb5, :set_default_realm)
+  end
+
+  test "set_default_realm with no arguments uses the default realm" do
+    assert_nothing_raised{ @krb5.set_default_realm }
+    assert_equal(@@realm, @krb5.get_default_realm)
+  end
+
+  test "set_default_realm with an argument sets the default realm as expected" do
+    assert_nothing_raised{ @krb5.set_default_realm('TEST.REALM') }
+    assert_equal('TEST.REALM', @krb5.get_default_realm)
+  end
+
+  test "argument to set_default_realm must be a string" do
+    assert_raise(TypeError){ @krb5.set_default_realm(1) }
+  end
+
+  test "set_default_realm accepts a maximum of one argument" do
+    assert_raise(ArgumentError){ @krb5.set_default_realm('FOO', 'BAR') }
+  end
+
+  test "get_init_creds_password basic functionality" do
+    assert_respond_to(@krb5, :get_init_creds_password)
+  end
+
+  test "get_init_creds_password requires two arguments" do
+    assert_raise(ArgumentError){ @krb5.get_init_creds_password }
+    assert_raise(ArgumentError){ @krb5.get_init_creds_password('test') }
+  end
+
+  test "get_init_creds_password requires string arguments" do
+    assert_raise(TypeError){ @krb5.get_init_creds_password(1, 2) }
+    assert_raise(TypeError){ @krb5.get_init_creds_password('test', 1) }
+  end
+
+  test "calling get_init_creds_password after closing the object raises an error" do
+    @krb5.close
+    assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_password('foo', 'xxx') }
+  end
+
+  test "calling get_init_creds_password after closing the object raises a specific error message" do
+    @krb5.close
+    assert_raise_message('no context has been established'){ @krb5.get_init_creds_password('foo', 'xxx') }
+  end
+
+  test "get_init_creds_keytab basic functionality" do
+    assert_respond_to(@krb5, :get_init_creds_keytab)
+  end
+
+  test "get_init_creds_keytab uses a default keytab if no keytab file is specified" do
+    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    assert_nothing_raised{ @krb5.get_init_creds_keytab(@user) }
+  end
+
+  test "get_init_creds_keytab accepts a keytab" do
+    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab) }
+  end
+
+  # This test will probably fail (since it defaults to "host") so I've commented it out for now.
+  #test "get_init_creds_keytab uses default service principal if no arguments are provided" do
+  #  omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+  #  assert_nothing_raised{ @krb5.get_init_creds_keytab }
+  #end
+
+  test "get_init_creds_keytab accepts a service name" do
+    omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
+    assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service) }
+  end
+
+  test "get_init_creds_keytab requires string arguments" do
+    assert_raise(TypeError){ @krb5.get_init_creds_keytab(1) }
+    assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, 1) }
+    assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, @keytab, 1) }
+  end
+
+  test "calling get_init_creds_keytab after closing the object raises an error" do
+    @krb5.close
+    assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_keytab(@user, @keytab) }
+  end
+
+  test "change_password basic functionality" do
+    assert_respond_to(@krb5, :change_password)
+  end
+
+  test "change_password requires two arguments" do
+    assert_raise(ArgumentError){ @krb5.change_password }
+    assert_raise(ArgumentError){ @krb5.change_password('XXXXXXXX') }
+  end
+
+  test "change_password requires two strings" do
+    assert_raise(TypeError){ @krb5.change_password(1, 'XXXXXXXX') }
+    assert_raise(TypeError){ @krb5.change_password('XXXXXXXX', 1) }
+  end
+
+  test "change_password fails if there is no context or principal" do
+    assert_raise(Kerberos::Krb5::Exception){ @krb5.change_password("XXX", "YYY") }
+    assert_raise_message('no principal has been established'){ @krb5.change_password("XXX", "YYY") }
+  end
+
+  test "get_default_principal basic functionality" do
+    assert_respond_to(@krb5, :get_default_principal)
+  end
+
+  test "get_default_principal returns a string if cache found" do
+    omit_unless(@@cache_found, "No credentials cache found, skipping")
+    assert_nothing_raised{ @krb5.get_default_principal }
+    assert_kind_of(String, @krb5.get_default_principal)
+  end
+
+  test "get_default_principal raises an error if no cache is found" do
+    omit_if(@@cache_found, "Credential cache found, skipping")
+    assert_raise(Kerberos::Krb5::Exception){ @krb5.get_default_principal }
+  end
+
+  test "get_permitted_enctypes basic functionality" do
+    assert_respond_to(@krb5, :get_permitted_enctypes)
+    assert_nothing_raised{ @krb5.get_permitted_enctypes }
+    assert_kind_of(Hash, @krb5.get_permitted_enctypes)
+  end
+
+  test "get_permitted_enctypes returns expected results" do
+    hash = @krb5.get_permitted_enctypes
+    assert_kind_of(Fixnum, hash.keys.first)
+    assert_kind_of(String, hash.values.first)
+    assert_true(hash.values.first.size > 0)
+  end
+
+  def teardown
+    @krb5.close
+    @krb5 = nil
+  end
+
+  def self.shutdown
+    @@cache_found = nil
+  end
+end

data/test/test_krb5_keytab.rb

@@ -0,0 +1,294 @@
+########################################################################
+# test_krb5_keytab.rb
+#
+# Test suite for the Kerberos::Krb5::Keytab class.
+#
+# At the moment this test suite assumes that there are two or more
+# principals in the keytab. Temporary keytab creation is handled using
+# pty + expect.
+########################################################################
+require 'rubygems'
+gem 'test-unit'
+
+require 'tmpdir'
+require 'fileutils'
+require 'test/unit'
+require 'rkerberos'
+require 'pty'
+require 'expect'
+
+class TC_Krb5_Keytab < Test::Unit::TestCase
+  def self.startup
+    file = Dir.tmpdir + "/test.keytab"
+
+    PTY.spawn('kadmin.local') do |reader, writer, pid|
+      reader.gets
+      reader.expect(/local:\s+/)
+
+      writer.puts("ktadd -k #{file} testuser1")
+      reader.expect(/local:\s+/)
+
+      writer.puts("ktadd -k #{file} testuser2")
+      reader.expect(/local:\s+/)
+    end
+
+    @@key_file = "FILE:" + file
+    @@home_dir = ENV['HOME'] || ENV['USER_PROFILE']
+  end
+
+  def setup
+    @keytab = Kerberos::Krb5::Keytab.new
+    @realm  = Kerberos::Kadm5::Config.new.realm
+    @entry  = nil
+    @name   = nil
+  end
+
+  test "constructor takes an optional name" do
+    assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/usr/local/var/keytab") }
+    assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/bogus/keytab") }
+  end
+
+  test "using an invalid residual type causes an error" do
+    omit("Invalid residual type test skipped for now")
+    assert_raise(Kerberos::Krb5::Keytab::Exception){
+      @keytab = Kerberos::Krb5::Keytab.new("BOGUS:/bogus/keytab")
+    }
+  end
+
+  test "keytab name passed to constructor must be a string" do
+    assert_raise(TypeError){ Kerberos::Krb5::Keytab.new(1) }
+  end
+
+  test "name basic functionality" do
+    assert_respond_to(@keytab, :name)
+    assert_kind_of(String, @keytab.name)
+  end
+
+  test "name is set to default name if no argument is passed to constructor" do
+    assert_equal(@keytab.name, @keytab.default_name)
+  end
+
+  test "name is set to value passed to constructor" do
+    temp = "FILE:" + Dir.tmpdir + "/test.keytab"
+    @keytab = Kerberos::Krb5::Keytab.new(temp)
+    assert_equal(@keytab.name, temp)
+  end
+
+  test "default_name basic functionality" do
+    assert_respond_to(@keytab, :default_name)
+    assert_nothing_raised{ @keytab.default_name }
+    assert_kind_of(String, @keytab.default_name)
+  end
+
+  test "close basic functionality" do
+    assert_respond_to(@keytab, :close)
+    assert_nothing_raised{ @keytab.close }
+    assert_boolean(@keytab.close)
+  end
+
+  test "each basic functionality" do
+    assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
+    assert_respond_to(@keytab, :each)
+    assert_nothing_raised{ @keytab.each{} }
+  end
+
+  test "each method yields a keytab entry object" do
+    array = []
+    assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
+    assert_nothing_raised{ @keytab.each{ |entry| array << entry } }
+    assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
+    assert_true(array.size >= 1)
+  end
+
+  test "get_entry basic functionality" do
+    assert_respond_to(@keytab, :get_entry)
+  end
+
+  test "get_entry returns an entry if found in the keytab" do
+    @user = "testuser1@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @entry = @keytab.get_entry(@user) }
+    assert_kind_of(Kerberos::Krb5::Keytab::Entry, @entry)
+  end
+
+  test "get_entry raises an error if no entry is found" do
+    @user = "bogus_user@" + @realm
+    assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
+    assert_raise(Kerberos::Krb5::Exception){ @keytab.get_entry(@user) }
+  end
+
+  test "find is an alias for get_entry" do
+    assert_respond_to(@keytab, :find)
+    assert_alias_method(@keytab, :find, :get_entry)
+  end
+
+  test "foreach singleton method basic functionality" do
+    assert_respond_to(Kerberos::Krb5::Keytab, :foreach)
+    assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){} }
+  end
+
+  test "foreach singleton method yields keytab entry objects" do
+    array = []
+    assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){ |entry| array << entry } }
+    assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
+    assert_true(array.size >= 1)
+  end
+
+=begin
+  # These tests skipped until further notice.
+
+  test "add_entry basic functionality" do
+    assert_respond_to(@keytab, :add_entry)
+  end
+
+  test "add_entry can add a valid principal" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+  end
+
+  test "add_entry accepts a vno" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.add_entry(@user, 1) }
+  end
+
+  test "add_entry accepts a encoding type" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
+    assert_nothing_raised{ @keytab.add_entry(@user, 1, enctype) }
+  end
+
+  test "add_entry requires at least one argument" do
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(ArgumentError){ @keytab.add_entry }
+  end
+
+  test "first argument add_entry must be a string" do
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.add_entry(1) }
+  end
+
+  test "second argument to add_entry must be a number" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.add_entry(@user, "test") }
+  end
+
+  test "third argument to add_entry must be a number" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.add_entry(@user, 0, "test") }
+  end
+
+  test "add_entry accepts a maximum of three arguments" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(ArgumentError){ @keytab.add_entry(@user, 0, 0, 0) }
+  end
+
+  test "add_entry does not fail if an bogus user is added" do
+    @user = "bogususer@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+  end
+
+  test "add_entry can be called multiple times" do
+    @user = "bogususer@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+  end
+
+  test "remove_entry basic functionality" do
+    assert_respond_to(@keytab, :remove_entry)
+  end
+
+  test "remove_entry can add a valid principal" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    @keytab.add_entry(@user)
+
+    assert_nothing_raised{ @keytab.remove_entry(@user) }
+  end
+
+  test "remove_entry accepts a vno" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    @keytab.add_entry(@user, 1)
+    assert_nothing_raised{ @keytab.remove_entry(@user, 1) }
+  end
+
+  test "remove_entry accepts a encoding type" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
+    @keytab.add_entry(@user, 1, enctype)
+    assert_nothing_raised{ @keytab.remove_entry(@user, 1, enctype) }
+  end
+
+  test "remove_entry requires at least one argument" do
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(ArgumentError){ @keytab.remove_entry }
+  end
+
+  test "first argument remove_entry must be a string" do
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.remove_entry(1) }
+  end
+
+  test "second argument to remove_entry must be a number" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.remove_entry(@user, "test") }
+  end
+
+  test "third argument to remove_entry must be a number" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(TypeError){ @keytab.remove_entry(@user, 0, "test") }
+  end
+
+  test "remove_entry accepts a maximum of three arguments" do
+    @user = "testuser2@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_raise(ArgumentError){ @keytab.remove_entry(@user, 0, 0, 0) }
+  end
+
+  test "remove_entry does not fail if an bogus user is removed" do
+    @user = "bogususer@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.remove_entry(@user) }
+  end
+
+  test "remove_entry can be called multiple times" do
+    @user = "testuser1@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    @keytab.add_entry(@user)
+    assert_nothing_raised{ @keytab.remove_entry(@user) }
+    assert_nothing_raised{ @keytab.remove_entry(@user) }
+  end
+
+  test "a principal can be added and removed" do
+    @user = "testuser1@" + @realm
+    @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
+    assert_nothing_raised{ @keytab.add_entry(@user) }
+    assert_nothing_raised{ @keytab.remove_entry(@user) }
+  end
+=end
+
+  def teardown
+    @keytab.close if @keytab
+    @keytab = nil
+    @entry  = nil
+    @realm  = nil
+  end
+
+  def self.shutdown
+    File.delete(@@key_file) if File.exists?(@@key_file)
+    @@key_file = nil
+    @@home_dir = nil
+  end
+end