rkerberos 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,66 @@
1
+ #######################################################################
2
+ # test_keytab_entry.rb
3
+ #
4
+ # Test suite for the Kerberos::Krb5::KeytabEntry class.
5
+ #######################################################################
6
+ require 'rubygems'
7
+ gem 'test-unit'
8
+
9
+ require 'test/unit'
10
+ require 'rkerberos'
11
+
12
+ class TC_Krb5_KeytabEntry < Test::Unit::TestCase
13
+ def setup
14
+ @kte = Kerberos::Krb5::Keytab::Entry.new
15
+ end
16
+
17
+ test "principal getter basic functionality" do
18
+ assert_respond_to(@kte, :principal)
19
+ assert_nothing_raised{ @kte.principal }
20
+ end
21
+
22
+ test "principal setter basic functionality" do
23
+ assert_respond_to(@kte, :principal)
24
+ assert_nothing_raised{ @kte.principal = "test" }
25
+ assert_equal("test", @kte.principal)
26
+ end
27
+
28
+ test "timestamp getter basic functionality" do
29
+ assert_respond_to(@kte, :timestamp)
30
+ assert_nothing_raised{ @kte.timestamp }
31
+ end
32
+
33
+ test "timestamp setter basic functionality" do
34
+ time = Time.now
35
+ assert_respond_to(@kte, :timestamp=)
36
+ assert_nothing_raised{ @kte.timestamp = time }
37
+ assert_equal(time, @kte.timestamp)
38
+ end
39
+
40
+ test "vno getter basic functionality" do
41
+ assert_respond_to(@kte, :vno)
42
+ assert_nothing_raised{ @kte.vno }
43
+ end
44
+
45
+ test "vno setter basic functionality" do
46
+ time = Time.now
47
+ assert_respond_to(@kte, :vno=)
48
+ assert_nothing_raised{ @kte.vno = time }
49
+ assert_equal(time, @kte.vno)
50
+ end
51
+
52
+ test "key getter basic functionality" do
53
+ assert_respond_to(@kte, :vno)
54
+ assert_nothing_raised{ @kte.vno }
55
+ end
56
+
57
+ test "key setter basic functionality" do
58
+ assert_respond_to(@kte, :key=)
59
+ assert_nothing_raised{ @kte.key = 23 }
60
+ assert_equal(23, @kte.key)
61
+ end
62
+
63
+ def teardown
64
+ @kte = nil
65
+ end
66
+ end
data/test/test_krb5.rb ADDED
@@ -0,0 +1,198 @@
1
+ ########################################################################
2
+ # test_krb5.rb
3
+ #
4
+ # Test suite for the Kerberos::Krb5 class. At the moment, this suite
5
+ # requires that you export "testuser1" to a local keytab file called
6
+ # "test.keytab" in the "test" directory for certain tests to pass.
7
+ ########################################################################
8
+ require 'rubygems'
9
+ gem 'test-unit'
10
+
11
+ require 'open3'
12
+ require 'test/unit'
13
+ require 'rkerberos'
14
+
15
+ class TC_Krb5 < Test::Unit::TestCase
16
+ def self.startup
17
+ @@cache_found = true
18
+
19
+ Open3.popen3('klist') do |stdin, stdout, stderr|
20
+ @@cache_found = false unless stderr.gets.nil?
21
+ end
22
+
23
+ @@krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
24
+ @@realm = IO.read(@@krb5_conf).grep(/default_realm/).first.split('=').last.lstrip.chomp
25
+ end
26
+
27
+ def setup
28
+ @krb5 = Kerberos::Krb5.new
29
+ @keytab = Kerberos::Krb5::Keytab.new.default_name.split(':').last
30
+ @user = "testuser1@" + @@realm
31
+ @service = "kadmin/admin"
32
+ end
33
+
34
+ test "version constant" do
35
+ assert_equal('0.1.0', Kerberos::Krb5::VERSION)
36
+ end
37
+
38
+ test "constructor accepts a block and yields itself" do
39
+ assert_nothing_raised{ Kerberos::Krb5.new{} }
40
+ Kerberos::Krb5.new{ |krb5| assert_kind_of(Kerberos::Krb5, krb5) }
41
+ end
42
+
43
+ test "get_default_realm basic functionality" do
44
+ assert_respond_to(@krb5, :get_default_realm)
45
+ assert_nothing_raised{ @krb5.get_default_realm }
46
+ assert_kind_of(String, @krb5.get_default_realm)
47
+ end
48
+
49
+ test "get_default_realm takes no arguments" do
50
+ assert_raise(ArgumentError){ @krb5.get_default_realm('localhost') }
51
+ end
52
+
53
+ test "get_default_realm matches what we found in the krb5.conf file" do
54
+ assert_equal(@@realm, @krb5.get_default_realm)
55
+ end
56
+
57
+ test "default_realm is an alias for get_default_realm" do
58
+ assert_alias_method(@krb5, :default_realm, :get_default_realm)
59
+ end
60
+
61
+ test "set_default_realm basic functionality" do
62
+ assert_respond_to(@krb5, :set_default_realm)
63
+ end
64
+
65
+ test "set_default_realm with no arguments uses the default realm" do
66
+ assert_nothing_raised{ @krb5.set_default_realm }
67
+ assert_equal(@@realm, @krb5.get_default_realm)
68
+ end
69
+
70
+ test "set_default_realm with an argument sets the default realm as expected" do
71
+ assert_nothing_raised{ @krb5.set_default_realm('TEST.REALM') }
72
+ assert_equal('TEST.REALM', @krb5.get_default_realm)
73
+ end
74
+
75
+ test "argument to set_default_realm must be a string" do
76
+ assert_raise(TypeError){ @krb5.set_default_realm(1) }
77
+ end
78
+
79
+ test "set_default_realm accepts a maximum of one argument" do
80
+ assert_raise(ArgumentError){ @krb5.set_default_realm('FOO', 'BAR') }
81
+ end
82
+
83
+ test "get_init_creds_password basic functionality" do
84
+ assert_respond_to(@krb5, :get_init_creds_password)
85
+ end
86
+
87
+ test "get_init_creds_password requires two arguments" do
88
+ assert_raise(ArgumentError){ @krb5.get_init_creds_password }
89
+ assert_raise(ArgumentError){ @krb5.get_init_creds_password('test') }
90
+ end
91
+
92
+ test "get_init_creds_password requires string arguments" do
93
+ assert_raise(TypeError){ @krb5.get_init_creds_password(1, 2) }
94
+ assert_raise(TypeError){ @krb5.get_init_creds_password('test', 1) }
95
+ end
96
+
97
+ test "calling get_init_creds_password after closing the object raises an error" do
98
+ @krb5.close
99
+ assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_password('foo', 'xxx') }
100
+ end
101
+
102
+ test "calling get_init_creds_password after closing the object raises a specific error message" do
103
+ @krb5.close
104
+ assert_raise_message('no context has been established'){ @krb5.get_init_creds_password('foo', 'xxx') }
105
+ end
106
+
107
+ test "get_init_creds_keytab basic functionality" do
108
+ assert_respond_to(@krb5, :get_init_creds_keytab)
109
+ end
110
+
111
+ test "get_init_creds_keytab uses a default keytab if no keytab file is specified" do
112
+ omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
113
+ assert_nothing_raised{ @krb5.get_init_creds_keytab(@user) }
114
+ end
115
+
116
+ test "get_init_creds_keytab accepts a keytab" do
117
+ omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
118
+ assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab) }
119
+ end
120
+
121
+ # This test will probably fail (since it defaults to "host") so I've commented it out for now.
122
+ #test "get_init_creds_keytab uses default service principal if no arguments are provided" do
123
+ # omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
124
+ # assert_nothing_raised{ @krb5.get_init_creds_keytab }
125
+ #end
126
+
127
+ test "get_init_creds_keytab accepts a service name" do
128
+ omit_unless(File.exists?(@keytab), "keytab file not found, skipping")
129
+ assert_nothing_raised{ @krb5.get_init_creds_keytab(@user, @keytab, @service) }
130
+ end
131
+
132
+ test "get_init_creds_keytab requires string arguments" do
133
+ assert_raise(TypeError){ @krb5.get_init_creds_keytab(1) }
134
+ assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, 1) }
135
+ assert_raise(TypeError){ @krb5.get_init_creds_keytab(@user, @keytab, 1) }
136
+ end
137
+
138
+ test "calling get_init_creds_keytab after closing the object raises an error" do
139
+ @krb5.close
140
+ assert_raise(Kerberos::Krb5::Exception){ @krb5.get_init_creds_keytab(@user, @keytab) }
141
+ end
142
+
143
+ test "change_password basic functionality" do
144
+ assert_respond_to(@krb5, :change_password)
145
+ end
146
+
147
+ test "change_password requires two arguments" do
148
+ assert_raise(ArgumentError){ @krb5.change_password }
149
+ assert_raise(ArgumentError){ @krb5.change_password('XXXXXXXX') }
150
+ end
151
+
152
+ test "change_password requires two strings" do
153
+ assert_raise(TypeError){ @krb5.change_password(1, 'XXXXXXXX') }
154
+ assert_raise(TypeError){ @krb5.change_password('XXXXXXXX', 1) }
155
+ end
156
+
157
+ test "change_password fails if there is no context or principal" do
158
+ assert_raise(Kerberos::Krb5::Exception){ @krb5.change_password("XXX", "YYY") }
159
+ assert_raise_message('no principal has been established'){ @krb5.change_password("XXX", "YYY") }
160
+ end
161
+
162
+ test "get_default_principal basic functionality" do
163
+ assert_respond_to(@krb5, :get_default_principal)
164
+ end
165
+
166
+ test "get_default_principal returns a string if cache found" do
167
+ omit_unless(@@cache_found, "No credentials cache found, skipping")
168
+ assert_nothing_raised{ @krb5.get_default_principal }
169
+ assert_kind_of(String, @krb5.get_default_principal)
170
+ end
171
+
172
+ test "get_default_principal raises an error if no cache is found" do
173
+ omit_if(@@cache_found, "Credential cache found, skipping")
174
+ assert_raise(Kerberos::Krb5::Exception){ @krb5.get_default_principal }
175
+ end
176
+
177
+ test "get_permitted_enctypes basic functionality" do
178
+ assert_respond_to(@krb5, :get_permitted_enctypes)
179
+ assert_nothing_raised{ @krb5.get_permitted_enctypes }
180
+ assert_kind_of(Hash, @krb5.get_permitted_enctypes)
181
+ end
182
+
183
+ test "get_permitted_enctypes returns expected results" do
184
+ hash = @krb5.get_permitted_enctypes
185
+ assert_kind_of(Fixnum, hash.keys.first)
186
+ assert_kind_of(String, hash.values.first)
187
+ assert_true(hash.values.first.size > 0)
188
+ end
189
+
190
+ def teardown
191
+ @krb5.close
192
+ @krb5 = nil
193
+ end
194
+
195
+ def self.shutdown
196
+ @@cache_found = nil
197
+ end
198
+ end
@@ -0,0 +1,294 @@
1
+ ########################################################################
2
+ # test_krb5_keytab.rb
3
+ #
4
+ # Test suite for the Kerberos::Krb5::Keytab class.
5
+ #
6
+ # At the moment this test suite assumes that there are two or more
7
+ # principals in the keytab. Temporary keytab creation is handled using
8
+ # pty + expect.
9
+ ########################################################################
10
+ require 'rubygems'
11
+ gem 'test-unit'
12
+
13
+ require 'tmpdir'
14
+ require 'fileutils'
15
+ require 'test/unit'
16
+ require 'rkerberos'
17
+ require 'pty'
18
+ require 'expect'
19
+
20
+ class TC_Krb5_Keytab < Test::Unit::TestCase
21
+ def self.startup
22
+ file = Dir.tmpdir + "/test.keytab"
23
+
24
+ PTY.spawn('kadmin.local') do |reader, writer, pid|
25
+ reader.gets
26
+ reader.expect(/local:\s+/)
27
+
28
+ writer.puts("ktadd -k #{file} testuser1")
29
+ reader.expect(/local:\s+/)
30
+
31
+ writer.puts("ktadd -k #{file} testuser2")
32
+ reader.expect(/local:\s+/)
33
+ end
34
+
35
+ @@key_file = "FILE:" + file
36
+ @@home_dir = ENV['HOME'] || ENV['USER_PROFILE']
37
+ end
38
+
39
+ def setup
40
+ @keytab = Kerberos::Krb5::Keytab.new
41
+ @realm = Kerberos::Kadm5::Config.new.realm
42
+ @entry = nil
43
+ @name = nil
44
+ end
45
+
46
+ test "constructor takes an optional name" do
47
+ assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/usr/local/var/keytab") }
48
+ assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new("FILE:/bogus/keytab") }
49
+ end
50
+
51
+ test "using an invalid residual type causes an error" do
52
+ omit("Invalid residual type test skipped for now")
53
+ assert_raise(Kerberos::Krb5::Keytab::Exception){
54
+ @keytab = Kerberos::Krb5::Keytab.new("BOGUS:/bogus/keytab")
55
+ }
56
+ end
57
+
58
+ test "keytab name passed to constructor must be a string" do
59
+ assert_raise(TypeError){ Kerberos::Krb5::Keytab.new(1) }
60
+ end
61
+
62
+ test "name basic functionality" do
63
+ assert_respond_to(@keytab, :name)
64
+ assert_kind_of(String, @keytab.name)
65
+ end
66
+
67
+ test "name is set to default name if no argument is passed to constructor" do
68
+ assert_equal(@keytab.name, @keytab.default_name)
69
+ end
70
+
71
+ test "name is set to value passed to constructor" do
72
+ temp = "FILE:" + Dir.tmpdir + "/test.keytab"
73
+ @keytab = Kerberos::Krb5::Keytab.new(temp)
74
+ assert_equal(@keytab.name, temp)
75
+ end
76
+
77
+ test "default_name basic functionality" do
78
+ assert_respond_to(@keytab, :default_name)
79
+ assert_nothing_raised{ @keytab.default_name }
80
+ assert_kind_of(String, @keytab.default_name)
81
+ end
82
+
83
+ test "close basic functionality" do
84
+ assert_respond_to(@keytab, :close)
85
+ assert_nothing_raised{ @keytab.close }
86
+ assert_boolean(@keytab.close)
87
+ end
88
+
89
+ test "each basic functionality" do
90
+ assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
91
+ assert_respond_to(@keytab, :each)
92
+ assert_nothing_raised{ @keytab.each{} }
93
+ end
94
+
95
+ test "each method yields a keytab entry object" do
96
+ array = []
97
+ assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
98
+ assert_nothing_raised{ @keytab.each{ |entry| array << entry } }
99
+ assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
100
+ assert_true(array.size >= 1)
101
+ end
102
+
103
+ test "get_entry basic functionality" do
104
+ assert_respond_to(@keytab, :get_entry)
105
+ end
106
+
107
+ test "get_entry returns an entry if found in the keytab" do
108
+ @user = "testuser1@" + @realm
109
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
110
+ assert_nothing_raised{ @entry = @keytab.get_entry(@user) }
111
+ assert_kind_of(Kerberos::Krb5::Keytab::Entry, @entry)
112
+ end
113
+
114
+ test "get_entry raises an error if no entry is found" do
115
+ @user = "bogus_user@" + @realm
116
+ assert_nothing_raised{ @keytab = Kerberos::Krb5::Keytab.new(@@key_file) }
117
+ assert_raise(Kerberos::Krb5::Exception){ @keytab.get_entry(@user) }
118
+ end
119
+
120
+ test "find is an alias for get_entry" do
121
+ assert_respond_to(@keytab, :find)
122
+ assert_alias_method(@keytab, :find, :get_entry)
123
+ end
124
+
125
+ test "foreach singleton method basic functionality" do
126
+ assert_respond_to(Kerberos::Krb5::Keytab, :foreach)
127
+ assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){} }
128
+ end
129
+
130
+ test "foreach singleton method yields keytab entry objects" do
131
+ array = []
132
+ assert_nothing_raised{ Kerberos::Krb5::Keytab.foreach(@@key_file){ |entry| array << entry } }
133
+ assert_kind_of(Kerberos::Krb5::Keytab::Entry, array[0])
134
+ assert_true(array.size >= 1)
135
+ end
136
+
137
+ =begin
138
+ # These tests skipped until further notice.
139
+
140
+ test "add_entry basic functionality" do
141
+ assert_respond_to(@keytab, :add_entry)
142
+ end
143
+
144
+ test "add_entry can add a valid principal" do
145
+ @user = "testuser2@" + @realm
146
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
147
+ assert_nothing_raised{ @keytab.add_entry(@user) }
148
+ end
149
+
150
+ test "add_entry accepts a vno" do
151
+ @user = "testuser2@" + @realm
152
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
153
+ assert_nothing_raised{ @keytab.add_entry(@user, 1) }
154
+ end
155
+
156
+ test "add_entry accepts a encoding type" do
157
+ @user = "testuser2@" + @realm
158
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
159
+ enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
160
+ assert_nothing_raised{ @keytab.add_entry(@user, 1, enctype) }
161
+ end
162
+
163
+ test "add_entry requires at least one argument" do
164
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
165
+ assert_raise(ArgumentError){ @keytab.add_entry }
166
+ end
167
+
168
+ test "first argument add_entry must be a string" do
169
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
170
+ assert_raise(TypeError){ @keytab.add_entry(1) }
171
+ end
172
+
173
+ test "second argument to add_entry must be a number" do
174
+ @user = "testuser2@" + @realm
175
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
176
+ assert_raise(TypeError){ @keytab.add_entry(@user, "test") }
177
+ end
178
+
179
+ test "third argument to add_entry must be a number" do
180
+ @user = "testuser2@" + @realm
181
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
182
+ assert_raise(TypeError){ @keytab.add_entry(@user, 0, "test") }
183
+ end
184
+
185
+ test "add_entry accepts a maximum of three arguments" do
186
+ @user = "testuser2@" + @realm
187
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
188
+ assert_raise(ArgumentError){ @keytab.add_entry(@user, 0, 0, 0) }
189
+ end
190
+
191
+ test "add_entry does not fail if an bogus user is added" do
192
+ @user = "bogususer@" + @realm
193
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
194
+ assert_nothing_raised{ @keytab.add_entry(@user) }
195
+ end
196
+
197
+ test "add_entry can be called multiple times" do
198
+ @user = "bogususer@" + @realm
199
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
200
+ assert_nothing_raised{ @keytab.add_entry(@user) }
201
+ assert_nothing_raised{ @keytab.add_entry(@user) }
202
+ assert_nothing_raised{ @keytab.add_entry(@user) }
203
+ end
204
+
205
+ test "remove_entry basic functionality" do
206
+ assert_respond_to(@keytab, :remove_entry)
207
+ end
208
+
209
+ test "remove_entry can add a valid principal" do
210
+ @user = "testuser2@" + @realm
211
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
212
+ @keytab.add_entry(@user)
213
+
214
+ assert_nothing_raised{ @keytab.remove_entry(@user) }
215
+ end
216
+
217
+ test "remove_entry accepts a vno" do
218
+ @user = "testuser2@" + @realm
219
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
220
+ @keytab.add_entry(@user, 1)
221
+ assert_nothing_raised{ @keytab.remove_entry(@user, 1) }
222
+ end
223
+
224
+ test "remove_entry accepts a encoding type" do
225
+ @user = "testuser2@" + @realm
226
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
227
+ enctype = Kerberos::Krb5::ENCTYPE_DES_HMAC_SHA1
228
+ @keytab.add_entry(@user, 1, enctype)
229
+ assert_nothing_raised{ @keytab.remove_entry(@user, 1, enctype) }
230
+ end
231
+
232
+ test "remove_entry requires at least one argument" do
233
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
234
+ assert_raise(ArgumentError){ @keytab.remove_entry }
235
+ end
236
+
237
+ test "first argument remove_entry must be a string" do
238
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
239
+ assert_raise(TypeError){ @keytab.remove_entry(1) }
240
+ end
241
+
242
+ test "second argument to remove_entry must be a number" do
243
+ @user = "testuser2@" + @realm
244
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
245
+ assert_raise(TypeError){ @keytab.remove_entry(@user, "test") }
246
+ end
247
+
248
+ test "third argument to remove_entry must be a number" do
249
+ @user = "testuser2@" + @realm
250
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
251
+ assert_raise(TypeError){ @keytab.remove_entry(@user, 0, "test") }
252
+ end
253
+
254
+ test "remove_entry accepts a maximum of three arguments" do
255
+ @user = "testuser2@" + @realm
256
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
257
+ assert_raise(ArgumentError){ @keytab.remove_entry(@user, 0, 0, 0) }
258
+ end
259
+
260
+ test "remove_entry does not fail if an bogus user is removed" do
261
+ @user = "bogususer@" + @realm
262
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
263
+ assert_nothing_raised{ @keytab.remove_entry(@user) }
264
+ end
265
+
266
+ test "remove_entry can be called multiple times" do
267
+ @user = "testuser1@" + @realm
268
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
269
+ @keytab.add_entry(@user)
270
+ assert_nothing_raised{ @keytab.remove_entry(@user) }
271
+ assert_nothing_raised{ @keytab.remove_entry(@user) }
272
+ end
273
+
274
+ test "a principal can be added and removed" do
275
+ @user = "testuser1@" + @realm
276
+ @keytab = Kerberos::Krb5::Keytab.new(@@key_file)
277
+ assert_nothing_raised{ @keytab.add_entry(@user) }
278
+ assert_nothing_raised{ @keytab.remove_entry(@user) }
279
+ end
280
+ =end
281
+
282
+ def teardown
283
+ @keytab.close if @keytab
284
+ @keytab = nil
285
+ @entry = nil
286
+ @realm = nil
287
+ end
288
+
289
+ def self.shutdown
290
+ File.delete(@@key_file) if File.exists?(@@key_file)
291
+ @@key_file = nil
292
+ @@home_dir = nil
293
+ end
294
+ end