mirror of
https://github.com/samba-team/samba.git
synced 2025-08-05 12:22:11 +03:00
s4-gensec Extend python bindings for GENSEC and the associated test
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
This commit is contained in:
Andrew Bartlett
@ -23,17 +23,19 @@ Note that this just tests the bindings work. It does not intend to test
|
||||
the functionality, that's already done in other tests.
|
||||
"""
|
||||
|
||||
from samba.credentials import Credentials
|
||||
from samba import gensec
|
||||
import samba.tests
|
||||
|
||||
class CredentialsTests(samba.tests.TestCase):
|
||||
class GensecTests(samba.tests.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(CredentialsTests, self).setUp()
|
||||
settings = {}
|
||||
settings["target_hostname"] = "localhost"
|
||||
settings["lp_ctx"] = samba.tests.env_loadparm()
|
||||
self.gensec = gensec.Security.start_client(settings)
|
||||
super(GensecTests, self).setUp()
|
||||
self.settings = {}
|
||||
self.settings["lp_ctx"] = self.lp_ctx = samba.tests.env_loadparm()
|
||||
self.settings["target_hostname"] = self.lp_ctx.get("netbios name")
|
||||
"""This is just for the API tests"""
|
||||
self.gensec = gensec.Security.start_client(self.settings)
|
||||
|
||||
def test_start_mech_by_unknown_name(self):
|
||||
self.assertRaises(RuntimeError, self.gensec.start_mech_by_name, "foo")
|
||||
@ -43,3 +45,46 @@ class CredentialsTests(samba.tests.TestCase):
|
||||
|
||||
def test_info_uninitialized(self):
|
||||
self.assertRaises(RuntimeError, self.gensec.session_info)
|
||||
|
||||
def test_update(self):
|
||||
"""Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
|
||||
|
||||
"""Start up a client and server GENSEC instance to test things with"""
|
||||
|
||||
self.gensec_client = gensec.Security.start_client(self.settings)
|
||||
self.gensec_client.set_credentials(self.get_credentials())
|
||||
self.gensec_client.want_feature(gensec.FEATURE_SEAL)
|
||||
self.gensec_client.start_mech_by_sasl_name("GSSAPI")
|
||||
|
||||
self.gensec_server = gensec.Security.start_server(self.settings)
|
||||
creds = Credentials()
|
||||
creds.guess(self.lp_ctx)
|
||||
creds.set_machine_account(self.lp_ctx)
|
||||
self.gensec_server.set_credentials(creds)
|
||||
|
||||
self.gensec_server.want_feature(gensec.FEATURE_SEAL)
|
||||
self.gensec_server.start_mech_by_sasl_name("GSSAPI")
|
||||
|
||||
client_finished = False
|
||||
server_finished = False
|
||||
server_to_client = None
|
||||
|
||||
"""Run the actual call loop"""
|
||||
while client_finished == False and server_finished == False:
|
||||
if not client_finished:
|
||||
print "running client gensec_update"
|
||||
(client_finished, client_to_server) = self.gensec_client.update(server_to_client)
|
||||
if not server_finished:
|
||||
print "running server gensec_update"
|
||||
(server_finished, server_to_client) = self.gensec_server.update(client_to_server)
|
||||
session_info = self.gensec_server.session_info()
|
||||
|
||||
test_string = "Hello Server"
|
||||
test_wrapped = self.gensec_client.wrap(test_string)
|
||||
test_unwrapped = self.gensec_server.unwrap(test_wrapped)
|
||||
self.assertEqual(test_string, test_unwrapped)
|
||||
test_string = "Hello Client"
|
||||
test_wrapped = self.gensec_server.wrap(test_string)
|
||||
test_unwrapped = self.gensec_client.unwrap(test_wrapped)
|
||||
self.assertEqual(test_string, test_unwrapped)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user