def _create_kinit(authzid=None):
try:
cfg = get_config()
user = cfg["GSSAPIAUTH"]["user"]
password = cfg["GSSAPIAUTH"]["password"]
proc = subprocess.Popen(
["kinit", "--version"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True,
)
output = " ".join(proc.communicate())
if "Heimdal" in output:
# Heimdal Kerberos implementation.
with tempfile.NamedTemporaryFile() as psw_tmp:
psw_tmp.write(password.encode())
psw_tmp.flush()
cmd = ["kinit", "--password-file=%s" % psw_tmp.name, user]
subprocess.check_call(cmd)
else:
# MIT Kerberos implementation.
cmd = 'echo "%s" | kinit %s' % (password, user)
subprocess.check_output(cmd, shell=True)
host = "ldap://%s" % cfg["SERVER"]["hostname"]
client = LDAPClient(host)
client.set_credentials(
"GSSAPI",
cfg["GSSAPIAUTH"]["user"],
cfg["GSSAPIAUTH"]["password"],
None,
authzid,
)
return client.connect()
except subprocess.CalledProcessError:
pytest.fail("Receiving TGT is failed.")
def _create_binding(auth, mech, authzid=None, realm=None):
cfg = get_config()
host = "ldap://%s" % cfg["SERVER"]["hostname"]
client = LDAPClient(host)
client.set_credentials(mech, cfg[auth]["user"], cfg[auth]["password"],
realm, authzid)
return client.connect()
def _create_kinit(authzid=None):
try:
cfg = get_config()
user = cfg["GSSAPIAUTH"]["user"]
password = cfg["GSSAPIAUTH"]["password"]
proc = subprocess.Popen(
["kinit", "--version"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True,
)
output = " ".join(proc.communicate())
if "Heimdal" in output:
# Heimdal Kerberos implementation.
with tempfile.NamedTemporaryFile() as psw_tmp:
psw_tmp.write(password.encode())
psw_tmp.flush()
cmd = ["kinit", "--password-file=%s" % psw_tmp.name, user]
subprocess.check_call(cmd)
else:
# MIT Kerberos implementation.
cmd = 'echo "%s" | kinit %s' % (password, user)
subprocess.check_output(cmd, shell=True)
host = "ldap://%s" % cfg["SERVER"]["hostname"]
client = LDAPClient(host)
client.set_credentials(
"GSSAPI",
cfg["GSSAPIAUTH"]["user"],
cfg["GSSAPIAUTH"]["password"],
None,
authzid,
)
return client.connect()
except subprocess.CalledProcessError:
pytest.fail("Receiving TGT is failed.")
def setup_class(self):
self.config = conftest.get_config(pytest.config)
self.logger = logging.getLogger(Config.LOGGER_ID)
self.twitter_service = TwitterStatusesService(self.config.twitter_api_base_url,
self.config.twitter_auth_creds,
Config.LOGGER_ID)
self.logger.info("")
self.logger.info("Running TestTwitterCRUD Tests")
def _create_binding(auth, mech, authzid=None, realm=None):
cfg = get_config()
host = "ldap://%s" % cfg["SERVER"]["hostname"]
client = LDAPClient(host)
client.set_credentials(
mech, cfg[auth]["user"], cfg[auth]["password"], realm, authzid
)
return client.connect()
def ktpath():
""" Get keytab file path. """
cfg = get_config()
proj_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
ktpath = os.path.abspath(
os.path.join(proj_dir, cfg["GSSAPIAUTH"]["keytab"]))
return ktpath
def test_whoami(client):
""" Test whoami. """
with (yield from client.connect(True)) as conn:
cfg = get_config()
obj = yield from conn.whoami()
expected_res = [
"dn:%s" % cfg["SIMPLEAUTH"]["user"],
cfg["SIMPLEAUTH"]["adusername"],
]
assert obj in expected_res
async def test_whoami(client):
""" Test whoami. """
async with client.connect(True) as conn:
cfg = get_config()
obj = await conn.whoami()
expected_res = [
"dn:%s" % cfg["SIMPLEAUTH"]["user"],
cfg["SIMPLEAUTH"]["adusername"],
]
assert obj in expected_res
def _create_external(authzid=None):
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
cfg = get_config()
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, "testenv", "certs")
host = "ldap://%s" % cfg["SERVER"]["hostname"]
cli = LDAPClient(host, tls=True)
cli.set_ca_cert(cert_path + "/cacert.pem")
cli.set_client_cert(cert_path + "/client.pem")
cli.set_client_key(cert_path + "/client.key")
cli.set_credentials("EXTERNAL", authz_id=authzid)
return cli.connect()
else:
pytest.skip("")
def _create_external(authzid=None):
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
cfg = get_config()
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, "testenv", "certs")
host = "ldap://%s" % cfg["SERVER"]["hostname"]
cli = LDAPClient(host, tls=True)
cli.set_ca_cert(cert_path + "/cacert.pem")
cli.set_client_cert(cert_path + "/client.pem")
cli.set_client_key(cert_path + "/client.key")
cli.set_credentials("EXTERNAL", authz_id=authzid)
return cli.connect()
else:
pytest.skip("")
def gclient():
""" Get an LDAPClient with GeventLDAPConnection async class. """
cfg = get_config()
url = "ldap://%s:%s/%s?%s?%s" % (
cfg["SERVER"]["hostip"],
cfg["SERVER"]["port"],
cfg["SERVER"]["basedn"],
cfg["SERVER"]["search_attr"],
cfg["SERVER"]["search_scope"],
)
cli = LDAPClient(url)
cli.set_credentials(
"SIMPLE", user=cfg["SIMPLEAUTH"]["user"], password=cfg["SIMPLEAUTH"]["password"]
)
cli.set_async_connection_class(GeventLDAPConnection)
return cli
def gclient():
""" Get an LDAPClient with GeventLDAPConnection async class. """
cfg = get_config()
url = "ldap://%s:%s/%s?%s?%s" % (
cfg["SERVER"]["hostip"],
cfg["SERVER"]["port"],
cfg["SERVER"]["basedn"],
cfg["SERVER"]["search_attr"],
cfg["SERVER"]["search_scope"],
)
cli = LDAPClient(url)
cli.set_credentials("SIMPLE",
user=cfg["SIMPLEAUTH"]["user"],
password=cfg["SIMPLEAUTH"]["password"])
cli.set_async_connection_class(GeventLDAPConnection)
return cli
def setUp(self):
""" Set LDAP URL and open connection. """
self.cfg = get_config()
self.url = "ldap://%s:%s/%s?%s?%s" % (
self.cfg["SERVER"]["hostip"],
self.cfg["SERVER"]["port"],
self.cfg["SERVER"]["basedn"],
self.cfg["SERVER"]["search_attr"],
self.cfg["SERVER"]["search_scope"],
)
self.basedn = self.cfg["SERVER"]["basedn"]
self.ipaddr = self.cfg["SERVER"]["hostip"]
self.client = LDAPClient(self.url)
self.client.set_credentials(
"SIMPLE",
user=self.cfg["SIMPLEAUTH"]["user"],
password=self.cfg["SIMPLEAUTH"]["password"],
)
self.client.set_async_connection_class(TornadoLDAPConnection)
self.io_loop = self.get_new_ioloop()
def cfg():
""" Get config. """
return get_config()
def async_conn():
cfg = get_config()
client = _generate_client(cfg)
return SimpleAsyncConn(client)
def conn():
""" Create a connection. """
cfg = get_config()
client = _generate_client(cfg)
return client.connect()
def conn():
""" Create a connection. """
cfg = get_config()
client = _generate_client(cfg)
return client.connect()
@pytest.fixture
def async_conn():
cfg = get_config()
client = _generate_client(cfg)
return SimpleAsyncConn(client)
def test_bind_digest(binding):
""" Test DIGEST-MD5 connection. """
with binding("DIGESTAUTH", "DIGEST-MD5") as conn:
assert "anonymous" != conn.whoami()
@pytest.mark.skipif(
sys.platform.startswith("win")
or get_config()["DIGESTAUTH"]["authzid"] == "None",
reason="Authzid is not set",
)
def test_bind_digest_with_authzid(binding, cfg):
""" Test DIGEST-MD5 connection with authorization ID. """
authzid = cfg["DIGESTAUTH"]["authzid"]
with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn:
assert cfg["DIGESTAUTH"]["dn"] == conn.whoami()
@pytest.mark.skipif(sys.platform.startswith("win"),
reason="NTLM is not enabled on Windows.")
def test_bind_ntlm(binding):
""" Test NTLM connection. """
with binding("NTLMAUTH", "NTLM") as conn:
assert "anonymous" != conn.whoami()
def ldaps_url():
""" Get the LDAPURL for LDAP over TLS. """
cfg = get_config()
url = "ldaps://%s" % (cfg["SERVER"]["hostname"])
return bonsai.LDAPURL(url)
def ipaddr():
""" Get IP address. """
cfg = get_config()
return cfg["SERVER"]["hostip"]
assert client.server_chase_referrals
client.server_chase_referrals = False
assert not client.server_chase_referrals
def test_managedsait(client):
""" Test managedsait property. """
with pytest.raises(TypeError):
client.set_managedsait("B")
assert not client.managedsait
client.managedsait = True
assert client.managedsait
@pytest.mark.skipif(
get_config()["SERVER"]["has_tls"] == "False", reason="TLS is not set"
)
def test_ldap_over_tls(ldaps_url):
""" Test LDAP over TLS connection. """
client = LDAPClient(ldaps_url)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
assert conn is not None
conn.close()
except Exception as exc:
pytest.fail("TLS connection is failed with: %s" % str(exc))
def async_conn():
cfg = get_config()
client = _generate_client(cfg)
return SimpleAsyncConn(client)
@pytest.fixture
def async_conn():
cfg = get_config()
client = _generate_client(cfg)
return SimpleAsyncConn(client)
def test_bind_digest(binding):
""" Test DIGEST-MD5 connection. """
with binding("DIGESTAUTH", "DIGEST-MD5") as conn:
assert "anonymous" != conn.whoami()
@pytest.mark.skipif(
sys.platform.startswith("win") or get_config()["DIGESTAUTH"]["authzid"] == "None",
reason="Authzid is not set",
)
def test_bind_digest_with_authzid(binding, cfg):
""" Test DIGEST-MD5 connection with authorization ID. """
authzid = cfg["DIGESTAUTH"]["authzid"]
with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn:
assert cfg["DIGESTAUTH"]["dn"] == conn.whoami()
@pytest.mark.skipif(
sys.platform.startswith("win"), reason="NTLM is not enabled on Windows."
)
def test_bind_ntlm(binding):
""" Test NTLM connection. """
with binding("NTLMAUTH", "NTLM") as conn:
def cfg():
""" Get config. """
return get_config()
@pytest.fixture
def async_conn():
cfg = get_config()
client = _generate_client(cfg)
return SimpleAsyncConn(client)
def test_bind_digest(binding):
""" Test DIGEST-MD5 connection. """
with binding("DIGESTAUTH", "DIGEST-MD5") as conn:
assert "anonymous" != conn.whoami()
@pytest.mark.skipif(
sys.platform.startswith("win") or get_config()["DIGESTAUTH"]["authzid"] == "None",
reason="Authzid is not set",
)
def test_bind_digest_with_authzid(binding, cfg):
""" Test DIGEST-MD5 connection with authorization ID. """
authzid = cfg["DIGESTAUTH"]["authzid"]
with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn:
assert cfg["DIGESTAUTH"]["dn"] == conn.whoami()
@pytest.mark.skipif(
sys.platform.startswith("win"), reason="NTLM is not enabled on Windows."
)
def test_bind_ntlm(binding):
""" Test NTLM connection. """
with binding("NTLMAUTH", "NTLM") as conn:
def ipaddr():
""" Get IP address. """
cfg = get_config()
return cfg["SERVER"]["hostip"]
def url():
""" Get the LDAPURL. """
cfg = get_config()
url = "ldap://%s:%s" % (cfg["SERVER"]["hostip"], cfg["SERVER"]["port"])
return bonsai.LDAPURL(url)
def url():
""" Get an LDAPClient with simple authentication. """
cfg = get_config()
url = "ldap://%s:%s" % (cfg["SERVER"]["hostip"], cfg["SERVER"]["port"])
return bonsai.LDAPURL(url)
def ktpath():
""" Get keytab file path. """
cfg = get_config()
proj_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir))
ktpath = os.path.abspath(os.path.join(proj_dir, cfg["GSSAPIAUTH"]["keytab"]))
return ktpath
client.set_server_chase_referrals(2)
assert client.server_chase_referrals
client.server_chase_referrals = False
assert not client.server_chase_referrals
def test_managedsait(client):
""" Test managedsait property. """
with pytest.raises(TypeError):
client.set_managedsait("B")
assert not client.managedsait
client.managedsait = True
assert client.managedsait
@pytest.mark.skipif(get_config()["SERVER"]["has_tls"] == "False",
reason="TLS is not set")
def test_ldap_over_tls(ldaps_url):
""" Test LDAP over TLS connection. """
client = LDAPClient(ldaps_url)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
assert conn is not None
conn.close()
except Exception as exc:
pytest.fail("TLS connection is failed with: %s" % str(exc))
def anonym_conn():
""" Create a connection with anonymous user. """
cfg = get_config()
client = _generate_client(cfg)
client.set_credentials("SIMPLE")
return client.connect()
