def _create_kinit(authzid=None): try: cfg = get_config() user = cfg["GSSAPIAUTH"]["user"] password = cfg["GSSAPIAUTH"]["password"] proc = subprocess.Popen( ["kinit", "--version"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, ) output = " ".join(proc.communicate()) if "Heimdal" in output: # Heimdal Kerberos implementation. with tempfile.NamedTemporaryFile() as psw_tmp: psw_tmp.write(password.encode()) psw_tmp.flush() cmd = ["kinit", "--password-file=%s" % psw_tmp.name, user] subprocess.check_call(cmd) else: # MIT Kerberos implementation. cmd = 'echo "%s" | kinit %s' % (password, user) subprocess.check_output(cmd, shell=True) host = "ldap://%s" % cfg["SERVER"]["hostname"] client = LDAPClient(host) client.set_credentials( "GSSAPI", cfg["GSSAPIAUTH"]["user"], cfg["GSSAPIAUTH"]["password"], None, authzid, ) return client.connect() except subprocess.CalledProcessError: pytest.fail("Receiving TGT is failed.")
def _create_binding(auth, mech, authzid=None, realm=None): cfg = get_config() host = "ldap://%s" % cfg["SERVER"]["hostname"] client = LDAPClient(host) client.set_credentials(mech, cfg[auth]["user"], cfg[auth]["password"], realm, authzid) return client.connect()
def _create_kinit(authzid=None): try: cfg = get_config() user = cfg["GSSAPIAUTH"]["user"] password = cfg["GSSAPIAUTH"]["password"] proc = subprocess.Popen( ["kinit", "--version"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, ) output = " ".join(proc.communicate()) if "Heimdal" in output: # Heimdal Kerberos implementation. with tempfile.NamedTemporaryFile() as psw_tmp: psw_tmp.write(password.encode()) psw_tmp.flush() cmd = ["kinit", "--password-file=%s" % psw_tmp.name, user] subprocess.check_call(cmd) else: # MIT Kerberos implementation. cmd = 'echo "%s" | kinit %s' % (password, user) subprocess.check_output(cmd, shell=True) host = "ldap://%s" % cfg["SERVER"]["hostname"] client = LDAPClient(host) client.set_credentials( "GSSAPI", cfg["GSSAPIAUTH"]["user"], cfg["GSSAPIAUTH"]["password"], None, authzid, ) return client.connect() except subprocess.CalledProcessError: pytest.fail("Receiving TGT is failed.")
def setup_class(self): self.config = conftest.get_config(pytest.config) self.logger = logging.getLogger(Config.LOGGER_ID) self.twitter_service = TwitterStatusesService(self.config.twitter_api_base_url, self.config.twitter_auth_creds, Config.LOGGER_ID) self.logger.info("") self.logger.info("Running TestTwitterCRUD Tests")
def _create_binding(auth, mech, authzid=None, realm=None): cfg = get_config() host = "ldap://%s" % cfg["SERVER"]["hostname"] client = LDAPClient(host) client.set_credentials( mech, cfg[auth]["user"], cfg[auth]["password"], realm, authzid ) return client.connect()
def ktpath(): """ Get keytab file path. """ cfg = get_config() proj_dir = os.path.abspath( os.path.join(os.path.dirname(__file__), os.pardir)) ktpath = os.path.abspath( os.path.join(proj_dir, cfg["GSSAPIAUTH"]["keytab"])) return ktpath
def test_whoami(client): """ Test whoami. """ with (yield from client.connect(True)) as conn: cfg = get_config() obj = yield from conn.whoami() expected_res = [ "dn:%s" % cfg["SIMPLEAUTH"]["user"], cfg["SIMPLEAUTH"]["adusername"], ] assert obj in expected_res
async def test_whoami(client): """ Test whoami. """ async with client.connect(True) as conn: cfg = get_config() obj = await conn.whoami() expected_res = [ "dn:%s" % cfg["SIMPLEAUTH"]["user"], cfg["SIMPLEAUTH"]["adusername"], ] assert obj in expected_res
def _create_external(authzid=None): tls_impl = bonsai.get_tls_impl_name() if tls_impl == "GnuTLS" or tls_impl == "OpenSSL": cfg = get_config() curdir = os.path.abspath(os.path.dirname(__file__)) cert_path = os.path.join(curdir, "testenv", "certs") host = "ldap://%s" % cfg["SERVER"]["hostname"] cli = LDAPClient(host, tls=True) cli.set_ca_cert(cert_path + "/cacert.pem") cli.set_client_cert(cert_path + "/client.pem") cli.set_client_key(cert_path + "/client.key") cli.set_credentials("EXTERNAL", authz_id=authzid) return cli.connect() else: pytest.skip("")
def _create_external(authzid=None): tls_impl = bonsai.get_tls_impl_name() if tls_impl == "GnuTLS" or tls_impl == "OpenSSL": cfg = get_config() curdir = os.path.abspath(os.path.dirname(__file__)) cert_path = os.path.join(curdir, "testenv", "certs") host = "ldap://%s" % cfg["SERVER"]["hostname"] cli = LDAPClient(host, tls=True) cli.set_ca_cert(cert_path + "/cacert.pem") cli.set_client_cert(cert_path + "/client.pem") cli.set_client_key(cert_path + "/client.key") cli.set_credentials("EXTERNAL", authz_id=authzid) return cli.connect() else: pytest.skip("")
def gclient(): """ Get an LDAPClient with GeventLDAPConnection async class. """ cfg = get_config() url = "ldap://%s:%s/%s?%s?%s" % ( cfg["SERVER"]["hostip"], cfg["SERVER"]["port"], cfg["SERVER"]["basedn"], cfg["SERVER"]["search_attr"], cfg["SERVER"]["search_scope"], ) cli = LDAPClient(url) cli.set_credentials( "SIMPLE", user=cfg["SIMPLEAUTH"]["user"], password=cfg["SIMPLEAUTH"]["password"] ) cli.set_async_connection_class(GeventLDAPConnection) return cli
def gclient(): """ Get an LDAPClient with GeventLDAPConnection async class. """ cfg = get_config() url = "ldap://%s:%s/%s?%s?%s" % ( cfg["SERVER"]["hostip"], cfg["SERVER"]["port"], cfg["SERVER"]["basedn"], cfg["SERVER"]["search_attr"], cfg["SERVER"]["search_scope"], ) cli = LDAPClient(url) cli.set_credentials("SIMPLE", user=cfg["SIMPLEAUTH"]["user"], password=cfg["SIMPLEAUTH"]["password"]) cli.set_async_connection_class(GeventLDAPConnection) return cli
def setUp(self): """ Set LDAP URL and open connection. """ self.cfg = get_config() self.url = "ldap://%s:%s/%s?%s?%s" % ( self.cfg["SERVER"]["hostip"], self.cfg["SERVER"]["port"], self.cfg["SERVER"]["basedn"], self.cfg["SERVER"]["search_attr"], self.cfg["SERVER"]["search_scope"], ) self.basedn = self.cfg["SERVER"]["basedn"] self.ipaddr = self.cfg["SERVER"]["hostip"] self.client = LDAPClient(self.url) self.client.set_credentials( "SIMPLE", user=self.cfg["SIMPLEAUTH"]["user"], password=self.cfg["SIMPLEAUTH"]["password"], ) self.client.set_async_connection_class(TornadoLDAPConnection) self.io_loop = self.get_new_ioloop()
def cfg(): """ Get config. """ return get_config()
def async_conn(): cfg = get_config() client = _generate_client(cfg) return SimpleAsyncConn(client)
def conn(): """ Create a connection. """ cfg = get_config() client = _generate_client(cfg) return client.connect()
def conn(): """ Create a connection. """ cfg = get_config() client = _generate_client(cfg) return client.connect()
@pytest.fixture def async_conn(): cfg = get_config() client = _generate_client(cfg) return SimpleAsyncConn(client) def test_bind_digest(binding): """ Test DIGEST-MD5 connection. """ with binding("DIGESTAUTH", "DIGEST-MD5") as conn: assert "anonymous" != conn.whoami() @pytest.mark.skipif( sys.platform.startswith("win") or get_config()["DIGESTAUTH"]["authzid"] == "None", reason="Authzid is not set", ) def test_bind_digest_with_authzid(binding, cfg): """ Test DIGEST-MD5 connection with authorization ID. """ authzid = cfg["DIGESTAUTH"]["authzid"] with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn: assert cfg["DIGESTAUTH"]["dn"] == conn.whoami() @pytest.mark.skipif(sys.platform.startswith("win"), reason="NTLM is not enabled on Windows.") def test_bind_ntlm(binding): """ Test NTLM connection. """ with binding("NTLMAUTH", "NTLM") as conn: assert "anonymous" != conn.whoami()
def ldaps_url(): """ Get the LDAPURL for LDAP over TLS. """ cfg = get_config() url = "ldaps://%s" % (cfg["SERVER"]["hostname"]) return bonsai.LDAPURL(url)
def ipaddr(): """ Get IP address. """ cfg = get_config() return cfg["SERVER"]["hostip"]
assert client.server_chase_referrals client.server_chase_referrals = False assert not client.server_chase_referrals def test_managedsait(client): """ Test managedsait property. """ with pytest.raises(TypeError): client.set_managedsait("B") assert not client.managedsait client.managedsait = True assert client.managedsait @pytest.mark.skipif( get_config()["SERVER"]["has_tls"] == "False", reason="TLS is not set" ) def test_ldap_over_tls(ldaps_url): """ Test LDAP over TLS connection. """ client = LDAPClient(ldaps_url) client.set_cert_policy("ALLOW") client.set_ca_cert(None) client.set_ca_cert_dir(None) try: conn = client.connect() assert conn is not None conn.close() except Exception as exc: pytest.fail("TLS connection is failed with: %s" % str(exc))
def async_conn(): cfg = get_config() client = _generate_client(cfg) return SimpleAsyncConn(client)
@pytest.fixture def async_conn(): cfg = get_config() client = _generate_client(cfg) return SimpleAsyncConn(client) def test_bind_digest(binding): """ Test DIGEST-MD5 connection. """ with binding("DIGESTAUTH", "DIGEST-MD5") as conn: assert "anonymous" != conn.whoami() @pytest.mark.skipif( sys.platform.startswith("win") or get_config()["DIGESTAUTH"]["authzid"] == "None", reason="Authzid is not set", ) def test_bind_digest_with_authzid(binding, cfg): """ Test DIGEST-MD5 connection with authorization ID. """ authzid = cfg["DIGESTAUTH"]["authzid"] with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn: assert cfg["DIGESTAUTH"]["dn"] == conn.whoami() @pytest.mark.skipif( sys.platform.startswith("win"), reason="NTLM is not enabled on Windows." ) def test_bind_ntlm(binding): """ Test NTLM connection. """ with binding("NTLMAUTH", "NTLM") as conn:
def cfg(): """ Get config. """ return get_config()
@pytest.fixture def async_conn(): cfg = get_config() client = _generate_client(cfg) return SimpleAsyncConn(client) def test_bind_digest(binding): """ Test DIGEST-MD5 connection. """ with binding("DIGESTAUTH", "DIGEST-MD5") as conn: assert "anonymous" != conn.whoami() @pytest.mark.skipif( sys.platform.startswith("win") or get_config()["DIGESTAUTH"]["authzid"] == "None", reason="Authzid is not set", ) def test_bind_digest_with_authzid(binding, cfg): """ Test DIGEST-MD5 connection with authorization ID. """ authzid = cfg["DIGESTAUTH"]["authzid"] with binding("DIGESTAUTH", "DIGEST-MD5", authzid) as conn: assert cfg["DIGESTAUTH"]["dn"] == conn.whoami() @pytest.mark.skipif( sys.platform.startswith("win"), reason="NTLM is not enabled on Windows." ) def test_bind_ntlm(binding): """ Test NTLM connection. """ with binding("NTLMAUTH", "NTLM") as conn:
def ipaddr(): """ Get IP address. """ cfg = get_config() return cfg["SERVER"]["hostip"]
def url(): """ Get the LDAPURL. """ cfg = get_config() url = "ldap://%s:%s" % (cfg["SERVER"]["hostip"], cfg["SERVER"]["port"]) return bonsai.LDAPURL(url)
def url(): """ Get an LDAPClient with simple authentication. """ cfg = get_config() url = "ldap://%s:%s" % (cfg["SERVER"]["hostip"], cfg["SERVER"]["port"]) return bonsai.LDAPURL(url)
def ktpath(): """ Get keytab file path. """ cfg = get_config() proj_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir)) ktpath = os.path.abspath(os.path.join(proj_dir, cfg["GSSAPIAUTH"]["keytab"])) return ktpath
client.set_server_chase_referrals(2) assert client.server_chase_referrals client.server_chase_referrals = False assert not client.server_chase_referrals def test_managedsait(client): """ Test managedsait property. """ with pytest.raises(TypeError): client.set_managedsait("B") assert not client.managedsait client.managedsait = True assert client.managedsait @pytest.mark.skipif(get_config()["SERVER"]["has_tls"] == "False", reason="TLS is not set") def test_ldap_over_tls(ldaps_url): """ Test LDAP over TLS connection. """ client = LDAPClient(ldaps_url) client.set_cert_policy("ALLOW") client.set_ca_cert(None) client.set_ca_cert_dir(None) try: conn = client.connect() assert conn is not None conn.close() except Exception as exc: pytest.fail("TLS connection is failed with: %s" % str(exc))
def anonym_conn(): """ Create a connection with anonymous user. """ cfg = get_config() client = _generate_client(cfg) client.set_credentials("SIMPLE") return client.connect()