Add test that exercises S4u2Proxy code

This test shows that currently GssapiAcceptor {HOSTNAME} option will
break the S4U2Proxy case.

Signed-off-by: Simo Sorce <[email protected]>
[[email protected]: nits]

Author: simo5

tests/httpd.conf

@@ -238,6 +238,21 @@ CoreDumpDirectory "{HTTPROOT}"
   Require valid-user
 </Location>
 
+<Location /hostname_proxy>
+  AuthType GSSAPI
+  AuthName "Login"
+  GssapiSSLonly Off
+  GssapiCredStore ccache:{HTTPROOT}/httpd_krb5_ccache
+  GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
+  GssapiCredStore keytab:{HTTPROOT}/http.keytab
+  GssapiBasicAuth Off
+  GssapiAllowedMech krb5
+  GssapiAcceptorName {{HOSTNAME}}
+  GssapiUseS4U2Proxy On
+  GssapiDelegCcacheDir {HTTPROOT}/delegccachedir
+  Require valid-user
+</Location>
+
 <Location /required_name_attr1>
   AuthType GSSAPI
   AuthName "Required Name Attributes"

tests/magtests.py

@@ -691,26 +691,32 @@ def test_no_negotiate(testdir, testenv, logfile):
 
 
 def test_hostname_acceptor(testdir, testenv, logfile):
-    hdir = os.path.join(testdir, 'httpd', 'html', 'hostname_acceptor')
+    plain_test_name = 'hostname_acceptor'
+    hdir = os.path.join(testdir, 'httpd', 'html', plain_test_name)
     os.mkdir(hdir)
     shutil.copy('tests/index.html', hdir)
 
+    proxy_test_name = 'hostname_proxy'
+    hdir = os.path.join(testdir, 'httpd', 'html', proxy_test_name)
+    os.mkdir(hdir)
+    shutil.copy('tests/index.html', hdir)
+    ddir = os.path.join(testdir, 'httpd', 'delegccachedir')
+    os.mkdir(ddir)
+
     failed = False
-    for (name, fail) in [(WRAP_HOSTNAME, False),
-                         (WRAP_ALIASNAME, False),
-                         (WRAP_FAILNAME, True)]:
-        res = subprocess.Popen(["tests/t_hostname_acceptor.py", name],
-                               stdout=logfile, stderr=logfile,
-                               env=testenv, preexec_fn=os.setsid)
-        res.wait()
-        if fail:
-            if res.returncode == 0:
-                failed = True
-        else:
-            if res.returncode != 0:
+    for test_name in [plain_test_name, proxy_test_name]:
+        for (name, fail) in [(WRAP_HOSTNAME, False),
+                             (WRAP_ALIASNAME, False),
+                             (WRAP_FAILNAME, True)]:
+            res = subprocess.Popen(["tests/t_hostname_acceptor.py",
+                                    name, test_name],
+                                   stdout=logfile, stderr=logfile,
+                                   env=testenv, preexec_fn=os.setsid)
+            res.wait()
+            if (fail and res.returncode == 0) or \
+               (not fail and res.returncode != 0):
                 failed = True
-        if failed:
-            break
+                break
 
     if failed:
         sys.stderr.write('HOSTNAME ACCEPTOR: FAILED\n')

tests/t_hostname_acceptor.py

@@ -9,7 +9,7 @@
 
 if __name__ == '__main__':
     sess = requests.Session()
-    url = 'http://%s/hostname_acceptor/' % sys.argv[1]
+    url = 'http://{}/{}/'.format(sys.argv[1], sys.argv[2])
     r = sess.get(url, auth=HTTPKerberosAuth(delegate=True))
     if r.status_code != 200:
-        raise ValueError('Hostname-based acceptor failed')
+        raise ValueError('Hostname acceptor ({}) failed'.format(sys.argv[2]))