s4-gensec Extend python bindings for GENSEC and the associated test

This now tests a real GENSEC exchange, including wrap and unwrap,
using GSSAPI.  Therefore, it now needs to access a KDC.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104

1 files changed, 51 insertions, 6 deletions

diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py
index 3e71610591..f1cc44bca7 100644
--- a/source4/scripting/python/samba/tests/gensec.py
+++ b/source4/scripting/python/samba/tests/gensec.py
@@ -23,17 +23,19 @@ Note that this just tests the bindings work. It does not intend to test
 the functionality, that's already done in other tests.
 """
 
+from samba.credentials import Credentials
 from samba import gensec
 import samba.tests
 
-class CredentialsTests(samba.tests.TestCase):
+class GensecTests(samba.tests.TestCase):
 
     def setUp(self):
-        super(CredentialsTests, self).setUp()
-        settings = {}
-        settings["target_hostname"] = "localhost"
-        settings["lp_ctx"] = samba.tests.env_loadparm()
-        self.gensec = gensec.Security.start_client(settings)
+        super(GensecTests, self).setUp()
+        self.settings = {}
+        self.settings["lp_ctx"] = self.lp_ctx = samba.tests.env_loadparm()
+        self.settings["target_hostname"] = self.lp_ctx.get("netbios name")
+        """This is just for the API tests"""
+        self.gensec = gensec.Security.start_client(self.settings)
 
     def test_start_mech_by_unknown_name(self):
         self.assertRaises(RuntimeError, self.gensec.start_mech_by_name, "foo")
@@ -43,3 +45,46 @@ class CredentialsTests(samba.tests.TestCase):
 
     def test_info_uninitialized(self):
         self.assertRaises(RuntimeError, self.gensec.session_info)
+
+    def test_update(self):
+        """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
+
+        """Start up a client and server GENSEC instance to test things with"""
+
+        self.gensec_client = gensec.Security.start_client(self.settings)
+        self.gensec_client.set_credentials(self.get_credentials())
+        self.gensec_client.want_feature(gensec.FEATURE_SEAL)
+        self.gensec_client.start_mech_by_sasl_name("GSSAPI")
+
+        self.gensec_server = gensec.Security.start_server(self.settings)
+        creds = Credentials()
+        creds.guess(self.lp_ctx)
+        creds.set_machine_account(self.lp_ctx)
+        self.gensec_server.set_credentials(creds)
+
+        self.gensec_server.want_feature(gensec.FEATURE_SEAL)
+        self.gensec_server.start_mech_by_sasl_name("GSSAPI")
+
+        client_finished = False
+        server_finished = False
+        server_to_client = None
+        
+        """Run the actual call loop"""
+        while client_finished == False and server_finished == False:
+            if not client_finished:
+                print "running client gensec_update"
+                (client_finished, client_to_server) = self.gensec_client.update(server_to_client)
+            if not server_finished:
+                print "running server gensec_update"
+                (server_finished, server_to_client) = self.gensec_server.update(client_to_server)
+        session_info = self.gensec_server.session_info()
+
+        test_string = "Hello Server"
+        test_wrapped = self.gensec_client.wrap(test_string)
+        test_unwrapped = self.gensec_server.unwrap(test_wrapped)
+        self.assertEqual(test_string, test_unwrapped)
+        test_string = "Hello Client"
+        test_wrapped = self.gensec_server.wrap(test_string)
+        test_unwrapped = self.gensec_client.unwrap(test_wrapped)
+        self.assertEqual(test_string, test_unwrapped)
+