Add tests for delegation and ccache mode setting

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Closes #112

Author: simo5

tests/httpd.conf

@@ -132,6 +132,8 @@ CoreDumpDirectory /tmp
   GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache
   GssapiCredStore client_keytab:${HTTPROOT}/http.keytab
   GssapiCredStore keytab:${HTTPROOT}/http.keytab
+  GssapiDelegCcacheDir ${HTTPROOT}
+  GssapiDelegCcachePerms mode:0666
   GssapiBasicAuth Off
   GssapiAllowedMech krb5
   Require valid-user

tests/magtests.py

@@ -257,7 +257,6 @@ def kinit_user(testdir, kdcenv):
         kinit.wait()
         if kinit.returncode != 0:
             raise ValueError('kinit failed')
-
     return testenv
 
 
@@ -388,6 +387,8 @@ def test_basic_auth_krb5(testdir, testenv, testlog):
         keysenv = setup_keys(testdir, kdcenv)
         testenv = kinit_user(testdir, kdcenv)
 
+        testenv['DELEGCCACHE'] = os.path.join(testdir, 'httpd',
+                                              USR_NAME + '@' + TESTREALM)
         test_spnego_auth(testdir, testenv, testlog)
 
         test_spnego_negotiate_once(testdir, testenv, testlog)

tests/t_spnego.py

@@ -3,16 +3,21 @@
 
 import os
 import requests
+from stat import ST_MODE
 from requests_kerberos import HTTPKerberosAuth, OPTIONAL
 
 
 if __name__ == '__main__':
     sess = requests.Session()
     url = 'http://%s/spnego/' % os.environ['NSS_WRAPPER_HOSTNAME']
-    r = sess.get(url, auth=HTTPKerberosAuth())
+    r = sess.get(url, auth=HTTPKerberosAuth(delegate=True))
     if r.status_code != 200:
         raise ValueError('Spnego failed')
 
     c = r.cookies
     if not c.get("gssapi_session").startswith("MagBearerToken="):
         raise ValueError('gssapi_session not set')
+
+    data = os.stat(os.environ['DELEGCCACHE'])
+    if data[ST_MODE] != 0100666:
+        raise ValueError('Incorrect perm on ccache: %o' % data[ST_MODE])