643a70a ipatests: add test for kdcproxy handling reply split to several TCP packets

Authored and Committed by sorlov 3 years ago
    ipatests: add test for kdcproxy handling reply split to several TCP packets
    
    This is a regression test for the bug in python-kdcproxy mentioned in
    https://github.com/latchset/kdcproxy/pull/44
      When the reply from AD is split into several TCP packets the kdc
      proxy software cannot handle it and returns a false error message
      indicating it cannot contact the KDC server.
    
    This could be observed as login failures of AD user on IPA clients
    when:
    * IPA client was configured to use kdcproxy to communicate with AD
    * kdcproxy used TCP to communicate with AD
    * response from AD to kdcproxy was split into several packets
    
    This patch also refactors and improves existing tests:
    * switch to using pytest fixtures for test setup and cleanup steps to make
      them isolated and reusable
    * simulate a much more restricted network environment: instead of blocking
      single 88 port we now block all outgoing traffic except few essential
      ports
    * add basic tests for using kdcproxy to communicate between IPA client
      and AD DC.
    
    Reviewed-By: Anuja More <amore@redhat.com>