|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
conf_replica = {'dbmodules': {'db': {'database_name': '$testdir/db.replica'}}}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def setup_acl(realm):
|
|
Packit |
fd8b60 |
acl_file = os.path.join(realm.testdir, 'kpropd-acl')
|
|
Packit |
fd8b60 |
acl = open(acl_file, 'w')
|
|
Packit |
fd8b60 |
acl.write(realm.host_princ + '\n')
|
|
Packit |
fd8b60 |
acl.close()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def check_output(kpropd):
|
|
Packit |
fd8b60 |
output('*** kpropd output follows\n')
|
|
Packit |
fd8b60 |
while True:
|
|
Packit |
fd8b60 |
line = kpropd.stdout.readline()
|
|
Packit |
fd8b60 |
if 'Database load process for full propagation completed' in line:
|
|
Packit |
fd8b60 |
break
|
|
Packit |
fd8b60 |
output('kpropd: ' + line)
|
|
Packit |
fd8b60 |
if 'Rejected connection' in line:
|
|
Packit |
fd8b60 |
fail('kpropd rejected connection from kprop')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# kprop/kpropd are the only users of krb5_auth_con_initivector, so run
|
|
Packit |
fd8b60 |
# this test over all enctypes to exercise mkpriv cipher state.
|
|
Packit |
fd8b60 |
for realm in multipass_realms(create_user=False):
|
|
Packit |
fd8b60 |
replica = realm.special_env('replica', True, kdc_conf=conf_replica)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Set up the kpropd acl file.
|
|
Packit |
fd8b60 |
setup_acl(realm)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Create the replica db.
|
|
Packit |
fd8b60 |
dumpfile = os.path.join(realm.testdir, 'dump')
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'load', dumpfile], replica)
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'stash', '-P', 'master'], replica)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make some changes to the master db.
|
|
Packit |
fd8b60 |
realm.addprinc('wakawaka')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Start kpropd.
|
|
Packit |
fd8b60 |
kpropd = realm.start_kpropd(replica, ['-d'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
Packit |
fd8b60 |
realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
|
|
Packit |
fd8b60 |
check_output(kpropd)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'listprincs'], replica, expected_msg='wakawaka')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# default_realm tests follow.
|
|
Packit |
fd8b60 |
# default_realm and domain_realm different than realm.realm (test -r argument).
|
|
Packit |
fd8b60 |
conf_rep2 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
|
|
Packit |
fd8b60 |
krb5_conf_rep2 = {'libdefaults': {'default_realm': 'FOO'},
|
|
Packit |
fd8b60 |
'domain_realm': {hostname: 'FOO'}}
|
|
Packit |
fd8b60 |
# default_realm and domain_realm map differ.
|
|
Packit |
fd8b60 |
conf_rep3 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
|
|
Packit |
fd8b60 |
krb5_conf_rep3 = {'domain_realm': {hostname: 'BAR'}}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm(create_user=False)
|
|
Packit |
fd8b60 |
replica2 = realm.special_env('replica2', True, kdc_conf=conf_rep2,
|
|
Packit |
fd8b60 |
krb5_conf=krb5_conf_rep2)
|
|
Packit |
fd8b60 |
replica3 = realm.special_env('replica3', True, kdc_conf=conf_rep3,
|
|
Packit |
fd8b60 |
krb5_conf=krb5_conf_rep3)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
setup_acl(realm)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Create the replica db.
|
|
Packit |
fd8b60 |
dumpfile = os.path.join(realm.testdir, 'dump')
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica2)
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'load', dumpfile], replica3)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make some changes to the master db.
|
|
Packit |
fd8b60 |
realm.addprinc('wakawaka')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test override of default_realm with -r realm argument.
|
|
Packit |
fd8b60 |
kpropd = realm.start_kpropd(replica2, ['-r', realm.realm, '-d'])
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
Packit |
fd8b60 |
realm.run([kprop, '-r', realm.realm, '-f', dumpfile, '-P',
|
|
Packit |
fd8b60 |
str(realm.kprop_port()), hostname])
|
|
Packit |
fd8b60 |
check_output(kpropd)
|
|
Packit |
fd8b60 |
realm.run([kadminl, '-r', realm.realm, 'listprincs'], replica2,
|
|
Packit |
fd8b60 |
expected_msg='wakawaka')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
stop_daemon(kpropd)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test default_realm and domain_realm mismatch.
|
|
Packit |
fd8b60 |
kpropd = realm.start_kpropd(replica3, ['-d'])
|
|
Packit |
fd8b60 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
Packit |
fd8b60 |
realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
|
|
Packit |
fd8b60 |
check_output(kpropd)
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'listprincs'], replica3, expected_msg='wakawaka')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('kprop tests')
|