|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
from princflags import *
|
|
Packit |
fd8b60 |
import re
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm(create_host=False, get_creds=False)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Regex pattern to match an empty attribute line from kadmin getprinc
|
|
Packit |
fd8b60 |
emptyattr = re.compile('^Attributes:$', re.MULTILINE)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Regex pattern to match a kadmin getprinc output for a flag tuple
|
|
Packit |
fd8b60 |
def attr_pat(ftuple):
|
|
Packit |
fd8b60 |
return re.compile('^Attributes: ' + ftuple.flagname() + '$',
|
|
Packit |
fd8b60 |
re.MULTILINE)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test one flag tuple for kadmin ank.
|
|
Packit |
fd8b60 |
def one_kadmin_flag(ftuple):
|
|
Packit |
fd8b60 |
pat = attr_pat(ftuple)
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'ank', ftuple.setspec(),
|
|
Packit |
fd8b60 |
'-pw', 'password', 'test'])
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', 'test'])
|
|
Packit |
fd8b60 |
if not pat.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to set flag ' + ftuple.flagname())
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', ftuple.clearspec(), 'test'])
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', 'test'])
|
|
Packit |
fd8b60 |
if not emptyattr.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to clear flag ' + ftuple.flagname())
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'delprinc', 'test'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Generate a custom kdc.conf with default_principal_flags set
|
|
Packit |
fd8b60 |
# according to ftuple.
|
|
Packit |
fd8b60 |
def genkdcconf(ftuple):
|
|
Packit |
fd8b60 |
d = { 'realms': { '$realm': {
|
|
Packit |
fd8b60 |
'default_principal_flags': ftuple.setspec()
|
|
Packit |
fd8b60 |
}}}
|
|
Packit |
fd8b60 |
return realm.special_env('tmp', True, kdc_conf=d)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test one ftuple for kdc.conf default_principal_flags.
|
|
Packit |
fd8b60 |
def one_kdcconf(ftuple):
|
|
Packit |
fd8b60 |
e = genkdcconf(ftuple)
|
|
Packit |
fd8b60 |
pat = attr_pat(ftuple)
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'ank', '-pw', 'password', 'test'], env=e)
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', 'test'])
|
|
Packit |
fd8b60 |
if not pat.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to set flag ' + ftuple.flagname() + ' via kdc.conf')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'delprinc', 'test'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Principal name for kadm5.acl line
|
|
Packit |
fd8b60 |
def ftuple2pname(ftuple, doset):
|
|
Packit |
fd8b60 |
pname = 'set_' if doset else 'clear_'
|
|
Packit |
fd8b60 |
return pname + ftuple.flagname()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Translate a strconv ftuple to a spec string for kadmin.
|
|
Packit |
fd8b60 |
def ftuple2kadm_spec(ftuple, doset):
|
|
Packit |
fd8b60 |
ktuple = kadmin_itable[ftuple.flag]
|
|
Packit |
fd8b60 |
if ktuple.invert != ftuple.invert:
|
|
Packit |
fd8b60 |
# Could do:
|
|
Packit |
fd8b60 |
# doset = not doset
|
|
Packit |
fd8b60 |
# but this shouldn't happen.
|
|
Packit |
fd8b60 |
raise ValueError
|
|
Packit |
fd8b60 |
return ktuple.spec(doset)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Generate a line for kadm5.acl.
|
|
Packit |
fd8b60 |
def acl_line(ftuple, doset):
|
|
Packit |
fd8b60 |
pname = ftuple2pname(ftuple, doset)
|
|
Packit |
fd8b60 |
spec = ftuple.spec(doset)
|
|
Packit |
fd8b60 |
return "%s * %s %s\n" % (realm.admin_princ, pname, spec)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test one kadm5.acl line for a ftuple.
|
|
Packit |
fd8b60 |
def one_aclcheck(ftuple, doset):
|
|
Packit |
fd8b60 |
pname = ftuple2pname(ftuple, doset)
|
|
Packit |
fd8b60 |
pat = attr_pat(ftuple)
|
|
Packit |
fd8b60 |
outname = ftuple.flagname()
|
|
Packit |
fd8b60 |
# Create the principal and check that the flag is correctly set or
|
|
Packit |
fd8b60 |
# cleared.
|
|
Packit |
fd8b60 |
realm.run_kadmin(['ank', '-pw', 'password', pname])
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', pname])
|
|
Packit |
fd8b60 |
if doset:
|
|
Packit |
fd8b60 |
if not pat.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to set flag ' + outname + ' via kadm5.acl')
|
|
Packit |
fd8b60 |
else:
|
|
Packit |
fd8b60 |
if not emptyattr.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to clear flag ' + outname + ' via kadm5.acl')
|
|
Packit |
fd8b60 |
# If acl forces flag to be set, try to clear it, and vice versa.
|
|
Packit |
fd8b60 |
spec = ftuple2kadm_spec(ftuple, not doset)
|
|
Packit |
fd8b60 |
realm.run_kadmin(['modprinc', spec, pname])
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', pname])
|
|
Packit |
fd8b60 |
if doset:
|
|
Packit |
fd8b60 |
if not pat.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to keep flag ' + outname + ' set')
|
|
Packit |
fd8b60 |
else:
|
|
Packit |
fd8b60 |
if not emptyattr.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to keep flag ' + outname + ' clear')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Set all flags simultaneously, even the ones that aren't defined yet.
|
|
Packit |
fd8b60 |
def lamptest():
|
|
Packit |
fd8b60 |
pat = re.compile('^Attributes: ' +
|
|
Packit |
fd8b60 |
' '.join(flags2namelist(0xffffffff)) +
|
|
Packit |
fd8b60 |
'$', re.MULTILINE)
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'ank', '-pw', 'password', '+0xffffffff', 'test'])
|
|
Packit |
fd8b60 |
out = realm.run([kadminl, 'getprinc', 'test'])
|
|
Packit |
fd8b60 |
if not pat.search(out):
|
|
Packit |
fd8b60 |
fail('Failed to simultaenously set all flags')
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'delprinc', 'test'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for ftuple in kadmin_ftuples:
|
|
Packit |
fd8b60 |
one_kadmin_flag(ftuple)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for ftuple in strconv_ftuples:
|
|
Packit |
fd8b60 |
one_kdcconf(ftuple)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
f = open(os.path.join(realm.testdir, 'acl'), 'w')
|
|
Packit |
fd8b60 |
for ftuple in strconv_ftuples:
|
|
Packit |
fd8b60 |
f.write(acl_line(ftuple, True))
|
|
Packit |
fd8b60 |
f.write(acl_line(ftuple, False))
|
|
Packit |
fd8b60 |
f.close()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.start_kadmind()
|
|
Packit |
fd8b60 |
realm.prep_kadmin()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for ftuple in strconv_ftuples:
|
|
Packit |
fd8b60 |
one_aclcheck(ftuple, True)
|
|
Packit |
fd8b60 |
one_aclcheck(ftuple, False)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
lamptest()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('KDB principal flags')
|