|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
import csv
|
|
Packit |
fd8b60 |
from io import StringIO
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def tab_csv(s):
|
|
Packit |
fd8b60 |
io = StringIO(s)
|
|
Packit |
fd8b60 |
return list(csv.DictReader(io, dialect=csv.excel_tab))
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def getrows(dumptype):
|
|
Packit |
fd8b60 |
out = realm.run([kdb5_util, 'tabdump', dumptype])
|
|
Packit |
fd8b60 |
return tab_csv(out)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
def checkkeys(rows, dumptype, names):
|
|
Packit |
fd8b60 |
if sorted(rows[0].keys()) != sorted(names):
|
|
Packit |
fd8b60 |
fail('tabdump %s field names' % dumptype)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm(start_kdc=False, get_creds=False)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('keyinfo')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'keyinfo',
|
|
Packit |
fd8b60 |
["name", "keyindex", "kvno", "enctype", "salttype", "salt"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
userrows = [x for x in rows if x['name'].startswith('user@')]
|
|
Packit |
fd8b60 |
userrows.sort(key=lambda x: x['keyindex'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (userrows[0]['enctype'] != 'aes256-cts-hmac-sha1-96' or
|
|
Packit |
fd8b60 |
userrows[1]['enctype'] != 'aes128-cts-hmac-sha1-96'):
|
|
Packit |
fd8b60 |
fail('tabdump keyinfo enctypes')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('tabdump keyinfo')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('keydata')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'keydata',
|
|
Packit |
fd8b60 |
["name", "keyindex", "kvno", "enctype", "key", "salttype", "salt"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('princ_flags')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'princ_flags', ["name", "flag", "value"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('princ_lockout')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'princ_lockout', ["name", "last_success", "last_failed",
|
|
Packit |
fd8b60 |
"fail_count"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'addpol', '-history', '3', 'testpol'])
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', '-policy', 'testpol', 'user'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('princ_meta')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'princ_meta', ["name", "modby", "modtime", "lastpwd",
|
|
Packit |
fd8b60 |
"policy", "mkvno", "hist_kvno"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
userrows = [x for x in rows if x['name'].startswith('user@')]
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if userrows[0]['policy'] != 'testpol':
|
|
Packit |
fd8b60 |
fail('tabdump princ_meta policy name')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'set_string', 'user', 'foo', 'bar'])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('princ_stringattrs')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'princ_stringattrs', ["name", "key", "value"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
userrows = [x for x in rows if x['name'].startswith('user@')]
|
|
Packit |
fd8b60 |
if (len(userrows) != 1 or userrows[0]['key'] != 'foo' or
|
|
Packit |
fd8b60 |
userrows[0]['value'] != 'bar'):
|
|
Packit |
fd8b60 |
fail('tabdump princ_stringattrs key/value')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
rows = getrows('princ_tktpolicy')
|
|
Packit |
fd8b60 |
checkkeys(rows, 'princ_tktpolicy', ["name", "expiration", "pw_expiration",
|
|
Packit |
fd8b60 |
"max_life", "max_renew_life"])
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('tabdump')
|