from k5test import *
from princflags import *
import re
realm = K5Realm(create_host=False, get_creds=False)
# Regex pattern to match an empty attribute line from kadmin getprinc
emptyattr = re.compile('^Attributes:$', re.MULTILINE)
# Regex pattern to match a kadmin getprinc output for a flag tuple
def attr_pat(ftuple):
return re.compile('^Attributes: ' + ftuple.flagname() + '$',
re.MULTILINE)
# Test one flag tuple for kadmin ank.
def one_kadmin_flag(ftuple):
pat = attr_pat(ftuple)
realm.run([kadminl, 'ank', ftuple.setspec(),
'-pw', 'password', 'test'])
out = realm.run([kadminl, 'getprinc', 'test'])
if not pat.search(out):
fail('Failed to set flag ' + ftuple.flagname())
realm.run([kadminl, 'modprinc', ftuple.clearspec(), 'test'])
out = realm.run([kadminl, 'getprinc', 'test'])
if not emptyattr.search(out):
fail('Failed to clear flag ' + ftuple.flagname())
realm.run([kadminl, 'delprinc', 'test'])
# Generate a custom kdc.conf with default_principal_flags set
# according to ftuple.
def genkdcconf(ftuple):
d = { 'realms': { '$realm': {
'default_principal_flags': ftuple.setspec()
}}}
return realm.special_env('tmp', True, kdc_conf=d)
# Test one ftuple for kdc.conf default_principal_flags.
def one_kdcconf(ftuple):
e = genkdcconf(ftuple)
pat = attr_pat(ftuple)
realm.run([kadminl, 'ank', '-pw', 'password', 'test'], env=e)
out = realm.run([kadminl, 'getprinc', 'test'])
if not pat.search(out):
fail('Failed to set flag ' + ftuple.flagname() + ' via kdc.conf')
realm.run([kadminl, 'delprinc', 'test'])
# Principal name for kadm5.acl line
def ftuple2pname(ftuple, doset):
pname = 'set_' if doset else 'clear_'
return pname + ftuple.flagname()
# Translate a strconv ftuple to a spec string for kadmin.
def ftuple2kadm_spec(ftuple, doset):
ktuple = kadmin_itable[ftuple.flag]
if ktuple.invert != ftuple.invert:
# Could do:
# doset = not doset
# but this shouldn't happen.
raise ValueError
return ktuple.spec(doset)
# Generate a line for kadm5.acl.
def acl_line(ftuple, doset):
pname = ftuple2pname(ftuple, doset)
spec = ftuple.spec(doset)
return "%s * %s %s\n" % (realm.admin_princ, pname, spec)
# Test one kadm5.acl line for a ftuple.
def one_aclcheck(ftuple, doset):
pname = ftuple2pname(ftuple, doset)
pat = attr_pat(ftuple)
outname = ftuple.flagname()
# Create the principal and check that the flag is correctly set or
# cleared.
realm.run_kadmin(['ank', '-pw', 'password', pname])
out = realm.run([kadminl, 'getprinc', pname])
if doset:
if not pat.search(out):
fail('Failed to set flag ' + outname + ' via kadm5.acl')
else:
if not emptyattr.search(out):
fail('Failed to clear flag ' + outname + ' via kadm5.acl')
# If acl forces flag to be set, try to clear it, and vice versa.
spec = ftuple2kadm_spec(ftuple, not doset)
realm.run_kadmin(['modprinc', spec, pname])
out = realm.run([kadminl, 'getprinc', pname])
if doset:
if not pat.search(out):
fail('Failed to keep flag ' + outname + ' set')
else:
if not emptyattr.search(out):
fail('Failed to keep flag ' + outname + ' clear')
# Set all flags simultaneously, even the ones that aren't defined yet.
def lamptest():
pat = re.compile('^Attributes: ' +
' '.join(flags2namelist(0xffffffff)) +
'$', re.MULTILINE)
realm.run([kadminl, 'ank', '-pw', 'password', '+0xffffffff', 'test'])
out = realm.run([kadminl, 'getprinc', 'test'])
if not pat.search(out):
fail('Failed to simultaenously set all flags')
realm.run([kadminl, 'delprinc', 'test'])
for ftuple in kadmin_ftuples:
one_kadmin_flag(ftuple)
for ftuple in strconv_ftuples:
one_kdcconf(ftuple)
f = open(os.path.join(realm.testdir, 'acl'), 'w')
for ftuple in strconv_ftuples:
f.write(acl_line(ftuple, True))
f.write(acl_line(ftuple, False))
f.close()
realm.start_kadmind()
realm.prep_kadmin()
for ftuple in strconv_ftuples:
one_aclcheck(ftuple, True)
one_aclcheck(ftuple, False)
lamptest()
success('KDB principal flags')