krb5 commit: Remove old master key tests
Greg Hudson
ghudson at MIT.EDU
Fri Oct 25 11:42:18 EDT 2013
https://github.com/krb5/krb5/commit/89081ef62b0add869501f98ed3c49638b5327876
commit 89081ef62b0add869501f98ed3c49638b5327876
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Oct 23 11:20:50 2013 -0400
Remove old master key tests
Remove tests/mkeystash_compat and tests/mk_migr. These are superseded
by t_mkey.py, with two exceptions:
tests/mk_migr included tests for password history across master key
rollovers. Historical keys are encrypted in the kadmin/history key
(which is accessed like any other key), so there isn't a specific need
to test this unless we implement #1221.
tests/mk_migr had provisions for testing master key rollover with the
LDAP KDB module. All master key logic used in the LDAP KDB module is
shared with the DB2 module in lib/kdb, so there is no specific need to
test this combination.
src/configure.in | 2 +-
src/tests/Makefile.in | 2 +-
src/tests/mk_migr/db2_backend/README_for_mkmdb2 | 37 -
.../db2_backend/input_conf/kadm5_template_db2.acl | 1 -
.../db2_backend/input_conf/kdc_template_db2.conf | 14 -
.../db2_backend/input_conf/krb5_template_db2.conf | 21 -
src/tests/mk_migr/db2_backend/mkmdb2.py | 808 ------------------
src/tests/mk_migr/ldap_backend/README_for_mkmldap | 77 --
.../mk_migr/ldap_backend/input_conf/debconfile | 9 -
.../input_conf/kadm5_template_ldap.acl | 1 -
.../ldap_backend/input_conf/kdc_template_ldap.conf | 16 -
.../input_conf/krb5_template_ldap.conf | 33 -
src/tests/mk_migr/ldap_backend/mkmldap.py | 897 --------------------
src/tests/mkeystash_compat/Makefile.in | 48 -
src/tests/mkeystash_compat/bigendian.c | 24 -
src/tests/mkeystash_compat/deps | 4 -
src/tests/mkeystash_compat/old_stash_bendian | Bin 67 -> 0 bytes
src/tests/mkeystash_compat/old_stash_lendian | Bin 30 -> 0 bytes
18 files changed, 2 insertions(+), 1992 deletions(-)
diff --git a/src/configure.in b/src/configure.in
index a4bf31a..3c3968b 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1418,7 +1418,7 @@ dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
tests tests/resolve tests/asn.1 tests/create tests/hammer
tests/verify tests/gssapi tests/dejagnu tests/threads tests/shlib
- tests/gss-threads tests/misc tests/mkeystash_compat
+ tests/gss-threads tests/misc
util/gss-kernel-lib util/collected-client-lib
po
)
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index ac944a9..4799248 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -1,7 +1,7 @@
mydir=tests
BUILDTOP=$(REL)..
SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
- gss-threads misc mkeystash_compat
+ gss-threads misc
RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
diff --git a/src/tests/mk_migr/db2_backend/README_for_mkmdb2 b/src/tests/mk_migr/db2_backend/README_for_mkmdb2
deleted file mode 100644
index 1a5cf30..0000000
--- a/src/tests/mk_migr/db2_backend/README_for_mkmdb2
+++ /dev/null
@@ -1,37 +0,0 @@
-ABOUT:
-A translation of Will Fiveash's "mit_db2_mkey_migrate_testB" ksh code into Python with the default db2 backend. With minor fixes and changes. Written by HaoQi Li.
-
-DEFAULT SETTINGS:
-Options Name Default Setting
- -h Help
- -v Verbose: True
- -p Testing pw: test123
- -s Sandbox loc: src/tests/mk_migr/db2_backend/sandbox
- -c Krb5kdc: src/kdc/krb5kdc
- -d Kadmind: src/kadmin/server/kadmind
- -b Kdb5_util: src/kadmin/dbutil/kdb5_util
- -l Kadmin.local: src/kadmin/cli/kadmin.local
- -n Kadmin: src/kadmin/cli/kadmin
- -t Client paths: src/clients
-
-INPUTS:
-* src/tests/mk_migr/db2_backend/input_conf/kdc_template_db2.conf
-* src/tests/mk_migr/db2_backend/input_conf/krb5_template_db2.conf
-* src/tests/mk_migr/db2_backend/input_conf/kadm5_template_db2.acl
-
-OUTPUTS:
-* sandbox that contains customized outfile with all commands and their outputs, kdc.conf, krb5.conf, kadm6.acl, and others.
-* Statistics on screen of number of commands passed and failed.
-
-EXAMPLES:
-- MUST RUN from trunk/src.
-* python tests/mk_migr/db2_backend/mkmdb2.py
- Using all Default Settings.
-* python tests/mk_migr/db2_backend/mkmdb2.py -s /tmp/mySandbox
- Sandbox now can be found in /tmp/mySandbox.
-
-
-# Notes:
-# Exists only at the end, unless fatal errors are encountered. Otherwise, skips errors and continue!!
-# "haoqili" is a name that can be changed.
-# 2019 and 2029 are future dates that should best be written not as fixed. Such as now+10years.
diff --git a/src/tests/mk_migr/db2_backend/input_conf/kadm5_template_db2.acl b/src/tests/mk_migr/db2_backend/input_conf/kadm5_template_db2.acl
deleted file mode 100644
index 719677a..0000000
--- a/src/tests/mk_migr/db2_backend/input_conf/kadm5_template_db2.acl
+++ /dev/null
@@ -1 +0,0 @@
-*/admin *
diff --git a/src/tests/mk_migr/db2_backend/input_conf/kdc_template_db2.conf b/src/tests/mk_migr/db2_backend/input_conf/kdc_template_db2.conf
deleted file mode 100644
index 31ff522..0000000
--- a/src/tests/mk_migr/db2_backend/input_conf/kdc_template_db2.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-[kdcdefaults]
- kdc_ports = 8888
-
-[realms]
- K.MIT.EDU = {
- database_name = %(sandboxdir)s/principal
- acl_file = %(sandboxdir)s/kadm5.acl
- key_stash_file = %(sandboxdir)s/keyStashFile
- kdc_ports = 8888
- kpasswd_port = 8887
- kadmind_port = 8886
- max_life = 10h 0m 0s
- max_renewable_life = 7d 0h 0m 0s
- }
diff --git a/src/tests/mk_migr/db2_backend/input_conf/krb5_template_db2.conf b/src/tests/mk_migr/db2_backend/input_conf/krb5_template_db2.conf
deleted file mode 100644
index e89aa87..0000000
--- a/src/tests/mk_migr/db2_backend/input_conf/krb5_template_db2.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-[libdefaults]
- default_realm = K.MIT.EDU
-
-[realms]
-# use "kdc = ..." if realm admins haven't put SRV records into DNS
- K.MIT.EDU = {
- admin_server = %(localFQDN)s:8886
- kpasswd_server = %(localFQDN)s:8887
- default_domain = MIT.EDU
- kdc = %(localFQDN)s:8888
- v4_instance_convert = {
- mit = mit.edu
- lithium = lithium.lcs.mit.edu
- }
- }
- ANDREW.CMU.EDU = {
- admin_server = vice28.fs.andrew.cmu.edu
- }
-
-[logging]
-# kdc = CONSOLE
diff --git a/src/tests/mk_migr/db2_backend/mkmdb2.py b/src/tests/mk_migr/db2_backend/mkmdb2.py
deleted file mode 100644
index 00ae4cb..0000000
--- a/src/tests/mk_migr/db2_backend/mkmdb2.py
+++ /dev/null
@@ -1,808 +0,0 @@
-# Master Key Migration for db2
-
-import os, sys, shutil, socket, time, string
-from subprocess import Popen, PIPE
-from optparse import OptionParser
-from time import strftime
-
-class MasterKeyMigrationTest:
- def __init__(self, verbose_in, pw_in, kdcPath_in, kdmdPath_in, kdbPath_in, kdmlPath_in, kdmPath_in, cltPath_in, sandir_in):
- self.npass = 0
- self.nfail = 0
-
- self.verbose = verbose_in
- self.pw = pw_in
-
- self.krb5kdc = kdcPath_in #1 krb5kdc
- self.kadmind = kdmdPath_in #2 kadmind
- self.kdb5_util = kdbPath_in #3 kdb5_util
- self.kadminlocal = kdmlPath_in #4 kadmin.local
- self.kadmin = kdmPath_in #5 kadmin
- self.clients = cltPath_in+"/" #6 clients
-
- self.sandir = sandir_in
-
- ########## SET UP Write Output File #####
- self.outfile = open(self.sandir+"/outfile", 'w')
-
- '''print os.environ'''
-
- def _writeLine(self, astr, prt=False):
- self.outfile.write(astr.strip()+"\n")
- if prt:
- print astr.strip()
-
- def _writeHeader(self, astr, prt=True):
- self.outfile.write("\n========== "+astr.strip()+" ==========\n")
- if prt:
- print "========== "+astr.strip()+" =========="
-
- def _sysexit(self, fatal=False, finished=False):
- self._writeLine("++++++++++++++++++++++++++++++", True)
- if fatal:
- self._writeLine("++++ Test did NOT finish +++++", True)
- self._writeLine("++++ FATAL FAILURE! Stopped ++", True)
- self._writeLine("++++ See sandbox/outfile +++++", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- sys.exit()
- elif not finished:
- self._writeLine("++++ Test did NOT finish +++++", True)
- self._writeLine("++++ FAIL Detected! keep going", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- else: #finished
- self._writeLine("++++ MKM Test Finished +++++++", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- self._writeLine("++++ Commands Passed: %s +++++" % self.npass, True)
- self._writeLine("++++ Commands Failed: %s +++++" % self.nfail, True)
- sys.exit()
-
- def _printig(self):
- self._writeLine("~.~.~Error should be ignored~.~.~.~")
-
- def _printerr(self, errm, stderr):
- self._writeLine("#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#")
- self._writeLine("-XX-FAILED: "+errm+". See stderr below:")
- [self._writeLine(line) for line in stderr.readlines() ]
-
- def _printout(self, cmd, pstdout):
- if self.verbose:
- self._writeLine("---------------------------------------")
- self._writeLine("-command: "+cmd)
- self._writeLine("-----out: ")
- [self._writeLine(line) for line in pstdout.readlines()]
-
- def _eval(self, succeed, pwait, errm, pstderr, fatal=False, msg2="", finished=False):
- if int(pwait) != 0: # is bad
- self._printerr(errm, pstderr)
- if succeed==True: ## want good
- self.nfail += 1
- self._sysexit(fatal, finished)
- else: ## want bad
- self.npass += 1
- self._printig()
- else: # is good
- if not succeed: ## want bad
- if msg2 != "":
- self._writeLine(msg2, True)
- self.nfail += 1
- self._sysexit(fatal, finished)
- else: ## want good
- self.npass += 1
-
- def _metafunc(self, command, errmsg, moreinfo="", isLocal=False, succeed=True, fatal=False):
- l = command
- if isLocal:
- pl = Popen(l.split(None,2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- else:
- pl = Popen(l.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l+moreinfo, pl.stdout)
-
- self._eval(succeed, pl.wait(), errmsg, pl.stderr, fatal)
-
- ###########################################
-
- # Start the KDC daemons
- def _startkdc(self):
- self._writeLine("\nstarting kdc daemons ...")
- l0 = self.krb5kdc
- errm = "error at starting krb5kdc"
- self._metafunc(l0, errm)
- # below has been changed
- l0b = self.kadmind + ' -W -nofork' #the W is for during off strong random numbers
- errm = "error at starting kadmind, maybe it's already started"
- pl0b = Popen(l0b.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._writeLine( "kadmind -nofork")
- started = False
- while time.clock() < 3:
- l = pl0b.stderr.readline()
- if l.find("starting") > -1:
- self._writeLine( l.strip())
- self.npass += 1
- started = True
- break
- else:
- self.nfail += 1
- self._printerr("kadmind not starting, check to see if there are any previous kadmind running with cmd: 'ps -ef | grep kadmind' and then do 'sudo kill -9 [# on the left]'", pl0b.stderr)
- self._sysexit(fatal=True)
- if not started:
- self.nfail += 1
- self._sysexit()
- self._writeLine("end starting kdc daemons")
-
- # Kill the KDC daemons in case they are running
- def _killkdc(self, suc=True):
- l1 = 'pkill -9 -x krb5kdc'
- errm = "no krb5kdc killed"
- self._metafunc(l1, errm, succeed=suc)
-
- l2 = 'pkill -9 -x kadmind'
- errm = "no kadmind killed"
- self._metafunc(l2, errm, succeed=suc)
-
- # Destroys current database
- def _destroykdc(self, suc=True):
- l3 = self.kdb5_util+' destroy -f' #forced
- errm = "no kdb database destroyed"
- self._metafunc(l3, errm, succeed=suc)
-
- # Create a new database with a new master key
- def _createdb(self, pw):
- l4 = self.kdb5_util+' -P '+pw+' create -s -W' #added W for svn version 22435 to avoid reading strong random numbers
- errm = "error when creating new database, _createdb()"
- self._metafunc(l4, errm, fatal=True)
-
- # Addprinc
- def _locAddprinc(self, passw, usern):
- l5 = self.kadminlocal+' -q addprinc -pw '+passw+' '+usern
- errm = "error when adding princ, _locAddprinc"
- self._metafunc(l5, errm, isLocal=True)
-
- # List princs
- def _locListprincs(self):
- l6 = self.kadminlocal+' -q listprincs'
- errm = "error when listing princs, _locListprincs"
- self._metafunc(l6, errm, isLocal=True)
-
- # Get princs
- def _locGetprinc(self, usern, extra=False, succeed=True):
- l7 = self.kadminlocal+' -q getprinc '+usern
- errm="error when getting princ, _locGetprinc"
-
- pl7 = Popen(l7.split(None,2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if not extra:
- self._printout(l7, pl7.stdout)
- else:
- if self.verbose:
- self._writeLine("-command: "+l7)
- self._writeLine("-----out: ")
- for line in pl7.stdout.readlines():
- if line.startswith("Princ") or line.startswith("MKey"):
- self._writeLine(line)
- self._eval(succeed, pl7.wait(), errm, pl7.stderr)
-
- # Get princs and finds something in the output
- def _locGetprincFind(self, usern, findstr, succeed=True):
- l7b = self.kadminlocal+' -q getprinc ' +usern
- errm="error when getting princs, _locGetprinc, (regular output of getprincs is not printed here), will NOT continue to find string="+findstr
- pl7b = Popen(l7b.split(None, 2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if self.verbose:
- self._writeLine("-command: "+l7b)
- if int(pl7b.wait()) != 0: # is bad
- self._printerr(errm, pl7b.stderr)
- if succeed: ## want good
- self.nfail += 1
- self._sysexit()
- else: ## want bad
- self.npass += 1
- self._printig()
- else: # is good
- if self.verbose:
- self._writeLine( "-----out: ")
- boofound = False
- for outl in pl7b.stdout.readlines():
- self._writeLine(outl)
- if string.find(outl, findstr) > -1:
- boofound = True
- if boofound:
- self._writeLine("----FOUND: "+findstr)
- else:
- self._writeLine("----NOT FOUND: "+findstr)
- if not succeed: ## want bad
- self.nfail += 1
- self._sysexit()
- else: ## want good
- self.npass += 1
-
- # Add policy
- def _locAddpol(self, maxtime, minlength, minclasses, history, policyname):
- rest = ""
- if maxtime != None:
- rest += '-maxlife '+maxtime+' '
- if minlength != None:
- rest += '-minlength '+minlength+' '
- if minclasses != None:
- rest += '-minclasses '+minclasses+' '
- if history != None:
- rest += '-history '+history+' '
- l8 = self.kadminlocal+' -q add_policy '+rest+policyname
- errm = "error when adding policy, _locAddpol"
- self._metafunc(l8, errm, isLocal=True)
-
- # Get pol
- def _locGetpol(self, poln):
- l8b = self.kadminlocal+' -q getpol '+poln
- errm="error when getting pol, _locGetpol"
- self._metafunc(l8b, errm, isLocal=True)
-
- # Modify Principal
- def _locModprinc(self, rest):
- l9 = self.kadminlocal+' -q modprinc '+rest
- errm = "error when modifing principal, _locModprinc"
- self._metafunc(l9, errm, isLocal=True)
-
- # List mkeys
- def _listmkeys(self):
- l10 = self.kdb5_util+' list_mkeys'
- errm = "error when listing mkeys, _listmkeys"
- self._metafunc(l10, errm)
-
- # Use mkeys
- def _usemkey(self, kvno, time, succeed=True):
- l11 = self.kdb5_util+' use_mkey '+kvno+' '+time
- pl11 = Popen(l11.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l11, pl11.stdout)
- self._eval(succeed, pl11.wait(), "error when using mkeys, _usemkey", pl11.stderr, msg2="-XX-ERROR: "+l11+" should have failed.")
-
-
- # Change password (cpw)
- def _locCpw(self, passw, usern):
- l12 = self.kadminlocal+' -q cpw -pw '+passw+' '+usern
- errm = "error when changing password, _locCpw"
- self._metafunc(l12, errm, moreinfo="\n--------: newpw='"+passw+"'", isLocal=True)
-
- # Purge mkeys
- def _purgemkeys(self):
- l13 = self.kdb5_util+' purge_mkeys -f -v' #-f is forced, -v is verbose
- errm = "error when purging mkeys, _purgemkeys"
- self._metafunc(l13, errm)
-
- # Add mkey
- def _addmkey(self, passw, extra="", succeed=True):
- l14 = self.kdb5_util+' add_mkey '+extra
- pl14 = Popen(l14.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl14.stdin.write(passw+'\n') #enter 1st time
- pl14.stdin.write(passw+'\n') #re-enter
- self._printout(l14+' [with password='+passw+']', pl14.stdout)
- self._eval(succeed, pl14.wait(), "error when adding mkey, _addmkey", pl14.stderr)
- self._writeLine( "----end of adding mkey")
-
- # kinit user
- def _kinit(self, passw_in, usern, succeed=True):
- l15 = self.clients+'kinit/kinit '+usern
- pl15 = Popen(l15.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl15.stdin.write(passw_in+'\n')
- pl15.stdin.close()
- self._printout(l15, pl15.stdout)
- self._eval(succeed, pl15.wait(), "error when kinit user, _kinit", pl15.stderr)
- self._writeLine( "----end of kiniting user")
-
- # change password on client's side
- def _kpasswd(self, oldpw, newpw, usern, succeed=True):
- l16 = self.clients+'kpasswd/kpasswd '+usern
- pl16 = Popen(l16.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl16.stdin.write(oldpw+'\n')
- pl16.stdin.write(newpw+'\n')
- pl16.stdin.write(newpw+'\n')
- self._printout(l16+"\n--------: oldpw='"+oldpw+"' -> newpw='"+newpw+"'", pl16.stdout)
- self._eval(succeed, pl16.wait(), "error when changing password on client's side, _kpasswd", pl16.stderr)
- self._writeLine("----end of changing kpasswd")
-
- # klist on client's side
- def _klist(self):
- l17 = self.clients+'klist/klist'
- errm = "error when klist, _klist"
- self._metafunc(l17, errm)
-
- # Update principal encryption
- def _updatePrincEnc(self):
- l18 = self.kdb5_util+' update_princ_encryption -f -v'
- errm = "error when updating principal encryption, _updatePrincEnc"
- self._metafunc(l18, errm)
-
- # kdestroy
- def _kdestroy(self):
- l19 = self.clients+'kdestroy/kdestroy'
- errm = "error when kdestroy, _kdestroy"
- self._metafunc(l19, errm)
-
- # stash
- def _stash(self):
- l20 = self.kdb5_util+' stash'
- errm="error at stash, _stash"
- self._metafunc(l20, errm)
-
- # any shell command
- def _shell(self, command, succeed=True):
- l21 = command
- errm="error at executing this command in _shell(): "+l21
- pl21 = Popen(l21, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l21, pl21.stdout)
- self._eval(succeed, pl21.wait(), errm, pl21.stderr)
- '''self._printerr(errm, pl21.stderr) Pointed out that kadmin had problems!'''
-
- # get_princ_records()
- def _get_princ_records(self, succeed=True):
- l22 = self.kadminlocal+" -q listprincs 2>/dev/null|grep -v '^Authenticating as'|fgrep '@'|sort"
- errm="error at listprincs in _get_princ_records() with this command: "+l22
- pl22 = Popen(l22, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if int(pl22.wait()) != 0: # is bad
- self.printerr(errm, pl22.stderr)
- if succeed: ## want good
- self.nfail += 1
- self._sysexit()
- else: ## want badd
- self.npass += 1
- self._printig()
- else: # is good
- if not succeed: ## want bad
- self.nfail += 1
- self._sysexit()
- else: ## want good
- self.npass += 1
- self._writeLine( "\nget_princ_records() executing all listprincs command: "+l22+"\n------its results:")
- for princ in pl22.stdout.readlines():
- self._locGetprinc(princ.strip(), extra=True)
- self._writeLine("END executing command: "+l22+"\n~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~")
-
-######################################################
- def run(self):
- #############RUN###################
- passw=self.pw
-
- self._writeHeader("START MASTER KEY MIGRATION TEST")
-
- # Set up database
- self._writeHeader("SET UP: database")
- self._killkdc("Either") #74 =1,2
- self._destroykdc("Either") #77 =3
- self._createdb(passw) #81 =4
- #line 83-86 involves ktadd kadm5.keytab, which are out dated
-
- # add, get, and list princs
- self._writeHeader("SET UP: add/get/list princs")
- self._locAddprinc(passw, 'kdc/admin') #87 =5
- self._locListprincs() #89 =6
- self._locGetprinc('K/M') #90 =7
- self._locAddprinc('test123', 'haoqili') #91 =8
- self._locGetprinc('haoqili') #92 =9
- self._locAddprinc(passw, 'haoqili/admin') #93 =10
- self._locAddprinc('foobar', 'test') #94 =11
- self._locGetprinc('test') #95 =12
- self._locListprincs() # I added =13
- myfqdn = socket.getfqdn()
- #self._shell(self.parentpath+"kadmin.local -q 'addprinc -randkey host/"+myfqdn+"'") #96
- self._shell(self.kadminlocal+" -q 'addprinc -randkey host/"+myfqdn+"'") #96 =14
-
- # create policies
- self._writeHeader("SET UP: create policies")
- #print "\n~~~~~~~~~ create policies ~~~~~~~~~~~"
- self._locAddpol('8days', None, None, None, 'testpolicy')#100 =15
- self._locAddpol('20days', '8', '3', None, 'testpolicy2')#101
- self._locAddpol('90days', '2', '2', None, 'testpolicy3')#102
- self._locAddpol('90days', '2', '2', '3', 'testpolicy4')#103
-
- self._locModprinc('-policy testpolicy haoqili')#105
- self._locAddprinc(passw, 'foo')#106
- self._locModprinc('-policy testpolicy3 foo')#107 =21
-
- # create all princ with all fields
- self._writeHeader("SET UP: create all princ with all fields")
- #print "\n~~~~~~~~~ create all princ with all fields ~~~~~"
- self._locAddprinc(passw, 'all') #110 =22
- self._locModprinc('-expire "2029-12-30 7pm" all') #112
- self._locModprinc('-pwexpire 12/30/2029 all') #114
- self._locGetprinc('all') #115
- self._locModprinc('-maxlife 100days all') #116
- self._locGetprinc('all') #117
- self._locModprinc('-maxrenewlife 100days all') #118
- self._locGetprinc('all') #119
- self._locModprinc('+allow_postdated +allow_forwardable all') #120 =30
- self._locModprinc('+allow_proxiable +allow_dup_skey all') #121
- self._locModprinc('+requires_preauth +allow_svr +needchange all') #122
- self._locModprinc('-policy testpolicy4 all') #123
- self._locGetprinc('all') #124 =34
-
- # Testing stuff
- self._writeHeader("TEST: initial mkey list") #126
- self._writeLine("===== Listing mkeys at start of test") #I add
- self._listmkeys() #127 =35
-
- self._writeLine( "Testing krb5kdc list_mkeys Done ==============================================") #128
-
- self._writeLine("---------------\n xxxxxxxxxx \/\/\/ ERRORS (multiple) EXPECTED below xxxxxxxxxx")
- self._writeLine("\nERRORS (multiple) EXPECTED below")
- self._writeLine("Testing bogus use_mkey (setting only mkey to future date, using non-existent kvno, so should return error) =======") #129, 130
- self._writeLine( "-> must have a mkey currently active (setting mkey to 2 days from now), should fail and return error") #132
- self._usemkey('1', 'now+2days', False) #133-138 =36
-
- self._writeLine("-> must have a mkey currently active (setting mkey to 2019 the future), should fail and return error") #140
- self._usemkey('1', '5/30/2019', False) #141 =37
- self._writeLine("-> bogus kvno and setting mkey to 2 days from now, should fail and return error") #147
- self._usemkey('2', 'now+2days', False) #148 =38
- self._writeLine("-> bogus kvno, should fail and return error") #I add
- self._usemkey('2', 'now-2days', False) #I add =39
- self._writeLine( "^^^ABOVE^^ SHOULD HAVE *ALL* FAILED\n-----------------")
-
- self._writeLine( "Listing mkeys at end of test") #I add
- self._listmkeys() #155 =40
- self._writeLine("Testing bogus use_mkey (setting only mkey to future date) Done ===========================") #156
-
-
- self._writeLine("\nmake sure cpw [change password] works") #158
- # this changes the password of 'test' from 'foobar' in "add, get, and list princs" above
- self._locCpw('test1', 'test') #159 =41
-
- self._writeHeader("TEST: bogus purge_mkeys (should be no keys purged, no error returned")
- #print "\nTesting bogus purge_mkeys (should be no keys purged, no error returned) ===========================" #161
- self._purgemkeys() #162 =42
- self._writeLine("Testing bogus purge_mkeys (no error) Done ===========================") #163
-
- self._writeLine( "\nadd kvno 2") #164
- self._addmkey('abcde', '-s') #165-167 =43
- self._writeLine("\nlist mkeys")
- self._listmkeys() #169 =44
-
- #start daemons
- self._startkdc() #172 =45 46
- self._writeLine("make sure kdc is up, by kinit test") #176
- self._kinit('test1', 'test') #177 =47
-
- self._writeLine("---------------\n\/\/\/ ERROR EXPECTED below. Test passwd policy.:") #180
- self._kinit(passw, 'all', succeed=False) #181 =48
- self._writeLine("^^ABOVE^^ SHOULD HAVE FAILED\n-----------------")
-
- #change passwd on client's side
- self._kpasswd(passw, 'Test123.', 'all')#184-188 =49
-
- self._kinit('Test123.', 'all') #189 =50
- self._klist() #190 =51
-
- self._writeHeader("TEST: password history for principal 'all', new passwords must not be a previous password") #191
- self._kpasswd('Test123.', 'Foobar2!', 'all') #192-195 =52
- self._writeLine("--------------\n\/\/\/ ERROR EXPECTED below") #197
- self._kpasswd('Foobar2!', passw, 'all', succeed=False) #199-202 =53
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n----------")
-
- # this shouldn't change the mkvno for any princs (should be 1) #206
- #self._updatePrincEnc() #207
- # princs should still be protected by mkvno 1 #208
- self._writeLine("@@@@@@@@ Wait for other people to fix bug in code 6507 update_princ_encryption to use mkey instead of latest mkey @@@@@@@@@@@@@\n")
- self._locGetprincFind('test', 'MKey: vno 1') #209 =54
-
- self._purgemkeys() #210 =55
- self._listmkeys() #211 =56
- self._usemkey('2', 'now-1day') #213 =57
- self._listmkeys() #214 =58
-
- self._writeLine("-----------\n\/\/\/ ERROR EXPECTED below") #216
- self._kpasswd('Foobar2!', passw, 'all', succeed=False) #217-221 =59
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n--------")
-
- self._kpasswd('Foobar2!', 'Barfoo3.', 'all') #224-228 =60
- self._kinit('Barfoo3.', 'all') #229
- self._klist() #230 =62
-
- self._writeLine("-------------\n\/\/\/ ERROR EXPECTED below") #231
- self._kpasswd('Barfoo3.', 'Foobar2!', 'all',succeed=False) #233-235 =63
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n---------")
-
- self._writeLine("\nTest's key should be protected by mkvno 2" ) #239
- self._locCpw('foo', 'test') #240 =64
- self._locGetprincFind('test', 'MKey: vno 2') #241 =65
- self._kdestroy() #242 =66
-
- self._writeHeader("TEST: krb5kdc refetch of mkey")#243
- self._kinit('foo', 'test') #244 =67
- self._klist() #245 =68
- self._writeLine("END. Testing krb5kdc refetch of mkey list Done ==============================================\n") #246
-
- self._updatePrincEnc() #247 =69
- self._get_princ_records() #248 =70 -83
- self._kdestroy() #249 =84
- self._kinit('foo', 'test') #250 =85
- self._purgemkeys() #252 =86
-
- self._stash() #254 =87
- self._shell(self.clients+'klist/klist' +" -ekt "+self.sandir+"/keyStashFile") #255 =88
-
- self._locGetprinc('K/M') #256 =89
- self._purgemkeys() #257 =90
- self._locGetprinc('K/M') #258
- self._listmkeys() #259 =92
- self._kdestroy() #260
- self._kinit('foo', 'test') #261
- self._klist() #262 =95
-
- self._writeLine("\n Adding in Master Key Number 3")
- self._listmkeys() #265 =96
- self._addmkey('abcde') #266-268
- self._listmkeys() #270 =98
- self._locCpw('foo', 'all') #271
- self._locGetprinc('all') #272 =100
- self._usemkey('3', 'now') #273
- self._listmkeys() #274 =102
- self._locCpw('99acefghI0!', 'all') #275
- self._locGetprinc('all') #276 =104
- self._kdestroy() #277
- self._kinit('foo', 'test') #279 =106
- self._klist() #280
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'listprincs'") #281 =108
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'getprinc test'") #282 =109
-
- self._writeHeader("TEST: add_mkey with aes128 enctype") #283
- self._addmkey('abcde', '-e aes128-cts-hmac-sha1-96') #284-287 =110
- self._listmkeys() #288 =111
-
- self._writeLine( "END. Testing add_mkey with aes128 enctype done ==============================================")#289
-
- self._writeHeader("TEST: krb5kdc refetch of mkey list")
- self._usemkey('4', 'now') #290 =112
- self._listmkeys() #291 =113
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'cpw -pw abcde test'") #292 =114
- self._shell(self.kadmin +" -p haoqili/admin -w "+passw+" -q 'getprinc test'") #293
- self._kdestroy() #294 =116
-
- self._writeLine("\nTesting krb5kdc refetch of mkey list =================================================") #295
- self._kinit('abcde', 'test') #296 =117
- #'self._klist() #297 =118
- self._writeLine("Testing krb5kdc refetch of mkey list Done :) =================================================\n") #298
-
- self._killkdc() #300 =119, 120
- self._startkdc() #301 =121 122
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'cpw -pw foo test'") #304 =123
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc test'") #305 =124
- self._kdestroy() #307 =125
-
- self._writeLine("\nTesting krb5kdc refetch of mkey list =================================================") #308
- self._kinit('foo', 'test') #309 =126
- self._klist() #310 =127
- self._writeLine("Testing krb5kdc refetch of mkey list Done =================================================\n") #311
-
- self._updatePrincEnc() #313 =128
- self._locGetprinc('K/M') #314
- self._locGetprinc('all') #315 =130
- self._locGetprinc('haoqili') #316
- self._kdestroy() #317 =132
- self._kinit('foo', 'test') #318
- self._stash() #319 =134
- self._shell(self.clients+'klist/klist' + " -ekt "+self.sandir+"/keyStashFile") #320
- self._locGetprinc('K/M') #321 =136
- self._purgemkeys() #322
- self._locGetprinc('K/M') #323 =138
- self._locGetprinc('all') #324
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc test'") #325 =140
- self._listmkeys() #326
- self._kdestroy() #327 =142
- self._kinit('foo', 'test') #328
- self._klist() #329 =144
-
- self._get_princ_records() #330 =145-158
-
- self._writeHeader("TEST: add_meky with DES-crc enctype")
- #print "\nTesting add_mkey with DES-crc enctype ==============================================" #331
- self._addmkey('abcde', '-e des-cbc-crc') #332-335 =159
- self._listmkeys() #336 =160
- self._writeLine( "END. Testing add_mkey with DES-crc enctype Done ==============================================") #337
- self._addmkey('abcde') #338-341 =161
- self._listmkeys() #342 =162
- self._writeLine( "current time: "+strftime("%Y-%m-%d %H:%M:%S") ) #343
-
- self._usemkey('5', 'now-1day') #344 =163
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#345
- self._listmkeys() #346 =164
- self._usemkey('5', 'now') #347 =165
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#348
- self._listmkeys() #349 =166
- self._usemkey('5', 'now+3days') #350 =167
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#351
- self._listmkeys() #352 =168
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#353
- self._usemkey('5', 'now+5sec') #354 =169
- self._listmkeys() #355 =170
- time.sleep(5) #356
- self._listmkeys() #357 =171
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#358
- self._usemkey('4', 'now+5sec') #359 =172
- self._listmkeys() #360 =173
- time.sleep(5) #361
- self._listmkeys() #362 =174
- self._usemkey('5', 'now+3days') #363 =175
-
- self._writeLine("------------\n\/\/\/ ERROR EXPECTED below" )#364
- self._writeLine("should fail, because there must be one mkey currently active") #365
- self._usemkey('4', 'now+2days', False) #366 =176
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n---------------")
-
- self._listmkeys() #373 =177
- self._usemkey('4', '1/30/2009') #375 =178
-
- self._writeHeader("TEST: purge_mkeys (removing mkey 5)")
- #print "\nTesting purge_mkeys (removing mkey 5) ==============================================" #378
- self._purgemkeys() #379 =179
- self._stash() #380 =180
- self._shell(self.clients+'klist/klist' +" -ekt "+self.sandir+"/keyStashFile") #381 =181
- self._listmkeys() #382 =182
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc K/M'") #383 =183
- self._writeLine("Testing purge_mkeys Done ==============================================") #384
- self._writeHeader("MASTER KEY MIGRATION TEST DONE. please consult 'outfile' in your sandbox for more info. The sandbox is at: %s" % self.sandir)
- # I added
- self._sysexit(finished=True)
-
-####################################################
-####################################################
-
-class Launcher:
- def __init__(self, path, sandP):
- # srcdir, self._buildDir = InPath
- self._buildDir = path
- # self._confDir = InPath/tests/mk_migr/input_conf
- self._confDir = '%s/tests/mk_migr/db2_backend/input_conf' % self._buildDir
-
- # setting up sand box
- if sandP != "":
- self._sandboxDir = sandP
- else:
- self._sandboxDir = '%s/tests/mk_migr/db2_backend/sandbox' % self._buildDir
-
- self._vars = {'srcdir': self._buildDir,
- 'sandboxdir': self._sandboxDir,
- 'localFQDN':socket.getfqdn()}
-
- def _prepSandbox(self):
- sandir = self._sandboxDir
- if os.path.exists(sandir):
- shutil.rmtree(sandir)
- print "------about to make sandbox, with the path of:"
- print sandir
- os.makedirs(sandir, 0777)
- print "------sandbox made"
- return sandir
-
- def _createFileFromTemplate(self, outpath, template, vars):
- fin = open(template, 'r')
- result = fin.read() % vars
- fin.close()
- fout = open(outpath, 'w')
- fout.write(result)
- fout.close()
-
- ####### Launcher RUN ################
- def runLauncher(self):
- # create sandbox file directory if it does not exit
- sandir = self._prepSandbox()
- '''print os.environ
- '''
- #save the initial 3 things setup
- orig_libpath = os.getenv('LD_LIBRARY_PATH')
- orig_krbconf = os.getenv('KRB5_CONFIG')
- orig_kdcprof = os.getenv('KRB5_KDC_PROFILE')
-
- # change the 3 things
- os.environ["LD_LIBRARY_PATH"] = '%s/lib' % self._buildDir
- #os.environ["SRCDIR"] = '%s' % self._buildDir
-
- str1 = '%s/krb5.conf' % self._sandboxDir
- os.environ["KRB5_CONFIG"] = str1
-
- str2 = '%s/kdc.conf' % self._sandboxDir
- os.environ["KRB5_KDC_PROFILE"] = str2
-
- str3 = '%s/kadm5.acl' % self._sandboxDir
-
- # Create adequate to the environment config files
- self._createFileFromTemplate('%s' % str1, '%s/%s' % (self._confDir, 'krb5_template_db2.conf'), self._vars)
- self._createFileFromTemplate('%s' % str2, '%s/%s' % (self._confDir, 'kdc_template_db2.conf'), self._vars)
- self._createFileFromTemplate('%s' % str3, '%s/%s' % (self._confDir, 'kadm5_template_db2.acl'), self._vars)
-
- return sandir
-
-####################################################
-####################################################
-def makeBool(aStr):
- if aStr == "True" or aStr == "T":
- return True
- if aStr == "False" or aStr == "F":
- return False
- else:
- print "did NOT execute due to invalid True False argument. Please enter either 'True', 'T', 'False', or 'F'"
- sys.exit()
-
-# # # # # # # # # # # # # # # # # # # # # # # # #
-
-def processInputs(parser):
- # get inputs
- (options, args) = parser.parse_args()
-
- verbose = makeBool(options.opVerbose)
- pw = options.opPassword
-
- kdcPath = options.opKdcPath #1
- kdmdPath = options.opKdmdPath #2
- kdbPath = options.opKdbPath #3
- kdmlPath = options.opKdmlPath #4
- kdmPath = options.opKdmPath #5
- cltPath = options.opCltPath #6
-
- sandPath = options.opSandbox
-
- ########### Launch ###############
-
- print "\n############ Start Launcher #############"
- src_path=os.environ["PWD"]
- print "SOURCE PATH ==>" , src_path
-
- myLaunch = Launcher(src_path, sandPath)
- sandir = myLaunch.runLauncher()
-
- test = MasterKeyMigrationTest(verbose, pw, kdcPath, kdmdPath, kdbPath, kdmlPath, kdmPath, cltPath, sandir)
- print "########## Finished Launcher ############\n"
-
- return test
-# # # # # # # # # # # # # # # # # # # # # # # # #
-
-def makeParser():
- usage = "\n\t%prog [-v][-p][-c][-d][-b][-l][-t][-s]"
- description = "Description:\n\tTests for the master key migration commands."
- parser = OptionParser(usage=usage, description=description)
-
- parser.add_option("-v", "--verbose", type="string", dest="opVerbose",
-default="True", help="'True' or 'False'. Switch on for details of command lines and outputs. Default is 'True'")
-
- parser.add_option("-p", "--password", type="string", dest="opPassword", default="test123", help="master password for many of the passwords in the test. Default is 'test123'")
-
- ## Default Paths
- dSrcPath = src_path=os.environ["PWD"]
- dKdcPath = '%s/kdc/krb5kdc' % dSrcPath #1
- dKdmdPath = '%s/kadmin/server/kadmind' % dSrcPath #2
- dKdbPath = '%s/kadmin/dbutil/kdb5_util' % dSrcPath #3
- dKdmlPath = '%s/kadmin/cli/kadmin.local' % dSrcPath #4
- dKdmPath = '%s/kadmin/cli/kadmin' % dSrcPath #5
- dCltPath = '%s/clients' % dSrcPath #6
-
- parser.add_option("-c", "--krb5kdcpath",
-type="string", dest="opKdcPath",
-default=dKdcPath, help="set krb5kdc path, default="+dKdcPath) #1
-
- parser.add_option("-d", "--kadmindpath",
-type="string", dest="opKdmdPath",
-default=dKdmdPath, help="set kadmind path, default="+dKdmdPath) #2
-
- parser.add_option("-b", "--kdb5_utilpath",
-type="string", dest="opKdbPath",
-default=dKdbPath, help="set kdb5_util path, default="+dKdbPath) #3
-
- parser.add_option("-l", "--kadminlocalpath",
-type="string", dest="opKdmlPath",
-default=dKdmlPath, help="set kadmin.local path, default="+dKdmlPath) #4
-
- parser.add_option("-n", "--kadminpath",
-type="string", dest="opKdmPath",
-default=dKdmPath, help="set kadmin path, default="+dKdmPath) #5
-
- parser.add_option("-t", "--clientspath",
-type="string", dest="opCltPath",
-default=dCltPath, help="set clients path, default="+dCltPath) #6
-
- # set up / initializing stuff for the sandbox
- parser.add_option("-s", "--sandbox",
-type="string", dest="opSandbox",
-default="",
-help="path for the sandbox. Default is '%s/tests/mk_migr/db2_backend/sandbox' % "+dSrcPath)
-
- return parser
-
-####################################################
-if __name__ == '__main__':
- parser = makeParser()
- test = processInputs(parser)
- result = test.run()
diff --git a/src/tests/mk_migr/ldap_backend/README_for_mkmldap b/src/tests/mk_migr/ldap_backend/README_for_mkmldap
deleted file mode 100644
index 1ab3cde..0000000
--- a/src/tests/mk_migr/ldap_backend/README_for_mkmldap
+++ /dev/null
@@ -1,77 +0,0 @@
-##############################################################################
-###################### WARNING: DOES NOT WORK YET ############################
-##############################################################################
-
-ABOUT:
-A translation of Will Fiveash's "mit_db2_mkey_migrate_testB" ksh code into Python with ldap backend. With minor fixes and changes. Written by HaoQi Li.
-
-DEFAULT SETTINGS:
-Options Name Default Setting
- -h Help
- -v Verbose: True
- -p Testing pw: test123
- -s Sandbox loc: src/tests/kdc_realm2/sandbox
- -c Krb5kdc: src/kdc/krb5kdc
- -d Kadmind: src/kadmin/server/kadmind
- -b Kdb5_util: src/kadmin/dbutil/kdb5_util
- -a Kdb5_ldap_util: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util
- -l Kadmin.local: src/kadmin/cli/kadmin.local
- -n Kadmin: src/kadmin/cli/kadmin
- -t Client paths: src/clients
-
-INPUTS:
-* src/tests/mk_migr/ldap_backend/input_conf/kdc_template_ldap.conf
-* src/tests/mk_migr/ldap_backend/input_conf/krb5_template_ldap.conf
-* src/tests/mk_migr/ldap_backend/input_conf/kadm5_template_ldap.acl
-* src/tests/mk_migr/ldap_backend/input_conf/debconfile
-
-OUTPUTS:
-* sandbox that contains customized outfile with all commands and their outputs, kdc.conf, krb5.conf, kadm6.acl, and others.
-* Statistics on screen of number of commands passed and failed (if not interrupted by fatal failures).
-
-EXAMPLES:
-- MUST RUN from trunk/src.
-* python tests/mk_migr/ldap_backend/ldap7.py
- Using all Default Settings.
-* python tests/mk_migr/ldap_backend/ldap7.py -s /tmp/mySandbox
- Sandbox now can be found in /tmp/mySandbox.
-
-REFERENCE:
-http://k5wiki.kerberos.org/wiki/LDAP_on_Kerberos
-and http://k5wiki.kerberos.org/wiki/User_talk:Haoqili
-
-NOTES:
-* "haoqili" is a name that can be changed.
-* "kdb5_util stash" is equivalent to "-s" in "kdb5_ldap_util create -s"
-* 2019 and 2029 are future dates that should best be written not as fixed. Such as now+10years.
-
-FAILURES:
-
-* failure in kpasswd all, ERROR:"password history principal key version mismatch while trying to change password." This is caused by "-history 3" in testpolicy4
-
-* The beginning of a series of failures starts from: the "kdb5_util list_mkeys" fails after "kdb5_util add_mkey -e aes128-cts-hmac-sha1-96 [with password=abcde]"
-ERROR:-------------------------------------
-kdb5_util: Unable to decrypt latest master key with the provided master key
-while getting master key list
-kdb5_util: Warning: proceeding without master key list
-kdb5_util: master keylist not initialized
-can't decrypt the latest master key
---------------------------------------------
-Convo with Tom:
-T: so you didn't activate the new mkey?
-H: correct i just added it
-T: the message looks familiar. does list_mkeys work before you do that add_mkey?
-H: yes it does
-T: Will might have mentioned some problems with the LDAP backend and the master key migration stuff.
-T: how up-to-date is your source tree? Will says he remembers fixing this.
-H: i'm at revision 22523
-T: hm, i think that should be recent enough.
-T: do you have any enctype settings in your config files?
-H: in krb5.conf
-[libdefaults]
-default_realm = EXAMPLE.ORG
-default_tkt_enctypes = des3-hmac-sha1 aes128-cts
-default_tgs_enctypes = des3-hmac-sha1 aes128-cts
-T: anything for supported_enctypes or master_key_type?
-H: no
-
diff --git a/src/tests/mk_migr/ldap_backend/input_conf/debconfile b/src/tests/mk_migr/ldap_backend/input_conf/debconfile
deleted file mode 100644
index 6866e93..0000000
--- a/src/tests/mk_migr/ldap_backend/input_conf/debconfile
+++ /dev/null
@@ -1,9 +0,0 @@
-slapd slapd/no_configuration boolean false
-slapd slapd/domain string example.org
-slapd shared/organization string My Organization
-slapd slapd/backend select HDB
-slapd slapd/purge_database boolean true
-slapd slapd/move_old_database boolean true
-slapd slapd/password1 password a
-slapd slapd/password2 password a
-slapd slapd/allow_ldap_v2 boolean false
diff --git a/src/tests/mk_migr/ldap_backend/input_conf/kadm5_template_ldap.acl b/src/tests/mk_migr/ldap_backend/input_conf/kadm5_template_ldap.acl
deleted file mode 100644
index 719677a..0000000
--- a/src/tests/mk_migr/ldap_backend/input_conf/kadm5_template_ldap.acl
+++ /dev/null
@@ -1 +0,0 @@
-*/admin *
diff --git a/src/tests/mk_migr/ldap_backend/input_conf/kdc_template_ldap.conf b/src/tests/mk_migr/ldap_backend/input_conf/kdc_template_ldap.conf
deleted file mode 100644
index 559eabf..0000000
--- a/src/tests/mk_migr/ldap_backend/input_conf/kdc_template_ldap.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-[kdcdefaults]
- kdc_ports = 8888
-
-[realms]
- EXAMPLE.ORG = {
- database_name = %(sandir)s/krb5kdc/principal
- acl_file = %(sandir)s/kadm5.acl
- key_stash_file = %(sandir)s/krb5kdc/.k5.EXAMPLE.ORG
- kdc_ports = 8888
- kpasswd_port = 8887
- kadmind_port = 8886
- max_life = 10h 0m 0s
- max_renewable_life = 7d 0h 0m 0s
- }
-[logging]
- kdc = FILE:/tmp/myrealKDC.log
diff --git a/src/tests/mk_migr/ldap_backend/input_conf/krb5_template_ldap.conf b/src/tests/mk_migr/ldap_backend/input_conf/krb5_template_ldap.conf
deleted file mode 100644
index 5805f60..0000000
--- a/src/tests/mk_migr/ldap_backend/input_conf/krb5_template_ldap.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-[libdefaults]
- default_realm = EXAMPLE.ORG
- default_tkt_enctypes = des3-hmac-sha1 aes128-cts
- default_tgs_enctypes = des3-hmac-sha1 aes128-cts
-
-[realms]
- EXAMPLE.ORG = {
- admin_server = %(localFQDN)s:8886
- kpasswd_server = %(localFQDN)s:8887
- #default_domain = EXAMPLE.ORG
- kdc = %(localFQDN)s:8888
- database_module = LDAP
- }
-
-[dbdefaults]
- ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
-
-[dbmodules]
- LDAP = {
- db_library = kldap
- ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
- ldap_kdc_dn = cn=admin,dc=example,dc=org
- ldap_kadmind_dn = cn=admin,dc=example,dc=org
- ldap_service_password_file = %(sandir)s/krb5kdc/admin.stash
- ldap_servers = ldapi:///
- }
-[domain_realm]
-
-[logging]
- kdc = FILE:/tmp/kdc_fromkrb.log
- default = FILE:/tmp/krb5.log
- admin_server = FILE:/tmp/admin.log
-
diff --git a/src/tests/mk_migr/ldap_backend/mkmldap.py b/src/tests/mk_migr/ldap_backend/mkmldap.py
deleted file mode 100644
index ae2b83a..0000000
--- a/src/tests/mk_migr/ldap_backend/mkmldap.py
+++ /dev/null
@@ -1,897 +0,0 @@
-##############################################################################
-###################### WARNING: DOES NOT WORK YET ############################
-##############################################################################
-
-import os, sys, shutil, socket, time, string
-from subprocess import Popen, PIPE
-from optparse import OptionParser
-from time import strftime
-
-class LDAPbackendSetup:
- def __init__(self, verbose_in, pw_in, kdcPath_in, kdmdPath_in, kdbPath_in, ldapPath_in, kdmlPath_in, kdmPath_in, cltPath_in, sandir_in, confdir_in):
- self.npass = 0
-
- self.nfail = 0
-
- self.verbose = verbose_in
- self.pw = pw_in
-
- self.krb5kdc = kdcPath_in #1 krb5kdc
- self.kadmind = kdmdPath_in #2 kadmind
- self.kdb5_util = kdbPath_in #3a kdb5_util
- self.kdb5_ldap_util = ldapPath_in #3b kdb5_ldap_util
- self.kadminlocal = kdmlPath_in #4 kadmin.local
- self.kadmin = kdmPath_in #5 kadmin
- self.clients = cltPath_in+"/" #6 clients
-
- self.sandir = sandir_in
- self.confdir = confdir_in
-
- ########## SET UP Write Output File #####
- print "outfile path"
- print self.sandir
- print self.sandir+"/outfile"
-
- self.outfile = open(self.sandir+"/outfile", 'w')
-
- #''print os.environ'
-
- def _writeLine(self, astr, prt=False):
- self.outfile.write(astr.strip()+"\n")
- if prt:
- print astr.strip()
-
- def _writeHeader(self, astr, prt=True):
- self.outfile.write("\n========== "+astr.strip()+" ==========\n")
- if prt:
- print "========== "+astr.strip()+" =========="
-
- def _sysexit(self, fatal=False, finished=False):
- self._writeLine("++++++++++++++++++++++++++++++", True)
- if fatal:
- self._writeLine("++++ Test did NOT finish +++++", True)
- self._writeLine("++++ FATAL FAILURE! Stopped ++", True)
- self._writeLine("++++ See sandbox/outfile +++++", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- sys.exit()
- elif not finished:
- self._writeLine("++++ Test did NOT finish +++++", True)
- self._writeLine("++++ FAIL Detected! keep going", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- else: #finished
- self._writeLine("++++ MKM Test Finished +++++++", True)
- self._writeLine("++++++++++++++++++++++++++++++", True)
- self._writeLine("++++ Commands Passed: %s +++++" % self.npass, True)
- self._writeLine("++++ Commands Failed: %s +++++" % self.nfail, True)
- sys.exit()
-
- def _printig(self):
- self._writeLine("~.~.~Error should be ignored~.~.~.~")
-
- def _printerr(self, errm, stderr):
- self._writeLine("#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#")
- self._writeLine("-XX-FAILED: "+errm+". See stderr below:")
- [self._writeLine(line) for line in stderr.readlines() ]
-
- def _printout(self, cmd, pstdout):
- if self.verbose:
- self._writeLine("#######################################")
- #self._writeLine("---------------------------------------")
- self._writeLine("-command: "+cmd)
- self._writeLine("-----out: ")
- [self._writeLine(line) for line in pstdout.readlines()]
-
- def _eval(self, succeed, pwait, errm, pstderr, fatal=False, msg2="", finished=False):
- if int(pwait) != 0: # is bad
- self._printerr(errm, pstderr)
- if succeed==True: ## want good
- self.nfail += 1
- self._sysexit(fatal, finished)
- else: ## want bad
- self.npass += 1
- self._printig()
- else: # is good
- if not succeed: ## want bad
- if msg2 != "":
- self._writeLine(msg2, True)
- self.nfail += 1
- self._sysexit(fatal, finished)
- else: ## want good
- self.npass += 1
-
- def _metafunc(self, command, errmsg, moreinfo="", isLocal=False, succeed=True, fatal=False):
- l = command
- if isLocal:
- pl = Popen(l.split(None,2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- else:
- pl = Popen(l.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l+moreinfo, pl.stdout)
-
- self._eval(succeed, pl.wait(), errmsg, pl.stderr, fatal)
-
- ###########################################
-
- # Start the KDC daemons
- def _startkdc(self):
- self._writeLine("\nstarting kdc daemons ...")
- l0 = self.krb5kdc
- errm = "error at starting krb5kdc"
- self._metafunc(l0, errm)
- # below has been changed
-
- #starting kadmind
- l0b = self.kadmind + ' -W -nofork' #the W is for during off strong random numbers
- errm = "error at starting kadmind, maybe it's already started"
- pl0b = Popen(l0b.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._writeLine( "kadmind -nofork")
- started = False
- while time.clock() < 3:
- l = pl0b.stderr.readline()
- if l.find("starting") > -1:
- self._writeLine( l.strip())
- self.npass += 1
- started = True
- break
- else:
- self.nfail += 1
- self._printerr("kadmind not starting, check to see if there are any previous kadmind running with cmd: 'ps -ef | grep kadmind' and then do 'sudo kill -9 [# on the left]'", pl0b.stderr)
- self._sysexit(fatal=True)
- if not started:
- self.nfail += 1
- self._sysexit()
- self._writeLine("end starting kdc daemons")
-
- # Kill the KDC daemons in case they are running
- def _killkdc(self, suc=True):
- l1 = 'pkill -9 -x krb5kdc'
- errm = "no krb5kdc killed"
- self._metafunc(l1, errm, succeed=suc)
- l2 = 'pkill -9 -x kadmind'
- errm = "no kadmind killed"
- self._metafunc(l2, errm, succeed=suc)
-
- # Destroys current database
- def _destroykdc(self, suc=True):
- l3 = self.kdb5_util+' destroy -f' #forced
- errm = "no kdb database destroyed"
- self._metafunc(l3, errm, succeed=suc)
-
- ''' Destroys current database
- I don't use this because 1. I don't know the specific kdc's to destroy, 2. the debconf setting up of slapd has destroyed old databases already
- def _destroykdc_ldap(self, suc=True):
- l3 = self.kdb5_ldap_util+' destroy -f' #forced
- errm = "no kdb database destroyed"
- self._metafunc(l3, errm, succeed=suc)
- '''
-
- # Create a new database with a new master key
- def _createdb(self, pw):
- l4 = self.kdb5_util+' -P '+pw+' create -s -W' #added W for svn version 22435 to avoid reading strong random numbers
- errm = "error when creating new database, _createdb()"
- self._metafunc(l4, errm, fatal=True)
-
- # Addprinc
- def _locAddprinc(self, passw, usern):
- l5 = self.kadminlocal+' -q addprinc -pw '+passw+' '+usern
- errm = "error when adding princ, _locAddprinc"
- self._metafunc(l5, errm, isLocal=True)
-
- # List princs
- def _locListprincs(self):
- l6 = self.kadminlocal+' -q listprincs'
- errm = "error when listing princs, _locListprincs"
- self._metafunc(l6, errm, isLocal=True)
-
- # Get princs
- def _locGetprinc(self, usern, extra=False, succeed=True):
- l7 = self.kadminlocal+' -q getprinc '+usern
- errm="error when getting princ, _locGetprinc"
-
- pl7 = Popen(l7.split(None,2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if not extra:
- self._printout(l7, pl7.stdout)
- else:
- if self.verbose:
- self._writeLine("-command: "+l7)
- self._writeLine("-----out: ")
- for line in pl7.stdout.readlines():
- if line.startswith("Princ") or line.startswith("MKey"):
- self._writeLine(line)
- self._eval(succeed, pl7.wait(), errm, pl7.stderr)
-
- # Get princs and finds something in the output
- def _locGetprincFind(self, usern, findstr, succeed=True):
- l7b = self.kadminlocal+' -q getprinc ' +usern
- errm="error when getting princs, _locGetprinc, (regular output of getprincs is not printed here), will NOT continue to find string="+findstr
- pl7b = Popen(l7b.split(None, 2), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if self.verbose:
- self._writeLine("-command: "+l7b)
- if int(pl7b.wait()) != 0: # is bad
- self._printerr(errm, pl7b.stderr)
- if succeed: ## want good
- self.nfail += 1
- self._sysexit()
- else: ## want bad
- self.npass += 1
- self._printig()
- else: # is good
- if self.verbose:
- self._writeLine( "-----out: ")
- boofound = False
- for outl in pl7b.stdout.readlines():
- self._writeLine(outl)
- if string.find(outl, findstr) > -1:
- boofound = True
- if boofound:
- self._writeLine("----FOUND: "+findstr)
- else:
- self._writeLine("----NOT FOUND: "+findstr)
- if not succeed: ## want bad
- self.nfail += 1
- self._sysexit()
- else: ## want good
- self.npass += 1
-
- # Add policy
- def _locAddpol(self, maxtime, minlength, minclasses, history, policyname):
- rest = ""
- if maxtime != None:
- rest += '-maxlife '+maxtime+' '
- if minlength != None:
- rest += '-minlength '+minlength+' '
- if minclasses != None:
- rest += '-minclasses '+minclasses+' '
- if history != None:
- rest += '-history '+history+' '
- l8 = self.kadminlocal+' -q add_policy '+rest+policyname
- errm = "error when adding policy, _locAddpol"
- self._metafunc(l8, errm, isLocal=True)
-
- # Get pol
- def _locGetpol(self, poln):
- l8b = self.kadminlocal+' -q getpol '+poln
- errm="error when getting pol, _locGetpol"
- self._metafunc(l8b, errm, isLocal=True)
-
- # Modify Principal
- def _locModprinc(self, rest):
- l9 = self.kadminlocal+' -q modprinc '+rest
- errm = "error when modifing principal, _locModprinc"
- self._metafunc(l9, errm, isLocal=True)
-
- # List mkeys
- def _listmkeys(self):
- l10 = self.kdb5_util+' list_mkeys'
- errm = "error when listing mkeys, _listmkeys"
- self._metafunc(l10, errm)
-
- # Use mkeys
- def _usemkey(self, kvno, time, succeed=True):
- l11 = self.kdb5_util+' use_mkey '+kvno+' '+time
- pl11 = Popen(l11.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l11, pl11.stdout)
- self._eval(succeed, pl11.wait(), "error when using mkeys, _usemkey", pl11.stderr, msg2="-XX-ERROR: "+l11+" should have failed.")
-
-
- # Change password (cpw)
- def _locCpw(self, passw, usern):
- l12 = self.kadminlocal+' -q cpw -pw '+passw+' '+usern
- errm = "error when changing password, _locCpw"
- self._metafunc(l12, errm, moreinfo="\n--------: newpw='"+passw+"'", isLocal=True)
-
- # Purge mkeys
- def _purgemkeys(self):
- l13 = self.kdb5_util+' purge_mkeys -f -v' #-f is forced, -v is verbose
- errm = "error when purging mkeys, _purgemkeys"
- self._metafunc(l13, errm)
-
- # Add mkey
- def _addmkey(self, passw, extra="", succeed=True):
- l14 = self.kdb5_util+' add_mkey '+extra
- pl14 = Popen(l14.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl14.stdin.write(passw+'\n') #enter 1st time
- pl14.stdin.write(passw+'\n') #re-enter
- self._printout(l14+' [with password='+passw+']', pl14.stdout)
- self._eval(succeed, pl14.wait(), "error when adding mkey, _addmkey", pl14.stderr)
- self._writeLine( "----end of adding mkey")
-
- # kinit user
- def _kinit(self, passw_in, usern, succeed=True):
- l15 = self.clients+'kinit/kinit '+usern
- pl15 = Popen(l15.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl15.stdin.write(passw_in+'\n')
- pl15.stdin.close()
- self._printout(l15, pl15.stdout)
- self._eval(succeed, pl15.wait(), "error when kinit user, _kinit", pl15.stderr)
- self._writeLine( "----end of kiniting user")
-
- # change password on client's side
- def _kpasswd(self, oldpw, newpw, usern, succeed=True):
- l16 = self.clients+'kpasswd/kpasswd '+usern
- pl16 = Popen(l16.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- pl16.stdin.write(oldpw+'\n')
- pl16.stdin.write(newpw+'\n')
- pl16.stdin.write(newpw+'\n')
- self._printout(l16+"\n--------: oldpw='"+oldpw+"' -> newpw='"+newpw+"'", pl16.stdout)
- self._eval(succeed, pl16.wait(), "error when changing password on client's side, _kpasswd", pl16.stderr)
- self._writeLine("----end of changing kpasswd")
-
- # klist on client's side
- def _klist(self):
- l17 = self.clients+'klist/klist'
- errm = "error when klist, _klist"
- self._metafunc(l17, errm)
-
- # Update principal encryption
- def _updatePrincEnc(self):
- l18 = self.kdb5_util+' update_princ_encryption -f -v'
- errm = "error when updating principal encryption, _updatePrincEnc"
- self._metafunc(l18, errm)
-
- # kdestroy
- def _kdestroy(self):
- l19 = self.clients+'kdestroy/kdestroy'
- errm = "error when kdestroy, _kdestroy"
- self._metafunc(l19, errm)
-
- # stash
- def _stash(self):
- l20 = self.kdb5_util+' stash'
- errm="error at stash, _stash"
- self._metafunc(l20, errm)
-
- # any shell command
- def _shell(self, command, succeed=True):
- l21 = command
- errm="error at executing this command in _shell(): "+l21
- pl21 = Popen(l21, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- self._printout(l21, pl21.stdout)
- self._eval(succeed, pl21.wait(), errm, pl21.stderr)
- #'self._printerr(errm, pl21.stderr) Pointed out that kadmin had problems!'
-
-
- def _shelltest(self, command, succeed=True):
- l21 = command
- errm="error at executing this command in _shell(): "+l21
- pl21 = Popen(l21, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- first = pl21.communicate('a\na')[0]
- print "first:"
- print first
- print "end first"
-
- #self._printout(l21, pl21.stdout) self._printout(l21, first)
- self._eval(succeed, pl21.wait(), errm, pl21.stderr)
- #self._printerr(errm, pl21.stderr) #Pointed out that kadmin had problems!'
-
-
- # get_princ_records()
- def _get_princ_records(self, succeed=True):
- l22 = self.kadminlocal+" -q listprincs 2>/dev/null|grep -v '^Authenticating as'|fgrep '@'|sort"
- errm="error at listprincs in _get_princ_records() with this command: "+l22
- pl22 = Popen(l22, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- if int(pl22.wait()) != 0: # is bad
- self.printerr(errm, pl22.stderr)
- if succeed: ## want good
- self.nfail += 1
- self._sysexit()
- else: ## want badd
- self.npass += 1
- self._printig()
- else: # is good
- if not succeed: ## want bad
- self.nfail += 1
- self._sysexit()
- else: ## want good
- self.npass += 1
- self._writeLine( "\nget_princ_records() executing all listprincs command: "+l22+"\n------its results:")
- for princ in pl22.stdout.readlines():
- self._locGetprinc(princ.strip(), extra=True)
- self._writeLine("END executing command: "+l22+"\n~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~")
-
-######################################################
- def run(self):
- #############RUN###################
- passw=self.pw
-
- self._writeHeader("START MASTER KEY MIGRATION TEST")
-
- # Set up database
- self._writeHeader("SET UP: database")
- self._killkdc("Either") #74 =1,2
- #self._destroykdc("Either") #77 =3
- #self._destroykdc_ldap("Either") #77 =3
-
- self._shell('sudo cat '+self.confdir+'/debconfile')
- self._shell('sudo debconf-set-selections '+self.confdir+'/debconfile')
- self._shell('sudo dpkg-reconfigure --frontend=noninteractive slapd')
- self._shell('sudo ldapadd -x -D cn=admin,cn=config -w a -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{6\}kerberos.ldif -H ldapi:///')
- self._shell('kdb5_ldap_util -D cn=admin,dc=example,dc=org -w a -H ldapi:/// create -P a -s') #self._createdb(passw) #81 =4
- self._shelltest('kdb5_ldap_util -D cn=admin,dc=example,dc=org -w a -H ldapi:/// stashsrvpw cn=admin,dc=example,dc=org')
- #self._shell('krb5kdc') ## MUST KILL krb5kdc before first!
- self._writeHeader("+++++ START +++++")
-
- #line 83-86 involves ktadd kadm5.keytab, which are out dated
-
- # add, get, and list princs
- self._writeHeader("SET UP: add/get/list princs")
- self._locAddprinc(passw, 'kdc/admin') #87 =5
- self._locListprincs() #89 =6
- self._locGetprinc('K/M') #90 =7
- self._locAddprinc('test123', 'haoqili') #91 =8
- self._locGetprinc('haoqili') #92 =9
- self._locAddprinc(passw, 'haoqili/admin') #93 =10
- self._locAddprinc('foobar', 'test') #94 =11
- self._locGetprinc('test') #95 =12
- self._locListprincs() # I added =13
- myfqdn = socket.getfqdn()
- #self._shell(self.parentpath+"kadmin.local -q 'addprinc -randkey host/"+myfqdn+"'") #96
- self._shell(self.kadminlocal+" -q 'addprinc -randkey host/"+myfqdn+"'") #96 =14
-
- # create policies
- self._writeHeader("SET UP: create policies")
-
- #print "\n~~~~~~~~~ create policies ~~~~~~~~~~~"
- self._locAddpol('8days', None, None, None, 'testpolicy')#100 =15
- self._locAddpol('20days', '8', '3', None, 'testpolicy2')#101
- self._locAddpol('90days', '2', '2', None, 'testpolicy3')#102
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- #!!!!!!!!!Changed to avoid problem in 'kpasswd all'!!!!!!!!!!!!!!!!!!!!
- #self._locAddpol('90days', '2', '2', '3', 'testpolicy4')#103
- self._locAddpol('90days', '2', '2', None, 'testpolicy4')#103
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- self._locModprinc('-policy testpolicy haoqili')#105
- self._locAddprinc(passw, 'foo')#106
- self._locModprinc('-policy testpolicy3 foo')#107 =21
-
- # create all princ with all fields
- self._writeHeader("SET UP: create all princ with all fields")
- #print "\n~~~~~~~~~ create all princ with all fields ~~~~~"
- self._locAddprinc(passw, 'all') #110 =22
- self._locModprinc('-expire "2029-12-30 7pm" all') #112
- self._locModprinc('-pwexpire 12/30/2029 all') #114
- #self._locModprinc('-expire "now+10years" all') #112
- #self._locModprinc('-pwexpire now+10years all') #114
- self._locGetprinc('all') #115
- self._locModprinc('-maxlife 100days all') #116
- self._locGetprinc('all') #117
- self._locModprinc('-maxrenewlife 100days all') #118
- self._locGetprinc('all') #119
- self._locModprinc('+allow_postdated +allow_forwardable all') #120 =30
- self._locModprinc('+allow_proxiable +allow_dup_skey all') #121
- self._locModprinc('+requires_preauth +allow_svr +needchange all') #122
- self._locModprinc('-policy testpolicy4 all') #123 ###########
- self._locGetprinc('all') #124 =34
-
- # Testing stuff
- self._writeHeader("TEST: initial mkey list") #126
- self._writeLine("===== Listing mkeys at start of test") #I add
- self._listmkeys() #127 =35
-
- self._writeLine( "Testing krb5kdc list_mkeys Done ==============================================") #128
-
- self._writeLine("---------------\n xxxxxxxxxx \/\/\/ ERRORS (multiple) EXPECTED below xxxxxxxxxx")
- self._writeLine("\nERRORS (multiple) EXPECTED below")
- self._writeLine("Testing bogus use_mkey (setting only mkey to future date, using non-existent kvno, so should return error) =======") #129, 130
- self._writeLine( "-> must have a mkey currently active (setting mkey to 2 days from now), should fail and return error") #132
- self._usemkey('1', 'now+2days', False) #133-138 =36
-
- self._writeLine("-> must have a mkey currently active (setting mkey to 2019 the future), should fail and return error") #140
- self._usemkey('1', '5/30/2019', False) #141 =37
- self._writeLine("-> bogus kvno and setting mkey to 2 days from now, should fail and return error") #147
- self._usemkey('2', 'now+2days', False) #148 =38
- self._writeLine("-> bogus kvno, should fail and return error") #I add
- self._usemkey('2', 'now-2days', False) #I add =39
- self._writeLine( "^^^ABOVE^^ SHOULD HAVE *ALL* FAILED\n-----------------")
-
- self._writeLine( "Listing mkeys at end of test") #I add
- self._listmkeys() #155 =40
- self._writeLine("Testing bogus use_mkey (setting only mkey to future date) Done ===========================") #156
-
-
- self._writeLine("\nmake sure cpw [change password] works") #158
- # this changes the password of 'test' from 'foobar' in "add, get, and list princs" above
- self._locCpw('test1', 'test') #159 =41
-
- self._writeHeader("TEST: bogus purge_mkeys (should be no keys purged, no error returned")
- #print "\nTesting bogus purge_mkeys (should be no keys purged, no error returned) ===========================" #161
- self._purgemkeys() #162 =42
- self._writeLine("Testing bogus purge_mkeys (no error) Done ===========================") #163
-
- self._writeHeader( "add kvno 2") #164
-
- self._addmkey('abcde', '-s') #165-167 =43
- self._writeLine(".\nlist mkeys")
- self._listmkeys() #169 =44
-
- #start daemons
- #@@@@@@@@@@@@@@@@@@@@@@@@@@@############@@@@@@@@@@@@@@@@@@############
- self._startkdc() #172 =45 46
- self._writeLine("make sure kdc is up, by kinit test") #176
- self._kinit('test1', 'test') #177 =47
-
- self._writeLine("---------------\n\/\/\/ ERROR EXPECTED below. Test passwd policy.:") #180
- self._kinit(passw, 'all', succeed=False) #181 =48
- self._writeLine("^^ABOVE^^ SHOULD HAVE FAILED\n-----------------")
-
- #change passwd on client's side
-
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- self._kpasswd(passw, 'Test123.', 'all')#184-188 =49 !!!!!!!!!!!!!!!!
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- self._kinit('Test123.', 'all') #189 =50
- self._klist() #190 =51
-
- self._writeHeader("TEST: password history for principal 'all', new passwords must not be a previous password") #191
- self._kpasswd('Test123.', 'Foobar2!', 'all') #192-195 =52
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- '''
- self._writeLine("--------------\n\/\/\/ ERROR EXPECTED below") #197
- self._kpasswd('Foobar2!', passw, 'all', succeed=False) #199-202 =53
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n----------")
- '''
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- # this shouldn't change the mkvno for any princs (should be 1) #206
- #self._updatePrincEnc() #207
- # princs should still be protected by mkvno 1 #208
- self._writeLine("@@@@@@@@ Wait for other people to fix bug in code 6507 update_princ_encryption to use mkey instead of latest mkey @@@@@@@@@@@@@\n")
- self._locGetprincFind('test', 'MKey: vno 1') #209 =54
-
- self._purgemkeys() #210 =55
- self._listmkeys() #211 =56
- self._usemkey('2', 'now-1day') #213 =57
- self._listmkeys() #214 =58
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- '''
- self._writeLine("-----------\n\/\/\/ ERROR EXPECTED below") #216
- self._kpasswd('Foobar2!', passw, 'all', succeed=False) #217-221 =59
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n--------")
- '''
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- self._kpasswd('Foobar2!', 'Barfoo3.', 'all') #224-228 =60
- self._kinit('Barfoo3.', 'all') #229
- self._klist() #230 =62
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- '''
- self._writeLine("-------------\n\/\/\/ ERROR EXPECTED below") #231
- self._kpasswd('Barfoo3.', 'Foobar2!', 'all',succeed=False) #233-235 =63
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n---------")
- '''
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- self._writeLine("\nTest's key should be protected by mkvno 2" ) #239
- self._locCpw('foo', 'test') #240 =64
- self._locGetprincFind('test', 'MKey: vno 2') #241 =65
- self._kdestroy() #242 =66
-
- self._writeHeader("TEST: krb5kdc refetch of mkey")#243
- self._kinit('foo', 'test') #244 =67
- self._klist() #245 =68
- self._writeLine("END. Testing krb5kdc refetch of mkey list Done ==============================================\n") #246
-
- self._updatePrincEnc() #247 =69
- self._get_princ_records() #248 =70 -83
- self._kdestroy() #249 =84
- self._kinit('foo', 'test') #250 =85
- self._purgemkeys() #252 =86
-
- #self._stash() #254 =87 #!!! Not necessary in ldap, done by 'create -s'
- self._shell(self.clients+'klist/klist' +" -ekt "+self.sandir+"/krb5kdc/.k5.EXAMPLE.ORG") #255=88
-
- self._locGetprinc('K/M') #256 =89
- self._purgemkeys() #257 =90
- self._locGetprinc('K/M') #258
- self._listmkeys() #259 =92
- self._kdestroy() #260
- self._kinit('foo', 'test') #261
- self._klist() #262 =95
-
- self._writeLine("\n Adding in Master Key Number 3")
- self._listmkeys() #265 =96
- self._addmkey('abcde') #266-268
- self._listmkeys() #270 =98
- self._locCpw('foo', 'all') #271
- self._locGetprinc('all') #272 =100
- self._usemkey('3', 'now') #273
- self._listmkeys() #274 =102
- self._locCpw('99acefghI0!', 'all') #275
- self._locGetprinc('all') #276 =104
- self._kdestroy() #277
- self._kinit('foo', 'test') #279 =106
- self._klist() #280
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'listprincs'") #281 =108
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'getprinc test'") #282 =109
-
- self._writeHeader("TEST: add_mkey with aes128 enctype") #283
- self._addmkey('abcde', '-e aes128-cts-hmac-sha1-96') #284-287 =110
- #!!!!!!!!!!!!!!!!Start to have problems !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- self._listmkeys() #288 =111
- '''$ kdb5_util list_mkeys
-kdb5_util: Unable to decrypt latest master key with the provided master key
- while getting master key list
-kdb5_util: Warning: proceeding without master key list
-kdb5_util: master keylist not initialized'''#!!!!!!!!!!!!!!!!!!!!!!!
- #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- self._writeLine( "END. Testing add_mkey with aes128 enctype done ==============================================")#289
- self._writeHeader("TEST: krb5kdc refetch of mkey list")
- #!!!!!!!!!!!!!!\/ errors \/ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- self._usemkey('4', 'now') #290 =112
- self._listmkeys() #291 =113
- #!!!!!!!!!!!!!!/\ errors /\ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- self._shell(self.kadmin+" -p haoqili/admin -w "+passw+" -q 'cpw -pw abcde test'") #292 =114
- self._shell(self.kadmin +" -p haoqili/admin -w "+passw+" -q 'getprinc test'") #293
-
- self._kdestroy() #294 =116
-
- self._writeLine("\nTesting krb5kdc refetch of mkey list =================================================") #295
- self._kinit('abcde', 'test') #296 =117
- self._klist() #297 =118
- self._writeLine("Testing krb5kdc refetch of mkey list Done :) =================================================\n") #298
-
- self._killkdc() #300 =119, 120
- self._startkdc() #301 =121 122
-
- # The lines below are commented out because krb5kdc could not be restarted. For their error messages, see the outfile
- '''
- kdc.log:
- Aug 31 12:21:23 reach-my-dream krb5kdc[24273](info): AS_REQ (2 etypes {16 17}) 127.0.1.1: ISSUE: authtime 1251746483, etypes {rep=16 tkt=18 ses=16}, test at EXAMPLE.ORG for krbtgt/EXAMPLE.ORG at EXAMPLE.ORG
-krb5kdc: Unable to decrypt latest master key with the provided master key
- - while fetching master keys list for realm EXAMPLE.ORG
- '''
- '''
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'cpw -pw foo test'") #304 =123
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc test'") #305 =124
- self._kdestroy() #307 =125
-
- self._writeLine("\nTesting krb5kdc refetch of mkey list =================================================") #308
- self._kinit('foo', 'test') #309 =126
- self._klist() #310 =127
- self._writeLine("Testing krb5kdc refetch of mkey list Done =================================================\n") #311
-
- self._updatePrincEnc() #313 =128
- self._locGetprinc('K/M') #314
- self._locGetprinc('all') #315 =130
- self._locGetprinc('haoqili') #316
- self._kdestroy() #317 =132
- self._kinit('foo', 'test') #318
- self._stash() #319 =134
- self._shell(self.clients+'klist/klist' +" -ekt "+self.sandir+"/krb5kdc/.k5.EXAMPLE.ORG") #320
- self._locGetprinc('K/M') #321 =136
- self._purgemkeys() #322
- self._locGetprinc('K/M') #323 =138
- self._locGetprinc('all') #324
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc test'") #325 =140
- self._listmkeys() #326
- self._kdestroy() #327 =142
- self._kinit('foo', 'test') #328
- self._klist() #329 =144
-
- self._get_princ_records() #330 =145-158
-
- self._writeHeader("TEST: add_meky with DES-crc enctype")
- #print "\nTesting add_mkey with DES-crc enctype ==============================================" #331
- self._addmkey('abcde', '-e des-cbc-crc') #332-335 =159
- self._listmkeys() #336 =160
- self._writeLine( "END. Testing add_mkey with DES-crc enctype Done ==============================================") #337
- self._addmkey('abcde') #338-341 =161
- self._listmkeys() #342 =162
- self._writeLine( "current time: "+strftime("%Y-%m-%d %H:%M:%S") ) #343
-
- self._usemkey('5', 'now-1day') #344 =163
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#345
- self._listmkeys() #346 =164
- self._usemkey('5', 'now') #347 =165
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#348
- self._listmkeys() #349 =166
- self._usemkey('5', 'now+3days') #350 =167
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#351
- self._listmkeys() #352 =168
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#353
- self._usemkey('5', 'now+5sec') #354 =169
- self._listmkeys() #355 =170
- time.sleep(5) #356
- self._listmkeys() #357 =171
- self._writeLine("current time: "+strftime("%Y-%m-%d %H:%M:%S") )#358
- self._usemkey('4', 'now+5sec') #359 =172
- self._listmkeys() #360 =173
- time.sleep(5) #361
- self._listmkeys() #362 =174
- self._usemkey('5', 'now+3days') #363 =175
-
- self._writeLine("------------\n\/\/\/ ERROR EXPECTED below" )#364
- self._writeLine("should fail, because there must be one mkey currently active") #365
- self._usemkey('4', 'now+2days', False) #366 =176
- self._writeLine("^^^ABOVE^^ SHOULD HAVE FAILED\n---------------")
-
- self._listmkeys() #373 =177
- self._usemkey('4', '1/30/2009') #375 =178
-
- self._writeHeader("TEST: purge_mkeys (removing mkey 5)")
- #print "\nTesting purge_mkeys (removing mkey 5) ==============================================" #378
- self._purgemkeys() #379 =179
- #self._stash() #380 =180
- self._shell(self.clients+'klist/klist' +" -ekt "+self.sandir+"/krb5kdc/.k5.EXAMPLE.ORG") #381=181
- self._listmkeys() #382 =182
- self._shell("kadmin -p haoqili/admin -w "+passw+" -q 'getprinc K/M'") #383 =183
- self._writeLine("Testing purge_mkeys Done ==============================================") #384
- self._writeHeader("MASTER KEY MIGRATION TEST DONE. please consult 'outfile' in your sandbox for more info. The sandbox is at: %s" % self.sandir)
- # I added
- self._sysexit(finished=True)
- '''
-####################################################
-####################################################
-
-class Launcher:
- #def __init__(self, path, sandP):
- #def __init__(self):
- def __init__(self, sandP):
- self._buildDir = os.environ["PWD"]
- self._confDir = '%s/tests/mk_migr/ldap_backend/input_conf' % self._buildDir
-
- #setting up sandbox
- if sandP != "":
- self._sandP = sandP
- else: #default
- self._sandP = '%s/tests/mk_migr/ldap_backend/sandbox' %self._buildDir
-
- print self._sandP
- print "sandP"
- self._vars = {'sandir': self._sandP,
- 'localFQDN': socket.getfqdn()}
-
- def _prepSandbox(self, sandir):
- if os.path.exists(sandir):
- shutil.rmtree(sandir)
- print "------about to make sandbox, with the path of:"
- print sandir
- os.makedirs(sandir, 0777)
- os.mkdir(sandir+'/krb5kdc', 0777)
- print "------sandbox made"
-
- def _createFileFromTemplate(self, outpath, template, vars):
- fin = open(template, 'r')
- result = fin.read() % vars
- fin.close()
- fout = open(outpath, 'w')
- fout.write(result)
- fout.close()
-
- ####### Launcher RUN ################
- def runLauncher(self):
- # create sandbox file directory (and sandbox/krb5kdc) if it does not exit
- self._prepSandbox(self._sandP)
-
- # Export the 3 env lines
- src_path=os.environ["PWD"]
- os.environ["LD_LIBRARY_PATH"] = '%s/lib' % src_path
-
- str1 = '%s/krb5.conf' % self._sandP
- os.environ["KRB5_CONFIG"] = str1
-
- str2 = '%s/kdc.conf' % self._sandP
- os.environ["KRB5_KDC_PROFILE"] = str2
-
- str3 = '%s/kadm5.acl' % self._sandP
-
- # Create adequate to the environment config files
- self._createFileFromTemplate(str1, '%s/%s' % (self._confDir, 'krb5_template_ldap.conf'), self._vars)
- self._createFileFromTemplate(str2, '%s/%s' % (self._confDir, 'kdc_template_ldap.conf'), self._vars)
- self._createFileFromTemplate(str3, '%s/%s' % (self._confDir, 'kadm5_template_ldap.acl'), self._vars)
-
- return (self._confDir, self._sandP)
-
-####################################################
-####################################################
-
-def makeBool(aStr):
- if aStr == "True" or aStr == "T":
- return True
- if aStr == "False" or aStr == "F":
- return False
- else:
- print "did NOT execute due to invalid True False argument. Please enter either 'True', 'T', 'False', or 'F'"
- sys.exit()
-
-# # # # # # # # # # # # # # # # # # # # # # # # #
-
-def processInputs(parser):
-#def processInputs():
-
- # get inputs
- (options, args) = parser.parse_args()
-
- verbose = makeBool(options.opVerbose)
- pw = options.opPassword
-
- kdcPath = options.opKdcPath #1
- kdmdPath = options.opKdmdPath #2
- kdbPath = options.opKdbPath #3a
- ldapPath = options.opLdapPath #3b
- kdmlPath = options.opKdmlPath #4
- kdmPath = options.opKdmPath #5
- cltPath = options.opCltPath #6
-
- sandPath = options.opSandbox
-
- ########### Launch ###############
-
- print "\n############ Start Launcher #############"
- myLaunch = Launcher(sandPath)
- (confDir, sandPath) = myLaunch.runLauncher()
-
- print ":D"
- print sandPath
-
- test = LDAPbackendSetup(verbose, pw, kdcPath, kdmdPath, kdbPath, ldapPath, kdmlPath, kdmPath, cltPath, sandPath, confDir)
- print "########## Finished Launcher ############\n"
-
- return test
-# # # # # # # # # # # # # # # # # # # # # # # # #
-
-def makeParser():
- usage = "\n\t%prog [-v][-p][-c][-d][-b][-l][-t][-s]"
- description = "Description:\n\tTests for the master key migration commands."
- parser = OptionParser(usage=usage, description=description)
-
- parser.add_option("-v", "--verbose", type="string", dest="opVerbose",
-default="True", help="'True' or 'False'. Switch on for details of command lines and outputs. Default is 'True'")
-
- parser.add_option("-p", "--password", type="string", dest="opPassword", default="test123", help="master password for many of the passwords in the test. Default is 'test123'")
-
- ## Default Paths
- dSrcPath = src_path=os.environ["PWD"]
- dKdcPath = '%s/kdc/krb5kdc' % dSrcPath #1
- dKdmdPath = '%s/kadmin/server/kadmind' % dSrcPath #2
- dKdbPath = '%s/kadmin/dbutil/kdb5_util' % dSrcPath #3a
- dLdapPath = '%s/plugins/kdb/ldap/ldap_util/kdb5_ldap_util' % dSrcPath #3b
- dKdmlPath = '%s/kadmin/cli/kadmin.local' % dSrcPath #4
- dKdmPath = '%s/kadmin/cli/kadmin' % dSrcPath #5
- dCltPath = '%s/clients' % dSrcPath #6
-
- parser.add_option("-c", "--krb5kdcpath",
-type="string", dest="opKdcPath",
-default=dKdcPath, help="set krb5kdc path, default="+dKdcPath) #1
-
- parser.add_option("-d", "--kadmindpath",
-type="string", dest="opKdmdPath",
-default=dKdmdPath, help="set kadmind path, default="+dKdmdPath) #2
-
- parser.add_option("-b", "--kdb5_utilpath",
-type="string", dest="opKdbPath",
-default=dKdbPath, help="set kdb5_util path, default="+dKdbPath) #3a
-
- parser.add_option("-a", "--kdb5_ldap_utilpath",
-type="string", dest="opLdapPath",
-default=dKdbPath, help="set kdb5_ldap_util path, default="+dLdapPath) #3b
-
- parser.add_option("-l", "--kadminlocalpath",
-type="string", dest="opKdmlPath",
-default=dKdmlPath, help="set kadmin.local path, default="+dKdmlPath) #4
-
- parser.add_option("-n", "--kadminpath",
-type="string", dest="opKdmPath",
-default=dKdmPath, help="set kadmin path, default="+dKdmPath) #5
-
- parser.add_option("-t", "--clientspath",
-type="string", dest="opCltPath",
-default=dCltPath, help="set clients path, default="+dCltPath) #6
-
- # set up / initializing stuff for the sandbox
- parser.add_option("-s", "--sandbox",
-type="string", dest="opSandbox",
-default="",
-help="path for the sandbox. Default is 'src/tests/mk_migr/ldap_backend/sandbox'")
-
- return parser
-
-####################################################
-if __name__ == '__main__':
- #processInputs()
-
- parser = makeParser()
- test = processInputs(parser)
- result = test.run()
diff --git a/src/tests/mkeystash_compat/Makefile.in b/src/tests/mkeystash_compat/Makefile.in
deleted file mode 100644
index e858f0c..0000000
--- a/src/tests/mkeystash_compat/Makefile.in
+++ /dev/null
@@ -1,48 +0,0 @@
-mydir=tests$(S)mkeystash_compat
-BUILDTOP=$(REL)..$(S)..
-
-RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
-
-OBJS = bigendian.o
-SRCS = $(srcdir)/bigendian.c
-
-TEST_DB = ./testdb
-TEST_REALM = FOO.TEST.REALM
-TEST_MKEY = footes
-
-KADMIN_OPTS= -d $(TEST_DB) -r $(TEST_REALM)
-KDB_OPTS= $(KADMIN_OPTS) -P $(TEST_MKEY)
-
-check-unix:: mkeystash_check
-
-bigendian: $(OUTPRE)bigendian.$(OBJEXT) $(SUPPORT_DEPLIB)
- $(CC_LINK) $(ALL_CFLAGS) -o bigendian $(OUTPRE)bigendian.$(OBJEXT)
-
-kdc.conf: Makefile
- rm -rf kdc.conf
- @echo "[realms]" > kdc.conf
- @echo "$(TEST_REALM) = {" >> kdc.conf
- @echo " master_key_type = des3-cbc-sha1" >> kdc.conf
- @echo " key_stash_file = `pwd`/stash_file" >> kdc.conf
- @echo "}" >> kdc.conf
-
-krb5.conf: Makefile
- cat $(top_srcdir)/config-files/krb5.conf > krb5.new
- echo "[dbmodules]" >> krb5.new
- echo " db_module_dir = $(BUILDTOP)/plugins/kdb" >> krb5.new
- mv krb5.new krb5.conf
-
-# Verify that the mkey stash code is backward compat with old/non-keytab stashfile format
-mkeystash_check: kdc.conf krb5.conf bigendian
- $(RM) $(TEST_DB)* stash_file
- $(RUN_SETUP) $(VALGRIND) ../../kadmin/dbutil/kdb5_util $(KDB_OPTS) create -s -W
- # overwrite keytab stash file with old format stash, depends on endianness of current test system
- ./bigendian && cp $(srcdir)/old_stash_bendian stash_file || cp $(srcdir)/old_stash_lendian stash_file
- # getprinc will fail if old stash file can not be read
- $(RUN_SETUP) $(VALGRIND) ../../kadmin/cli/kadmin.local $(KADMIN_OPTS) -q 'getprinc K/M'
- $(RUN_SETUP) $(VALGRIND) ../../kadmin/dbutil/kdb5_util $(KDB_OPTS) destroy -f
- $(RM) $(TEST_DB)* stash_file
-
-clean::
- $(RM) kdc.conf krb5.conf bigendian.$(OBJEXT) bigendian
-
diff --git a/src/tests/mkeystash_compat/bigendian.c b/src/tests/mkeystash_compat/bigendian.c
deleted file mode 100644
index 8d4b79f..0000000
--- a/src/tests/mkeystash_compat/bigendian.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* tests/mkeystash_compat/bigendian.c */
-/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#include <stdio.h>
-
-/*
- * Test to see if system is bigendian
- * Returns 0 if it is big endian
- * 1 if it is little endian
- */
-int main()
-{
- int int_var = 1;
- unsigned char *char_array = (unsigned char*)&int_var;
-
- if (char_array[0] == 0)
- return 0; /* big endian */
- else
- return 1; /* little endian */
-}
diff --git a/src/tests/mkeystash_compat/deps b/src/tests/mkeystash_compat/deps
deleted file mode 100644
index fd7b9c1..0000000
--- a/src/tests/mkeystash_compat/deps
+++ /dev/null
@@ -1,4 +0,0 @@
-#
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)bigendian.$(OBJEXT): bigendian.c
diff --git a/src/tests/mkeystash_compat/old_stash_bendian b/src/tests/mkeystash_compat/old_stash_bendian
deleted file mode 100644
index 7d3761f..0000000
Binary files a/src/tests/mkeystash_compat/old_stash_bendian and /dev/null differ
diff --git a/src/tests/mkeystash_compat/old_stash_lendian b/src/tests/mkeystash_compat/old_stash_lendian
deleted file mode 100644
index 754c320..0000000
Binary files a/src/tests/mkeystash_compat/old_stash_lendian and /dev/null differ
More information about the cvs-krb5
mailing list