This is an automated email from the git hooks/post-receive script.
simo pushed a change to branch master in repository gssproxy.
from a97aa52 Release version 0.5.1 new b3f1e58 Deploy KDC on LDAP instead of db2
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: proxy/tests/runtests.py | 151 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 145 insertions(+), 6 deletions(-)
This is an automated email from the git hooks/post-receive script.
simo pushed a commit to branch master in repository gssproxy.
commit b3f1e58bdcc3386cb44c640e9af76919c4e4e4f6 Author: Robbie Harwood rharwood@redhat.com Date: Fri Jul 1 22:42:13 2016 +0000
Deploy KDC on LDAP instead of db2
Signed-off-by: Robbie Harwood rharwood@redhat.com Reviewed-by: Simo Sorce simo@redhat.com
Closes #28 --- proxy/tests/runtests.py | 151 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 145 insertions(+), 6 deletions(-)
diff --git a/proxy/tests/runtests.py b/proxy/tests/runtests.py index 06c7765..9af3b33 100755 --- a/proxy/tests/runtests.py +++ b/proxy/tests/runtests.py @@ -90,6 +90,131 @@ def setup_wrappers(base):
return wenv
+KRB5_CN = "Kerberos" +KRB5_USER = "cn=root" +LDAP_DC = "gssproxy" +LDAP_REALM = "dc=" + LDAP_DC + ",dc=dev" +LDAP_PW = "root" +SLAPD_CONF_TEMPLATE = """ +include ${LDAP_KRB_SCHEMA} +include ${SCHEMADIR}/core.schema +include ${SCHEMADIR}/cosine.schema +include ${SCHEMADIR}/inetorgperson.schema +include ${SCHEMADIR}/nis.schema + +allow bind_v2 + +pidfile ${LDAPDIR}/slapd.pid + +database config +rootdn ${KRB5_USER},cn=config +rootpw ${LDAP_PW} + +moduleload back_mdb +database mdb +suffix "${LDAP_REALM}" +rootdn "${KRB5_USER},${LDAP_REALM}" +rootpw ${LDAP_PW} + +directory ${LDAPDIR} +logfile ${LDAP_LOG} +""" +KERBEROS_LDIF_TEMPLATE=""" +dn: ${LDAP_REALM} +objectClass: domain +dc: ${LDAP_DC} + +dn: cn=${KRB5_CN},${LDAP_REALM} +objectClass: krbContainer +cn: ${KRB5_CN} +""" + +def setup_ldap(testdir, wrapenv): + # setup ldap environment + ldapdir = os.path.join(testdir, "ldap") + ldapconf = os.path.join(ldapdir, "slapd.conf") + ldif = os.path.join(ldapdir, "k5.ldif") + testlog = os.path.join(testdir, "ldap.log") + stashfile = os.path.join(testdir, "ldap_passwd") + if os.path.exists(ldapdir): + shutil.rmtree(ldapdir) + os.makedirs(ldapdir) + + # different distros do LDAP naming differently + schemadir = None + for path in ["/etc/openldap/schema", "/etc/ldap/schema"]: + if os.path.exists(path): + schemadir = path + break + if schemadir == None: + raise ValueError("Did not find LDAP schemas; is openldap installed?") + + k5schema = None + for path in ["/usr/share/doc/krb5-server-ldap/kerberos.schema", + "/usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"]: + if os.path.exists(path): + k5schema = path + break + if k5schema == None: + print("Please be sure krb5 ldap packages are installed") + raise ValueError("No LDAP kerberos.schema found") + elif k5schema.endswith(".gz"): + sdata = subprocess.check_output(["zcat", k5schema]) + k5schema = os.path.join(ldapdir, "kerberos.schema") + with open(k5schema, "w") as f: + f.write(sdata.decode("UTF-8")) + + t = Template(SLAPD_CONF_TEMPLATE) + text = t.substitute({"LDAPDIR": ldapdir, + "LDAP_REALM": LDAP_REALM, + "LDAP_PW": LDAP_PW, + "LDAP_LOG": testlog, + "LDAP_KRB_SCHEMA": k5schema, + "SCHEMADIR": schemadir, + "KRB5_USER": KRB5_USER}) + with open(ldapconf, "w+") as f: + f.write(text) + + t = Template(KERBEROS_LDIF_TEMPLATE) + text = t.substitute({"LDAP_REALM": LDAP_REALM, + "LDAP_DC": LDAP_DC, + "KRB5_CN": KRB5_CN}) + with open(ldif, "w+") as f: + f.write(text) + + ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin'} + ldapenv.update(wrapenv) + + with open(testlog, "a") as logfile: + lsetup = subprocess.Popen(["slapadd", "-f", ldapconf, "-l", ldif], + stdout=logfile, stderr=logfile, + env=ldapenv, preexec_fn=os.setsid) + lsetup.wait() + if lsetup.returncode != 0: + raise ValueError("LDAP Setup failed") + + with open(testlog, "a") as logfile: + ldapproc = subprocess.Popen(["slapd", "-d", "0", "-f", ldapconf, + "-h", "ldap://%s" % WRAP_HOSTNAME], + env=ldapenv, preexec_fn=os.setsid) + + print("Waiting for LDAP server to start...") + time.sleep(5) + + with open(testlog, "a") as logfile: + ssetup = subprocess.Popen(["kdb5_ldap_util", "stashsrvpw", "-w", + LDAP_PW, "-H", "ldap://%s" % WRAP_HOSTNAME, + "-f", stashfile, + "%s,%s" % (KRB5_USER, LDAP_REALM)], + stdin=subprocess.PIPE, stdout=logfile, + stderr=logfile, env=ldapenv, + preexec_fn=os.setsid) + ssetup.communicate((LDAP_PW + '\n' + LDAP_PW + '\n').encode("UTF-8")) + if ssetup.returncode != 0: + os.killpg(ldapproc.pid, signal.SIGTERM) + raise ValueError("stashsrvpw failed") + + return ldapproc, ldapenv
TESTREALM = "GSSPROXY.DEV" KDC_DBNAME = 'db.file' @@ -107,7 +232,8 @@ KRB5_CONF_TEMPLATE = '''
[realms] ${TESTREALM} = { - kdc =${WRAP_HOSTNAME} + kdc = ${WRAP_HOSTNAME} + admin_server = ${WRAP_HOSTNAME} }
[domain_realm] @@ -116,7 +242,12 @@ KRB5_CONF_TEMPLATE = '''
[dbmodules] ${TESTREALM} = { - database_name = ${KDCDIR}/${KDC_DBNAME} + db_library = kldap + ldap_kerberos_container_dn = cn=${KRB5_CN},${LDAP_REALM} + ldap_kdc_dn = ${KRB5_USER},${LDAP_REALM} + ldap_kadmind_dn = ${KRB5_USER},${LDAP_REALM} + ldap_service_password_file = ${TESTDIR}/ldap_passwd + ldap_servers = ldap://${WRAP_HOSTNAME} } ''' KDC_CONF_TEMPLATE = ''' @@ -133,7 +264,6 @@ KDC_CONF_TEMPLATE = ''' acl_file = ${KDCDIR}/kadm5.acl dict_file = /usr/share/dict/words default_principal_flags = +preauth - admin_keytab = ${TESTREALM}/kadm5.keytab key_stash_file = ${KDCDIR}/${KDC_STASH} } [logging] @@ -158,7 +288,10 @@ def setup_kdc(testdir, wrapenv): text = t.substitute({'TESTREALM': TESTREALM, 'TESTDIR': testdir, 'KDCDIR': kdcdir, + 'KRB5_CN': KRB5_CN, + 'KRB5_USER': KRB5_USER, 'KDC_DBNAME': KDC_DBNAME, + 'LDAP_REALM': LDAP_REALM, 'WRAP_HOSTNAME': WRAP_HOSTNAME}) with open(krb5conf, 'w+') as f: f.write(text) @@ -177,8 +310,11 @@ def setup_kdc(testdir, wrapenv): kdcenv.update(wrapenv)
with (open(testlog, 'a')) as logfile: - ksetup = subprocess.Popen(["kdb5_util", "create", "-s", - "-r", TESTREALM, "-P", KDC_PASSWORD], + ksetup = subprocess.Popen(["kdb5_ldap_util", "-H", + "ldap://%s" % WRAP_HOSTNAME, "-D", + "%s,%s" % (KRB5_USER, LDAP_REALM), + "create", "-w", LDAP_PW, "-P", KDC_PASSWORD, + "-s", "-r", TESTREALM], stdout=logfile, stderr=logfile, env=kdcenv, preexec_fn=os.setsid) ksetup.wait() @@ -187,7 +323,7 @@ def setup_kdc(testdir, wrapenv):
kdcproc = subprocess.Popen(['krb5kdc', '-n'], env=kdcenv, preexec_fn=os.setsid) - + time.sleep(5) return kdcproc, kdcenv
@@ -597,6 +733,9 @@ if __name__ == '__main__': try: wrapenv = setup_wrappers(testdir)
+ ldapproc, ldapenv = setup_ldap(testdir, wrapenv) + processes["LDAP(%d)" % ldapproc.pid] = ldapproc + kdcproc, kdcenv = setup_kdc(testdir, wrapenv) processes['KDC(%d)' % kdcproc.pid] = kdcproc
gss-proxy@lists.fedorahosted.org
-
git repository hosting