This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
commit f67470b536440412815cc44ce30c32cccd461a00
Author: Alexander Scheel <ascheel(a)redhat.com>
Date: Mon Jun 26 11:05:44 2017 -0400
Create krb5 config files before setting up LDAP
We can then pass the default realm to kdb5_ldap_util, and avoid fallback to
system krb5.conf.
Signed-off-by: Alexander Scheel <ascheel(a)redhat.com>
[rharwood(a)redhat.com: Rewrote commit message]
Reviewed-by: Robbie Harwood <rharwood(a)redhat.com>
Resolves: #196
Merges: #200
---
proxy/tests/runtests.py | 1 +
proxy/tests/testlib.py | 194 +++++++++++++++++++++++++++---------------------
2 files changed, 111 insertions(+), 84 deletions(-)
diff --git a/proxy/tests/runtests.py b/proxy/tests/runtests.py
index c5a3716..3f5d13d 100755
--- a/proxy/tests/runtests.py
+++ b/proxy/tests/runtests.py
@@ -30,6 +30,7 @@ if __name__ == '__main__':
try:
wrapenv = setup_wrappers(testdir)
+ write_ldap_krb5_config(testdir)
ldapproc, ldapenv = setup_ldap(testdir, wrapenv)
processes["LDAP(%d)" % ldapproc.pid] = ldapproc
diff --git a/proxy/tests/testlib.py b/proxy/tests/testlib.py
index f9833f7..781275a 100755
--- a/proxy/tests/testlib.py
+++ b/proxy/tests/testlib.py
@@ -125,18 +125,88 @@ objectClass: krbContainer
cn: ${KRB5_CN}
"""
-def setup_ldap(testdir, wrapenv):
- # setup ldap environment
+TESTREALM = "GSSPROXY.DEV"
+KDC_DBNAME = 'db.file'
+KDC_STASH = 'stash.file'
+KDC_PASSWORD = 'gssproxy'
+KRB5_CONF_TEMPLATE = '''
+[libdefaults]
+ default_realm = ${TESTREALM}
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ rdns = false
+ ticket_lifetime = 24h
+ forwardable = yes
+ default_ccache_name = FILE://${TESTDIR}/ccaches/krb5_ccache_XXXXXX
+
+[realms]
+ ${TESTREALM} = {
+ kdc = ${WRAP_HOSTNAME}
+ admin_server = ${WRAP_HOSTNAME}
+ }
+
+[domain_realm]
+ .gssproxy.dev = GSSPROXY.DEV
+ gssproxy.dev = GSSPROXY.DEV
+
+[dbmodules]
+ ${TESTREALM} = {
+ db_library = kldap
+ ldap_kerberos_container_dn = cn=${KRB5_CN},${LDAP_REALM}
+ ldap_kdc_dn = ${KRB5_USER},${LDAP_REALM}
+ ldap_kadmind_dn = ${KRB5_USER},${LDAP_REALM}
+ ldap_service_password_file = ${TESTDIR}/ldap_passwd
+ ldap_servers = ldap://${WRAP_HOSTNAME}
+ }
+'''
+KDC_CONF_TEMPLATE = '''
+[kdcdefaults]
+ kdc_ports = 88
+ kdc_tcp_ports = 88
+ restrict_anonymous_to_tgt = true
+
+[realms]
+ ${TESTREALM} = {
+ master_key_type = aes256-cts
+ max_life = 7d
+ max_renewable_life = 14d
+ acl_file = ${KDCDIR}/kadm5.acl
+ dict_file = /usr/share/dict/words
+ default_principal_flags = +preauth
+ key_stash_file = ${KDCDIR}/${KDC_STASH}
+ }
+[logging]
+ kdc = FILE:${KDCLOG}
+'''
+
+
+def write_ldap_krb5_config(testdir):
+ # LDAP environment config files
ldapdir = os.path.join(testdir, "ldap")
ldapconf = os.path.join(ldapdir, "slapd.conf")
ldif = os.path.join(ldapdir, "k5.ldif")
testlog = os.path.join(testdir, "ldap.log")
stashfile = os.path.join(testdir, "ldap_passwd")
+
+ # Kerberos environment config files
+ testlog = os.path.join(testdir, 'kkrb5kdc.log')
+ krb5conf = os.path.join(testdir, 'krb5.conf')
+ kdcconf = os.path.join(testdir, 'kdc.conf')
+ kdcdir = os.path.join(testdir, 'kdc')
+ kdcstash = os.path.join(kdcdir, KDC_STASH)
+ kdcdb = os.path.join(kdcdir, KDC_DBNAME)
+
+ # Create directories for config files
if os.path.exists(ldapdir):
shutil.rmtree(ldapdir)
os.makedirs(ldapdir)
- # different distros do LDAP naming differently
+ if os.path.exists(kdcdir):
+ shutil.rmtree(kdcdir)
+ os.makedirs(kdcdir)
+
+ # Template LDAP config files
+ # Different distros do LDAP naming differently
schemadir = None
for path in ["/etc/openldap/schema", "/etc/ldap/schema"]:
if os.path.exists(path):
@@ -179,7 +249,42 @@ def setup_ldap(testdir, wrapenv):
with open(ldif, "w+") as f:
f.write(text)
- ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin'}
+ # Template Kerberos config files
+ t = Template(KRB5_CONF_TEMPLATE)
+ text = t.substitute({'TESTREALM': TESTREALM,
+ 'TESTDIR': testdir,
+ 'KDCDIR': kdcdir,
+ 'KRB5_CN': KRB5_CN,
+ 'KRB5_USER': KRB5_USER,
+ 'KDC_DBNAME': KDC_DBNAME,
+ 'LDAP_REALM': LDAP_REALM,
+ 'WRAP_HOSTNAME': WRAP_HOSTNAME})
+ with open(krb5conf, 'w+') as f:
+ f.write(text)
+
+ t = Template(KDC_CONF_TEMPLATE)
+ text = t.substitute({'TESTREALM': TESTREALM,
+ 'KDCDIR': kdcdir,
+ 'KDCLOG': testlog,
+ 'KDC_STASH': KDC_STASH})
+ with open(kdcconf, 'w+') as f:
+ f.write(text)
+
+
+
+def setup_ldap(testdir, wrapenv):
+ write_ldap_krb5_config(testdir)
+
+ # Set LDAP environment paths
+ ldapdir = os.path.join(testdir, "ldap")
+ ldapconf = os.path.join(ldapdir, "slapd.conf")
+ ldif = os.path.join(ldapdir, "k5.ldif")
+ testlog = os.path.join(testdir, "ldap.log")
+ stashfile = os.path.join(testdir, "ldap_passwd")
+ krb5conf = os.path.join(testdir, 'krb5.conf')
+
+ ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
+ 'KRB5_CONFIG': krb5conf}
ldapenv.update(wrapenv)
with open(testlog, "a") as logfile:
@@ -213,93 +318,14 @@ def setup_ldap(testdir, wrapenv):
return ldapproc, ldapenv
-TESTREALM = "GSSPROXY.DEV"
-KDC_DBNAME = 'db.file'
-KDC_STASH = 'stash.file'
-KDC_PASSWORD = 'gssproxy'
-KRB5_CONF_TEMPLATE = '''
-[libdefaults]
- default_realm = ${TESTREALM}
- dns_lookup_realm = false
- dns_lookup_kdc = false
- rdns = false
- ticket_lifetime = 24h
- forwardable = yes
- default_ccache_name = FILE://${TESTDIR}/ccaches/krb5_ccache_XXXXXX
-
-[realms]
- ${TESTREALM} = {
- kdc = ${WRAP_HOSTNAME}
- admin_server = ${WRAP_HOSTNAME}
- }
-
-[domain_realm]
- .gssproxy.dev = GSSPROXY.DEV
- gssproxy.dev = GSSPROXY.DEV
-
-[dbmodules]
- ${TESTREALM} = {
- db_library = kldap
- ldap_kerberos_container_dn = cn=${KRB5_CN},${LDAP_REALM}
- ldap_kdc_dn = ${KRB5_USER},${LDAP_REALM}
- ldap_kadmind_dn = ${KRB5_USER},${LDAP_REALM}
- ldap_service_password_file = ${TESTDIR}/ldap_passwd
- ldap_servers = ldap://${WRAP_HOSTNAME}
- }
-'''
-KDC_CONF_TEMPLATE = '''
-[kdcdefaults]
- kdc_ports = 88
- kdc_tcp_ports = 88
- restrict_anonymous_to_tgt = true
-
-[realms]
- ${TESTREALM} = {
- master_key_type = aes256-cts
- max_life = 7d
- max_renewable_life = 14d
- acl_file = ${KDCDIR}/kadm5.acl
- dict_file = /usr/share/dict/words
- default_principal_flags = +preauth
- key_stash_file = ${KDCDIR}/${KDC_STASH}
- }
-[logging]
- kdc = FILE:${KDCLOG}
-'''
-
-
def setup_kdc(testdir, wrapenv):
-
- # setup kerberos environment
+ # Set Kerberos environtment paths
testlog = os.path.join(testdir, 'kkrb5kdc.log')
krb5conf = os.path.join(testdir, 'krb5.conf')
kdcconf = os.path.join(testdir, 'kdc.conf')
kdcdir = os.path.join(testdir, 'kdc')
kdcstash = os.path.join(kdcdir, KDC_STASH)
kdcdb = os.path.join(kdcdir, KDC_DBNAME)
- if os.path.exists(kdcdir):
- shutil.rmtree(kdcdir)
- os.makedirs(kdcdir)
-
- t = Template(KRB5_CONF_TEMPLATE)
- text = t.substitute({'TESTREALM': TESTREALM,
- 'TESTDIR': testdir,
- 'KDCDIR': kdcdir,
- 'KRB5_CN': KRB5_CN,
- 'KRB5_USER': KRB5_USER,
- 'KDC_DBNAME': KDC_DBNAME,
- 'LDAP_REALM': LDAP_REALM,
- 'WRAP_HOSTNAME': WRAP_HOSTNAME})
- with open(krb5conf, 'w+') as f:
- f.write(text)
-
- t = Template(KDC_CONF_TEMPLATE)
- text = t.substitute({'TESTREALM': TESTREALM,
- 'KDCDIR': kdcdir,
- 'KDCLOG': testlog,
- 'KDC_STASH': KDC_STASH})
- with open(kdcconf, 'w+') as f:
- f.write(text)
kdcenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
'KRB5_CONFIG': krb5conf,
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.