This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to branch master in repository gssproxy.
from 39b0ffd Clarify test suite's logging new f67470b Create krb5 config files before setting up LDAP
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: proxy/tests/runtests.py | 1 + proxy/tests/testlib.py | 194 +++++++++++++++++++++++++++--------------------- 2 files changed, 111 insertions(+), 84 deletions(-)
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master in repository gssproxy.
commit f67470b536440412815cc44ce30c32cccd461a00 Author: Alexander Scheel ascheel@redhat.com Date: Mon Jun 26 11:05:44 2017 -0400
Create krb5 config files before setting up LDAP
We can then pass the default realm to kdb5_ldap_util, and avoid fallback to system krb5.conf.
Signed-off-by: Alexander Scheel ascheel@redhat.com [rharwood@redhat.com: Rewrote commit message] Reviewed-by: Robbie Harwood rharwood@redhat.com Resolves: #196 Merges: #200 --- proxy/tests/runtests.py | 1 + proxy/tests/testlib.py | 194 +++++++++++++++++++++++++++--------------------- 2 files changed, 111 insertions(+), 84 deletions(-)
diff --git a/proxy/tests/runtests.py b/proxy/tests/runtests.py index c5a3716..3f5d13d 100755 --- a/proxy/tests/runtests.py +++ b/proxy/tests/runtests.py @@ -30,6 +30,7 @@ if __name__ == '__main__':
try: wrapenv = setup_wrappers(testdir) + write_ldap_krb5_config(testdir)
ldapproc, ldapenv = setup_ldap(testdir, wrapenv) processes["LDAP(%d)" % ldapproc.pid] = ldapproc diff --git a/proxy/tests/testlib.py b/proxy/tests/testlib.py index f9833f7..781275a 100755 --- a/proxy/tests/testlib.py +++ b/proxy/tests/testlib.py @@ -125,18 +125,88 @@ objectClass: krbContainer cn: ${KRB5_CN} """
-def setup_ldap(testdir, wrapenv): - # setup ldap environment +TESTREALM = "GSSPROXY.DEV" +KDC_DBNAME = 'db.file' +KDC_STASH = 'stash.file' +KDC_PASSWORD = 'gssproxy' +KRB5_CONF_TEMPLATE = ''' +[libdefaults] + default_realm = ${TESTREALM} + dns_lookup_realm = false + dns_lookup_kdc = false + rdns = false + ticket_lifetime = 24h + forwardable = yes + default_ccache_name = FILE://${TESTDIR}/ccaches/krb5_ccache_XXXXXX + +[realms] + ${TESTREALM} = { + kdc = ${WRAP_HOSTNAME} + admin_server = ${WRAP_HOSTNAME} + } + +[domain_realm] + .gssproxy.dev = GSSPROXY.DEV + gssproxy.dev = GSSPROXY.DEV + +[dbmodules] + ${TESTREALM} = { + db_library = kldap + ldap_kerberos_container_dn = cn=${KRB5_CN},${LDAP_REALM} + ldap_kdc_dn = ${KRB5_USER},${LDAP_REALM} + ldap_kadmind_dn = ${KRB5_USER},${LDAP_REALM} + ldap_service_password_file = ${TESTDIR}/ldap_passwd + ldap_servers = ldap://${WRAP_HOSTNAME} + } +''' +KDC_CONF_TEMPLATE = ''' +[kdcdefaults] + kdc_ports = 88 + kdc_tcp_ports = 88 + restrict_anonymous_to_tgt = true + +[realms] + ${TESTREALM} = { + master_key_type = aes256-cts + max_life = 7d + max_renewable_life = 14d + acl_file = ${KDCDIR}/kadm5.acl + dict_file = /usr/share/dict/words + default_principal_flags = +preauth + key_stash_file = ${KDCDIR}/${KDC_STASH} + } +[logging] + kdc = FILE:${KDCLOG} +''' + + +def write_ldap_krb5_config(testdir): + # LDAP environment config files ldapdir = os.path.join(testdir, "ldap") ldapconf = os.path.join(ldapdir, "slapd.conf") ldif = os.path.join(ldapdir, "k5.ldif") testlog = os.path.join(testdir, "ldap.log") stashfile = os.path.join(testdir, "ldap_passwd") + + # Kerberos environment config files + testlog = os.path.join(testdir, 'kkrb5kdc.log') + krb5conf = os.path.join(testdir, 'krb5.conf') + kdcconf = os.path.join(testdir, 'kdc.conf') + kdcdir = os.path.join(testdir, 'kdc') + kdcstash = os.path.join(kdcdir, KDC_STASH) + kdcdb = os.path.join(kdcdir, KDC_DBNAME) + + # Create directories for config files if os.path.exists(ldapdir): shutil.rmtree(ldapdir) os.makedirs(ldapdir)
- # different distros do LDAP naming differently + if os.path.exists(kdcdir): + shutil.rmtree(kdcdir) + os.makedirs(kdcdir) + + # Template LDAP config files + # Different distros do LDAP naming differently schemadir = None for path in ["/etc/openldap/schema", "/etc/ldap/schema"]: if os.path.exists(path): @@ -179,7 +249,42 @@ def setup_ldap(testdir, wrapenv): with open(ldif, "w+") as f: f.write(text)
- ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin'} + # Template Kerberos config files + t = Template(KRB5_CONF_TEMPLATE) + text = t.substitute({'TESTREALM': TESTREALM, + 'TESTDIR': testdir, + 'KDCDIR': kdcdir, + 'KRB5_CN': KRB5_CN, + 'KRB5_USER': KRB5_USER, + 'KDC_DBNAME': KDC_DBNAME, + 'LDAP_REALM': LDAP_REALM, + 'WRAP_HOSTNAME': WRAP_HOSTNAME}) + with open(krb5conf, 'w+') as f: + f.write(text) + + t = Template(KDC_CONF_TEMPLATE) + text = t.substitute({'TESTREALM': TESTREALM, + 'KDCDIR': kdcdir, + 'KDCLOG': testlog, + 'KDC_STASH': KDC_STASH}) + with open(kdcconf, 'w+') as f: + f.write(text) + + + +def setup_ldap(testdir, wrapenv): + write_ldap_krb5_config(testdir) + + # Set LDAP environment paths + ldapdir = os.path.join(testdir, "ldap") + ldapconf = os.path.join(ldapdir, "slapd.conf") + ldif = os.path.join(ldapdir, "k5.ldif") + testlog = os.path.join(testdir, "ldap.log") + stashfile = os.path.join(testdir, "ldap_passwd") + krb5conf = os.path.join(testdir, 'krb5.conf') + + ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin', + 'KRB5_CONFIG': krb5conf} ldapenv.update(wrapenv)
with open(testlog, "a") as logfile: @@ -213,93 +318,14 @@ def setup_ldap(testdir, wrapenv):
return ldapproc, ldapenv
-TESTREALM = "GSSPROXY.DEV" -KDC_DBNAME = 'db.file' -KDC_STASH = 'stash.file' -KDC_PASSWORD = 'gssproxy' -KRB5_CONF_TEMPLATE = ''' -[libdefaults] - default_realm = ${TESTREALM} - dns_lookup_realm = false - dns_lookup_kdc = false - rdns = false - ticket_lifetime = 24h - forwardable = yes - default_ccache_name = FILE://${TESTDIR}/ccaches/krb5_ccache_XXXXXX - -[realms] - ${TESTREALM} = { - kdc = ${WRAP_HOSTNAME} - admin_server = ${WRAP_HOSTNAME} - } - -[domain_realm] - .gssproxy.dev = GSSPROXY.DEV - gssproxy.dev = GSSPROXY.DEV - -[dbmodules] - ${TESTREALM} = { - db_library = kldap - ldap_kerberos_container_dn = cn=${KRB5_CN},${LDAP_REALM} - ldap_kdc_dn = ${KRB5_USER},${LDAP_REALM} - ldap_kadmind_dn = ${KRB5_USER},${LDAP_REALM} - ldap_service_password_file = ${TESTDIR}/ldap_passwd - ldap_servers = ldap://${WRAP_HOSTNAME} - } -''' -KDC_CONF_TEMPLATE = ''' -[kdcdefaults] - kdc_ports = 88 - kdc_tcp_ports = 88 - restrict_anonymous_to_tgt = true - -[realms] - ${TESTREALM} = { - master_key_type = aes256-cts - max_life = 7d - max_renewable_life = 14d - acl_file = ${KDCDIR}/kadm5.acl - dict_file = /usr/share/dict/words - default_principal_flags = +preauth - key_stash_file = ${KDCDIR}/${KDC_STASH} - } -[logging] - kdc = FILE:${KDCLOG} -''' - - def setup_kdc(testdir, wrapenv): - - # setup kerberos environment + # Set Kerberos environtment paths testlog = os.path.join(testdir, 'kkrb5kdc.log') krb5conf = os.path.join(testdir, 'krb5.conf') kdcconf = os.path.join(testdir, 'kdc.conf') kdcdir = os.path.join(testdir, 'kdc') kdcstash = os.path.join(kdcdir, KDC_STASH) kdcdb = os.path.join(kdcdir, KDC_DBNAME) - if os.path.exists(kdcdir): - shutil.rmtree(kdcdir) - os.makedirs(kdcdir) - - t = Template(KRB5_CONF_TEMPLATE) - text = t.substitute({'TESTREALM': TESTREALM, - 'TESTDIR': testdir, - 'KDCDIR': kdcdir, - 'KRB5_CN': KRB5_CN, - 'KRB5_USER': KRB5_USER, - 'KDC_DBNAME': KDC_DBNAME, - 'LDAP_REALM': LDAP_REALM, - 'WRAP_HOSTNAME': WRAP_HOSTNAME}) - with open(krb5conf, 'w+') as f: - f.write(text) - - t = Template(KDC_CONF_TEMPLATE) - text = t.substitute({'TESTREALM': TESTREALM, - 'KDCDIR': kdcdir, - 'KDCLOG': testlog, - 'KDC_STASH': KDC_STASH}) - with open(kdcconf, 'w+') as f: - f.write(text)
kdcenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin', 'KRB5_CONFIG': krb5conf,
gss-proxy@lists.fedorahosted.org
-
git repository hosting