summaryrefslogtreecommitdiffstats
path: root/tests/create.py
blob: 95e31a9129c0b8ea4a106490fd22848956fe255a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

#!/usr/bin/python -u
import libvirt
import sys
import os
import time

if not os.access("/proc/xen", os.R_OK):
    print 'System is not running a Xen kernel'
    sys.exit(1)

#
# Try to provide default OS images paths here, of course non standard
#
osroots = [
  "/u/fc4-2.img",
  "/u/fc4.img",
  "/xen/fc4.img",
]

okay = 1

osroot = None
for root in osroots:
    if os.access(root, os.R_OK):
        osroot = root
        break

if osroot == None:
    print "Could not find a guest OS root, edit to add the path in osroots"
    sys.exit(1)

kernel=open("/proc/version").read().split()
kernelOv = kernel[2]

if kernelOv.find('hypervisor'):
    kernelU = "/boot/vmlinuz-" + kernelOv.replace('hypervisor', 'guest')
    initrdU = "/boot/initrd-" + kernelOv.replace('hypervisor', 'guest') + ".img"
elif kernelOv.find('xen0'):
    kernelU = "/boot/vmlinuz-" + kernelOv.replace('xen0', 'xenU')
    initrdU = "/boot/initrd-" + kernelOv.replace('xen0', 'xenU') + ".img"

if not os.access(kernelU, os.R_OK):
    print "Did not find the guest kernel %s" % (kernelU)
    sys.exit(1)

kernelU = "<kernel>" + kernelU + "</kernel>"

if not os.access(initrdU, os.R_OK):
    print "Did not find the guest initrd %s" % (initrdU)
    initrdU = ""
else:
    initrdU = "<initrd>" + initrdU + "</initrd>"


conn = libvirt.open(None)
if conn == None:
    print 'Failed to open connection to the hypervisor'
    sys.exit(1)

xmldesc="""<domain type='xen'>
  <name>test</name>
  <os>
    <type>linux</type>
""" + kernelU + initrdU + """
    <cmdline> root=/dev/sda1 ro selinux=0 3</cmdline>
  </os>
  <memory>131072</memory>
  <vcpu>1</vcpu>
  <devices>
    <disk type='file'>
      <source file='%s'/>
      <target dev='sda1'/>
    </disk>
    <interface type='bridge'>
      <source bridge='xenbr0'/>
      <mac address='aa:00:00:00:00:12'/>
      <script path='/etc/xen/scripts/vif-bridge'/>
    </interface>
  </devices>
</domain>
""" % (osroot)

dom = conn.createLinux(xmldesc, 0)
if dom == None:
    print 'Failed to create a test domain'
    sys.exit(1)

# print dom

print "Domain: id %d running %s" % (dom.ID(), dom.OSType())

print "Suspending test domain for 5 seconds"
if dom.suspend() != 0:
    print 'Failed to suspend domain test'
    dom.destroy()
    del dom
    del conn
    sys.exit(1)

infos = dom.info()
time.sleep(5)
infos2 = dom.info()
if infos[4] != infos2[4]:
    print 'Suspended domain test got CPU cycles'
    okay = 0

print "resuming test domain for 10 seconds"
if dom.resume() != 0:
    print 'Failed to resume domain test'
    dom.destroy()
    del dom
    del conn
    sys.exit(1)

time.sleep(10)
print "shutdown of test domain"

if dom.shutdown() != 0:
    okay = 0
    print 'Failed to shutdown domain test'

i = 0
while i < 30:
    time.sleep(1)
    i = i + 1
    try:
        t = dom.info()[4]
    except:
        okay = 0
        t = -1
        break;

    if t == 0:
        break

if t != 0:
    print 'Shutdown failed destroying domain test'
    okay = 0
    dom.destroy()

del dom
del conn
if okay == 1:
    print "OK"

sys.exit(0)
generated by cgit (git 2.34.1) at 2026-03-04 03:56:25 +0000
return ENOMEM; } kerr = krb5_c_random_make_octets(krbctx, salt); if (kerr) { return kerr; } /* Windows treats the salt as a string. * To avoid any compatibility issue, limits octects only to * the ASCII printable range, or 0x20 <= val <= 0x7E */ for (i = 0; i < salt->length; i++) { salt->data[i] %= 0x5E; /* 7E - 20 */ salt->data[i] += 0x20; /* add base */ } return 0; } void ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val) { free(val); } /* * Convert a krb5_principal into the default salt for that principal. */ krb5_error_code ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret) { unsigned int size = 0, offset=0; krb5_int32 nelem; register int i; if (pr == NULL) { ret->length = 0; ret->data = NULL; return 0; } nelem = krb5_princ_size(context, pr); for (i = 0; i < (int) nelem; i++) size += krb5_princ_component(context, pr, i)->length; ret->length = size; if (!(ret->data = malloc (size))) return ENOMEM; for (i = 0; i < (int) nelem; i++) { memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, krb5_princ_component(context, pr, i)->length); offset += krb5_princ_component(context, pr, i)->length; } return 0; } void krb5int_c_free_keyblock_contents(krb5_context context, register krb5_keyblock *key); /* * Generate a krb5_key_data set by encrypting keys according to * enctype/salttype preferences */ krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx, krb5_principal principal, krb5_data pwd, int kvno, krb5_keyblock *kmkey, int num_encsalts, krb5_key_salt_tuple *encsalts, int *_num_keys, krb5_key_data **_keys) { krb5_error_code kerr; krb5_key_data *keys; int num_keys; int i; num_keys = num_encsalts; keys = calloc(num_keys, sizeof(krb5_key_data)); if (!keys) { return ENOMEM; } for (i = 0; i < num_keys; i++) { krb5_keyblock key; krb5_data salt; krb5_octet *ptr; krb5_data plain; krb5_enc_data cipher; krb5_int16 t; size_t len; salt.data = NULL; keys[i].key_data_ver = 2; /* we always have a salt */ keys[i].key_data_kvno = kvno; switch (encsalts[i].ks_salttype) { case KRB5_KDB_SALTTYPE_ONLYREALM: if (!principal->realm.data) { kerr = EINVAL; goto done; } salt.length = principal->realm.length; salt.data = malloc(salt.length); if (!salt.data) { kerr = ENOMEM; goto done; } memcpy(salt.data, principal->realm.data, salt.length); break; case KRB5_KDB_SALTTYPE_NOREALM: kerr = ipa_krb5_principal2salt_norealm(krbctx, principal, &salt); if (kerr) { goto done; } break; case KRB5_KDB_SALTTYPE_NORMAL: kerr = krb5_principal2salt(krbctx, principal, &salt); if (kerr) { goto done; } break; case KRB5_KDB_SALTTYPE_SPECIAL: kerr = ipa_get_random_salt(krbctx, &salt); if (kerr) { goto done; } break; case KRB5_KDB_SALTTYPE_V4: salt.length = 0; break; case KRB5_KDB_SALTTYPE_AFS3: if (!principal->realm.data) { kerr = EINVAL; goto done; } salt.data = strndup((char *)principal->realm.data, principal->realm.length); if (!salt.data) { kerr = ENOMEM; goto done; } salt.length = SALT_TYPE_AFS_LENGTH; /* special value */ break; default: kerr = EINVAL; goto done; } /* need to build the key now to manage the AFS salt.length * special case */ kerr = krb5_c_string_to_key(krbctx, encsalts[i].ks_enctype, &pwd, &salt, &key); if (kerr) { krb5_free_data_contents(krbctx, &salt); goto done; } if (salt.length == SALT_TYPE_AFS_LENGTH) { salt.length = strlen(salt.data); } kerr = krb5_c_encrypt_length(krbctx, kmkey->enctype, key.length, &len); if (kerr) { krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); goto done; } if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL) { kerr = ENOMEM; krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); goto done; } t = htole16(key.length); memcpy(ptr, &t, 2); plain.length = key.length; plain.data = (char *)key.contents; cipher.ciphertext.length = len; cipher.ciphertext.data = (char *)ptr+2; kerr = krb5_c_encrypt(krbctx, kmkey, 0, 0, &plain, &cipher); if (kerr) { krb5int_c_free_keyblock_contents(krbctx, &key); krb5_free_data_contents(krbctx, &salt); free(ptr); goto done; } /* KrbSalt */ keys[i].key_data_type[1] = encsalts[i].ks_salttype; if (salt.length) { keys[i].key_data_length[1] = salt.length; keys[i].key_data_contents[1] = (krb5_octet *)salt.data; } /* EncryptionKey */ keys[i].key_data_type[0] = key.enctype; keys[i].key_data_length[0] = len + 2; keys[i].key_data_contents[0] = malloc(len + 2); if (!keys[i].key_data_contents[0]) { kerr = ENOMEM; krb5int_c_free_keyblock_contents(krbctx, &key); free(ptr); goto done; } memcpy(keys[i].key_data_contents[0], ptr, len + 2); /* make sure we free the memory used now that we are done with it */ krb5int_c_free_keyblock_contents(krbctx, &key); free(ptr); } *_num_keys = num_keys; *_keys = keys; kerr = 0; done: if (kerr) { ipa_krb5_free_key_data(keys, num_keys); } return kerr; } void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys) { int i; for (i = 0; i < num_keys; i++) { /* try to wipe key from memory, * hopefully the compiler will not optimize it away */ if (keys[i].key_data_length[0]) { memset(keys[i].key_data_contents[0], 0, keys[i].key_data_length[0]); } free(keys[i].key_data_contents[0]); free(keys[i].key_data_contents[1]); } free(keys); } /* Novell key-format scheme: KrbKeySet ::= SEQUENCE { attribute-major-vno [0] UInt16, attribute-minor-vno [1] UInt16, kvno [2] UInt32, mkvno [3] UInt32 OPTIONAL, keys [4] SEQUENCE OF KrbKey, ... } KrbKey ::= SEQUENCE { salt [0] KrbSalt OPTIONAL, key [1] EncryptionKey, s2kparams [2] OCTET STRING OPTIONAL, ... } KrbSalt ::= SEQUENCE { type [0] Int32, salt [1] OCTET STRING OPTIONAL } EncryptionKey ::= SEQUENCE { keytype [0] Int32, keyvalue [1] OCTET STRING } */ int ber_encode_krb5_key_data(krb5_key_data *data, int numk, int mkvno, struct berval **encoded) { BerElement *be = NULL; ber_tag_t tag; int ret, i; be = ber_alloc_t(LBER_USE_DER); if (!be) { return ENOMEM; } tag = LBER_CONSTRUCTED | LBER_CLASS_CONTEXT; ret = ber_printf(be, "{t[i]t[i]t[i]t[i]t[{", tag | 0, 1, tag | 1, 1, tag | 2, (ber_int_t)data[0].key_data_kvno, tag | 3, (ber_int_t)mkvno, tag | 4); if (ret == -1) { ret = EFAULT; goto done; } for (i = 0; i < numk; i++) { ret = ber_printf(be, "{"); if (ret == -1) { ret = EFAULT; goto done; } if (data[i].key_data_length[1] != 0) { ret = ber_printf(be, "t[{t[i]", tag | 0, tag | 0, (ber_int_t)data[i].key_data_type[1]); if (ret != -1) { ret = ber_printf(be, "t[o]", tag | 1, data[i].key_data_contents[1], (ber_len_t)data[i].key_data_length[1]); } if (ret != -1) { ret = ber_printf(be, "}]"); } if (ret == -1) { ret = EFAULT; goto done; } } ret = ber_printf(be, "t[{t[i]t[o]}]", tag | 1, tag | 0, (ber_int_t)data[i].key_data_type[0], tag | 1, data[i].key_data_contents[0], (ber_len_t)data[i].key_data_length[0]); if (ret == -1) { ret = EFAULT; goto done; } ret = ber_printf(be, "}"); if (ret == -1) { ret = EFAULT; goto done; } } ret = ber_printf(be, "}]}"); if (ret == -1) { ret = EFAULT; goto done; } ret = ber_flatten(be, encoded); if (ret == -1) { ret = EFAULT; goto done; } done: ber_free(be, 1); return ret; } krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext, const char * const *vals, int n_vals, krb5_key_salt_tuple **kst, int *n_kst) { krb5_error_code kerr; krb5_key_salt_tuple *ks; int n_ks; int i; ks = calloc(n_vals + 1, sizeof(krb5_key_salt_tuple)); if (!ks) { return ENOMEM; } for (i = 0, n_ks = 0; i < n_vals; i++) { char *enc, *salt; krb5_int32 tmpsalt; krb5_enctype tmpenc; krb5_boolean similar; krb5_error_code krberr; int j; enc = strdup(vals[i]); if (!enc) { kerr = ENOMEM; goto fail; } salt = strchr(enc, ':'); if (!salt) { free(enc); continue; } *salt = '\0'; /* null terminate the enc type */ salt++; /* skip : */ krberr = krb5_string_to_enctype(enc, &tmpenc); if (krberr) { free(enc); continue; } krberr = krb5_string_to_salttype(salt, &tmpsalt); for (j = 0; j < n_ks; j++) { krb5_c_enctype_compare(kcontext,