1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
#!/usr/bin/python
from k5test import *
from filecmp import cmp
# Make sure we can dump and load an ordinary database, and that
# principals and policies survive a dump/load cycle.
realm = K5Realm(start_kdc=False)
realm.run_kadminl('addpol fred')
# Create a dump file.
dumpfile = os.path.join(realm.testdir, 'dump')
realm.run([kdb5_util, 'dump', dumpfile])
# Write an additional policy record to the dump.
f = open('testdir/dump', 'a')
f.write('policy barney 0 0 1 1 1 0 '
'0 0 0 0 0 0 - 1 '
'2 28 '
'fd100f5064625f6372656174696f6e404b5242544553542e434f4d00')
f.close()
# Destroy and load the database; check that the policies exist.
# Spot-check principal and policy fields.
realm.run([kdb5_util, 'destroy', '-f'])
realm.run([kdb5_util, 'load', dumpfile])
out = realm.run_kadminl('getprincs')
if realm.user_princ not in out or realm.host_princ not in out:
fail('Missing principal after load')
out = realm.run_kadminl('getprinc %s' % realm.user_princ)
if 'Expiration date: [never]' not in out or 'MKey: vno 1' not in out:
fail('Principal has wrong value after load')
out = realm.run_kadminl('getpols')
if 'fred\n' not in out or 'barney\n' not in out:
fail('Missing policy after load')
out = realm.run_kadminl('getpol barney')
if 'Number of old keys kept: 1' not in out:
fail('Policy has wrong value after load')
# Dump/load again, and make sure everything is still there.
realm.run([kdb5_util, 'dump', dumpfile])
realm.run([kdb5_util, 'load', dumpfile])
out = realm.run_kadminl('getprincs')
if realm.user_princ not in out or realm.host_princ not in out:
fail('Missing principal after load')
out = realm.run_kadminl('getpols')
if 'fred\n' not in out or 'barney\n' not in out:
fail('Missing policy after second load')
srcdumpdir = os.path.join(srctop, 'tests', 'dumpfiles')
srcdump = os.path.join(srcdumpdir, 'dump')
srcdump_r18 = os.path.join(srcdumpdir, 'dump.r18')
srcdump_r13 = os.path.join(srcdumpdir, 'dump.r13')
srcdump_b7 = os.path.join(srcdumpdir, 'dump.b7')
srcdump_ov = os.path.join(srcdumpdir, 'dump.ov')
# Load a dump file from the source directory.
realm.run([kdb5_util, 'destroy', '-f'])
realm.run([kdb5_util, 'load', srcdump])
realm.run([kdb5_util, 'stash', '-P', 'master'])
def dump_compare(realm, opt, srcfile):
realm.run([kdb5_util, 'dump'] + opt + [dumpfile])
if not cmp(srcfile, dumpfile, False):
fail('Dump output does not match %s' % srcfile)
# Dump the resulting DB in each non-iprop format and compare with
# expected outputs.
dump_compare(realm, [], srcdump)
dump_compare(realm, ['-r18'], srcdump_r18)
dump_compare(realm, ['-r13'], srcdump_r13)
dump_compare(realm, ['-b7'], srcdump_b7)
dump_compare(realm, ['-ov'], srcdump_ov)
def load_dump_check_compare(realm, opt, srcfile):
realm.run([kdb5_util, 'destroy', '-f'])
realm.run([kdb5_util, 'load'] + opt + [srcfile])
out = realm.run_kadminl('getprincs')
if 'user@' not in out:
fail('Loaded dumpfile missing user principal')
out = realm.run_kadminl('getprinc nokeys')
if 'Number of keys: 0' not in out:
fail('Loading dumpfile did not process zero-key principal')
out = realm.run_kadminl('getpols')
if 'testpol' not in out:
fail('Loaded dumpfile missing test policy')
dump_compare(realm, opt, srcfile)
# Load each format of dump, check it, re-dump it, and compare.
load_dump_check_compare(realm, ['-r18'], srcdump_r18)
load_dump_check_compare(realm, ['-r13'], srcdump_r13)
load_dump_check_compare(realm, ['-b7'], srcdump_b7)
# Loading the last (-b7 format) dump won't have loaded the
# per-principal kadm data. Load that incrementally with -ov.
out = realm.run_kadminl('getprinc user')
if 'Policy: [none]' not in out:
fail('Loaded b7 dump unexpectedly contains user policy reference')
realm.run([kdb5_util, 'load', '-update', '-ov', srcdump_ov])
out = realm.run_kadminl('getprinc user')
if 'Policy: testpol' not in out:
fail('Loading ov dump did not add user policy reference')
success('Dump/load tests')
|
