xref: /freebsd/crypto/krb5/src/tests/t_princflags.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1from k5test import *
2from princflags import *
3import re
4
5realm = K5Realm(create_host=False, get_creds=False)
6
7# Regex pattern to match an empty attribute line from kadmin getprinc
8emptyattr = re.compile('^Attributes:$', re.MULTILINE)
9
10
11# Regex pattern to match a kadmin getprinc output for a flag tuple
12def attr_pat(ftuple):
13    return re.compile('^Attributes: ' + ftuple.flagname() + '$',
14                      re.MULTILINE)
15
16
17# Test one flag tuple for kadmin ank.
18def one_kadmin_flag(ftuple):
19    pat = attr_pat(ftuple)
20    realm.run([kadminl, 'ank', ftuple.setspec(),
21               '-pw', 'password', 'test'])
22    out = realm.run([kadminl, 'getprinc', 'test'])
23    if not pat.search(out):
24        fail('Failed to set flag ' + ftuple.flagname())
25
26    realm.run([kadminl, 'modprinc', ftuple.clearspec(), 'test'])
27    out = realm.run([kadminl, 'getprinc', 'test'])
28    if not emptyattr.search(out):
29        fail('Failed to clear flag ' + ftuple.flagname())
30    realm.run([kadminl, 'delprinc', 'test'])
31
32
33# Generate a custom kdc.conf with default_principal_flags set
34# according to ftuple.
35def genkdcconf(ftuple):
36    d = { 'realms': { '$realm': {
37                'default_principal_flags': ftuple.setspec()
38                }}}
39    return realm.special_env('tmp', True, kdc_conf=d)
40
41
42# Test one ftuple for kdc.conf default_principal_flags.
43def one_kdcconf(ftuple):
44    e = genkdcconf(ftuple)
45    pat = attr_pat(ftuple)
46    realm.run([kadminl, 'ank', '-pw', 'password', 'test'], env=e)
47    out = realm.run([kadminl, 'getprinc', 'test'])
48    if not pat.search(out):
49        fail('Failed to set flag ' + ftuple.flagname() + ' via kdc.conf')
50
51    realm.run([kadminl, 'delprinc', 'test'])
52
53
54# Principal name for kadm5.acl line
55def ftuple2pname(ftuple, doset):
56    pname = 'set_' if doset else 'clear_'
57    return pname + ftuple.flagname()
58
59
60# Translate a strconv ftuple to a spec string for kadmin.
61def ftuple2kadm_spec(ftuple, doset):
62    ktuple = kadmin_itable[ftuple.flag]
63    if ktuple.invert != ftuple.invert:
64        # Could do:
65        # doset = not doset
66        # but this shouldn't happen.
67        raise ValueError
68    return ktuple.spec(doset)
69
70
71# Generate a line for kadm5.acl.
72def acl_line(ftuple, doset):
73    pname = ftuple2pname(ftuple, doset)
74    spec = ftuple.spec(doset)
75    return "%s * %s %s\n" % (realm.admin_princ, pname, spec)
76
77
78# Test one kadm5.acl line for a ftuple.
79def one_aclcheck(ftuple, doset):
80    pname = ftuple2pname(ftuple, doset)
81    pat = attr_pat(ftuple)
82    outname = ftuple.flagname()
83    # Create the principal and check that the flag is correctly set or
84    # cleared.
85    realm.run_kadmin(['ank', '-pw', 'password', pname])
86    out = realm.run([kadminl, 'getprinc', pname])
87    if doset:
88        if not pat.search(out):
89            fail('Failed to set flag ' + outname + ' via kadm5.acl')
90    else:
91        if not emptyattr.search(out):
92            fail('Failed to clear flag ' + outname + ' via kadm5.acl')
93    # If acl forces flag to be set, try to clear it, and vice versa.
94    spec = ftuple2kadm_spec(ftuple, not doset)
95    realm.run_kadmin(['modprinc', spec, pname])
96    out = realm.run([kadminl, 'getprinc', pname])
97    if doset:
98        if not pat.search(out):
99            fail('Failed to keep flag ' + outname + ' set')
100    else:
101        if not emptyattr.search(out):
102            fail('Failed to keep flag ' + outname + ' clear')
103
104
105# Set all flags simultaneously, even the ones that aren't defined yet.
106def lamptest():
107    pat = re.compile('^Attributes: ' +
108                     ' '.join(flags2namelist(0xffffffff)) +
109                     '$', re.MULTILINE)
110    realm.run([kadminl, 'ank', '-pw', 'password', '+0xffffffff', 'test'])
111    out = realm.run([kadminl, 'getprinc', 'test'])
112    if not pat.search(out):
113        fail('Failed to simultaenously set all flags')
114    realm.run([kadminl, 'delprinc', 'test'])
115
116
117for ftuple in kadmin_ftuples:
118    one_kadmin_flag(ftuple)
119
120for ftuple in strconv_ftuples:
121    one_kdcconf(ftuple)
122
123f = open(os.path.join(realm.testdir, 'acl'), 'w')
124for ftuple in strconv_ftuples:
125    f.write(acl_line(ftuple, True))
126    f.write(acl_line(ftuple, False))
127f.close()
128
129realm.start_kadmind()
130realm.prep_kadmin()
131
132for ftuple in strconv_ftuples:
133    one_aclcheck(ftuple, True)
134    one_aclcheck(ftuple, False)
135
136lamptest()
137
138success('KDB principal flags')
139