xref: /freebsd/crypto/krb5/src/tests/t_kprop.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1from k5test import *
2
3conf_replica = {'dbmodules': {'db': {'database_name': '$testdir/db.replica'}}}
4
5def setup_acl(realm):
6    acl_file = os.path.join(realm.testdir, 'kpropd-acl')
7    acl = open(acl_file, 'w')
8    acl.write(realm.host_princ + '\n')
9    acl.close()
10
11def check_output(kpropd):
12    output('*** kpropd output follows\n')
13    while True:
14        line = kpropd.stdout.readline()
15        if 'Database load process for full propagation completed' in line:
16            break
17        output('kpropd: ' + line)
18        if 'Rejected connection' in line:
19            fail('kpropd rejected connection from kprop')
20
21# kprop/kpropd are the only users of krb5_auth_con_initivector, so run
22# this test over all enctypes to exercise mkpriv cipher state.
23for realm in multipass_realms(create_user=False):
24    replica = realm.special_env('replica', True, kdc_conf=conf_replica)
25
26    # Set up the kpropd acl file.
27    setup_acl(realm)
28
29    # Create the replica db.
30    dumpfile = os.path.join(realm.testdir, 'dump')
31    realm.run([kdb5_util, 'dump', dumpfile])
32    realm.run([kdb5_util, 'load', dumpfile], replica)
33    realm.run([kdb5_util, 'stash', '-P', 'master'], replica)
34
35    # Make some changes to the primary db.
36    realm.addprinc('wakawaka')
37
38    # Start kpropd.
39    kpropd = realm.start_kpropd(replica, ['-d'])
40
41    realm.run([kdb5_util, 'dump', dumpfile])
42    realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
43    check_output(kpropd)
44
45    realm.run([kadminl, 'listprincs'], replica, expected_msg='wakawaka')
46
47# default_realm tests follow.
48# default_realm and domain_realm different than realm.realm (test -r argument).
49conf_rep2 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
50krb5_conf_rep2 = {'libdefaults': {'default_realm': 'FOO'},
51                  'domain_realm': {hostname: 'FOO'}}
52# default_realm and domain_realm map differ.
53conf_rep3 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
54krb5_conf_rep3 = {'domain_realm':  {hostname: 'BAR'}}
55
56realm = K5Realm(create_user=False)
57replica2 = realm.special_env('replica2', True, kdc_conf=conf_rep2,
58                             krb5_conf=krb5_conf_rep2)
59replica3 = realm.special_env('replica3', True, kdc_conf=conf_rep3,
60                             krb5_conf=krb5_conf_rep3)
61
62setup_acl(realm)
63
64# Create the replica db.
65dumpfile = os.path.join(realm.testdir, 'dump')
66realm.run([kdb5_util, 'dump', dumpfile])
67realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica2)
68realm.run([kdb5_util, 'load', dumpfile], replica3)
69
70# Make some changes to the primary db.
71realm.addprinc('wakawaka')
72
73# Test override of default_realm with -r realm argument.
74kpropd = realm.start_kpropd(replica2, ['-r', realm.realm, '-d'])
75realm.run([kdb5_util, 'dump', dumpfile])
76realm.run([kprop, '-r', realm.realm, '-f', dumpfile, '-P',
77           str(realm.kprop_port()), hostname])
78check_output(kpropd)
79realm.run([kadminl, '-r', realm.realm, 'listprincs'], replica2,
80          expected_msg='wakawaka')
81
82stop_daemon(kpropd)
83
84# Test default_realm and domain_realm mismatch.
85kpropd = realm.start_kpropd(replica3, ['-d'])
86realm.run([kdb5_util, 'dump', dumpfile])
87realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
88check_output(kpropd)
89realm.run([kadminl, 'listprincs'], replica3, expected_msg='wakawaka')
90stop_daemon(kpropd)
91
92# This test is too resource-intensive to be included in "make check"
93# by default, but it can be enabled in the environment to test the
94# propagation of databases large enough to require a 12-byte encoding
95# of the database size.
96if 'KPROP_LARGE_DB_TEST' in os.environ:
97    output('Generating >4GB dumpfile\n')
98    with open(dumpfile, 'w') as f:
99        f.write('kdb5_util load_dump version 6\n')
100        f.write('princ\t38\t15\t3\t1\t0\tK/M@KRBTEST.COM\t64\t86400\t0\t0\t0'
101                '\t0\t0\t0\t8\t2\t0100\t9\t8\t0100010000000000\t2\t28'
102                '\tb93e105164625f6372656174696f6e404b5242544553542e434f4d00'
103                '\t1\t1\t18\t62\t2000408c027c250e8cc3b81476414f2214d57c1ce'
104                '38891e29792e87258247c73547df4d5756266931dd6686b62270e6568'
105                '95a31ec66bfe913b4f15226227\t-1;\n')
106        for i in range(1, 20000000):
107            f.write('princ\t38\t21\t1\t1\t0\tp%08d@KRBTEST.COM' % i)
108            f.write('\t0\t86400\t0\t0\t0\t0\t0\t0\t2\t27'
109                    '\td73e1051757365722f61646d696e404b5242544553542e434f4d00'
110                    '\t1\t1\t17\t46'
111                    '\t10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c49'
112                    '5605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf\t-1;\n')
113    assert os.path.getsize(dumpfile) > 4 * 1024 * 1024 * 1024
114    with open(dumpfile + '.dump_ok', 'w') as f:
115        f.write('\0')
116    conf_large = {'dbmodules': {'db': {'database_name': '$testdir/db.large'}},
117                  'realms': {'$realm': {'iprop_resync_timeout': '3600'}}}
118    large = realm.special_env('large', True, kdc_conf=conf_large)
119    kpropd = realm.start_kpropd(large, ['-d'])
120    realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
121    check_output(kpropd)
122    realm.run([kadminl, 'getprinc', 'p19999999'], env=large,
123              expected_msg='Principal: p19999999')
124
125success('kprop tests')
126