|
|
8c1676 |
From b133e1613751fbb2ce6ed2ba3b63bf45805968a5 Mon Sep 17 00:00:00 2001
|
|
|
8c1676 |
From: Matt Rogers <mrogers@redhat.com>
|
|
|
8c1676 |
Date: Fri, 22 Apr 2016 12:23:37 -0400
|
|
|
8c1676 |
Subject: [PATCH 3/3] Add kprop and iprop default_realm tests
|
|
|
8c1676 |
|
|
|
8c1676 |
Add tests to t_iprop.py and t_kprop.py that exercise cases where
|
|
|
8c1676 |
default_realm and domain_realm maps differ, as well as overriding the
|
|
|
8c1676 |
default realm with the -r argument. This includes the testing of -r
|
|
|
8c1676 |
with kadmind, and an update of expected ulog numbers for tests following
|
|
|
8c1676 |
the addition of an incremental test. Also refactor some common code in
|
|
|
8c1676 |
t_kprop.py to use in the new tests.
|
|
|
8c1676 |
|
|
|
8c1676 |
ticket: 8277
|
|
|
8c1676 |
---
|
|
|
8c1676 |
src/tests/t_iprop.py | 114 ++++++++++++++++++++++++++++++++++++++++-----------
|
|
|
8c1676 |
src/tests/t_kprop.py | 77 ++++++++++++++++++++++++++++------
|
|
|
8c1676 |
2 files changed, 155 insertions(+), 36 deletions(-)
|
|
|
8c1676 |
|
|
|
8c1676 |
diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
|
|
|
8c1676 |
index 6b38b8a..71f5415 100755
|
|
|
8c1676 |
--- a/src/tests/t_iprop.py
|
|
|
8c1676 |
+++ b/src/tests/t_iprop.py
|
|
|
8c1676 |
@@ -127,11 +127,35 @@ conf_slave2 = {'realms': {'$realm': {'iprop_slave_poll': '600',
|
|
|
8c1676 |
'iprop_port': '$port8'}},
|
|
|
8c1676 |
'dbmodules': {'db': {'database_name': '$testdir/db.slave2'}}}
|
|
|
8c1676 |
|
|
|
8c1676 |
+conf_foo = {'libdefaults': {'default_realm': 'FOO'},
|
|
|
8c1676 |
+ 'domain_realm': {hostname: 'FOO'}}
|
|
|
8c1676 |
+
|
|
|
8c1676 |
realm = K5Realm(kdc_conf=conf, create_user=False, start_kadmind=True)
|
|
|
8c1676 |
slave1 = realm.special_env('slave1', True, kdc_conf=conf_slave1)
|
|
|
8c1676 |
-slave1m = realm.special_env('slave1m', True, kdc_conf=conf_slave1m)
|
|
|
8c1676 |
+slave1m = realm.special_env('slave1m', True, krb5_conf=conf_foo,
|
|
|
8c1676 |
+ kdc_conf=conf_slave1m)
|
|
|
8c1676 |
slave2 = realm.special_env('slave2', True, kdc_conf=conf_slave2)
|
|
|
8c1676 |
|
|
|
8c1676 |
+# A default_realm and domain_realm that do not match the KDC's realm.
|
|
|
8c1676 |
+# The FOO realm iprop_logfile setting is needed to run kproplog during
|
|
|
8c1676 |
+# a slave3 test, since kproplog has no realm option.
|
|
|
8c1676 |
+conf_slave3 = {'realms': {'$realm': {'iprop_slave_poll': '600',
|
|
|
8c1676 |
+ 'iprop_logfile': '$testdir/ulog.slave3',
|
|
|
8c1676 |
+ 'iprop_port': '$port8'},
|
|
|
8c1676 |
+ 'FOO': {'iprop_logfile': '$testdir/ulog.slave3'}},
|
|
|
8c1676 |
+ 'dbmodules': {'db': {'database_name': '$testdir/db.slave3'}}}
|
|
|
8c1676 |
+slave3 = realm.special_env('slave3', True, krb5_conf=conf_foo,
|
|
|
8c1676 |
+ kdc_conf=conf_slave3)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# A default realm and a domain realm map that differ.
|
|
|
8c1676 |
+krb5_conf_slave4 = {'domain_realm': {hostname: 'FOO'}}
|
|
|
8c1676 |
+conf_slave4 = {'realms': {'$realm': {'iprop_slave_poll': '600',
|
|
|
8c1676 |
+ 'iprop_logfile': '$testdir/ulog.slave4',
|
|
|
8c1676 |
+ 'iprop_port': '$port8'}},
|
|
|
8c1676 |
+ 'dbmodules': {'db': {'database_name': '$testdir/db.slave4'}}}
|
|
|
8c1676 |
+slave4 = realm.special_env('slave4', True, krb5_conf=krb5_conf_slave4,
|
|
|
8c1676 |
+ kdc_conf=conf_slave4)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
# Define some principal names. pr3 is long enough to cause internal
|
|
|
8c1676 |
# reallocs, but not long enough to grow the basic ulog entry size.
|
|
|
8c1676 |
pr1 = 'wakawaka@' + realm.realm
|
|
|
8c1676 |
@@ -155,11 +179,13 @@ if not os.path.exists(ulog):
|
|
|
8c1676 |
kiprop_princ = 'kiprop/' + hostname
|
|
|
8c1676 |
realm.extract_keytab(kiprop_princ, realm.keytab)
|
|
|
8c1676 |
|
|
|
8c1676 |
-# Create the initial slave1 and slave2 databases.
|
|
|
8c1676 |
+# Create the initial slave databases.
|
|
|
8c1676 |
dumpfile = os.path.join(realm.testdir, 'dump')
|
|
|
8c1676 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
|
8c1676 |
realm.run([kdb5_util, 'load', dumpfile], slave1)
|
|
|
8c1676 |
realm.run([kdb5_util, 'load', dumpfile], slave2)
|
|
|
8c1676 |
+realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], slave3)
|
|
|
8c1676 |
+realm.run([kdb5_util, 'load', dumpfile], slave4)
|
|
|
8c1676 |
|
|
|
8c1676 |
# Reinitialize the master ulog so we know exactly what to expect in
|
|
|
8c1676 |
# it.
|
|
|
8c1676 |
@@ -198,9 +224,49 @@ slave1_out_dump_path = os.path.join(realm.testdir, 'dump.slave1.out')
|
|
|
8c1676 |
slave2_in_dump_path = os.path.join(realm.testdir, 'dump.slave2.in')
|
|
|
8c1676 |
slave2_kprop_port = str(realm.portbase + 9)
|
|
|
8c1676 |
slave1m['KPROP_PORT'] = slave2_kprop_port
|
|
|
8c1676 |
-realm.start_server([kadmind, '-nofork', '-proponly', '-W', '-p', kdb5_util,
|
|
|
8c1676 |
- '-K', kprop, '-F', slave1_out_dump_path], 'starting...',
|
|
|
8c1676 |
- slave1m)
|
|
|
8c1676 |
+realm.start_server([kadmind, '-r', realm.realm, '-nofork', '-proponly', '-W',
|
|
|
8c1676 |
+ '-p', kdb5_util, '-K', kprop, '-F', slave1_out_dump_path],
|
|
|
8c1676 |
+ 'starting...', slave1m)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Test similar default_realm and domain_realm map settings with -r realm.
|
|
|
8c1676 |
+slave3_in_dump_path = os.path.join(realm.testdir, 'dump.slave3.in')
|
|
|
8c1676 |
+kpropd3 = realm.start_server([kpropd, '-d', '-D', '-r', realm.realm, '-P',
|
|
|
8c1676 |
+ slave2_kprop_port, '-f', slave3_in_dump_path,
|
|
|
8c1676 |
+ '-p', kdb5_util, '-a', acl_file, '-A', hostname],
|
|
|
8c1676 |
+ 'ready', slave3)
|
|
|
8c1676 |
+wait_for_prop(kpropd3, True, 1, 7)
|
|
|
8c1676 |
+out = realm.run([kadminl, '-r', realm.realm, 'listprincs'], env=slave3)
|
|
|
8c1676 |
+if pr1 not in out or pr2 not in out or pr3 not in out:
|
|
|
8c1676 |
+ fail('slave3 does not have all principals from slave1')
|
|
|
8c1676 |
+check_ulog(1, 7, 7, [None], env=slave3)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Test an incremental propagation for the kpropd -r case.
|
|
|
8c1676 |
+realm.run([kadminl, 'modprinc', '-maxlife', '20 minutes', pr1])
|
|
|
8c1676 |
+check_ulog(8, 1, 8, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1])
|
|
|
8c1676 |
+kpropd1.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
+wait_for_prop(kpropd1, False, 7, 8)
|
|
|
8c1676 |
+check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
|
|
|
8c1676 |
+out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
|
|
|
8c1676 |
+if 'Maximum ticket life: 0 days 00:20:00' not in out:
|
|
|
8c1676 |
+ fail('slave1 does not have modification from master')
|
|
|
8c1676 |
+kpropd3.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
+wait_for_prop(kpropd3, False, 7, 8)
|
|
|
8c1676 |
+check_ulog(2, 7, 8, [None, pr1], slave3)
|
|
|
8c1676 |
+out = realm.run([kadminl, '-r', realm.realm, 'getprinc', pr1], env=slave3)
|
|
|
8c1676 |
+if 'Maximum ticket life: 0 days 00:20:00' not in out:
|
|
|
8c1676 |
+ fail('slave3 does not have modification from slave1')
|
|
|
8c1676 |
+stop_daemon(kpropd3)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Test dissimilar default_realm and domain_realm map settings (no -r realm).
|
|
|
8c1676 |
+slave4_in_dump_path = os.path.join(realm.testdir, 'dump.slave4.in')
|
|
|
8c1676 |
+kpropd4 = realm.start_server([kpropd, '-d', '-D', '-P', slave2_kprop_port,
|
|
|
8c1676 |
+ '-f', slave4_in_dump_path, '-p', kdb5_util,
|
|
|
8c1676 |
+ '-a', acl_file, '-A', hostname], 'ready', slave4)
|
|
|
8c1676 |
+wait_for_prop(kpropd4, True, 1, 8)
|
|
|
8c1676 |
+out = realm.run([kadminl, 'listprincs'], env=slave4)
|
|
|
8c1676 |
+if pr1 not in out or pr2 not in out or pr3 not in out:
|
|
|
8c1676 |
+ fail('slave4 does not have all principals from slave1')
|
|
|
8c1676 |
+stop_daemon(kpropd4)
|
|
|
8c1676 |
|
|
|
8c1676 |
# Start kpropd for slave2. The -A option isn't needed since we're
|
|
|
8c1676 |
# talking to the same host as master (we specify it anyway to exercise
|
|
|
8c1676 |
@@ -209,8 +275,8 @@ realm.start_server([kadmind, '-nofork', '-proponly', '-W', '-p', kdb5_util,
|
|
|
8c1676 |
kpropd2 = realm.start_server([kpropd, '-d', '-D', '-P', slave2_kprop_port,
|
|
|
8c1676 |
'-f', slave2_in_dump_path, '-p', kdb5_util,
|
|
|
8c1676 |
'-a', acl_file, '-A', hostname], 'ready', slave2)
|
|
|
8c1676 |
-wait_for_prop(kpropd2, True, 1, 7)
|
|
|
8c1676 |
-check_ulog(1, 7, 7, [None], slave2)
|
|
|
8c1676 |
+wait_for_prop(kpropd2, True, 1, 8)
|
|
|
8c1676 |
+check_ulog(2, 7, 8, [None, pr1], slave2)
|
|
|
8c1676 |
out = realm.run([kadminl, 'listprincs'], env=slave1)
|
|
|
8c1676 |
if pr1 not in out or pr2 not in out or pr3 not in out:
|
|
|
8c1676 |
fail('slave2 does not have all principals from slave1')
|
|
|
8c1676 |
@@ -218,16 +284,16 @@ if pr1 not in out or pr2 not in out or pr3 not in out:
|
|
|
8c1676 |
# Make another change and check that it propagates incrementally to
|
|
|
8c1676 |
# both slaves.
|
|
|
8c1676 |
realm.run([kadminl, 'modprinc', '-maxrenewlife', '22 hours', pr1])
|
|
|
8c1676 |
-check_ulog(8, 1, 8, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1])
|
|
|
8c1676 |
+check_ulog(9, 1, 9, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr1])
|
|
|
8c1676 |
kpropd1.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd1, False, 7, 8)
|
|
|
8c1676 |
-check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
|
|
|
8c1676 |
+wait_for_prop(kpropd1, False, 8, 9)
|
|
|
8c1676 |
+check_ulog(4, 6, 9, [None, pr2, pr1, pr1], slave1)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
|
|
|
8c1676 |
if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
|
|
|
8c1676 |
fail('slave1 does not have modification from master')
|
|
|
8c1676 |
kpropd2.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd2, False, 7, 8)
|
|
|
8c1676 |
-check_ulog(2, 7, 8, [None, pr1], slave2)
|
|
|
8c1676 |
+wait_for_prop(kpropd2, False, 8, 9)
|
|
|
8c1676 |
+check_ulog(3, 7, 9, [None, pr1, pr1], slave2)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getprinc', pr1], env=slave2)
|
|
|
8c1676 |
if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
|
|
|
8c1676 |
fail('slave2 does not have modification from slave1')
|
|
|
8c1676 |
@@ -239,25 +305,25 @@ if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
|
|
|
8c1676 |
realm.run([kproplog, '-R'], slave1)
|
|
|
8c1676 |
check_ulog(1, 1, 1, [None], slave1)
|
|
|
8c1676 |
kpropd1.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd1, True, 1, 8)
|
|
|
8c1676 |
-check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
|
|
|
8c1676 |
+wait_for_prop(kpropd1, True, 1, 9)
|
|
|
8c1676 |
+check_ulog(4, 6, 9, [None, pr2, pr1, pr1], slave1)
|
|
|
8c1676 |
kpropd2.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd2, False, 8, 8)
|
|
|
8c1676 |
-check_ulog(2, 7, 8, [None, pr1], slave2)
|
|
|
8c1676 |
+wait_for_prop(kpropd2, False, 9, 9)
|
|
|
8c1676 |
+check_ulog(3, 7, 9, [None, pr1, pr1], slave2)
|
|
|
8c1676 |
|
|
|
8c1676 |
# Make another change and check that it propagates incrementally to
|
|
|
8c1676 |
# both slaves.
|
|
|
8c1676 |
-realm.run([kadminl, 'modprinc', '+allow_tix', 'w'])
|
|
|
8c1676 |
-check_ulog(9, 1, 9, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr2])
|
|
|
8c1676 |
+realm.run([kadminl, 'modprinc', '+allow_tix', pr2])
|
|
|
8c1676 |
+check_ulog(10, 1, 10, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr1, pr2])
|
|
|
8c1676 |
kpropd1.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd1, False, 8, 9)
|
|
|
8c1676 |
-check_ulog(4, 6, 9, [None, pr2, pr1, pr2], slave1)
|
|
|
8c1676 |
+wait_for_prop(kpropd1, False, 9, 10)
|
|
|
8c1676 |
+check_ulog(5, 6, 10, [None, pr2, pr1, pr1, pr2], slave1)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getprinc', pr2], env=slave1)
|
|
|
8c1676 |
if 'Attributes:\n' not in out:
|
|
|
8c1676 |
fail('slave1 does not have modification from master')
|
|
|
8c1676 |
kpropd2.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd2, False, 8, 9)
|
|
|
8c1676 |
-check_ulog(3, 7, 9, [None, pr1, pr2], slave2)
|
|
|
8c1676 |
+wait_for_prop(kpropd2, False, 9, 10)
|
|
|
8c1676 |
+check_ulog(4, 7, 10, [None, pr1, pr1, pr2], slave2)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getprinc', pr2], env=slave2)
|
|
|
8c1676 |
if 'Attributes:\n' not in out:
|
|
|
8c1676 |
fail('slave2 does not have modification from slave1')
|
|
|
8c1676 |
@@ -266,13 +332,13 @@ if 'Attributes:\n' not in out:
|
|
|
8c1676 |
realm.run([kadminl, 'addpol', '-minclasses', '2', 'testpol'])
|
|
|
8c1676 |
check_ulog(1, 1, 1, [None])
|
|
|
8c1676 |
kpropd1.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd1, True, 9, 1)
|
|
|
8c1676 |
+wait_for_prop(kpropd1, True, 10, 1)
|
|
|
8c1676 |
check_ulog(1, 1, 1, [None], slave1)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
|
|
|
8c1676 |
if 'Minimum number of password character classes: 2' not in out:
|
|
|
8c1676 |
fail('slave1 does not have policy from master')
|
|
|
8c1676 |
kpropd2.send_signal(signal.SIGUSR1)
|
|
|
8c1676 |
-wait_for_prop(kpropd2, True, 9, 1)
|
|
|
8c1676 |
+wait_for_prop(kpropd2, True, 10, 1)
|
|
|
8c1676 |
check_ulog(1, 1, 1, [None], slave2)
|
|
|
8c1676 |
out = realm.run([kadminl, 'getpol', 'testpol'], env=slave2)
|
|
|
8c1676 |
if 'Minimum number of password character classes: 2' not in out:
|
|
|
8c1676 |
diff --git a/src/tests/t_kprop.py b/src/tests/t_kprop.py
|
|
|
8c1676 |
index d625627..02cdfee 100755
|
|
|
8c1676 |
--- a/src/tests/t_kprop.py
|
|
|
8c1676 |
+++ b/src/tests/t_kprop.py
|
|
|
8c1676 |
@@ -3,16 +3,29 @@ from k5test import *
|
|
|
8c1676 |
|
|
|
8c1676 |
conf_slave = {'dbmodules': {'db': {'database_name': '$testdir/db.slave'}}}
|
|
|
8c1676 |
|
|
|
8c1676 |
+def setup_acl(realm):
|
|
|
8c1676 |
+ acl_file = os.path.join(realm.testdir, 'kpropd-acl')
|
|
|
8c1676 |
+ acl = open(acl_file, 'w')
|
|
|
8c1676 |
+ acl.write(realm.host_princ + '\n')
|
|
|
8c1676 |
+ acl.close()
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+def check_output(kpropd):
|
|
|
8c1676 |
+ output('*** kpropd output follows\n')
|
|
|
8c1676 |
+ while True:
|
|
|
8c1676 |
+ line = kpropd.stdout.readline()
|
|
|
8c1676 |
+ if 'Database load process for full propagation completed' in line:
|
|
|
8c1676 |
+ break
|
|
|
8c1676 |
+ output('kpropd: ' + line)
|
|
|
8c1676 |
+ if 'Rejected connection' in line:
|
|
|
8c1676 |
+ fail('kpropd rejected connection from kprop')
|
|
|
8c1676 |
+
|
|
|
8c1676 |
# kprop/kpropd are the only users of krb5_auth_con_initivector, so run
|
|
|
8c1676 |
# this test over all enctypes to exercise mkpriv cipher state.
|
|
|
8c1676 |
for realm in multipass_realms(create_user=False):
|
|
|
8c1676 |
slave = realm.special_env('slave', True, kdc_conf=conf_slave)
|
|
|
8c1676 |
|
|
|
8c1676 |
# Set up the kpropd acl file.
|
|
|
8c1676 |
- acl_file = os.path.join(realm.testdir, 'kpropd-acl')
|
|
|
8c1676 |
- acl = open(acl_file, 'w')
|
|
|
8c1676 |
- acl.write(realm.host_princ + '\n')
|
|
|
8c1676 |
- acl.close()
|
|
|
8c1676 |
+ setup_acl(realm)
|
|
|
8c1676 |
|
|
|
8c1676 |
# Create the slave db.
|
|
|
8c1676 |
dumpfile = os.path.join(realm.testdir, 'dump')
|
|
|
8c1676 |
@@ -28,17 +41,57 @@ for realm in multipass_realms(create_user=False):
|
|
|
8c1676 |
|
|
|
8c1676 |
realm.run([kdb5_util, 'dump', dumpfile])
|
|
|
8c1676 |
realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
|
|
|
8c1676 |
- output('*** kpropd output follows\n')
|
|
|
8c1676 |
- while True:
|
|
|
8c1676 |
- line = kpropd.stdout.readline()
|
|
|
8c1676 |
- if 'Database load process for full propagation completed' in line:
|
|
|
8c1676 |
- break
|
|
|
8c1676 |
- output('kpropd: ' + line)
|
|
|
8c1676 |
- if 'Rejected connection' in line:
|
|
|
8c1676 |
- fail('kpropd rejected connection from kprop')
|
|
|
8c1676 |
+ check_output(kpropd)
|
|
|
8c1676 |
|
|
|
8c1676 |
out = realm.run([kadminl, 'listprincs'], slave)
|
|
|
8c1676 |
if 'wakawaka' not in out:
|
|
|
8c1676 |
fail('Slave does not have all principals from master')
|
|
|
8c1676 |
|
|
|
8c1676 |
+# default_realm tests follow.
|
|
|
8c1676 |
+# default_realm and domain_realm different than realm.realm (test -r argument).
|
|
|
8c1676 |
+conf_slave2 = {'dbmodules': {'db': {'database_name': '$testdir/db.slave2'}}}
|
|
|
8c1676 |
+krb5_conf_slave2 = {'libdefaults': {'default_realm': 'FOO'},
|
|
|
8c1676 |
+ 'domain_realm': {hostname: 'FOO'}}
|
|
|
8c1676 |
+# default_realm and domain_realm map differ.
|
|
|
8c1676 |
+conf_slave3 = {'dbmodules': {'db': {'database_name': '$testdir/db.slave3'}}}
|
|
|
8c1676 |
+krb5_conf_slave3 = {'domain_realm': {hostname: 'BAR'}}
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+realm = K5Realm(create_user=False)
|
|
|
8c1676 |
+slave2 = realm.special_env('slave2', True, kdc_conf=conf_slave2,
|
|
|
8c1676 |
+ krb5_conf=krb5_conf_slave2)
|
|
|
8c1676 |
+slave3 = realm.special_env('slave3', True, kdc_conf=conf_slave3,
|
|
|
8c1676 |
+ krb5_conf=krb5_conf_slave3)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+setup_acl(realm)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Create the slave db.
|
|
|
8c1676 |
+dumpfile = os.path.join(realm.testdir, 'dump')
|
|
|
8c1676 |
+realm.run([kdb5_util, 'dump', dumpfile])
|
|
|
8c1676 |
+realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], slave2)
|
|
|
8c1676 |
+realm.run([kdb5_util, 'load', dumpfile], slave3)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Make some changes to the master db.
|
|
|
8c1676 |
+realm.addprinc('wakawaka')
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Test override of default_realm with -r realm argument.
|
|
|
8c1676 |
+kpropd = realm.start_kpropd(slave2, ['-r', realm.realm, '-d'])
|
|
|
8c1676 |
+realm.run([kdb5_util, 'dump', dumpfile])
|
|
|
8c1676 |
+realm.run([kprop, '-r', realm.realm, '-f', dumpfile, '-P',
|
|
|
8c1676 |
+ str(realm.kprop_port()), hostname])
|
|
|
8c1676 |
+check_output(kpropd)
|
|
|
8c1676 |
+out = realm.run([kadminl, '-r', realm.realm, 'listprincs'], slave2)
|
|
|
8c1676 |
+if 'wakawaka' not in out:
|
|
|
8c1676 |
+ fail('Slave does not have all principals from master')
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+stop_daemon(kpropd)
|
|
|
8c1676 |
+
|
|
|
8c1676 |
+# Test default_realm and domain_realm mismatch.
|
|
|
8c1676 |
+kpropd = realm.start_kpropd(slave3, ['-d'])
|
|
|
8c1676 |
+realm.run([kdb5_util, 'dump', dumpfile])
|
|
|
8c1676 |
+realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
|
|
|
8c1676 |
+check_output(kpropd)
|
|
|
8c1676 |
+out = realm.run([kadminl, 'listprincs'], slave3)
|
|
|
8c1676 |
+if 'wakawaka' not in out:
|
|
|
8c1676 |
+ fail('Slave does not have all principals from master')
|
|
|
8c1676 |
+
|
|
|
8c1676 |
success('kprop tests')
|
|
|
8c1676 |
--
|
|
|
8c1676 |
2.8.1
|
|
|
8c1676 |
|