From f7b50b3e40ae43666fb10b0a1502f9cd88b6a2fe Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 3 Apr 2019 14:58:19 -0400 Subject: [PATCH] Remove confvalidator utility This utility has not been maintained with encryption types and salt changes, which suggests it is unused. (cherry picked from commit 482a366793d9338e9edb504b407d7704a4bb2f8f) --- src/util/confvalidator/README | 25 ---- src/util/confvalidator/confparser.py | 144 ------------------- src/util/confvalidator/rules.yml | 13 -- src/util/confvalidator/validator.conf | 2 - src/util/confvalidator/validator.py | 194 -------------------------- 5 files changed, 378 deletions(-) delete mode 100644 src/util/confvalidator/README delete mode 100644 src/util/confvalidator/confparser.py delete mode 100644 src/util/confvalidator/rules.yml delete mode 100644 src/util/confvalidator/validator.conf delete mode 100644 src/util/confvalidator/validator.py diff --git a/src/util/confvalidator/README b/src/util/confvalidator/README deleted file mode 100644 index 7bf7a106a..000000000 --- a/src/util/confvalidator/README +++ /dev/null @@ -1,25 +0,0 @@ -validator.py is a command line tool for identifying invalid attributes, values and some formating problems in Kerberos configuration files. -The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules file. - -Usage: - -validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath] - -Options: - -path – the path to the configuration file to validate - --d defPath – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”. - --r rulesPath - path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules. - --c validatorConfPath – the same as -r and -d options, but in validator configuration file format. - -Example: - -python validator.py src/config-files/krb5.conf -r rules.yml -d src/include/k5-int.h -or -python validator.py src/config-files/krb5.conf -c validator.conf - -For more details please refer to the sample files validator.conf and rules.yml - diff --git a/src/util/confvalidator/confparser.py b/src/util/confvalidator/confparser.py deleted file mode 100644 index 2fea142a5..000000000 --- a/src/util/confvalidator/confparser.py +++ /dev/null @@ -1,144 +0,0 @@ -''' -Created on Jan 31, 2010 - -@author: tsitkova -''' -import re -import copy -import yaml - -class ConfParser(object): - def __init__(self, path): - self.configuration = self._parse(path) - - def walk(self): - for trio in self._walk(self.configuration): - yield trio - - def _parse(self, path): - comment_pattern = re.compile(r'(\s*[#].*)') - section_pattern = re.compile(r'^\s*\[(?P
\w+)\]\s+$') - empty_pattern = re.compile(r'^\s*$') - equalsign_pattern = re.compile(r'=') - - section = None - parser_stack = list() - result = dict() - value = None - f = open(path, 'r') - for (ln,line) in enumerate(f): - line = comment_pattern.sub('', line) - line = equalsign_pattern.sub(' = ',line,count=1) - if empty_pattern.match(line) is not None: - continue - m = section_pattern.match(line) - if m is not None: - section = m.group('section') - value = dict() - result[section] = value - continue - if section is None: - msg = 'Failed to determine section for line #%i' % ln - raise ValueError(msg) - try: - value = self._parseLine(value, line, parser_stack) - except: - print 'Error while parsing line %i: %s' % (ln+1, line) - raise - f.close() - - if len(parser_stack): - raise 'Parsing error.' - - return result - - def _parseLine(self, value, content, stack): - token_pattern = re.compile(r'(?P\S+)(?=\s+)') - attr = None - token_stack = list() - - for m in token_pattern.finditer(content): - token = m.group('token') - if not self._validate(token): - raise ValueError('Invalid token %s' % token) - if token == '=': - if len(token_stack) == 0: - raise ValueError('Failed to find attribute.') - elif len(token_stack) == 1: - attr = token_stack.pop() - else: - value[attr] = token_stack[:-1] - attr = token_stack[-1] - token_stack = list() - elif token == '{': - if attr is None: - raise ValueError('Failed to find attribute.') - stack.append((attr,value)) - value = dict() - elif token == '}': - if len(stack) == 0: - raise ValueError('Failed to parse: unbalanced braces') - if len(token_stack): - if attr is None: - raise ValueError('Missing attribute') - value[attr] = token_stack - attr = None - token_stack = list() - (attr,parent_value) = stack.pop() - parent_value[attr] = value - value = parent_value - else: - token_stack.append(token) - if len(token_stack): - if attr is None: - raise ValueError('Missing attribute') - value[attr] = token_stack - - return value - - def _validate(self, token): - result = True - for s in ['{','}']: - if s in token and s != token: - result = False - - return result - - def _walk(self, parsedData, path='root'): - dirs = list() - av = list() - for (key, value) in parsedData.iteritems(): - if type(value) == dict: - new_path = path + '.' + key - for trio in self._walk(value, new_path): - yield trio - dirs.append(key) - else: - av.append((key,value)) - yield (path, dirs, av) - - - -class ConfParserTest(ConfParser): - def __init__(self): - self.conf_path = '../tests/krb5.conf' - super(ConfParserTest, self).__init__(self.conf_path) - - def run_tests(self): - self._test_walk() - - def _test_parse(self): - result = self._parse(self.conf_path) - print yaml.dump(result) - - def _test_walk(self): - configuration = self._parse(self.conf_path) - for (path,dirs,av) in self.walk(): - print path,dirs,av - - - - -if __name__ == '__main__': - tester = ConfParserTest() - tester.run_tests() diff --git a/src/util/confvalidator/rules.yml b/src/util/confvalidator/rules.yml deleted file mode 100644 index c6ccc89fe..000000000 --- a/src/util/confvalidator/rules.yml +++ /dev/null @@ -1,13 +0,0 @@ -# Extend the list of the allowed enctypes and salts as needed -Types: - supported_enctypes: - '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)(:(normal|v4))?$' - default_tgs_enctypes: - '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)' - default_tkt_enctypes: - '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)' - -# Add all valid profile attributes that are not listed in k5-int.h -Attributes: - - logging - - dbmodules diff --git a/src/util/confvalidator/validator.conf b/src/util/confvalidator/validator.conf deleted file mode 100644 index 71e205c3b..000000000 --- a/src/util/confvalidator/validator.conf +++ /dev/null @@ -1,2 +0,0 @@ -RulesPath=./rules.yml -HfilePath=../../include/k5-int.h diff --git a/src/util/confvalidator/validator.py b/src/util/confvalidator/validator.py deleted file mode 100644 index d739bc091..000000000 --- a/src/util/confvalidator/validator.py +++ /dev/null @@ -1,194 +0,0 @@ -''' -Created on Jan 25, 2010 - -@author: tsitkova -''' -import os -import sys -import re -import yaml -from optparse import OptionParser -from confparser import ConfParser - -class Rule(object): - def __init__(self): - pass - - def validate(self,node): - (path,dirs,avs) = node - - -class Validator(object): - def __init__(self, kerberosPath, confPath=None, rulesPath=None, hfilePath=None): - self.parser = ConfParser(kerberosPath) - if confPath is not None: - content = self._readConfigFile(confPath) - rulesPath = content['RulesPath'] - hfilePath = content['HfilePath'] - if rulesPath is not None and hfilePath is not None: - self.rules = self._loadRules(rulesPath) - self.validKeys = SupportedKeys(hfilePath).validKeys.union(self.rules['Attributes']) - else: - raise ValueError('Invalid arguments for validator: no path to rules and definition files') - - self._attribute_pattern = re.compile(r'^\w+$') - self._lowercase_pattern = re.compile(r'[a-z]') - - def _readConfigFile(self,path): - f = open(path) - result = dict() - for line in f: - line = line.rstrip() - fields = line.split('=') - result[fields[0]] = fields[1] - - return result - - def _loadRules(self, path): - f = open(path) - rules = yaml.load(f) - f.close() - - return rules - - def validate(self): - typeInfo = self.rules['Types'] - - for node in self.parser.walk(): - self._validateTypes(node, typeInfo) - self._validateAttrubutes(node, self.validKeys) - # self._validateRealm(node) - - - def _validateTypes(self, node, typeInfo): - (path, dirs, avs) = node - for (key, value) in avs: - valid_type_pattern = typeInfo.get(key) - if valid_type_pattern is not None: - for t in value: - if re.match(valid_type_pattern, t) is None: - print 'Wrong type %s for attribute %s.%s' % (t,path,key) - - def _validateAttrubutes(self, node, validKeys): - (path, dirs, avs) = node - attributes = list() - for attr in dirs: - if self._attribute_pattern.match(attr) is not None: - attributes.append(attr) - for (attr, value) in avs: - if self._attribute_pattern.match(attr) is not None: - attributes.append(attr) - - for attr in attributes: - if attr not in validKeys: - print 'Unrecognized attribute %s at %s' % (attr, path) - -# def _validateRealm(self, node): -# (path, dirs, avs) = node -# if path == 'root.realms': -# for attr in dirs: -# if self._lowercase_pattern.search(attr) is not None: -# print 'Lower case letter in realm attribute: %s at %s' % (attr, path) - -class SupportedKeys(object): - def __init__(self, path): - self.validKeys = self.getKeysFromHfile(path) - - def getKeysFromHfile(self, path): - pattern = re.compile(r'^[#]define KRB5_CONF_\w+\s+["](\w+)["]') - f = open(path) - result = set() - for l in f: - l = l.rstrip() - m = pattern.match(l) - if m is not None: - result.add(m.groups()[0]) - f.close() - - return result - - -class ValidatorTest(Validator): - def __init__(self): - self.kerberosPath = '../tests/kdc1.conf' - self.rulesPath = '../tests/rules.yml' - self.hfilePath = '../tests/k5-int.h' - self.confPath = '../tests/validator.conf' - - super(ValidatorTest, self).__init__(self.kerberosPath, - rulesPath=self.rulesPath, - hfilePath=self.hfilePath) - - def run_tests(self): - self._test_validate() - - def _test__loadRules(self): - result = self._loadRules(self.rulesPath) - print result - - def _test_validate(self): - self.validate() - - def _test__readConfigFile(self): - result = self._readConfigFile(self.confPath) - print result - -class SupportedKeysTest(SupportedKeys): - def __init__(self): - self.path = '../tests/k5-int.h' - - def run_tests(self): - self._test_getKeysFromHFile() - - def _test_getKeysFromHFile(self): - result = set() - krb5keys = self.getKeysFromHfile(self.path) - for key in krb5keys: - print key - result.update(key) - print len(krb5keys) - - return result - -def _test(): - tester = ValidatorTest() - krb5keys = tester.run_tests() - -if __name__ == '__main__': - TEST = False - if TEST: - _test() - sys.exit() - - - usage = "\n\t%prog path [-d defPath] [-r rulesPath] [-c validatorConfPath]" - description = 'Description: validates kerberos configuration file' - parser = OptionParser(usage = usage, description = description) - parser.add_option("-c", dest="confPath", - help='path to validator config file') - parser.add_option("-d", dest="hfilePath", - help='path to h-file with attribute definition') - parser.add_option("-r", dest="rulesPath", - help='path to file with validation rules') - (options, args) = parser.parse_args() - - if len(args) != 1 and len(sys.argv) <= 3: - print '\n%s' % parser.get_usage() - sys.exit() - - validator = None - if options.confPath is not None: - validator = Validator(args[0], confPath=options.confPath) - elif options.hfilePath is not None and options.rulesPath is not None: - validator = Validator(args[0], hfilePath=options.hfilePath, rulesPath=options.rulesPath) - else: - print '\nMust specify either configuration file or paths to rules and definitions files' - print '%s' % parser.get_usage() - sys.exit() - - validator.validate() - - - - -