krb5/Remove-confvalidator-utility.patch
Robbie Harwood f50ceacadf Add missing newlines to deprecation warnings
Switch to upstream's ksu path patch
2019-05-22 10:59:16 -04:00

431 lines
15 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From f7b50b3e40ae43666fb10b0a1502f9cd88b6a2fe Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 3 Apr 2019 14:58:19 -0400
Subject: [PATCH] Remove confvalidator utility
This utility has not been maintained with encryption types and salt
changes, which suggests it is unused.
(cherry picked from commit 482a366793d9338e9edb504b407d7704a4bb2f8f)
---
src/util/confvalidator/README | 25 ----
src/util/confvalidator/confparser.py | 144 -------------------
src/util/confvalidator/rules.yml | 13 --
src/util/confvalidator/validator.conf | 2 -
src/util/confvalidator/validator.py | 194 --------------------------
5 files changed, 378 deletions(-)
delete mode 100644 src/util/confvalidator/README
delete mode 100644 src/util/confvalidator/confparser.py
delete mode 100644 src/util/confvalidator/rules.yml
delete mode 100644 src/util/confvalidator/validator.conf
delete mode 100644 src/util/confvalidator/validator.py
diff --git a/src/util/confvalidator/README b/src/util/confvalidator/README
deleted file mode 100644
index 7bf7a106a..000000000
--- a/src/util/confvalidator/README
+++ /dev/null
@@ -1,25 +0,0 @@
-validator.py is a command line tool for identifying invalid attributes, values and some formating problems in Kerberos configuration files.
-The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules file.
-
-Usage:
-
-validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]
-
-Options:
-
-path the path to the configuration file to validate
-
--d defPath path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
-
--r rulesPath - path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
-
--c validatorConfPath the same as -r and -d options, but in validator configuration file format.
-
-Example:
-
-python validator.py src/config-files/krb5.conf -r rules.yml -d src/include/k5-int.h
-or
-python validator.py src/config-files/krb5.conf -c validator.conf
-
-For more details please refer to the sample files validator.conf and rules.yml
-
diff --git a/src/util/confvalidator/confparser.py b/src/util/confvalidator/confparser.py
deleted file mode 100644
index 2fea142a5..000000000
--- a/src/util/confvalidator/confparser.py
+++ /dev/null
@@ -1,144 +0,0 @@
-'''
-Created on Jan 31, 2010
-
-@author: tsitkova
-'''
-import re
-import copy
-import yaml
-
-class ConfParser(object):
- def __init__(self, path):
- self.configuration = self._parse(path)
-
- def walk(self):
- for trio in self._walk(self.configuration):
- yield trio
-
- def _parse(self, path):
- comment_pattern = re.compile(r'(\s*[#].*)')
- section_pattern = re.compile(r'^\s*\[(?P<section>\w+)\]\s+$')
- empty_pattern = re.compile(r'^\s*$')
- equalsign_pattern = re.compile(r'=')
-
- section = None
- parser_stack = list()
- result = dict()
- value = None
- f = open(path, 'r')
- for (ln,line) in enumerate(f):
- line = comment_pattern.sub('', line)
- line = equalsign_pattern.sub(' = ',line,count=1)
- if empty_pattern.match(line) is not None:
- continue
- m = section_pattern.match(line)
- if m is not None:
- section = m.group('section')
- value = dict()
- result[section] = value
- continue
- if section is None:
- msg = 'Failed to determine section for line #%i' % ln
- raise ValueError(msg)
- try:
- value = self._parseLine(value, line, parser_stack)
- except:
- print 'Error while parsing line %i: %s' % (ln+1, line)
- raise
- f.close()
-
- if len(parser_stack):
- raise 'Parsing error.'
-
- return result
-
- def _parseLine(self, value, content, stack):
- token_pattern = re.compile(r'(?P<token>\S+)(?=\s+)')
- attr = None
- token_stack = list()
-
- for m in token_pattern.finditer(content):
- token = m.group('token')
- if not self._validate(token):
- raise ValueError('Invalid token %s' % token)
- if token == '=':
- if len(token_stack) == 0:
- raise ValueError('Failed to find attribute.')
- elif len(token_stack) == 1:
- attr = token_stack.pop()
- else:
- value[attr] = token_stack[:-1]
- attr = token_stack[-1]
- token_stack = list()
- elif token == '{':
- if attr is None:
- raise ValueError('Failed to find attribute.')
- stack.append((attr,value))
- value = dict()
- elif token == '}':
- if len(stack) == 0:
- raise ValueError('Failed to parse: unbalanced braces')
- if len(token_stack):
- if attr is None:
- raise ValueError('Missing attribute')
- value[attr] = token_stack
- attr = None
- token_stack = list()
- (attr,parent_value) = stack.pop()
- parent_value[attr] = value
- value = parent_value
- else:
- token_stack.append(token)
- if len(token_stack):
- if attr is None:
- raise ValueError('Missing attribute')
- value[attr] = token_stack
-
- return value
-
- def _validate(self, token):
- result = True
- for s in ['{','}']:
- if s in token and s != token:
- result = False
-
- return result
-
- def _walk(self, parsedData, path='root'):
- dirs = list()
- av = list()
- for (key, value) in parsedData.iteritems():
- if type(value) == dict:
- new_path = path + '.' + key
- for trio in self._walk(value, new_path):
- yield trio
- dirs.append(key)
- else:
- av.append((key,value))
- yield (path, dirs, av)
-
-
-
-class ConfParserTest(ConfParser):
- def __init__(self):
- self.conf_path = '../tests/krb5.conf'
- super(ConfParserTest, self).__init__(self.conf_path)
-
- def run_tests(self):
- self._test_walk()
-
- def _test_parse(self):
- result = self._parse(self.conf_path)
- print yaml.dump(result)
-
- def _test_walk(self):
- configuration = self._parse(self.conf_path)
- for (path,dirs,av) in self.walk():
- print path,dirs,av
-
-
-
-
-if __name__ == '__main__':
- tester = ConfParserTest()
- tester.run_tests()
diff --git a/src/util/confvalidator/rules.yml b/src/util/confvalidator/rules.yml
deleted file mode 100644
index c6ccc89fe..000000000
--- a/src/util/confvalidator/rules.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Extend the list of the allowed enctypes and salts as needed
-Types:
- supported_enctypes:
- '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)(:(normal|v4))?$'
- default_tgs_enctypes:
- '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)'
- default_tkt_enctypes:
- '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1|des3-cbc-raw|des3-cbc-sha1|des3-hmac-sha1|rc4-hmac|arcfour-hmac-md5)'
-
-# Add all valid profile attributes that are not listed in k5-int.h
-Attributes:
- - logging
- - dbmodules
diff --git a/src/util/confvalidator/validator.conf b/src/util/confvalidator/validator.conf
deleted file mode 100644
index 71e205c3b..000000000
--- a/src/util/confvalidator/validator.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-RulesPath=./rules.yml
-HfilePath=../../include/k5-int.h
diff --git a/src/util/confvalidator/validator.py b/src/util/confvalidator/validator.py
deleted file mode 100644
index d739bc091..000000000
--- a/src/util/confvalidator/validator.py
+++ /dev/null
@@ -1,194 +0,0 @@
-'''
-Created on Jan 25, 2010
-
-@author: tsitkova
-'''
-import os
-import sys
-import re
-import yaml
-from optparse import OptionParser
-from confparser import ConfParser
-
-class Rule(object):
- def __init__(self):
- pass
-
- def validate(self,node):
- (path,dirs,avs) = node
-
-
-class Validator(object):
- def __init__(self, kerberosPath, confPath=None, rulesPath=None, hfilePath=None):
- self.parser = ConfParser(kerberosPath)
- if confPath is not None:
- content = self._readConfigFile(confPath)
- rulesPath = content['RulesPath']
- hfilePath = content['HfilePath']
- if rulesPath is not None and hfilePath is not None:
- self.rules = self._loadRules(rulesPath)
- self.validKeys = SupportedKeys(hfilePath).validKeys.union(self.rules['Attributes'])
- else:
- raise ValueError('Invalid arguments for validator: no path to rules and definition files')
-
- self._attribute_pattern = re.compile(r'^\w+$')
- self._lowercase_pattern = re.compile(r'[a-z]')
-
- def _readConfigFile(self,path):
- f = open(path)
- result = dict()
- for line in f:
- line = line.rstrip()
- fields = line.split('=')
- result[fields[0]] = fields[1]
-
- return result
-
- def _loadRules(self, path):
- f = open(path)
- rules = yaml.load(f)
- f.close()
-
- return rules
-
- def validate(self):
- typeInfo = self.rules['Types']
-
- for node in self.parser.walk():
- self._validateTypes(node, typeInfo)
- self._validateAttrubutes(node, self.validKeys)
- # self._validateRealm(node)
-
-
- def _validateTypes(self, node, typeInfo):
- (path, dirs, avs) = node
- for (key, value) in avs:
- valid_type_pattern = typeInfo.get(key)
- if valid_type_pattern is not None:
- for t in value:
- if re.match(valid_type_pattern, t) is None:
- print 'Wrong type %s for attribute %s.%s' % (t,path,key)
-
- def _validateAttrubutes(self, node, validKeys):
- (path, dirs, avs) = node
- attributes = list()
- for attr in dirs:
- if self._attribute_pattern.match(attr) is not None:
- attributes.append(attr)
- for (attr, value) in avs:
- if self._attribute_pattern.match(attr) is not None:
- attributes.append(attr)
-
- for attr in attributes:
- if attr not in validKeys:
- print 'Unrecognized attribute %s at %s' % (attr, path)
-
-# def _validateRealm(self, node):
-# (path, dirs, avs) = node
-# if path == 'root.realms':
-# for attr in dirs:
-# if self._lowercase_pattern.search(attr) is not None:
-# print 'Lower case letter in realm attribute: %s at %s' % (attr, path)
-
-class SupportedKeys(object):
- def __init__(self, path):
- self.validKeys = self.getKeysFromHfile(path)
-
- def getKeysFromHfile(self, path):
- pattern = re.compile(r'^[#]define KRB5_CONF_\w+\s+["](\w+)["]')
- f = open(path)
- result = set()
- for l in f:
- l = l.rstrip()
- m = pattern.match(l)
- if m is not None:
- result.add(m.groups()[0])
- f.close()
-
- return result
-
-
-class ValidatorTest(Validator):
- def __init__(self):
- self.kerberosPath = '../tests/kdc1.conf'
- self.rulesPath = '../tests/rules.yml'
- self.hfilePath = '../tests/k5-int.h'
- self.confPath = '../tests/validator.conf'
-
- super(ValidatorTest, self).__init__(self.kerberosPath,
- rulesPath=self.rulesPath,
- hfilePath=self.hfilePath)
-
- def run_tests(self):
- self._test_validate()
-
- def _test__loadRules(self):
- result = self._loadRules(self.rulesPath)
- print result
-
- def _test_validate(self):
- self.validate()
-
- def _test__readConfigFile(self):
- result = self._readConfigFile(self.confPath)
- print result
-
-class SupportedKeysTest(SupportedKeys):
- def __init__(self):
- self.path = '../tests/k5-int.h'
-
- def run_tests(self):
- self._test_getKeysFromHFile()
-
- def _test_getKeysFromHFile(self):
- result = set()
- krb5keys = self.getKeysFromHfile(self.path)
- for key in krb5keys:
- print key
- result.update(key)
- print len(krb5keys)
-
- return result
-
-def _test():
- tester = ValidatorTest()
- krb5keys = tester.run_tests()
-
-if __name__ == '__main__':
- TEST = False
- if TEST:
- _test()
- sys.exit()
-
-
- usage = "\n\t%prog path [-d defPath] [-r rulesPath] [-c validatorConfPath]"
- description = 'Description: validates kerberos configuration file'
- parser = OptionParser(usage = usage, description = description)
- parser.add_option("-c", dest="confPath",
- help='path to validator config file')
- parser.add_option("-d", dest="hfilePath",
- help='path to h-file with attribute definition')
- parser.add_option("-r", dest="rulesPath",
- help='path to file with validation rules')
- (options, args) = parser.parse_args()
-
- if len(args) != 1 and len(sys.argv) <= 3:
- print '\n%s' % parser.get_usage()
- sys.exit()
-
- validator = None
- if options.confPath is not None:
- validator = Validator(args[0], confPath=options.confPath)
- elif options.hfilePath is not None and options.rulesPath is not None:
- validator = Validator(args[0], hfilePath=options.hfilePath, rulesPath=options.rulesPath)
- else:
- print '\nMust specify either configuration file or paths to rules and definitions files'
- print '%s' % parser.get_usage()
- sys.exit()
-
- validator.validate()
-
-
-
-
-