| 1 | #!/usr/bin/python |
|---|
| 2 | # -*- coding: utf-8 -*- |
|---|
| 3 | # Copyright © 2009 by Karl Ramm |
|---|
| 4 | # |
|---|
| 5 | # All rights reserved. |
|---|
| 6 | # |
|---|
| 7 | # Permission to use, copy, modify, and distribute this software and |
|---|
| 8 | # its documentation for any purpose and without fee is hereby granted, |
|---|
| 9 | # provided that the above copyright notice appear in all copies and |
|---|
| 10 | # that both that copyright notice and this permission notice appear in |
|---|
| 11 | # supporting documentation, and that the name of Karl Ramm not be used |
|---|
| 12 | # in advertising or publicity pertaining to distribution of the |
|---|
| 13 | # software without specific, written prior permission. |
|---|
| 14 | # |
|---|
| 15 | # KARL RAMM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, |
|---|
| 16 | # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN |
|---|
| 17 | # NO EVENT SHALL KARL RAMM BE LIABLE FOR ANY SPECIAL, INDIRECT OR |
|---|
| 18 | # CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS |
|---|
| 19 | # OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, |
|---|
| 20 | # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION |
|---|
| 21 | # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|---|
| 22 | |
|---|
| 23 | from string import Template |
|---|
| 24 | from tempfile import mkdtemp |
|---|
| 25 | |
|---|
| 26 | from os import unlink, rmdir |
|---|
| 27 | from os.path import isdir, join |
|---|
| 28 | |
|---|
| 29 | from cluster import host |
|---|
| 30 | |
|---|
| 31 | class kdc(host): |
|---|
| 32 | realm='EXAMPLE.COM' |
|---|
| 33 | krb5_conf_template=Template('''# krb5.conf |
|---|
| 34 | [libdefaults] |
|---|
| 35 | default_realm = $realm |
|---|
| 36 | krb4_config = /etc/krb.conf |
|---|
| 37 | krb4_realms = /etc/krb.realms |
|---|
| 38 | kdc_timesync = 1 |
|---|
| 39 | ccache_type = 4 |
|---|
| 40 | forwardable = true |
|---|
| 41 | proxiable = true |
|---|
| 42 | [realms] |
|---|
| 43 | $realm = { |
|---|
| 44 | kdc = $hostname |
|---|
| 45 | admin_server = $hostname |
|---|
| 46 | } |
|---|
| 47 | ''') |
|---|
| 48 | def __init__(self, *args, **kw): |
|---|
| 49 | super(kdc, self).__init__(*args, **kw) |
|---|
| 50 | self.cleanlist = [] |
|---|
| 51 | def setup(self): |
|---|
| 52 | self.krb5_conf = self.krb5_conf_template.substitute( |
|---|
| 53 | {'realm': self.realm, |
|---|
| 54 | 'hostname': self.machine.params['hostname']}) |
|---|
| 55 | self.machine.putstr('/etc/krb5.conf', self.krb5_conf) |
|---|
| 56 | self.machine.script("""# make a machine a preconfigured KDC |
|---|
| 57 | kdb5_util -P test create -s |
|---|
| 58 | touch /etc/krb5kdc/kadm5.acl |
|---|
| 59 | /etc/init.d/krb5-kdc start |
|---|
| 60 | /etc/init.d/krb5-admin-server start |
|---|
| 61 | |
|---|
| 62 | kadmin.local -q 'ank -pw test1 test1' |
|---|
| 63 | kadmin.local -q 'ank -pw test2 test2' |
|---|
| 64 | """) |
|---|
| 65 | def keytab(self, princ): |
|---|
| 66 | self.machine.script(""" |
|---|
| 67 | kadmin.local -q 'ank -randkey %(princ)s' |
|---|
| 68 | kadmin.local -q 'xst -k /tmp/keytab %(princ)s' |
|---|
| 69 | """ % {'princ': princ}) |
|---|
| 70 | dname = mkdtemp() |
|---|
| 71 | fname = join(dname, princ.replace('/','.')) |
|---|
| 72 | self.machine.getfile('/tmp/keytab', fname) |
|---|
| 73 | self.cleanlist.append(fname) |
|---|
| 74 | self.cleanlist.append(dname) |
|---|
| 75 | return fname |
|---|
| 76 | |
|---|
| 77 | @classmethod |
|---|
| 78 | def namedrealm(klass, realm): |
|---|
| 79 | return type('kdc.namedrealm', (klass,), dict(realm=realm)) |
|---|
| 80 | |
|---|
| 81 | def __del__(self): |
|---|
| 82 | for name in self.cleanlist: |
|---|
| 83 | try: |
|---|
| 84 | if isdir(name): |
|---|
| 85 | rmdir(name) |
|---|
| 86 | else: |
|---|
| 87 | unlink(name) |
|---|
| 88 | except Exception, e: |
|---|
| 89 | print e |
|---|
| 90 | |
|---|
