#48764 lib389 Fix mit_krb5 kdc password to be random
Closed: wontfix None Opened 6 years ago by firstyear.

The current test krb5 kdc has a static password. This randomises to to make it secure.


I've run all tests with your patch applied a few times, and I had the same output every time.
{{{
============================================================================================================= test session starts =============================================================================================================
platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.7.3 -- /usr/bin/python2
rootdir: /tmp/lib389, inifile:
collected 60 items

lib389/tests/aci_parse_test.py::test_aci PASSED
lib389/tests/agreement_test.py::test_create PASSED
lib389/tests/agreement_test.py::test_list PASSED
lib389/tests/agreement_test.py::test_delete PASSED
lib389/tests/agreement_test.py::test_status PASSED
lib389/tests/agreement_test.py::test_schedule PASSED
lib389/tests/agreement_test.py::test_getProperties PASSED
lib389/tests/agreement_test.py::test_setProperties PASSED
lib389/tests/agreement_test.py::test_changes PASSED
lib389/tests/backend_test.py::test_list PASSED
lib389/tests/backend_test.py::test_create PASSED
lib389/tests/backend_test.py::test_delete_valid PASSED
lib389/tests/backend_test.py::test_delete_invalid PASSED
lib389/tests/backend_test.py::test_toSuffix PASSED
lib389/tests/dereference_test.py::test_dereference PASSED
lib389/tests/dirsrv_test.py::test_allocate PASSED
lib389/tests/dirsrv_test.py::test_create PASSED
lib389/tests/dirsrv_test.py::test_open PASSED
lib389/tests/dirsrv_test.py::test_close PASSED
lib389/tests/dirsrv_test.py::test_delete PASSED
lib389/tests/effective_rights_test.py::test_effective_rights PASSED
lib389/tests/entry_test.py::TestEntry::test_init_empty PASSED
lib389/tests/entry_test.py::TestEntry::test_init_with_str PASSED
lib389/tests/entry_test.py::TestEntry::test_init_badstr PASSED
lib389/tests/entry_test.py::TestEntry::test_init_with_tuple PASSED
lib389/tests/entry_test.py::TestEntry::test_update PASSED
lib389/tests/entry_test.py::TestEntry::test_update_complex PASSED
lib389/tests/krb5_create_test.py::test_gssapi PASSED
lib389/tests/mappingTree_test.py::test_list ERROR
lib389/tests/mappingTree_test.py::test_create ERROR
lib389/tests/mappingTree_test.py::test_delete ERROR
lib389/tests/mappingTree_test.py::test_getProperties ERROR
lib389/tests/mappingTree_test.py::test_toSuffix ERROR
lib389/tests/replica_test.py::test_create PASSED
lib389/tests/replica_test.py::test_list PASSED
lib389/tests/replica_test.py::test_create_repl_manager PASSED
lib389/tests/replica_test.py::test_enableReplication PASSED
lib389/tests/replica_test.py::test_disableReplication PASSED
lib389/tests/replica_test.py::test_setProperties PASSED
lib389/tests/replica_test.py::test_getProperties PASSED
lib389/tests/schema_test.py::test_schema ERROR
lib389/tests/suffix_test.py::test_list ERROR
lib389/tests/suffix_test.py::test_toBackend ERROR
lib389/tests/suffix_test.py::test_getParent ERROR
lib389/tests/test_module_proxy.py::test_module_proxy_fun_with_no_arg PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_fun_with_one_arg PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_fun_with_no_arg PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_fun_with_one_arg PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_call_ds_method PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_call_another_module PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_call_another_module_kwarg PASSED
lib389/tests/test_module_proxy.py::test_module_proxy_plugin_call_with_all PASSED
lib389/tests/utils_test.py::test_normalizeDN PASSED
lib389/tests/utils_test.py::test_escapeDNValue PASSED
lib389/tests/utils_test.py::test_escapeDNFiltValue PASSED
lib389/tests/utils_test.py::test_isLocalHost PASSED
lib389/tests/utils_test.py::test_update_jewhost_with_fqdn PASSED
lib389/tests/utils_test.py::test_formatInfData PASSED
lib389/tests/utils_test.py::test_formatInfData_withadmin PASSED
lib389/tests/utils_test.py::test_formatInfData_withconfigserver PASSED

=================================================================================================================== ERRORS ====================================================================================================================
_______________ ERROR at setup of test_list _______________

request = <SubRequest 'topology' for <Function 'test_list'>>

@pytest.fixture(scope="module")
def topology(request):
    instance = DirSrv(verbose=False)
    instance.log.debug("Instance allocated")
    args = {SER_HOST: LOCALHOST,
            SER_PORT: INSTANCE_PORT,
            SER_SERVERID_PROP: INSTANCE_SERVERID}
    instance.allocate(args)
    if instance.exists():
        instance.delete()
  instance.create()

lib389/tests/mappingTree_test.py:49:


lib389/init.py:906: in create
self._createDirsrv()


self = <lib389.DirSrv instance at 0x7f40f6fc2bd8>

def _createDirsrv(self):
    """Create a new instance of directory server

        @param self - containing the set properties

            SER_HOST            (host)
            SER_PORT            (port)
            SER_SECURE_PORT     (sslport)
            SER_ROOT_DN         (binddn)
            SER_ROOT_PW         (bindpw)
            SER_CREATION_SUFFIX (creation_suffix)
            SER_USER_ID         (userid)
            SER_SERVERID_PROP   (serverid)
            SER_GROUP_ID        (groupid)
            SER_DEPLOYED_DIR    (prefix)
            SER_BACKUP_INST_DIR (backupdir)
            SER_REALM           (krb5_realm)

        @return None

        @raise None

        }
        """

    DirSrvTools.lib389User(user=DEFAULT_USER)
    prog = get_sbin_dir(None, self.prefix) + CMD_PATH_SETUP_DS

    if not os.path.isfile(prog):
        log.error("Can't find file: %r, removing extension" % prog)
        prog = prog[:-3]

    # Create and extract a service keytab
    args = {SER_HOST: self.host,
            SER_PORT: self.port,
            SER_SECURE_PORT: self.sslport,
            SER_ROOT_DN: self.binddn,
            SER_ROOT_PW: self.bindpw,
            SER_CREATION_SUFFIX: self.creation_suffix,
            SER_USER_ID: self.userid,
            SER_SERVERID_PROP: self.serverid,
            SER_GROUP_ID: self.groupid,
            SER_DEPLOYED_DIR: self.prefix,
            SER_BACKUP_INST_DIR: self.backupdir,
            SER_STRICT_HOSTNAME_CHECKING: self.strict_hostname}
    content = formatInfData(args)
    result = DirSrvTools.runInfProg(prog, content, self.verbose,
                                    prefix=self.prefix)
    if result != 0:
      raise Exception('Failed to run setup-ds.pl')

E Exception: Failed to run setup-ds.pl
}}}

It is every time "Exception: Failed to run setup-ds.pl" for every failure.

I think your patch has changed something and it affects some of test cases.

Because this is kerberos, which is pretty sensitive to hostnames I think the error is:

{{{
- args = {SER_HOST: LOCALHOST,
+ args = {SER_HOST: socket.gethostname(),
...
- conn = ldap.initialize("ldap://%s:%s" % (LOCALHOST, INSTANCE_PORT))
+ conn = ldap.initialize("ldap://%s:%s" % (socket.gethostname(), INSTANCE_PORT))
}}}

I had issues with it set to LOCALHOST, but it's now working for me. Can you try the new patch?

If that doesn't work, I think there is more to look at: It may be a case of changing your test runner to have better guarantees about host naming, rather than being an issue with this code. krb is delicate around DNS.

commit ea8494de413f8c030142147624dd603702883c85
Total 6 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/lib389.git
a829ae6..853d950 master -> master

Metadata Update from @firstyear:
- Issue assigned to firstyear
- Issue set to the milestone: lib389 1.0.2

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1824

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 years ago

Login to comment on this ticket.

Metadata