Projects/Config File Validator
From K5Wiki
< Projects
This project was completed in release 1.9.
Purpose
Check the internal correctness of the configuration files before the run-time to avoid the undesirable or unpredictable behavior and to save time chasing the bugs later.
The configuration file is verified against
- Formatting errors
- Invalid attributes
- Invalid values
Design
validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]
path – path to the configuration file to validate -d defPath – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”. -r rulesPath – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules. -c validatorConfPath – the same as -r and -d options, but in validator configuration file format.
The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules.yml file:
k5-int.h … /* cofiguration variables */ #define KRB5_CONF_ACL_FILE "acl_file" #define KRB5_CONF_ADMIN_KEYTAB "admin_keytab" #define KRB5_CONF_ADMIN_SERVER "admin_server" #define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" #define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type” …
and
rules.yml (Example) # Extend the list of the allowed enctypes and salts as needed Types: supported_enctypes: '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)(:(normal|v4))?$' default_tgs_enctypes: '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1)' default_tkt_enctypes: '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)' # Add all valid profile attributes that are not listed in k5-int.h Attributes: - logging - dbmodules
Example of the file validatorConfPath:
validator.conf (Example) RulesPath=./rules.yml HfilePath=../../include/k5-int.h
Pre-requisites
Python 2.4+
libyaml - available from http://yaml.org/
Current status
Configuration validator is implemented and available from the following location:
src/util/confvalidator/validator.py