logo_kerberos.gif

Difference between revisions of "Projects/Config File Validator"

From K5Wiki
Jump to: navigation, search
(New page: {{project-early}} == Purpose == Check the internal correctness of the configuration files before the run-time to avoid the undesirable or unpredictable behavior and to save time chasing...)
 
m (mark as 1.9 delivery)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{project-early}}
 +
{{project-rel|1.9}}
   
   
Line 13: Line 13:
 
== Design ==
 
== Design ==
   
validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]
 +
validator.py ''path'' [-d ''defPath''] [-r ''rulesPath''] [-c ''validatorConfPath'']
+
path – path to the configuration file to validate
 +
''path'' – path to the configuration file to validate
-d defPath – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
 +
-d ''defPath'' – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
-r rulesPath – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
 +
-r ''rulesPath'' – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
-c validatorConfPath – the same as -r and -d options, but in validator configuration file format.
 +
-c ''validatorConfPath'' – the same as -r and -d options, but in validator configuration file format.
   
The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules.yml file:
 +
The list of the valid attributes is created based on the “configuration variables” section in ''k5-int.h'' and user defined attributes from the ''rules.yml'' file:
   
k5-int.h
 +
''k5-int.h''
 
 
 
/* cofiguration variables */
  
/* cofiguration variables */
Line 34: Line 34:
 
and
  
and
   
rules.yml (Example)
 +
''rules.yml'' (Example)
 
 
 
# Extend the list of the allowed enctypes and salts as needed
  
# Extend the list of the allowed enctypes and salts as needed
Line 50: Line 50:
 
- dbmodules
  
- dbmodules
   
Example of the file validatorConfPath:
 +
Example of the file ''validatorConfPath'':
   
validator.conf (Example)
 +
''validator.conf ''(Example)
 
 
 
RulesPath=./rules.yml
  
RulesPath=./rules.yml
Line 59: Line 59:
 
== Pre-requisites ==
 
== Pre-requisites ==
   
Python 2.5+
 +
Python 2.4+
   
YAML - available from http://yaml.org/
 +
libyaml - available from http://yaml.org/
   
 
== Current status ==
 
== Current status ==

Latest revision as of 17:21, 25 February 2011

This project was completed in release 1.9.


Purpose

Check the internal correctness of the configuration files before the run-time to avoid the undesirable or unpredictable behavior and to save time chasing the bugs later.

The configuration file is verified against

  • Formatting errors
  • Invalid attributes
  • Invalid values

Design

validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath] 

path          – path to the configuration file to validate
-d defPath    – path to the k5-int.h file.  Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
-r rulesPath  – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
-c validatorConfPath – the same as -r and -d options, but in validator configuration file format.

The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules.yml file: 

k5-int.h
…
/* cofiguration variables */
#define  KRB5_CONF_ACL_FILE       "acl_file"
#define  KRB5_CONF_ADMIN_KEYTAB   "admin_keytab"
#define  KRB5_CONF_ADMIN_SERVER   "admin_server"
#define  KRB5_CONF_ALLOW_WEAK_CRYPTO      "allow_weak_crypto"
#define  KRB5_CONF_AP_REQ_CHECKSUM_TYPE   "ap_req_checksum_type”
…

and 

rules.yml (Example)

# Extend the list of the allowed enctypes and salts as needed
Types:
   supported_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)(:(normal|v4))?$'
   default_tgs_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1)'
   default_tkt_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)'

# Add all valid profile attributes that are not listed in k5-int.h
Attributes:
   - logging
   - dbmodules

Example of the file validatorConfPath: 

validator.conf (Example)

RulesPath=./rules.yml
HfilePath=../../include/k5-int.h

Pre-requisites

Python 2.4+

libyaml - available from http://yaml.org/

Current status

Configuration validator is implemented and available from the following location: 

src/util/confvalidator/validator.py
Retrieved from "https://k5wiki.kerberos.org./wiki?title=Projects/Config_File_Validator&oldid=3817"