logo_kerberos.gif

Difference between revisions of "Projects/Config File Validator"

From K5Wiki
Jump to: navigation, search
(New page: {{project-early}} == Purpose == Check the internal correctness of the configuration files before the run-time to avoid the undesirable or unpredictable behavior and to save time chasing...)
 
m (mark as 1.9 delivery)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{project-early}}
+
{{project-rel|1.9}}
   
   
Line 13: Line 13:
 
== Design ==
 
== Design ==
   
validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]
+
validator.py ''path'' [-d ''defPath''] [-r ''rulesPath''] [-c ''validatorConfPath'']
+
path – path to the configuration file to validate
+
''path'' – path to the configuration file to validate
-d defPath – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
+
-d ''defPath'' – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
-r rulesPath – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
+
-r ''rulesPath'' – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
-c validatorConfPath – the same as -r and -d options, but in validator configuration file format.
+
-c ''validatorConfPath'' – the same as -r and -d options, but in validator configuration file format.
   
The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules.yml file:
+
The list of the valid attributes is created based on the “configuration variables” section in ''k5-int.h'' and user defined attributes from the ''rules.yml'' file:
   
k5-int.h
+
''k5-int.h''
 
 
 
/* cofiguration variables */
 
/* cofiguration variables */
Line 34: Line 34:
 
and
 
and
   
rules.yml (Example)
+
''rules.yml'' (Example)
 
 
 
# Extend the list of the allowed enctypes and salts as needed
 
# Extend the list of the allowed enctypes and salts as needed
Line 50: Line 50:
 
- dbmodules
 
- dbmodules
   
Example of the file validatorConfPath:
+
Example of the file ''validatorConfPath'':
   
validator.conf (Example)
+
''validator.conf ''(Example)
 
 
 
RulesPath=./rules.yml
 
RulesPath=./rules.yml
Line 59: Line 59:
 
== Pre-requisites ==
 
== Pre-requisites ==
   
Python 2.5+
+
Python 2.4+
   
YAML - available from http://yaml.org/
+
libyaml - available from http://yaml.org/
   
 
== Current status ==
 
== Current status ==

Latest revision as of 17:21, 25 February 2011

This project was completed in release 1.9.


Purpose

Check the internal correctness of the configuration files before the run-time to avoid the undesirable or unpredictable behavior and to save time chasing the bugs later.

The configuration file is verified against

  • Formatting errors
  • Invalid attributes
  • Invalid values

Design

validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]

path          – path to the configuration file to validate
-d defPath    – path to the k5-int.h file.  Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
-r rulesPath  – path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
-c validatorConfPath – the same as -r and -d options, but in validator configuration file format.

The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules.yml file:

k5-int.h
…
/* cofiguration variables */
#define  KRB5_CONF_ACL_FILE       "acl_file"
#define  KRB5_CONF_ADMIN_KEYTAB   "admin_keytab"
#define  KRB5_CONF_ADMIN_SERVER   "admin_server"
#define  KRB5_CONF_ALLOW_WEAK_CRYPTO      "allow_weak_crypto"
#define  KRB5_CONF_AP_REQ_CHECKSUM_TYPE   "ap_req_checksum_type”
…

and

rules.yml (Example)

# Extend the list of the allowed enctypes and salts as needed
Types:
   supported_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)(:(normal|v4))?$'
   default_tgs_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts|des3-hmac-sha1)'
   default_tkt_enctypes:
       '(aes256-cts-hmac-sha1-96|aes256-cts|aes128-cts-hmac-sha1-96|aes128-cts)'

# Add all valid profile attributes that are not listed in k5-int.h
Attributes:
   - logging
   - dbmodules

Example of the file validatorConfPath:

validator.conf (Example)

RulesPath=./rules.yml
HfilePath=../../include/k5-int.h

Pre-requisites

Python 2.4+

libyaml - available from http://yaml.org/

Current status

Configuration validator is implemented and available from the following location:

src/util/confvalidator/validator.py