On 08/14/2012 02:50 PM, Dominic Cleal wrote:
On 13/08/12 16:30, Pat Riehecky wrote:
I've got this typechecked for real this time and would love some feedback.
Its amazing when you check the code you changed rather than the known
good reference, suddenly your errors show up!
Makes life easier, doesn't it? :-)
I'm pretty happy with that, just a few bits below that could be improved
if you can. The use of the test_*.aug lenses is spot on, that's much
more powerful than the script you'd created last time round.
--- lenses/krb5.aug.orig 2012-08-07 13:01:20.000000000 -0500
+++ lenses/krb5.aug 2012-08-13 10:24:21.584557595 -0500
+(*
+ For the enctypes this appears to be a list of the valid entries:
+ c4-hmac arcfour-hmac aes128-cts rc4-hmac
+ arcfour-hmac-md5 des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+*)
+let enctype_re = /[a-zA-Z0-9]{3,8}-[a-zA-Z0-9]{3,5}[a-zA-Z0-9-]*/
You could probably simplify this to [a-zA-Z0-9-]{3,} which is likely to
be more robust. I don't think the specificity in the above regexp is
helpful.
Works for me.
+let enctypes = /(permitted_enctypes|default_tgs_enctypes|default_tkt_enctypes)/
This line needs to be case insensitive I think, so add an "i" after the
end "/". Reason below..
I get weirdness with the 'i' at the end:
# augparse tests/test_krb5.aug
tests/test_krb5.aug:272.0-532.40:exception thrown in test
tests/test_krb5.aug:272.5-.27:exception: expected ((())([ \t]*)(#)((([
\t]*)([^ \t\n].*[^ \t\n]|[^ \t\n]))?)([ \t]*\n))|([ \t]*\n) at '###'
Lens: /usr/share/augeas/lenses/dist/krb5.aug:56.8-.20:
Error encountered at 1:0 (0 characters into string)
<|=|###\n### This krb5.conf templ>
Tree generated so far:
<snip>
I think this is something like what bug #147 describes......
as
let enctypes =
/([Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss])/
works just fine, but is more than a but ugly. #147 seems like a hard
bug to solve, so I'm going to run with this for now.
--- lenses/tests/test_krb5.aug.orig 2012-08-07 13:01:20.000000000 -0500
+++ lenses/tests/test_krb5.aug 2012-08-13 10:26:02.758574747 -0500
@@ -1,6 +1,6 @@
module Test_krb5 =
- (* Krb5.conf from Fermi labs *)
+ (* Krb5.conf from Fermilab *)
let fermi_str = "###
### This krb5.conf template is intended for use with Fermi
### Kerberos v1_2 and later. Earlier versions may choke on the
@@ -13,8 +13,9 @@ module Test_krb5 =
ticket_lifetime = 1560m
default_realm = FNAL.GOV
ccache_type = 4
- default_tgs_enCtypes = des-cbc-crc
+ default_tgs_enctypes = des-cbc-crc
.. this line probably used to test case insensitivity. If you put
"default_tgs_ENCTYPES" in your config file versus "default_tgs_enctypes"
you'd get different trees created. It looks like the original intention
of the test and lens was to be case insensitive, as I _assume_ krb5 is.
+ let enctype_list = [ indent . key enctypes . eq
+ . Build.opt_list ([label "enctype" . store enctype_re])
comma_or_space_sep
+ . (comment|eol)] in
I'd suggest using the "seq" lens in this instance, which creates
numbered nodes rather than relying on the special constant "enctype".
You use it in combination with "counter" to initialise it outside your
opt_list, then put "seq" inside the inner lens used in the list, e.g.
let enctype_list = [ indent . key enctypes . eq . counter "enctype"
. Build.opt_list ([seq "enctype" . store enctype_re]) comma_or_space_sep
. (comment|eol)] in
The tree created should then look like:
{ "default_tgs_enctypes"
{ "1" = "des-cbc-crc" }
{ "2" = "aes128-cts" } }
I'm in.
The attached patch /should/ successfully implement the changes you've
suggested.
Pat
--- lenses/krb5.aug.orig 2012-08-07 13:01:20.000000000 -0500
+++ lenses/krb5.aug 2012-08-14 15:50:44.583575501 -0500
@@ -8,6 +8,7 @@ let eol = Inifile.eol
let dels = Util.del_str
let indent = del /[ \t]*/ ""
+let comma_or_space_sep = del /[ \t,]{1,}/ " "
let eq = del /[ \t]*=[ \t]*/ " = "
let eq_openbr = del /[ \t]*=[ \t\n]*\{([ \t]*\n)*/ " = {"
let closebr = del /[ \t]*\}/ "}"
@@ -37,13 +38,29 @@ let record (t:string) (e:lens) =
let title = Inifile.indented_title t in
Inifile.record title e
+let v4_name_convert (subsec:lens) = [ indent . key "v4_name_convert" .
+ eq_openbr . subsec* . closebr . eol ]
+
+(*
+ For the enctypes this appears to be a list of the valid entries:
+ c4-hmac arcfour-hmac aes128-cts rc4-hmac
+ arcfour-hmac-md5 des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+*)
+let enctype_re = /[a-zA-Z0-9-]{3,}/
+(*
+ Since we are conecting with case sensitive regex later, we can't do a
+ case insensitive expressions here, bug #147
+*)
+let enctypes = /([Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee][Ss])/
+
let libdefaults =
- let option = entry (name_re - "v4_name_convert") eq comment in
+ let option = entry (name_re - "v4_name_convert" - enctypes) eq comment in
+ let enctype_list = [ indent . key enctypes . eq . counter "enctype"
+ . Build.opt_list ([seq "enctype" . store enctype_re]) comma_or_space_sep
+ . (comment|eol)] in
let subsec = [ indent . key /host|plain/ . eq_openbr .
(entry name_re eq comment)* . closebr . eol ] in
- let v4_name_convert = [ indent . key "v4_name_convert" . eq_openbr .
- subsec* . closebr . eol ] in
- record "libdefaults" (option|v4_name_convert)
+ record "libdefaults" (option|enctype_list|(v4_name_convert subsec))
let login =
let keys = /krb[45]_get_tickets|krb4_convert|krb_run_aklog/
@@ -61,13 +78,16 @@ let appdefaults =
let realms =
let simple_option = /kdc|admin_server|database_module|default_domain/
|/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/
- |/admin_server/ in
+ |/admin_server|ticket_lifetime/ in
let subsec_option = /v4_instance_convert/ in
let option = entry simple_option eq comment in
let subsec = [ indent . key subsec_option . eq_openbr .
(entry name_re eq comment)* . closebr . eol ] in
+ let v4subsec = [ indent . key /host|plain/ . eq_openbr .
+ (entry name_re eq comment)* . closebr . eol ] in
let realm = [ indent . label "realm" . store realm_re .
- eq_openbr . (option|subsec)* . closebr . eol ] in
+ eq_openbr . (option|subsec|(v4_name_convert v4subsec))* .
+ closebr . eol ] in
record "realms" (realm|comment)
let domain_realm =
--- lenses/tests/test_krb5.aug.orig 2012-08-07 13:01:20.000000000 -0500
+++ lenses/tests/test_krb5.aug 2012-08-14 15:51:36.136819898 -0500
@@ -1,6 +1,6 @@
module Test_krb5 =
- (* Krb5.conf from Fermi labs *)
+ (* Krb5.conf from Fermilab *)
let fermi_str = "###
### This krb5.conf template is intended for use with Fermi
### Kerberos v1_2 and later. Earlier versions may choke on the
@@ -15,6 +15,7 @@ module Test_krb5 =
ccache_type = 4
default_tgs_enCtypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
+ permitted_enctypes = des-cbc-crc des3-cbc-sha1
default_lifetime = 7d
renew_lifetime = 7d
autologin = true
@@ -22,6 +23,11 @@ module Test_krb5 =
forwardable = true
renewable = true
encrypt = true
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ }
+ }
[realms]
FNAL.GOV = {
@@ -80,6 +86,11 @@ module Test_krb5 =
default_domain = cern.ch
kpasswd_server = afskrb5m.cern.ch
admin_server = afskrb5m.cern.ch
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ }
+ }
}
[instancemapping]
@@ -271,8 +282,16 @@ test Krb5.lns get fermi_str =
{ "ticket_lifetime" = "1560m" }
{ "default_realm" = "FNAL.GOV" }
{ "ccache_type" = "4" }
- { "default_tgs_enCtypes" = "des-cbc-crc" }
- { "default_tkt_enctypes" = "des-cbc-crc" }
+ { "default_tgs_enCtypes"
+ { "1" = "des-cbc-crc" }
+ }
+ { "default_tkt_enctypes"
+ { "1" = "des-cbc-crc" }
+ }
+ { "permitted_enctypes"
+ { "1" = "des-cbc-crc" }
+ { "2" = "des3-cbc-sha1" }
+ }
{ "default_lifetime" = "7d" }
{ "renew_lifetime" = "7d" }
{ "autologin" = "true" }
@@ -280,6 +299,11 @@ test Krb5.lns get fermi_str =
{ "forwardable" = "true" }
{ "renewable" = "true" }
{ "encrypt" = "true" }
+ { "v4_name_convert"
+ { "host"
+ { "rcmd" = "host" }
+ }
+ }
{ } }
{ "realms"
{ "realm" = "FNAL.GOV"
@@ -330,7 +354,13 @@ test Krb5.lns get fermi_str =
{ "kdc" = "afsdb1.cern.ch" }
{ "default_domain" = "cern.ch" }
{ "kpasswd_server" = "afskrb5m.cern.ch" }
- { "admin_server" = "afskrb5m.cern.ch" } }
+ { "admin_server" = "afskrb5m.cern.ch" }
+ { "v4_name_convert"
+ { "host"
+ { "rcmd" = "host" }
+ }
+ }
+ }
{ } }
{ "instancemapping"
{ "afs"
_______________________________________________
augeas-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/augeas-devel
