load_lib lib.t
api_exit
api_start
test "init 100"
proc test100 {} {
global test
# We used to check for ENOENT, but kadm5_get_config_params no
# longer fails if it cannot find the file---it just provides
# defaults instead.... XXX will fail on srv test!
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_PROFILE} /does-not-exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "MISSING_KRB5_CONF_PARAMS"
}
if {$RPC} test100
if ![info exists RESOLVE] {
set RESOLVE [findfile $objdir/../../../tests/resolve/resolve]
}
proc get_hostname { } {
global RESOLVE
global hostname
global localhostname
global domain
if {[info exists hostname] && [info exists localhostname]} {
return 1
}
catch "exec $RESOLVE -q >myname" exec_output
if ![string match "" $exec_output] {
send_log "$exec_output\n"
verbose $exec_output
send_error "ERROR: can't get hostname\n"
return 0
}
set file [open myname r]
if { [ gets $file hostname ] == -1 } {
send_error "ERROR: no output from hostname\n"
return 0
}
close $file
catch "exec rm -f myname" exec_output
regexp "^(\[^.\]*)\.(.*)$" $hostname foo localhostname domain
set hostname [string tolower $hostname]
set localhostname [string tolower $localhostname]
set domain [string tolower $domain]
verbose "hostname: $hostname; localhostname: $localhostname; domain $domain"
return 1
}
test "init 101"
proc test101 {} {
global test
global hostname
get_hostname
tcl_cmd "set hostname $hostname"
# XXX Fix to work with a remote TEST_SERVER. For now, make sure
# it fails in that case.
one_line_succeed_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "RPC_ERROR"
}
if {$RPC} test101
test "init 102"
proc test102 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_SERVER_NAME"
}
if {$RPC} test102
test "init 103"
proc test103 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "ENOENT"
}
if {! $RPC} test103
test "init 106"
proc test106 {} {
global test prompt
set prompting 0
send [string trim {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}]
send "\n"
expect {
-re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
-re "\nOK .*$prompt$" { fail "$test: premature success" }
-re "\nERROR .*$prompt$" { fail "$test: premature failure" }
timeout { fail "$test: timeout" }
eof { fail "$test: eof" }
}
if {$prompting} {
one_line_succeed_test mrroot
}
if {! [cmd {kadm5_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} test106
test "init 107"
proc test107 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "KDB_CANTREAD_STORED"
}
if {! $RPC} test107
test "init 108"
proc test108 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "KDB_NOMASTERKEY"
}
if {! $RPC} test108
test "init 109-113"
proc test109 {} {
global test prompt
delete_principal "$test/a"
# I'd like to specify flags explicitly and check them, as in the
# following config_params, but tcl gets mighty confused if I do and
# I have no idea why.
# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ]
if {! [cmd {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}]} {
fail "$test: cannot init with max_life"
return
}
if {! [cmd [format {
kadm5_create_principal $server_handle [simple_principal "%s/a"] \
{KADM5_PRINCIPAL} testpass
} $test]]} {
fail "$test: can not create principal"
return;
}
if {! [cmd [format {
kadm5_get_principal $server_handle "%s/a" p \
{KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
} $test]]} {
fail "$test: can not get principal"
return;
}
send "puts \$p\n"
expect {
-re "$prompt" { }
timeout {
error_and_restart "$test: timeout getting prompt"
return
}
eof {
error_and_restart "$test: eof getting prompt"
return
}
}
send "lindex \$p 4\n"
expect {
-re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting max_life"
return
}
eof {
error_and_restart "$test: eof getting max_life"
return
}
}
send "lindex \$p 12\n"
expect {
-re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting max_rlife"
return
}
eof {
error_and_restart "$test: eof getting max_rlife"
return
}
}
send "lindex \$p 1\n"
expect {
-re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting expiration"
return
}
eof {
error_and_restart "$test: eof getting expiration"
return
}
}
send "lindex \$p 7\n"
expect {
-re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting flags"
return
}
eof {
error_and_restart "$test: eof getting flags"
return
}
}
# This sorta worries me. Since the test is setting ENCTYPES to
# nothing, the principal has no keys. That means that nothing is
# printed for the keys in the correct case; but it feels too
# likely that nothing will be printed in the case of some problem.
send "lindex \$p 18\n"
expect {
-re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
-re "\n$prompt" { set key_data {} }
timeout {
error_and_restart "$test: timeout getting flags"
return
}
eof {
error_and_restart "$test: eof getting flags"
return
}
}
if { ! [cmd {kadm5_destroy $server_handle}]} {
perror "$test: unexpected failure in destroy"
return
}
if {$max_life == 10} {
pass "$test"
} else {
fail "$test: $max_life is not 10"
}
if {$max_rlife == 20} {
pass "$test"
} else {
fail "$test: $max_rlife is not 20"
}
if {$expiration == 30} {
pass "$test"
} else {
fail "$test: $expiration is not 30"
}
if {$flags == ""} {
pass "$test"
} else {
fail "$test: flags $flags are wrong"
}
if {$key_data == {}} {
pass "$test"
} else {
fail "$test: key_data $key_data is wrong"
}
}
if {! $RPC} test109
test "init 114"
proc test114 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_SERVER_PARAMS"
}
if {! $RPC} test114
test "init 115"
proc test115 {} {
global test
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_DBNAME} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADBNAME} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ACL_FILE} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_DICT_FILE} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ADMIN_KEYTAB} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MKEY_FROM_KBD} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_STASH_FILE} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MKEY_NAME} does.not.exist] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ENCTYPE} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MAX_LIFE} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_MAX_RLIFE} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_EXPIRATION} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_FLAGS} 0] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE \
[config_params {KADM5_CONFIG_ENCTYPES} {{}}] \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "BAD_CLIENT_PARAMS"
}
if {$RPC} test115
test "init 116"
proc test116 {} {
global test
delete_principal "$test/a"
if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
get_add_handle}]} {
error_and_restart "$test: couldn't init with admin/get-add"
}
if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
mod_delete_handle}]} {
error_and_restart "$test: couldn't init with admin/get-add"
}
one_line_succeed_test {
kadm5_get_principal $get_add_handle testuser p \
KADM5_PRINCIPAL_NORMAL_MASK
}
one_line_succeed_test [format {
kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \
{KADM5_PRINCIPAL} testpass
} $test]
one_line_fail_test {
kadm5_modify_principal $get_add_handle [simple_principal testuser] \
{KADM5_PRINC_EXPIRE_TIME}
} "AUTH_MODIFY"
one_line_fail_test {
kadm5_delete_principal $get_add_handle testuser
} "AUTH_DELETE"
one_line_fail_test {
kadm5_get_principal $mod_delete_handle testuser p \
KADM5_PRINCIPAL_NORMAL_MASK
} "AUTH_GET"
one_line_fail_test [format {
kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \
{KADM5_PRINCIPAL} testpass
} $test] "AUTH_ADD"
one_line_succeed_test {
kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \
{KADM5_PRINC_EXPIRE_TIME}
}
one_line_succeed_test [format {
kadm5_delete_principal $mod_delete_handle "%s/a"
} $test]
if {! [cmd {kadm5_destroy $get_add_handle}]} {
error_and_restart "$test: couldn't close get_add_handle"
}
if {! [cmd {kadm5_destroy $mod_delete_handle}]} {
error_and_restart "$test: couldn't close mod_delete_handle"
}
}
if {$RPC} test116
test "init 117"
proc test117 {} {
global test env prompt
if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} {
warning \
"$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test"
return
}
if {! (( ! [principal_exists "$test/a"]) ||
[delete_principal "$test/a"])} {
error_and_restart "$test: couldn't delete principal \"$test/a\""
return
}
if {! [cmd {
kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}]} {
fail "$test: unexpected failure in init"
return
}
if {! [cmd [format {
kadm5_create_principal $server_handle [simple_principal "%s/a"] \
{KADM5_PRINCIPAL} "%s/a"
} $test $test]]} {
perror "$test: unexpected failure creating principal"
}
if {! [cmd [format {
kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE
} $test]]} {
error_and_restart "$test: could not retrieve principal"
return
}
send "lindex \$principal 4\n"
expect {
-re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting max_life"
return
}
eof {
error_and_restart "$test: eof getting max_life"
return
}
}
if {$max_life == 86400} {
pass "$test"
} else {
fail "$test: max_life $max_life should be 86400"
}
if {! [cmd {kadm5_destroy $server_handle}]} {
error_and_restart "$test: couldn't close server_handle"
}
}
test117
send "puts \$KADM5_ADMIN_SERVICE\n"
expect {
-re "(\[a-zA-Z/@\]+)\n$prompt" {
set KADM5_ADMIN_SERVICE $expect_out(1,string)
}
default {
error_and_restart "$test: timeout/eof getting admin_service"
return
}
}
send "puts \$KADM5_CHANGEPW_SERVICE\n"
expect {
-re "(\[a-zA-Z/@\]+)\n$prompt" {
set KADM5_CHANGEPW_SERVICE $expect_out(1,string)
}
default {
error_and_restart "$test: timeout/eof getting changepw_service"
return
}
}
test "init 150"
proc test150 {} {
global test KADM5_ADMIN_SERVICE
kdestroy
kinit testuser notathena "-S $KADM5_ADMIN_SERVICE"
one_line_succeed_test {
kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}
kdestroy
}
if {$RPC} test150
test "init 151"
proc test151 {} {
global test KADM5_CHANGEPW_SERVICE
kdestroy
kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE"
one_line_succeed_test {
kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
}
kdestroy
}
if {$RPC} test151
test "init 152"
proc test152 {} {
global test KADM5_ADMIN_SERVICE
kdestroy
one_line_fail_test {
kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "GSS_ERROR"
}
if {$RPC} test152
test "init 153"
proc test153 {} {
global test KADM5_ADMIN_SERVICE
kinit testuser notathena
one_line_fail_test {
kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "GSS_ERROR"
}
if {$RPC} test153
test "init 154"
proc test154 {} {
global test env
set orig $env(KRB5_KDC_PROFILE)
set env(KRB5_KDC_PROFILE) /does-not-exist
api_exit; api_start
set env(KRB5_KDC_PROFILE) $orig
one_line_fail_test {
kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
server_handle
} "ENOENT"
api_exit; lib_start_api
}
if {! $RPC} test154
return ""