# Standalone Kerberos test. # This is a DejaGnu test script. # This script tests that the Kerberos tools can talk to each other. # This mostly just calls procedures in testsuite/config/default.exp. # Set up the Kerberos files and environment. if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { return } # Initialize the Kerberos database. The argument tells # setup_kerberos_db that it is being called from here. if ![setup_kerberos_db 1] { return } # We are about to start up a couple of daemon processes. We do all # the rest of the tests inside a proc, so that we can easily kill the # processes when the procedure ends. proc dump_and_reload {} { global KDB5_UTIL global tmppwd set dumpfile $tmppwd/dump-file set dumpokfile $dumpfile.dump_ok set test1name "kdb5_util dump" set test2name "kdb5_util load" if [file exists $dumpfile] { file delete $dumpfile } if [file exists $dumpokfile] { file delete $dumpokfile } spawn $KDB5_UTIL dump $dumpfile expect { -re "..*" { fail $test1name untested $test2name return } timeout { fail $test1name untested $test2name return } eof { } } if ![check_exit_status $test1name] { untested $test2name return } if ![file exists $dumpfile]||![file exists $dumpokfile] { fail $test1name untested $test2name return } pass $test1name spawn $KDB5_UTIL load $dumpfile expect { -re "..*" { fail $test2name return } timeout { fail $test2name return } eof { } } if [check_exit_status $test2name] { pass $test2name } } proc doit { } { global REALMNAME global KLIST global KDESTROY global KEY global KADMIN_LOCAL global KTUTIL global hostname global tmppwd global spawn_id global supported_enctypes global KRBIV global portbase global mode # Start up the kerberos and kadmind daemons. if ![start_kerberos_daemons 1] { return } # Use kadmin to add an host key. if ![add_random_key host/$hostname 1] { return } spawn $KADMIN_LOCAL -q "addpol fred" catch expect_after expect { timeout { fail "kadmin.local addpol fred" } eof { pass "kadmin.local addpol fred" } } set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" catch "close -i $spawn_id" # Use ksrvutil to create a srvtab entry. if ![setup_srvtab 1] { return } # Test dump and load. Continue on, whatever the result. dump_and_reload spawn $KADMIN_LOCAL -q "getpols" expect { fred { pass "kadmin.local getpols" expect eof } timeout { fail "kadmin.local getpols" } eof { fail "kadmin.local getpols" } } set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" catch "close -i $spawn_id" # Use kinit to get a ticket. if ![kinit krbtest/admin adminpass$KEY 1] { return } # Make sure that klist can see the ticket. if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] { return } # Destroy the ticket. spawn $KDESTROY -5 if ![check_exit_status "kdestroy"] { return } pass "kdestroy" # Double check that the ticket was destroyed. if ![do_klist_err "klist after destroy"] { return } if ![add_random_key foo/bar 1] { return } set keytab $tmppwd/fookeytab catch "exec rm -f $keytab" modify_principal foo/bar -kvno 252 foreach vno {253 254 255 256 257 258} { xst $tmppwd/fookeytab foo/bar do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno" kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno" do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno" do_kdestroy "kdestroy foo/bar vno $vno" if {[info exists KRBIV] && $KRBIV && [regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} { catch "exec rm -f $tmppwd/foosrvtab" spawn $KTUTIL expect_after { timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 } eof { fail "ktutil converting keytab to srvtab" ; set ok 0 } } expect "ktutil: " send "rkt $tmppwd/fookeytab\r" expect -ex "rkt $tmppwd/fookeytab\r" expect "ktutil: " # for debugging, just log this # send "list\r" # expect "ktutil: " # send "wst $tmppwd/foosrvtab\r" expect -ex "wst $tmppwd/foosrvtab\r" expect "ktutil: " # for debugging, just log this # send "clear\r" # expect "ktutil: " # send "rst $tmppwd/foosrvtab\r" # expect "ktutil: " # send "list\r" # expect "ktutil: " # okay, now quit and finish testing send "quit\r" expect eof catch expect_after if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] { pass "ktutil converting keytab to srvtab (vno $vno)" do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno" kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno" do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno" do_kdestroy "kdestroy st foo/bar vno $vno" } } else { verbose "skipping v5kinit/srvtab tests because of non-v4 enctype" } } catch "exec rm -f $keytab" # Check that kadmin.local can actually read the correct kvno, even # if we don't expect kadmin to be able to. spawn $KADMIN_LOCAL -r $REALMNAME set ok 1 expect_after { timeout { fail "kadmin.local correct high kvno" ; set ok 0 } eof { fail "kadmin.local correct high kvno" ; set ok 0 } } expect "kadmin.local: " send "getprinc foo/bar\r" # exec sleep 10 expect "Key: vno $vno," send "quit\r" expect eof if [check_exit_status "kadmin.local examine foo/bar for high kvno"] { if $ok { pass "kadmin.local correct high kvno" } } if { $mode == "tcp" } { set response {} set got_response 0 set kdcsock "" catch { send_log "connecting to $hostname [expr 3 + $portbase]\n" set kdcsock [socket $hostname [expr 3 + $portbase]] fconfigure $kdcsock -encoding binary -blocking 0 -buffering none puts -nonewline $kdcsock [binary format H* ffffffff] # XXX sleep 3 set response [read $kdcsock] set got_response 1 } msg if [string length $kdcsock] { catch "close $kdcsock" } if $got_response { # send_log [list sent length -1, got back $response] # send_log "\n" if [string length $response]>10 { pass "too-long TCP request" } else { send_log "response too short\n" fail "too-long TCP request" } } else { send_log "too-long connect/exchange failure: $msg\n" fail "too-long TCP request" } } } set status [catch doit msg] stop_kerberos_daemons if { $status != 0 } { send_error "ERROR: error in standalone.exp\n" send_error "$msg\n" exit 1 }