load_lib lib.t
# Assumptions:
#
# Principal "admin" exists, with "get", "add", "modify" and "delete"
# access bits and password "admin".
# The string "not-the-password" isn't the password of any user in the database.
# Database master password is "mrroot".
api_exit
api_start
test "init 1"
one_line_fail_test_nochk \
{ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE "" \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
test "init 2"
one_line_fail_test_nochk \
{ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE @ \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
test "init 2.5"
one_line_fail_test_nochk \
{ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
test "init 3"
proc test3 {} {
global test
if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
error_and_restart "$test: couldn't create principal \"$test/a\""
return
}
one_line_fail_test_nochk [format {
ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
} $test]
}
if {$RPC} { test3 }
test "init 4"
proc test4 {} {
global test
if {! ((! [principal_exists "$test/a"]) ||
[delete_principal "$test/a"])} {
error_and_restart "$test: couldn't delete principal \"$test/a\""
return
}
one_line_fail_test_nochk [format {
ovsec_kadm_init admin admin "%s/a" null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
} $test]
}
if {$RPC} { test4 }
test "init 5"
if {$RPC} {
one_line_fail_test_nochk {
ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
}
}
test "init 6"
proc test6 {} {
global test
send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
expect {
-re "assword\[^\r\n\]*: *" { }
eof {
fail "$test: eof instead of password prompt"
api_exit
api_start
return
}
timeout {
fail "$test: timeout instead of password prompt"
return
}
}
one_line_succeed_test "admin"
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if { $RPC } { test6 }
test "init 7"
proc test7 {} {
global test
send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
expect {
-re "assword\[^\r\n\]*: *" { }
-re "\n\[^\n\]+key:\[^\n\]*$" { }
eof {
fail "$test: eof instead of password prompt"
api_exit
api_start
return
}
timeout {
fail "$test: timeout instead of password prompt"
return
}
}
one_line_succeed_test "admin"
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if { $RPC } { test7 }
test "init 8"
proc test8 {} {
global test
if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
error_and_restart "$test: couldn't create principal \"$test/a\""
return
}
one_line_fail_test_nochk [format {
ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
} $test]
}
if {$RPC} { test8 }
test "init 9"
if {$RPC} {
global test
one_line_fail_test_nochk {
ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
}
test "init 10"
proc test10 {} {
global test
# set prms_id 562
# setup_xfail {*-*-*} $prms_id
one_line_fail_test_nochk {
ovsec_kadm_init null admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
}
test10
#test "init 11"
#
#proc test11 {} {
# global test
# set prms_id 563
# setup_xfail {*-*-*} $prms_id
# one_line_fail_test_nochk {
# ovsec_kadm_init "" admin $OVSEC_KADM_ADMIN_SERVICE null \
# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
# server_handle
# }
#}
#test11
test "init 12"
proc test12 {} {
global test
one_line_fail_test_nochk [format {
ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
} $test]
}
if {$RPC} { test12 }
test "init 13"
proc test13 {} {
global test
one_line_fail_test_nochk [format {
ovsec_kadm_init "%s/a@SECURE-TEST.OV.COM" admin \
$OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
} $test]
}
if {$RPC} { test13 }
test "init 14"
proc test14 {} {
global test
one_line_fail_test_nochk [format {
ovsec_kadm_init "%s/a@BAD.REALM" admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
} $test]
}
if {$RPC} { test14 }
test "init 15"
if {$RPC} {
one_line_fail_test_nochk {
ovsec_kadm_init admin@BAD.REALM admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
}
test "init 16"
proc test16 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test16
test "init 17"
proc test17 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
$OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test17
test "init 18"
proc test18 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test18
test "init 19"
proc test19 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
$OVSEC_KADM_ADMIN_SERVICE SECURE-TEST.OV.COM \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test19
test "init 20"
proc test20 {} {
global test
if {! [cmd {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}]} {
error_and_restart "$test: couldn't init database"
return
}
one_line_succeed_test \
{ovsec_kadm_get_principal $server_handle admin principal}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test20
#test "init 21"
#
#proc test21 {} {
# global test
# if {! [cmd {
# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
# server_handle
# }]} {
# error_and_restart "$test: couldn't init database"
# return
# }
# one_line_fail_test_nochk {
# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
# server_handle
# }
# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
# error_and_restart "$test: couldn't close database"
# }
#}
#test21
proc test22 {} {
global test prompt
set prompting 0
send [string trim {
ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
}]
send "\n"
expect {
-re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
-re "\nOK .*$prompt$" { fail "$test: premature success" }
-re "\nERROR .*$prompt$" { fail "$test: premature failure" }
timeout { fail "$test: timeout" }
eof { fail "$test: eof" }
}
if {$prompting} {
one_line_succeed_test mrroot
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} { test22 }
test "init 22.5"
proc test225 {} {
global test prompt
set prompting 0
send [string trim {
ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
}]
send "\n"
expect {
-re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
-re "\nOK .*$prompt$" { fail "$test: premature success" }
-re "\nERROR .*$prompt$" { fail "$test: premature failure" }
timeout { fail "$test: timeout" }
eof { fail "$test: eof" }
}
if {$prompting} {
one_line_succeed_test mrroot
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} { test225 }
test "init 23"
proc test23 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE \
null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} { test23 }
test "init 24"
proc test24 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin admin null null $OVSEC_KADM_STRUCT_VERSION \
$OVSEC_KADM_API_VERSION_1 server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} { test24 }
test "init 25"
proc test25 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin admin foobar null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if {! $RPC} { test25 }
test "init 26"
#proc test26 {} {
# global test
#
# api_exit
# api_start
# one_line_fail_test_nochk {
# ovsec_kadm_get_principal $server_handle admin principal
# }
#}
#test26
#test "init 27"
#
#proc test27 {} {
# global test
#
# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
# error_and_restart "$test: couldn't delete principal \"$test/a\""
# return
# }
# begin_dump
# if {[cmd [format {
# ovsec_kadm_create_principal $server_handle [simple_principal \
# "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
# } $test $test]]} {
# fail "$test: unexpected success in add"
# return
# }
# end_dump_compare "no-diffs"
#}
#test27
#test "init 28"
#
#proc test28 {} {
# global test prompt
#
# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
# error_and_restart "$test: couldn't create principal \"$test/a\""
# return
# }
# begin_dump
# if {! ([cmd {
# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
# server_handle
# }] && [cmd [format {
# ovsec_kadm_get_principal $server_handle "%s/a" principal
# } $test]])} {
# error_and_restart "$test: error getting principal"
# return;
# }
# send "lindex \$principal 8\n"
# expect {
# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
# timeout {
# error_and_restart "$test: timeout getting principal kvno"
# return
# }
# eof {
# error_and_restart "$test: eof getting principal kvno"
# return
# }
# }
# api_exit
# api_start
# set new_kvno [expr "$kvno + 1"]
# if {[cmd [format {
# ovsec_kadm_modify_principal $server_handle \
# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
# } $test $new_kvno]]} {
# fail "$test: unexpected success in modify"
# return;
# }
# end_dump_compare "no-diffs"
#}
#test28
#test "init 29"
#
#proc test29 {} {
# global test
#
# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
# error_and_restart "$test: couldn't create principal \"$test/a\""
# return
# }
# begin_dump
# if {[cmd [format {
# ovsec_kadm_delete_principal $server_handle "%s/a"
# } $test]]} {
# fail "$test: unexpected success in delete"
# return
# }
# end_dump_compare "no-diffs"
#}
#test29
test "init 30"
proc test30 {} {
global test
if {[cmd {
ovsec_kadm_init admin foobar $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}]} {
error_and_restart "$test: unexpected success"
return
}
one_line_succeed_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
if ${RPC} { test30 }
test "init 31"
proc test31 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$bad_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
server_handle
} "BAD_STRUCT_VERSION"
}
test31
test "init 32"
proc test32 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$no_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
server_handle
} "BAD_STRUCT_VERSION"
}
test32
test "init 33"
proc test33 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$old_struct_version $OVSEC_KADM_API_VERSION_1 \
server_handle
} "OLD_STRUCT_VERSION"
}
test33
test "init 34"
proc test34 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$new_struct_version $OVSEC_KADM_API_VERSION_1 \
server_handle
} "NEW_STRUCT_VERSION"
}
test34
test "init 35"
proc test35 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $bad_api_version_mask \
server_handle
} "BAD_API_VERSION"
}
test35
test "init 36"
proc test36 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $no_api_version_mask \
server_handle
} "BAD_API_VERSION"
}
test36
test "init 37"
proc test37 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $old_api_version \
server_handle
} "OLD_LIB_API_VERSION"
}
if { $RPC } test37
test "init 38"
proc test38 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $old_api_version \
server_handle
} "OLD_SERVER_API_VERSION"
}
if { ! $RPC } test38
test "init 39"
proc test39 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $new_api_version \
server_handle
} "NEW_LIB_API_VERSION"
}
if { $RPC } test39
test "init 40"
proc test40 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $new_api_version \
server_handle
} "NEW_SERVER_API_VERSION"
}
if { ! $RPC } test40
test "init 41"
proc test41 {} {
global test
one_line_fail_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_API_VERSION_1 $OVSEC_KADM_STRUCT_VERSION \
server_handle
} "BAD_"
}
test41
test "init 42"
proc test42 {} {
global test
one_line_succeed_test {
ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle
}
if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
error_and_restart "$test: couldn't close database"
}
}
test42
proc test45_46 {service} {
global test kadmin_local env
spawn $kadmin_local -q "delprinc -force $service"
expect {
-re "Principal .* deleted." {}
default {
perror "kadmin.local delprinc failed\n";
}
}
expect eof
wait
one_line_fail_test [concat {ovsec_kadm_init admin admin } \
$service \
{ null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
server_handle}] "SECURE_PRINC_MISSING"
# this leaves the keytab with an incorrect entry
spawn $kadmin_local -q "ank -randkey $service"
expect eof
wait
# restart the api so it gets a new ccache
api_exit
api_start
}
if {$RPC} {
test "init 45"
test45_46 ovsec_adm/admin
test "init 46"
test45_46 ovsec_adm/changepw
# re-extract the keytab so it is right
exec rm $env(K5ROOT)/ovsec_adm.srvtab
exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
-princ kadmin/admin -princ kadmin/changepw \
$env(K5ROOT)/ovsec_adm.srvtab
}
return ""