# Test for the GSS-API.
# This is a DejaGnu test script.
# This script tests that the GSS-API tester functions correctly.

# This mostly just calls procedures in test/dejagnu/config/default.exp.

if ![info exists KDESTROY] {
    set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
}

if ![info exists GSSCLIENT] {
    set GSSCLIENT [findfile $objdir/../../appl/gss-sample/gss-client]
}

if ![info exists GSSSERVER] {
    set GSSSERVER [findfile $objdir/../../appl/gss-sample/gss-server]
}

# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
    return
}

# Initialize the Kerberos database.  The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 0] {
    return
}

#
# Like kinit in default.exp, but allows us to specify a different ccache.
#
proc our_kinit { name pass ccache } {
    global REALMNAME
    global KINIT
    global spawn_id

    # Use kinit to get a ticket.
    spawn $KINIT -5 -c $ccache $name@$REALMNAME
    expect {
	"Password for $name@$REALMNAME:" {
	    verbose "kinit started"
	}
	timeout {
	    fail "kinit"
	    return 0
	}
	eof {
	    fail "kinit"
	    return 0
	}
    }
    send "$pass\r"
    # This last expect seems useless, but without it the test hangs on
    # AIX.
    expect {
        "\r" { }
    }
    expect eof
    if ![check_exit_status kinit] {
	return 0
    }

    return 1
}

#
# Destroys a particular ccache.
#
proc our_kdestroy { ccache } {
    global KDESTROY
    global spawn_id

    spawn $KDESTROY -c $ccache
    if ![check_exit_status "kdestroy"] {
	return 0
    }
    return 1
}

#
# Stops the gss-server.
#
proc stop_gss_server { } {
    global gss_server_pid
    global gss_server_spawn_id

    if [info exists gss_server_pid] {
	catch "close -i $gss_server_spawn_id"
	catch "exec kill $gss_server_pid"
	wait -i $gss_server_spawn_id
	unset gss_server_pid
    }
}

#
# Restore environment variables possibly set.
#
proc gss_restore_env { } {
    global env
    global gss_save_ccname
    global gss_save_ktname

    catch "unset env(KRB5CCNAME)"
    if [info exists gss_save_ccname] {
	set env(KRB5CCNAME) $gss_save_ccname
	unset gss_save_ccname
    }
    catch "unset env(KRB5_KTNAME)"
    if [info exists gss_save_ktname] {
	set env(KRB5_KTNAME) $gss_save_ktname
	unset gss_save_ktname
    }
}

proc run_client {test tkfile client} {
    global env
    global hostname
    global GSSCLIENT
    global spawn_id
    global gss_server_spawn_id
    global REALMNAME
    global portbase

    set env(KRB5CCNAME) $tkfile
    verbose "KRB5CCNAME=$env(KRB5CCNAME)"
    verbose "spawning gssclient, identity=$client"
    spawn $GSSCLIENT -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client"
    set got_client 0
    set got_server 0
    expect_after {
	-i $spawn_id
	timeout {
	    if {!$got_client} {
		verbose -log "client timeout"
		fail $test
		catch "expect_after"
		return
	    }
	}
	eof {
	    if {!$got_client} {
		verbose -log "client eof"
		fail $test
		catch "expect_after"
		return
	    }
	}
	-i $gss_server_spawn_id
	timeout {
	    if {!$got_server} {
		verbose -log "server timeout"
		fail $test
		catch "expect_after"
		return
	    }
	}
	eof {
	    if {!$got_server} {
		verbose -log "server eof"
		fail $test
		catch "expect_after"
		return
	    }
	}
    }
    expect {
	-i $gss_server_spawn_id
	"Accepted connection: \"$client@$REALMNAME\"" exp_continue
	"Received message: \"message from $client\"" {
	    set got_server 1
	    if {!$got_client} {
		exp_continue
	    }
	}
	-i $spawn_id
	"Signature verified" {
	    set got_client 1
	    if {!$got_server} {
		exp_continue
	    }
	}
    }
    catch "expect_after"
    if ![check_exit_status $test] {
	# check_exit_staus already calls fail for us
	return
    }
    pass $test
}

proc doit { } {
    global REALMNAME
    global env
    global KLIST
    global KDESTROY
    global KEY
    global GSSTEST
    global GSSSERVER
    global GSSCLIENT
    global hostname
    global tmppwd
    global spawn_id
    global timeout
    global gss_server_pid
    global gss_server_spawn_id
    global gss_save_ccname
    global gss_save_ktname
    global portbase

    # Start up the kerberos and kadmind daemons.
    if ![start_kerberos_daemons 0] {
	perror "failed to start kerberos daemons"
    }

    # Use kadmin to add a key for us.
    if ![add_kerberos_key gsstest0 0] {
	perror "failed to set up gsstest0 key"
    }

    # Use kadmin to add a key for us.
    if ![add_kerberos_key gsstest1 0] {
	perror "failed to set up gsstest1 key"
    }

    # Use kadmin to add a key for us.
    if ![add_kerberos_key gsstest2 0] {
	perror "failed to set up gsstest2 key"
    }

    # Use kadmin to add a key for us.
    if ![add_kerberos_key gsstest3 0] {
	perror "failed to set up gsstest3 key"
    }

    # Use kadmin to add a service key for us.
    if ![add_random_key gssservice/$hostname 0] {
	perror "failed to set up gssservice/$hostname key"
    }

    # Use kdb5_edit to create a srvtab entry for gssservice
    if ![setup_srvtab 0 gssservice] {
	perror "failed to set up gssservice srvtab"
    }

    catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"

    # Use kinit to get a ticket.
    if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] {
	perror "failed to kinit gsstest0"
    }

    # Use kinit to get a ticket.
    if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] {
	perror "failed to kinit gsstest1"
    }

    # Use kinit to get a ticket.
    if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] {
	perror "failed to kinit gsstest2"
    }

    # Use kinit to get a ticket.
    if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] {
	perror "failed to kinit gsstest3"
    }

    #
    # Save settings of KRB5CCNAME and KRB5_KTNAME
    #
    if [info exists env(KRB5CCNAME)] {
	set gss_save_ccname $env(KRB5CCNAME)
    }
    if [info exists env(KRB5_KTNAME)] {
	set gss_save_ktname $env(KRB5_KTNAME)
    }

    #
    # set KRB5CCNAME and KRB5_KTNAME
    #
    set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
    verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"

    # Now start the gss-server.
    spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname
    set gss_server_pid [exp_pid]
    set gss_server_spawn_id $spawn_id
    sleep 2

    run_client gssclient0 $tmppwd/gss_tk_0 gssclient0
    run_client gssclient1 $tmppwd/gss_tk_1 gssclient1
    run_client gssclient2 $tmppwd/gss_tk_2 gssclient2
    run_client gssclient3 $tmppwd/gss_tk_3 gssclient3

    stop_gss_server
    gss_restore_env

    if ![our_kdestroy $tmppwd/gss_tk_0] {
	perror "failed kdestroy gss_tk_0" 0
    }

    if ![our_kdestroy $tmppwd/gss_tk_1] {
	perror "failed kdestroy gss_tk_1" 0
    }

    if ![our_kdestroy $tmppwd/gss_tk_2] {
	perror "failed kdestroy gss_tk_2" 0
    }

    if ![our_kdestroy $tmppwd/gss_tk_3] {
	perror "failed kdestroy gss_tk_3" 0
    }

    catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"

    return
}

set status [catch doit msg]

stop_gss_server
gss_restore_env
stop_kerberos_daemons

if { $status != 0 } {
    perror "error in gssapi.exp" 0
    perror $msg 0
}