# Kerberos rsh test.
# This is a DejaGnu test script.
# This script tests Kerberos rsh.
# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
# Find the programs we need. We use the binaries from the build tree
# if they exist. If they do not, then they must be in PATH. We
# expect $objdir to be .../kerberos/src.
if ![info exists RSH] {
set RSH [findfile $objdir/../../appl/bsd/rsh]
}
if ![info exists KRSHD] {
set KRSHD [findfile $objdir/../../appl/bsd/kshd]
}
if ![info exists KLIST] {
set KLIST [findfile $objdir/../../clients/klist/klist]
}
# Make sure .k5login is reasonable.
if ![check_k5login rsh] {
return
}
# Set up the kerberos database.
if {![get_hostname] \
|| ![setup_kerberos_files] \
|| ![setup_kerberos_db 0]} {
return
}
# A procedure to start up the rsh daemon.
proc start_rsh_daemon { option } {
global REALMNAME
global KRSHD
global tmppwd
global krshd_spawn_id
global krshd_pid
global portbase
# The -D argument tells it to accept a single connection, so we
# don't need to use inetd. The portbase+8 is the port to listen at.
spawn $KRSHD -k -c -D [expr 8 + $portbase] -S $tmppwd/srvtab -M $REALMNAME -A $option
set krshd_spawn_id $spawn_id
set krshd_pid [exp_pid]
# Give the rsh daemon a few seconds to get set up.
sleep 2
}
# A procedure to stop the rsh daemon.
proc stop_rsh_daemon { } {
global krshd_spawn_id
global krshd_pid
if [info exists krshd_pid] {
catch "exec kill $krshd_pid"
catch {
expect {
-i $krshd_spawn_id
-re ..* { exp_continue }
eof {}
}
}
catch "close -i $krshd_spawn_id"
catch "wait -i $krshd_spawn_id"
unset krshd_pid
}
}
# Wrap the tests in a procedure, so that we can kill the daemons if
# we get some sort of error.
proc rsh_test { } {
global REALMNAME
global KLIST
global RSH
global KEY
global BINSH
global hostname
global env
global spawn_id
global tmppwd
global portbase
# Start up the kerberos and kadmind daemons and get a srvtab and a
# ticket file.
if {![start_kerberos_daemons 0] \
|| ![add_kerberos_key host/$hostname 0] \
|| ![setup_srvtab 0] \
|| ![add_kerberos_key $env(USER) 0] \
|| ![setup_kerberos_env client] \
|| ![kinit $env(USER) $env(USER)$KEY 0]} {
return
}
# Start up the rsh daemon.
start_rsh_daemon -k
# Run rsh date.
set testname "date"
spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A date
expect {
-re "\[A-Za-z0-9\]+ \[A-Za-z0-9\]+ +\[0-9\]+ \[0-9\]+:\[0-9\]+:\[0-9\]+ \[A-Za-z0-9\]+ \[0-9\]+\r\n" {
set result $expect_out(0,string)
}
timeout {
fail "$testname (timeout)"
return
}
eof {
fail "$testname (eof)"
return
}
}
expect eof
if ![check_exit_status $testname] {
return
}
if [check_date $result] {
pass $testname
} else {
fail $testname
}
# The rsh daemon should have stopped, but we have no easy way
# of checking whether it actually did. Kill it just in case.
stop_rsh_daemon
# Check encrypted rsh.
set failed no
start_rsh_daemon -ek
set testname "encrypted rsh"
spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A echo hello
expect {
"hello" { expect eof }
timeout {
fail "$testname (timeout)"
set failed yes
}
eof {
fail "$testname (eof)"
set failed yes
}
}
catch "expect eof"
if { $failed == "no" } {
if ![check_exit_status $testname] {
return
}
pass $testname
stop_rsh_daemon
} else {
catch "wait -i $spawn_id"
catch "close -i $spawn_id"
stop_rsh_daemon
}
# Check ticket forwarding
set failed no
start_rsh_daemon -k
set testname "rsh forwarding tickets"
# We need a wrapper for klist in order to setup for shared library
# runtime environment
setup_wrapper $tmppwd/klist.wrap $KLIST
spawn $RSH $hostname -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap
expect {
"Ticket cache:*\r" {
expect eof
}
"klist: No credentials cache file found" {
fail "$testname (not forwarded)"
return
}
timeout {
fail "$testname (timeout)"
return
}
eof {
fail "$testname (eof)"
return
}
}
if ![check_exit_status $testname] {
return
}
pass $testname
stop_rsh_daemon
# Check encrypted ticket forwarding
set failed no
start_rsh_daemon -e
set testname "encrypted rsh forwarding tickets"
spawn $RSH $hostname -x -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap
expect {
"Ticket cache:*\r" {
expect eof
}
"klist: No credentials cache file found" {
fail "$testname (not forwarded)"
return
}
timeout {
fail "$testname (timeout)"
return
}
eof {
fail "$testname (eof)"
return
}
}
if ![check_exit_status $testname] {
return
}
pass $testname
stop_rsh_daemon
# Check stderr
start_rsh_daemon -k
set testname "rsh to stderr"
spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
expect {
"hello" { expect eof }
timeout {
fail "$testname (timeout)"
return
}
eof {
fail "$testname (eof)"
return
}
}
if ![check_exit_status $testname] {
return
}
pass $testname
stop_rsh_daemon
start_rsh_daemon -e
set testname "encrypted rsh to stderr"
spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
expect {
"hello" { expect eof }
timeout {
fail "$testname (timeout)"
return
}
eof {
fail "$testname (eof)"
return
}
}
if ![check_exit_status $testname] {
return
}
pass $testname
# The rsh daemon should have stopped, but we have no easy way
# of checking whether it actually did. Kill it just in case.
stop_rsh_daemon
}
# Run the test.
set status [catch rsh_test msg]
# Shut down the kerberos daemons and the rsh daemon.
stop_kerberos_daemons
stop_rsh_daemon
if { $status != 0 } {
send_error "ERROR: error in rsh.exp\n"
send_error "$msg\n"
exit 1
}