# Standalone Kerberos test.
# This is a DejaGnu test script.
# This script tests that the Kerberos tools can talk to each other.
# This mostly just calls procedures in testsuite/config/default.exp.
# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
return
}
# Initialize the Kerberos database. The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 1] {
return
}
# We are about to start up a couple of daemon processes. We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.
proc dump_and_reload {} {
global KDB5_UTIL
global tmppwd
set dumpfile $tmppwd/dump-file
set dumpokfile $dumpfile.dump_ok
set test1name "kdb5_util dump"
set test2name "kdb5_util load"
if [file exists $dumpfile] { file delete $dumpfile }
if [file exists $dumpokfile] { file delete $dumpokfile }
spawn $KDB5_UTIL dump $dumpfile
expect {
-re "..*" {
fail $test1name
untested $test2name
return
}
timeout {
fail $test1name
untested $test2name
return
}
eof { }
}
if ![check_exit_status $test1name] {
untested $test2name
return
}
if ![file exists $dumpfile]||![file exists $dumpokfile] {
fail $test1name
untested $test2name
return
}
pass $test1name
spawn $KDB5_UTIL load $dumpfile
expect {
-re "..*" {
fail $test2name
return
}
timeout {
fail $test2name
return
}
eof { }
}
if [check_exit_status $test2name] {
pass $test2name
}
}
proc doit { } {
global REALMNAME
global KLIST
global KDESTROY
global KEY
global KADMIN_LOCAL
global KTUTIL
global hostname
global tmppwd
global spawn_id
global supported_enctypes
global KRBIV
global portbase
global mode
# Start up the kerberos and kadmind daemons.
if ![start_kerberos_daemons 1] {
return
}
# Use kadmin to add an host key.
if ![add_random_key host/$hostname 1] {
return
}
spawn $KADMIN_LOCAL -q "addpol fred"
catch expect_after
expect {
timeout {
fail "kadmin.local addpol fred"
}
eof {
pass "kadmin.local addpol fred"
}
}
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
catch "close -i $spawn_id"
# Use ksrvutil to create a srvtab entry.
if ![setup_srvtab 1] {
return
}
# Test dump and load. Continue on, whatever the result.
dump_and_reload
spawn $KADMIN_LOCAL -q "getpols"
expect {
fred {
pass "kadmin.local getpols"
expect eof
}
timeout {
fail "kadmin.local getpols"
}
eof {
fail "kadmin.local getpols"
}
}
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
catch "close -i $spawn_id"
# Use kinit to get a ticket.
if ![kinit krbtest/admin adminpass$KEY 1] {
return
}
# Make sure that klist can see the ticket.
if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
return
}
# Destroy the ticket.
spawn $KDESTROY -5
if ![check_exit_status "kdestroy"] {
return
}
pass "kdestroy"
# Double check that the ticket was destroyed.
if ![do_klist_err "klist after destroy"] { return }
if ![add_random_key foo/bar 1] {
return
}
set keytab $tmppwd/fookeytab
catch "exec rm -f $keytab"
modify_principal foo/bar -kvno 252
foreach vno {253 254 255 256 257 258} {
xst $tmppwd/fookeytab foo/bar
do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno"
kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
do_kdestroy "kdestroy foo/bar vno $vno"
if {[info exists KRBIV] && $KRBIV &&
[regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} {
catch "exec rm -f $tmppwd/foosrvtab"
spawn $KTUTIL
expect_after {
timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 }
eof { fail "ktutil converting keytab to srvtab" ; set ok 0 }
}
expect "ktutil: "
send "rkt $tmppwd/fookeytab\r"
expect -ex "rkt $tmppwd/fookeytab\r"
expect "ktutil: "
# for debugging, just log this
# send "list\r"
# expect "ktutil: "
#
send "wst $tmppwd/foosrvtab\r"
expect -ex "wst $tmppwd/foosrvtab\r"
expect "ktutil: "
# for debugging, just log this
# send "clear\r"
# expect "ktutil: "
# send "rst $tmppwd/foosrvtab\r"
# expect "ktutil: "
# send "list\r"
# expect "ktutil: "
# okay, now quit and finish testing
send "quit\r"
expect eof
catch expect_after
if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] {
pass "ktutil converting keytab to srvtab (vno $vno)"
do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno"
kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno"
do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno"
do_kdestroy "kdestroy st foo/bar vno $vno"
}
} else {
verbose "skipping v5kinit/srvtab tests because of non-v4 enctype"
}
}
catch "exec rm -f $keytab"
# Check that kadmin.local can actually read the correct kvno, even
# if we don't expect kadmin to be able to.
spawn $KADMIN_LOCAL -r $REALMNAME
set ok 1
expect_after {
timeout { fail "kadmin.local correct high kvno" ; set ok 0 }
eof { fail "kadmin.local correct high kvno" ; set ok 0 }
}
expect "kadmin.local: "
send "getprinc foo/bar\r"
# exec sleep 10
expect "Key: vno $vno,"
send "quit\r"
expect eof
if [check_exit_status "kadmin.local examine foo/bar for high kvno"] {
if $ok {
pass "kadmin.local correct high kvno"
}
}
if { $mode == "tcp" } {
set response {}
set got_response 0
set kdcsock ""
catch {
send_log "connecting to $hostname [expr 3 + $portbase]\n"
set kdcsock [socket $hostname [expr 3 + $portbase]]
fconfigure $kdcsock -encoding binary -blocking 0 -buffering none
puts -nonewline $kdcsock [binary format H* ffffffff]
# XXX
sleep 3
set response [read $kdcsock]
set got_response 1
} msg
if [string length $kdcsock] { catch "close $kdcsock" }
if $got_response {
# send_log [list sent length -1, got back $response]
# send_log "\n"
if [string length $response]>10 {
pass "too-long TCP request"
} else {
send_log "response too short\n"
fail "too-long TCP request"
}
} else {
send_log "too-long connect/exchange failure: $msg\n"
fail "too-long TCP request"
}
}
}
set status [catch doit msg]
stop_kerberos_daemons
if { $status != 0 } {
send_error "ERROR: error in standalone.exp\n"
send_error "$msg\n"
exit 1
}