+++ /dev/null
-# Password-changing Kerberos test.
-# This is a DejaGnu test script.
-
-proc setup_slave {} {
- global tmppwd hostname REALMNAME KDB5_UTIL
- file delete $tmppwd/slave-stash $tmppwd/slave-acl
- file copy -force $tmppwd/acl $tmppwd/slave-acl
- set aclfile [open $tmppwd/kpropd-acl w]
- puts $aclfile "host/$hostname@$REALMNAME"
- close $aclfile
- setup_slave_db
- # copy database - must be used after master db set up
- envstack_push
- setup_kerberos_env kdc
- set dumpfile $tmppwd/dump-file
- file delete $dumpfile $dumpfile.dump_ok
- if [catch {exec $KDB5_UTIL dump -i $dumpfile} msg] {
- error "master dump failed: $msg"
- }
- setup_kerberos_env slave
- foreach suffix { .kadm5.lock .ok } {
- file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix
- }
- if [catch {exec $KDB5_UTIL load -i $dumpfile} msg] {
- send_user "slave load failed: $msg"
- error "slave load failed: $msg"
- }
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global REALMNAME KEY
- global KLIST KDESTROY KADMIN_LOCAL KTUTIL KPROPLOG KPROPD KDB5_UTIL
- global hostname tmppwd spawn_id kpropd_spawn_id kpropd_pid
- global supported_enctypes KRBIV portbase mode
- global ulog des3_krbtgt
-
- # Delete any db, ulog files
- delete_db
-
- # Update config file
- set ulog 1
- reset_kerberos_files
-
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is being called from here.
- if ![setup_kerberos_db 0] {
- return
- }
- if ![start_kerberos_daemons 0] {
- return
- }
-
- # Check that ulog file does exist
- if [file exists $tmppwd/db.ulog] {
- pass "create update log"
- } else {
- fail "create update log"
- }
-
- setup_slave
-
- # Use kadmin to add a key.
- if ![add_kerberos_key wakawaka 0] {
- return
- }
- set c chocolate-flavored-school-bus
- # Long enough to make realloc likely, but not enough to grow
- # basic ulog entry size.
- set longname $c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c
- if ![add_kerberos_key $longname 0] {
- return
- }
- if ![add_kerberos_key w 0] {
- return
- }
- if ![modify_principal w -allow_tix] {
- return
- }
- if ![modify_principal w +allow_tix] {
- return
- }
- # Should test rename_principal once we have that.
-
- # Run kproplog, look at output.
- setup_kerberos_env kdc
- spawn $KPROPLOG
- expect_after {
- timeout {
- fail "kproplog output"
- break
- }
- eof {
- fail "kproplog output"
- break
- }
- }
- catch {
- expect -re "Kerberos update log"
- expect -re "Update log dump"
- expect -re "First serial \# : 1"
- if $des3_krbtgt {
- expect -re "Last serial \# : 9"
- expect -re "Update Entry"
- expect -re "Update serial \# : 1"
- expect -re "Attributes changed : 12"
- expect -re "Update Entry"
- expect -re "Update serial \# : 3"
- expect -re "Attributes changed : 6"
- expect -re "Update Entry"
- expect -re "Update serial \# : 5"
- expect -re "Attributes changed : 12"
- expect -re "Update Entry"
- expect -re "Update serial \# : 5"
- } else {
- expect -re "Last serial \# : 8"
- expect -re "Update Entry"
- expect -re "Update serial \# : 1"
- expect -re "Attributes changed : 12"
- expect -re "Update Entry"
- expect -re "Update serial \# : 3"
- expect -re "Attributes changed : 12"
- expect -re "Update Entry"
- expect -re "Update serial \# : 4"
- }
- expect -re "Update operation : Add"
- expect -re "Update principal : wakawaka@KRBTEST.COM"
- expect_after {
- timeout {
- fail "kproplog output"
- break
- }
- }
- expect -re "Attributes changed : 12"
- expect eof
- pass "kproplog output"
- } foo
- catch expect_after
- if [check_exit_status kproplog] {
- pass "kproplog"
- }
- add_random_key host/$hostname 0
- add_random_key kiprop/$hostname 0
-
- # Already have kadmind running.
-
- # Get a keytab file.
- setup_srvtab 0
-
- # Sleep 11s for built-in delay.
- verbose "Delaying to bypass contention-avoidance code in kadmind/iprop"
- sleep 11
-
- # Launch slave kpropd.
- start_kpropd
-# setup_kerberos_env slave
-# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
-# spawn_shell
- expect {
- -i $kpropd_spawn_id
- "Update transfer from master was OK" {
- exec kill $kpropd_pid
- wait -i $kpropd_spawn_id
- unset kpropd_spawn_id kpropd_pid
- }
- -re ..* { exp_continue }
- timeout {
- catch { exec kill $kpropd_pid }
- exp_continue
- }
- eof {
- wait -i $kpropd_spawn_id
- unset kpropd_spawn_id kpropd_pid
- }
- }
-
- # Wait briefly?
- # Check slave db for new principal.
- setup_kerberos_env slave
- spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
- expect {
- wakawaka@ {
- expect eof
- }
- eof {
- fail "kprop (updated slave data)"
- return
- }
- timeout {
- fail "kprop (examining new db)"
- return
- }
- }
- pass "iprop"
-
- # What about testing for full propagation? (Small number of
- # entries in update log, change one principal's record a lot of
- # times, then fire up incremental kpropd...) Do later.
-}
-
-run_once iprop {
- catch "unset kpropd_pid"
- catch "unset kpropd_spawn_id"
-
- # Set up the Kerberos files and environment.
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
- }
-
- set status [catch doit msg]
-
- stop_kerberos_daemons
-
- # if kpropd is running, kill it
- if [info exists kpropd_pid] {
- catch {
- exec kill $kpropd_pid
- expect -i $kpropd_spawn_id eof
- wait -i $kpropd_spawn_id
- unset kpropd_pid kpropd_spawn_id
- }
- }
-
- set ulog 0
- reset_kerberos_files
- delete_db
-
- if { $status != 0 } {
- send_error "ERROR: error in iprop.exp\n"
- send_error "$msg\n"
- exit 1
- }
-}
projects / thirdparty / krb5.git / commitdiff
