server = realm.start_server(server_args, 'starting...')
realm.run([gss_client, '-port', portstr] + options +
[hostname, 'host', 'testmsg'], **kwargs)
+
+ seen1 = seen2 = False
+ while 'expected_code' not in kwargs and not (seen1 and seen2):
+ line = server.stdout.readline()
+ if line == '':
+ fail('gss-server process exited unexpectedly')
+ if line == 'Accepted connection: "user@KRBTEST.COM"\n':
+ seen1 = True
+ if line == 'Received message: "testmsg"\n':
+ seen2 = True
+
stop_daemon(server)
# Run a gss-server and gss-client process, and verify that gss-client
mydir=appl$(S)sample
SUBDIRS = sclient sserver
BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+ $(RUNPYTEST) $(srcdir)/t_sample.py $(PYTESTFLAGS)
syslog(LOG_ERR, "listen: %m");
exit(3);
}
+
+ printf("starting...\n");
+ fflush(stdout);
+
if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
syslog(LOG_ERR, "accept: %m");
exit(3);
--- /dev/null
+from k5test import *
+
+sclient = os.path.join(buildtop, 'appl', 'sample', 'sclient', 'sclient')
+sserver = os.path.join(buildtop, 'appl', 'sample', 'sserver', 'sserver')
+
+for realm in multipass_realms(create_host=False):
+ server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+ realm.addprinc(server_princ)
+ realm.extract_keytab(server_princ, realm.keytab)
+
+ portstr = str(realm.server_port())
+ server = realm.start_server([sserver, '-p', portstr], 'starting...')
+ out = realm.run([sclient, hostname, portstr],
+ expected_msg='You are user@KRBTEST.COM')
+ await_daemon_exit(server)
+
+ server = realm.start_in_inetd([sserver])
+ out = realm.run([sclient, hostname, portstr],
+ expected_msg='You are user@KRBTEST.COM')
+ await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
mydir=appl$(S)simple
SUBDIRS = client server
BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+ $(RUNPYTEST) $(srcdir)/t_simple.py $(PYTESTFLAGS)
}
printf("starting...\n");
+ fflush(stdout);
#ifdef DEBUG
printf("socket has port # %d\n", ntohs(s_sock.sin_port));
--- /dev/null
+from k5test import *
+
+sim_client = os.path.join(buildtop, 'appl', 'simple', 'client', 'sim_client')
+sim_server = os.path.join(buildtop, 'appl', 'simple', 'server', 'sim_server')
+
+for realm in multipass_realms(create_host=False):
+ server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+ realm.addprinc(server_princ)
+ realm.extract_keytab(server_princ, realm.keytab)
+
+ portstr = str(realm.server_port())
+ server = realm.start_server([sim_server, '-p', portstr], 'starting...')
+
+ out = realm.run([sim_client, '-p', portstr, hostname])
+ if ('Sent checksummed message:' not in out or
+ 'Sent encrypted message:' not in out):
+ fail('Expected client messages not seen')
+
+ # sim_server exits after one client execution, so we can read
+ # until it closes stdout.
+ seen1 = seen2 = seen3 = False
+ for line in server.stdout:
+ if line == 'Got authentication info from user@KRBTEST.COM\n':
+ seen1 = True
+ if line == "Safe message is: 'hi there!'\n":
+ seen2 = True
+ if line == "Decrypted message is: 'hi there!'\n":
+ seen3 = True
+ if not (seen1 and seen2 and seen3):
+ fail('Expected server messages not seen')
+
+ await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
for realm in multipass_realms():
if debug_compiled == 0:
- realm.start_in_inetd(['./uuserver', 'uuserver'], port=9999)
+ server = realm.start_in_inetd(['./uuserver'], port=9999)
else:
- srv_output = realm.start_server(['./uuserver', '9999'], 'Server started')
+ server = realm.start_server(['./uuserver', '9999'], 'Server started')
msg = 'uu-client: server says "Hello, other end of connection."'
realm.run(['./uuclient', hostname, 'testing message', '9999'],
expected_msg=msg)
+ await_daemon_exit(server)
success('User-2-user test programs')
from k5test import *
+import struct
# Set the maximum UDP reply size very low, so that all replies go
# through the RESPONSE_TOO_BIG path.
realm.kinit(realm.user_princ, password('user'), expected_trace=msgs)
realm.run([kvno, realm.host_princ], expected_trace=msgs)
+# Pretend to send an absurdly long request over TCP, and verify that
+# we get back a reply of plausible length to be an encoded
+# KRB_ERR_RESPONSE_TOO_BIG error.
+s = socket.create_connection((hostname, realm.portbase))
+s.sendall(b'\xFF\xFF\xFF\xFF')
+lenbytes = s.recv(4)
+assert(len(lenbytes) == 4)
+resplen, = struct.unpack('>L', lenbytes)
+if resplen < 10:
+ fail('KDC response too short (KRB_ERR_RESPONSE_TOO_BIG error expected)')
+resp = s.recv(resplen)
+assert(len(resp) == resplen)
+
success('Large KDC replies')
+++ /dev/null
-# Test for the GSS-API.
-# This is a DejaGnu test script.
-# This script tests that the GSS-API tester functions correctly.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists GSSCLIENT] {
- set GSSCLIENT [findfile $objdir/../../appl/gss-sample/gss-client]
-}
-
-if ![info exists GSSSERVER] {
- set GSSSERVER [findfile $objdir/../../appl/gss-sample/gss-server]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-#
-# Like kinit in default.exp, but allows us to specify a different ccache.
-#
-proc our_kinit { name pass ccache } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- spawn $KINIT -f -5 -c $ccache $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit"
- return 0
- }
- eof {
- fail "kinit"
- return 0
- }
- }
- send "$pass\r"
- # This last expect seems useless, but without it the test hangs on
- # AIX.
- expect {
- "\r" { }
- }
- expect eof
- if ![check_exit_status kinit] {
- return 0
- }
-
- return 1
-}
-
-#
-# Destroys a particular ccache.
-#
-proc our_kdestroy { ccache } {
- global KDESTROY
- global spawn_id
-
- spawn $KDESTROY -c $ccache
- if ![check_exit_status "kdestroy"] {
- return 0
- }
- return 1
-}
-
-#
-# Stops the gss-server.
-#
-proc stop_gss_server { } {
- global gss_server_pid
- global gss_server_spawn_id
-
- if [info exists gss_server_pid] {
- catch "close -i $gss_server_spawn_id"
- catch "exec kill $gss_server_pid"
- wait -i $gss_server_spawn_id
- unset gss_server_pid
- }
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc gss_restore_env { } {
- global env
- global gss_save_ccname
- global gss_save_ktname
-
- catch "unset env(KRB5CCNAME)"
- if [info exists gss_save_ccname] {
- set env(KRB5CCNAME) $gss_save_ccname
- unset gss_save_ccname
- }
- catch "unset env(KRB5_KTNAME)"
- if [info exists gss_save_ktname] {
- set env(KRB5_KTNAME) $gss_save_ktname
- unset gss_save_ktname
- }
-}
-
-proc run_client {test tkfile client} {
- global env
- global hostname
- global GSSCLIENT
- global spawn_id
- global gss_server_spawn_id
- global REALMNAME
- global portbase
-
- set env(KRB5CCNAME) $tkfile
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
- verbose "spawning gssclient, identity=$client"
- spawn $GSSCLIENT -d -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client"
- set got_client 0
- set got_server 0
- expect_after {
- -i $spawn_id
- timeout {
- if {!$got_client} {
- verbose -log "client timeout"
- fail $test
- catch "expect_after"
- return
- }
- }
- eof {
- if {!$got_client} {
- verbose -log "client eof"
- fail $test
- catch "expect_after"
- return
- }
- }
- -i $gss_server_spawn_id
- timeout {
- if {!$got_server} {
- verbose -log "server timeout"
- fail $test
- catch "expect_after"
- return
- }
- }
- eof {
- if {!$got_server} {
- verbose -log "server eof"
- fail $test
- catch "expect_after"
- return
- }
- }
- }
- expect {
- -i $gss_server_spawn_id
- "Accepted connection: \"$client@$REALMNAME\"" exp_continue
- "Received message: \"message from $client\"" {
- set got_server 1
- if {!$got_client} {
- exp_continue
- }
- }
- -i $spawn_id
- "Signature verified" {
- set got_client 1
- if {!$got_server} {
- exp_continue
- }
- }
- }
- catch "expect_after"
- if ![check_exit_status $test] {
- # check_exit_staus already calls fail for us
- return
- }
- pass $test
-}
-
-proc doit { } {
- global REALMNAME
- global env
- global KLIST
- global KDESTROY
- global KEY
- global GSSTEST
- global GSSSERVER
- global GSSCLIENT
- global hostname
- global tmppwd
- global spawn_id
- global timeout
- global gss_server_pid
- global gss_server_spawn_id
- global gss_save_ccname
- global gss_save_ktname
- global portbase
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- perror "failed to start kerberos daemons"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest0 0] {
- perror "failed to set up gsstest0 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest1 0] {
- perror "failed to set up gsstest1 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest2 0] {
- perror "failed to set up gsstest2 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest3 0] {
- perror "failed to set up gsstest3 key"
- }
-
- # Use kadmin to add a service key for us.
- if ![add_random_key gssservice/$hostname 0] {
- perror "failed to set up gssservice/$hostname key"
- }
-
- # Use kdb5_edit to create a keytab entry for gssservice
- if ![setup_keytab 0 gssservice] {
- perror "failed to set up gssservice keytab"
- }
-
- catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] {
- perror "failed to kinit gsstest0"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] {
- perror "failed to kinit gsstest1"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] {
- perror "failed to kinit gsstest2"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] {
- perror "failed to kinit gsstest3"
- }
-
- #
- # Save settings of KRB5CCNAME and KRB5_KTNAME
- #
- if [info exists env(KRB5CCNAME)] {
- set gss_save_ccname $env(KRB5CCNAME)
- }
- if [info exists env(KRB5_KTNAME)] {
- set gss_save_ktname $env(KRB5_KTNAME)
- }
-
- #
- # set KRB5CCNAME and KRB5_KTNAME
- #
- set env(KRB5_KTNAME) FILE:$tmppwd/keytab
- verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
- # Now start the gss-server.
- spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname
- set gss_server_pid [exp_pid]
- set gss_server_spawn_id $spawn_id
-
- expect {
- "starting" { }
- eof { perror "gss-server failed to start" }
- }
-
- run_client gssclient0 $tmppwd/gss_tk_0 gssclient0
- run_client gssclient1 $tmppwd/gss_tk_1 gssclient1
- run_client gssclient2 $tmppwd/gss_tk_2 gssclient2
- run_client gssclient3 $tmppwd/gss_tk_3 gssclient3
-
- stop_gss_server
- gss_restore_env
-
- if ![our_kdestroy $tmppwd/gss_tk_0] {
- perror "failed kdestroy gss_tk_0" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_1] {
- perror "failed kdestroy gss_tk_1" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_2] {
- perror "failed kdestroy gss_tk_2" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_3] {
- perror "failed kdestroy gss_tk_3" 0
- }
-
- catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
-
- return
-}
-
-set status [catch doit msg]
-
-stop_gss_server
-gss_restore_env
-stop_kerberos_daemons
-
-if { $status != 0 } {
- perror "error in gssapi.exp" 0
- perror $msg 0
-}
+++ /dev/null
-proc doit { } {
- global REALMNAME
- global KLIST
- global KINIT
- global KDESTROY
- global KEY
- global KADMIN_LOCAL
- global KTUTIL
- global hostname
- global tmppwd
- global spawn_id
- global supported_enctypes
- global KRBIV
- global portbase
- global mode
-
- set princ "expiredprinc"
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return 1
- }
-
- # Use kadmin to add a key.
- if ![add_kerberos_key $princ 0] {
- return 1
- }
-
- setup_kerberos_env kdc
-
- set test "kadmin.local modprinc -expire"
- spawn $KADMIN_LOCAL -q "modprinc -expire \"2 days ago\" $princ"
- catch expect_after
- expect {
- timeout {
- fail $test
- }
- eof {
- pass $test
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat ($test)"
- catch "close -i $spawn_id"
-
- set test "kadmin.local -pwexpire"
- spawn $KADMIN_LOCAL -q "modprinc -pwexpire \"2 days ago\" $princ"
- catch expect_after
- expect {
- timeout {
- fail $test
- }
- eof {
- pass $test
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat ($test)"
- catch "close -i $spawn_id"
-
- setup_kerberos_env client
- spawn $KINIT -5 -k -t /dev/null $princ
- expect {
- "entry in database has expired" {
- pass $test
- }
- "Password has expired" {
- fail "$test (inappropriate password expiration message)"
- }
- timeout {
- expect eof
- fail "$test (timeout)"
- return 0
- }
- eof {
- fail "$test (eof)"
- return 0
- }
- }
- expect eof
- return 0
-}
-
-run_once princexpire {
- # Set up the Kerberos files and environment.
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
- }
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is not being called from
- # standalone.exp.
- if ![setup_kerberos_db 0] {
- return
- }
-
- set status [catch doit msg]
-
- stop_kerberos_daemons
-
- if { $status != 0 } {
- send_error "ERROR: error in pwchange.exp\n"
- send_error "$msg\n"
- exit 1
- }
-}
+++ /dev/null
-# Test for the sample clients
-# This is a DejaGnu test script.
-# This script tests that sample user-user communication works.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists SSERVER] {
- set SSERVER [findfile $objdir/../../appl/sample/sserver/sserver]
-}
-if ![info exists SCLIENT] {
- set SCLIENT [findfile $objdir/../../appl/sample/sclient/sclient]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-proc start_sserver_daemon { inetd } {
- global spawn_id
- global sserver_pid
- global sserver_spawn_id
- global SSERVER
- global T_INETD
- global tmppwd
- global portbase
-
- # if inetd = 0, then we are running stand-alone
- if !{$inetd} {
- # Start the sserver
- spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
- set sserver_pid [exp_pid]
- set sserver_spawn_id $spawn_id
-
- verbose "sserver_spawn is $sserver_spawn_id" 1
-
- # Give sserver some time to start
- sleep 2
- } else {
- # Start the sserver
- spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/keytab
- set sserver_pid [exp_pid]
- set sserver_spawn_id $spawn_id
-
- verbose "sserver_spawn (t_inetd) is $sserver_spawn_id" 1
-
- expect {
- -ex "Ready!" { }
- eof { error "couldn't start t_inetd helper" }
- }
- }
-
- return 1
-}
-
-
-proc stop_sserver_daemon { } {
- global sserver_pid
- global sserver_spawn_id
-
- if [info exists sserver_pid] {
- catch "close -i $sserver_spawn_id"
- catch "exec kill $sserver_pid"
- wait -i $sserver_spawn_id
- unset sserver_pid
- }
-
- return 1
-}
-
-proc stop_check_sserver_daemon { } {
- global sserver_spawn_id
- global sserver_pid
-
- # Check the exit status of sserver - should exit here
- set status_list [wait -i $sserver_spawn_id]
- verbose "wait -i $sserver_spawn_id returned $status_list (sserver)"
- catch "close -i $sserver_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail "sserver"
- } else {
- pass "sserver"
- }
- # In either case the server shutdown
- unset sserver_pid
-}
-
-proc test_sclient { msg } {
- global REALMNAME
- global SCLIENT
- global hostname
- global spawn_id
- global portbase
-
- # Test the client
- spawn $SCLIENT $hostname [expr 8 + $portbase]
- verbose "sclient_spawn is $spawn_id" 1
-
- expect {
- "sendauth succeeded, reply is:" {
- verbose "Start proper message"
- }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- "You are krbtest/admin@$REALMNAME\r" {
- verbose "received valid sample message"}
- eof {
- fail $msg
- return 0
- }
- }
- # This last expect seems useless, but without it the test hangs on
- # NETBSD.
- expect {
- "\r" { }
- }
-
- if ![check_exit_status "ssample"] {
- return 0
- }
-
- return 1
-}
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global hostname
- global KEY
- global sserver_pid
- global sserver_spawn_id
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key sample/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a keytab entry for sample
- if ![setup_keytab 1 sample] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- run_once sample_standalone {
- if ![start_sserver_daemon 0 ] {
- return
- }
-
- if ![test_sclient sclient] {
- return
- }
-
- pass "sample - standalone"
-
- stop_check_sserver_daemon
- }
-
- if ![start_sserver_daemon 1 ] {
- return
- }
-
- if ![test_sclient sclient-inetd] {
- return
- }
-
- pass "sample - inetd"
-
- stop_check_sserver_daemon
- return
-}
-
-set status [catch doit msg]
-
-stop_sserver_daemon
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in sample.exp\n"
- send_error "$msg\n"
- exit 1
-}
+++ /dev/null
-# Test for the simple clients
-# This is a DejaGnu test script.
-# This script tests that krb-safe and krb-priv messages work.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists SIM_SERVER] {
- set SIM_SERVER [findfile $objdir/../../appl/simple/server/sim_server]
-}
-if ![info exists SIM_CLIENT] {
- set SIM_CLIENT [findfile $objdir/../../appl/simple/client/sim_client]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-proc start_sim_server_daemon { } {
- global spawn_id
- global sim_server_pid
- global sim_server_spawn_id
- global SIM_SERVER
- global T_INETD
- global tmppwd
- global portbase
-
- # Start the sim_server
- spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
- set sim_server_pid [exp_pid]
- set sim_server_spawn_id $spawn_id
-
- verbose "sim_server_spawn is $sim_server_spawn_id" 1
-
- expect {
- "starting" { }
- eof { perror "sim_server failed to start" }
- }
-
- return 1
-}
-
-
-proc stop_sim_server_daemon { } {
- global sim_server_pid
- global sim_server_spawn_id
-
- if [info exists sim_server_pid] {
- catch "close -i $sim_server_spawn_id"
- catch "exec kill $sim_server_pid"
- wait -i $sim_server_spawn_id
- unset sim_server_pid
- }
-
- return 1
-}
-
-proc stop_check_sim_server_daemon { } {
- global sim_server_spawn_id
- global sim_server_pid
-
- # Check the exit status of sim_server - should exit here
- set status_list [wait -i $sim_server_spawn_id]
- verbose "wait -i $sim_server_spawn_id returned $status_list (sim_server)"
- catch "close -i $sim_server_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail "sim_server"
- } else {
- pass "sim_server"
- }
- # In either case the server shutdown
- unset sim_server_pid
-}
-
-proc test_sim_client { msg } {
- global REALMNAME
- global SIM_CLIENT
- global hostname
- global spawn_id
- global portbase
- global sim_server_spawn_id
-
- # Test the client
- spawn $SIM_CLIENT -p [expr 8 + $portbase] $hostname
- verbose "sim_client_spawn is $spawn_id" 1
-
- expect {
- "Sent checksummed message: " {
- verbose "received safe message"
- }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- "Sent encrypted message: " {
- verbose "received private message"
- }
- eof {
- fail $msg
- return 0
- }
- }
- expect {
- "\r" { }
- }
-
- expect {
- -i $sim_server_spawn_id
- "Safe message is: 'hi there!'" { }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- -i $sim_server_spawn_id
- "Decrypted message is: 'hi there!'" { }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- if ![check_exit_status "simple"] {
- return 0
- }
-
- return 1
-}
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global hostname
- global KEY
- global sim_server_pid
- global sim_server_spawn_id
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key sample/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a keytab entry for sample
- if ![setup_keytab 1 sample] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- if ![start_sim_server_daemon] {
- return
- }
-
- if ![test_sim_client sim_client] {
- return
- }
-
- pass "simple - standalone"
-
- stop_check_sim_server_daemon
- return
-}
-
-set status [catch doit msg]
-
-stop_sim_server_daemon
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in simple.exp\n"
- send_error "$msg\n"
- exit 1
-}
+++ /dev/null
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global KADMIN_LOCAL
- global KTUTIL
- global hostname
- global tmppwd
- global spawn_id
- global supported_enctypes
- global KRBIV
- global portbase
- global mode
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- # Make sure that klist can see the ticket.
- if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
- return
- }
-
- # Destroy the ticket.
- spawn $KDESTROY -5
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "kdestroy"
-
- set response {}
- set got_response 0
- set kdcsock ""
- catch {
- send_log "connecting to $hostname [expr 3 + $portbase]\n"
- set kdcsock [socket $hostname [expr 3 + $portbase]]
- fconfigure $kdcsock -encoding binary -blocking 0 -buffering none
- puts -nonewline $kdcsock [binary format H* ffffffff]
- # XXX
- sleep 3
- set response [read $kdcsock]
- set got_response 1
- } msg
- if [string length $kdcsock] { catch "close $kdcsock" }
- if $got_response {
-# send_log [list sent length -1, got back $response]
-# send_log "\n"
- if [string length $response]>10 {
- pass "too-long TCP request"
- } else {
- send_log "response too short\n"
- fail "too-long TCP request"
- }
- } else {
- send_log "too-long connect/exchange failure: $msg\n"
- fail "too-long TCP request"
- }
-}
-
-set status 0
-run_once tcp {
- # Set up the Kerberos files and environment.
- set mode tcp
- reset_kerberos_files
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- set mode udp
- reset_kerberos_files
- return
- }
- # Reset now, for next time we write the config files.
- set mode udp
-
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is being called from here.
- if ![setup_kerberos_db 1] {
- reset_kerberos_files
- return
- }
-
- set status [catch doit msg]
-}
-
-reset_kerberos_files
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
realm = K5Realm(create_host=False)
+# Regression test for #6428 (KDC should prefer account expiration
+# error to password expiration error).
+mark('#6428 regression test')
+realm.run([kadminl, 'addprinc', '-randkey', '-pwexpire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+ expected_msg='Password has expired')
+realm.run([kadminl, 'modprinc', '-expire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+ expected_msg="Client's entry in database has expired")
+
# Regression test for #8454 (responder callback isn't used when
# preauth is not required).
mark('#8454 regression test')
_daemons.remove(proc)
+def await_daemon_exit(proc):
+ code = proc.wait()
+ _daemons.remove(proc)
+ if code != 0:
+ fail('Daemon process %d exited with status %d' % (proc.pid, code))
+
+
class K5Realm(object):
"""An object representing a functional krb5 test realm."""
port = self.server_port()
if env is None:
env = self.env
- inetd_args = [t_inetd, str(port)] + args
+ inetd_args = [t_inetd, str(port), args[0]] + args
return _start_daemon(inetd_args, env, 'Ready!')
def create_kdb(self):
projects / thirdparty / krb5.git / commitdiff
