From: Greg Hudson Date: Fri, 21 May 2021 02:59:47 +0000 (-0400) Subject: Remove dejagnu test suite X-Git-Tag: krb5-1.20-beta1~88 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1189%2Fhead;p=thirdparty%2Fkrb5.git Remove dejagnu test suite Of the remaining test scripts, kprop.exp has a corresponding Python script, and standalone.exp is covered by t_general.py, t_dump.py, t_keytab.py, and t_pkinit.py. --- diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d1042b7bf..4408df8f81 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: if: startsWith(matrix.os, 'ubuntu') run: | sudo apt-get update -qq - sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libresolv-wrapper libsasl2-dev libssl-dev python3-kdcproxy python3-pip slapd tcl-dev tcsh + sudo apt-get install -y bison gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libresolv-wrapper libsasl2-dev libssl-dev python3-kdcproxy python3-pip slapd tcl-dev tcsh pip3 install pyrad - name: Build env: diff --git a/.gitignore b/.gitignore index c37b33d0ce..a316321e9e 100644 --- a/.gitignore +++ b/.gitignore @@ -436,13 +436,6 @@ local.properties /src/tests/create/kdb5_mkdums -/src/tests/dejagnu/dbg.log -/src/tests/dejagnu/krb.log -/src/tests/dejagnu/krb.sum -/src/tests/dejagnu/runenv.vals -/src/tests/dejagnu/site.exp -/src/tests/dejagnu/tmpdir/ - /src/tests/gss-threads/gss-client /src/tests/gss-threads/gss-server diff --git a/doc/build/doing_build.rst b/doc/build/doing_build.rst index 4da1998369..59cb546cf8 100644 --- a/doc/build/doing_build.rst +++ b/doc/build/doing_build.rst @@ -99,24 +99,14 @@ start building Kerberos; see :ref:`do_build`):: make check -However, there are several prerequisites that must be satisfied first: - -* Configure and build Kerberos with Tcl support. Tcl is used to drive - the test suite. This often means passing **-**\ **-with-tcl** to - configure to tell it the location of the Tcl configuration - script. (See :ref:`options2configure`.) -* In addition to Tcl, DejaGnu must be available on the system for some - of the tests to run. The test suite will still run the other tests - if DejaGnu is not present, but the test coverage will be reduced - accordingly. -* On some operating systems, you have to run ``make install`` before - running ``make check``, or the test suite will pick up installed - versions of Kerberos libraries rather than the newly built ones. - You can install into a prefix that isn't in the system library - search path, though. Alternatively, you can configure with - **-**\ **-disable-rpath**, which renders the build tree less suitable for - installation, but allows testing without interference from - previously installed libraries. +On some operating systems, you have to run ``make install`` before +running ``make check``, or the test suite will pick up installed +versions of Kerberos libraries rather than the newly built ones. You +can install into a prefix that isn't in the system library search +path, though. Alternatively, you can configure with +**-**\ **-disable-rpath**, which renders the build tree less suitable +for installation, but allows testing without interference from +previously installed libraries. There are additional regression tests available, which are not run by ``make check``. These tests require manual setup and teardown of diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst index a8959626db..aeca87ffad 100644 --- a/doc/build/options2configure.rst +++ b/doc/build/options2configure.rst @@ -360,8 +360,6 @@ Optional packages **-**\ **-with-readline** Compile and link against GNU readline, as an alternative to libedit. - Building with readline breaks the dejagnu test suite, which is a - subset of the tests run by 'make check'. **-**\ **-with-system-verto** Use an installed version of libverto. If the libverto header and diff --git a/src/config/pre.in b/src/config/pre.in index b2d17b0778..3adbc4cf30 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -230,14 +230,6 @@ KRB5_INCSUBDIRS = \ SKIPTESTS = $(BUILDTOP)/skiptests -# Dejagnu variables. -# We have to set the host with --host so that setup_xfail will work. -# If we don't set it, then the host type used is "native", which -# doesn't match "*-*-*". -host=@krb5_cv_host@ -DEJAFLAGS = --debug --srcdir $(srcdir) --host $(host) -RUNTEST = runtest $(DEJAFLAGS) - RUNPYTEST = PYTHONPATH=$(top_srcdir)/util VALGRIND="$(VALGRIND)" \ $(PYTHON) diff --git a/src/configure.ac b/src/configure.ac index 4f16fee456..58bc50b413 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1175,14 +1175,6 @@ AC_SUBST(PKINIT) # for lib/apputils AC_REPLACE_FUNCS(daemon) -# for tests/ -if test x"$RUNTEST" != x; then - HAVE_RUNTEST=yes -else - HAVE_RUNTEST=no -fi -AC_SUBST(HAVE_RUNTEST) - # For Python tests. Python version 3.2.4 is required as prior # versions do not accept string input to subprocess.Popen.communicate # when universal_newlines is set. @@ -1364,7 +1356,6 @@ fi # Compile with libedit support in ss by default if available. Compile # with readline only if asked, to avoid a default GPL dependency. -# Building with readline also breaks the dejagnu test suite. AC_ARG_WITH([libedit], [AS_HELP_STRING([--without-libedit], [do not compile with libedit])], [], [with_libedit=default]) @@ -1571,5 +1562,5 @@ V5_AC_OUTPUT_MAKEFILE(. appl/gss-sample appl/user_user tests tests/asn.1 tests/create tests/hammer tests/verify tests/gssapi - tests/dejagnu tests/threads tests/shlib tests/gss-threads tests/misc + tests/threads tests/shlib tests/gss-threads tests/misc ) diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 02a3cc0a02..fc6fcc0c3b 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -1,7 +1,7 @@ mydir=tests BUILDTOP=$(REL).. -SUBDIRS = asn.1 create hammer verify gssapi dejagnu shlib gss-threads misc \ - threads softpkcs11 +SUBDIRS = asn.1 create hammer verify gssapi shlib gss-threads misc threads \ + softpkcs11 RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \ GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND) diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in deleted file mode 100644 index 8c301c506a..0000000000 --- a/src/tests/dejagnu/Makefile.in +++ /dev/null @@ -1,37 +0,0 @@ -mydir=tests$(S)dejagnu -BUILDTOP=$(REL)..$(S).. -RUNTEST = @RUNTEST@ $(DEJAFLAGS) -RUNTESTFLAGS = - -all: - -install: - -check: check-runtest-@HAVE_RUNTEST@ - -check-runtest-no: - @echo "+++" - @echo "+++ WARNING: tests/dejagnu tests not run." - @echo "+++ runtest is unavailable." - @echo "+++" - @echo 'Skipped dejagnu tests: runtest not found' >> $(SKIPTESTS) - -# Set VALGRIND at run time, that may be changed when running 'make'. -check-runtest-yes: site.exp - $(RUNTEST) --tool krb VALGRIND="$(VALGRIND)" $(RUNTESTFLAGS) - -clean: - $(RM) site.exp runenv.vars runenv.vals - -clean-unix:: - $(RM) -rf tmpdir dbg.log krb.log krb.sum - -runenv.vals: Makefile - $(RUN_SETUP); for i in $(RUN_VARS); do \ - eval echo "{$$i=\$$$$i}"; done > runenv.vals - -site.exp: runenv.vals Makefile - echo "set runvarlist [list `cat runenv.vals | tr '\n' ' '`]" | \ - sed -e 's%=\.%='`pwd`'/.%g' > site.exp - echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp - diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp deleted file mode 100644 index c298066fe8..0000000000 --- a/src/tests/dejagnu/config/default.exp +++ /dev/null @@ -1,2094 +0,0 @@ -# Basic expect script for Kerberos tests. -# This is a DejaGnu test script. -# Written by Ian Lance Taylor, Cygnus Support, . -# This script is automatically run by DejaGnu before running any of -# the Kerberos test scripts. - -# This file provides several functions which deal with a local -# Kerberos database. We have to do this such that we don't interfere -# with any existing Kerberos database. We will create all the files -# in the directory $tmppwd, which will have been created by the -# testsuite default script. We will use $REALMNAME as our Kerberos -# realm name, defaulting to KRBTEST.COM. - -set timeout 100 -set stty_init {erase \^h kill \^u} -set env(TERM) dumb - -set des3_krbtgt 0 - -if { [string length $VALGRIND] } { - rename spawn valgrind_aux_spawn - proc spawn { args } { - global VALGRIND - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - # Only run valgrind for local programs, not - # system ones. -#&&![string match "/bin/sh" $arg] sh is used to start kadmind! - if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] { - set newargs [concat $newargs $VALGRIND] - } - } - lappend newargs $arg - } - set pid [eval valgrind_aux_spawn $newargs] - return $pid - } -} - -# Hack around Solaris 9 kernel race condition that causes last output -# from a pty to get dropped. -if { $PRIOCNTL_HACK } { - catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]} - rename spawn oldspawn - proc spawn { args } { - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - set newargs [concat $newargs {priocntl -e -c FX -p 0}] - } - lappend newargs $arg - } - set pid [eval oldspawn $newargs] - return $pid - } -} - -# The names of the individual passes must be unique; lots of things -# depend on it. The PASSES variable may not contain comments; only -# small pieces get evaluated, so comments will do strange things. - -# Most of the purpose of using multiple passes is to exercise the -# dependency of various bugs on configuration file settings, -# particularly with regards to encryption types. - -set passes { - { - des3 - mode=udp - des3_krbtgt=1 - {supported_enctypes=des3-cbc-sha1:normal} - {dummy=[verbose -log "DES3 TGT, DES3 enctype"]} - } - { - aes-only - mode=udp - des3_krbtgt=0 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96} - {allow_weak_crypto(kdc)=false} - {allow_weak_crypto(replica)=false} - {allow_weak_crypto(client)=false} - {allow_weak_crypto(server)=false} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES enctypes"]} - } - { - aes-sha2-only - mode=udp - des3_krbtgt=0 - {supported_enctypes=aes256-sha2:normal} - {permitted_enctypes(kdc)=aes256-sha2} - {permitted_enctypes(replica)=aes256-sha2} - {permitted_enctypes(client)=aes256-sha2} - {permitted_enctypes(server)=aes256-sha2} - {allow_weak_crypto(kdc)=false} - {allow_weak_crypto(replica)=false} - {allow_weak_crypto(client)=false} - {allow_weak_crypto(server)=false} - {master_key_type=aes256-sha2} - {dummy=[verbose -log "aes256-sha2 enctype"]} - } - { - camellia-only - mode=udp - des3_krbtgt=0 - {supported_enctypes=camellia256-cts:normal} - {permitted_enctypes(kdc)=camellia256-cts} - {permitted_enctypes(replica)=camellia256-cts} - {permitted_enctypes(client)=camellia256-cts} - {permitted_enctypes(server)=camellia256-cts} - {allow_weak_crypto(kdc)=false} - {allow_weak_crypto(replica)=false} - {allow_weak_crypto(client)=false} - {allow_weak_crypto(server)=false} - {master_key_type=camellia256-cts} - {dummy=[verbose -log "Camellia-256 enctype"]} - } - { - aes-des3 - mode=udp - des3_krbtgt=0 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES + DES3 + DES enctypes"]} - } - { - aes-des3tgt - mode=udp - des3_krbtgt=1 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES enctypes, DES3 TGT"]} - } - { - all-enctypes - mode=udp - des3_krbtgt=0 - {allow_weak_crypto(kdc)=false} - {allow_weak_crypto(replica)=false} - {allow_weak_crypto(client)=false} - {allow_weak_crypto(server)=false} - {dummy=[verbose -log "all default enctypes"]} - } -} - -# This shouldn't be necessary on dejagnu-1.4 and later, but 1.3 seems -# to need it because its runtest.exp doesn't deal with PASS at all. -if [info exists PASS] { - foreach pass $passes { - if { [lsearch -exact $PASS [lindex $pass 0]] >= 0 } { - lappend MULTIPASS $pass - } - } -} else { - set MULTIPASS $passes -} - -set last_passname_conf "" -set last_passname_db "" - -# We do everything in a temporary directory. -if ![info exists TMPDIR] { - set tmppwd "[pwd]/tmpdir" - if ![file isdirectory $tmppwd] { - catch "exec mkdir $tmppwd" status - } -} else { - set tmppwd $TMPDIR -} -verbose "tmppwd=$tmppwd" - -# On Ultrix, use /bin/sh5 in preference to /bin/sh. -if ![info exists BINSH] { - if [file exists /bin/sh5] { - set BINSH /bin/sh5 - } else { - set BINSH /bin/sh - } -} - -# For security, we must not use generally known passwords. This is -# because some of the tests may be run as root. If the passwords were -# generally know, then somebody could work out the appropriate -# Kerberos ticket to use, and come in when, say, the telnetd daemon -# was being tested by root. The window for doing this is very very -# small, so the password does not have to be perfect, it just can't be -# constant. -if ![info exists KEY] { - catch {exec $BINSH -c "echo $$"} KEY - verbose "KEY is $KEY" - set keyfile [open $tmppwd/KEY w] - puts $keyfile "$KEY" - close $keyfile -} - -# Clear away any files left over from a previous run. -# We can't use them now because we don't know the right KEY. -# krb5.conf might change if running tests on another host -file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/replica.conf \ - $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \ - $tmppwd/krb5.kdc.conf $tmppwd/krb5.replica.conf - -proc delete_db {} { - global tmppwd - # Master and replica db files - file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \ - $tmppwd/kdc-db.kadm5.lock $tmppwd/kdc-db.mdb $tmppwd/kdc-db.mdb-lock \ - $tmppwd/kdc-db.lockout.mdb $tmppwd/kdc-db.lockout.mdb-lock \ - $tmppwd/kdc-db.ulog \ - $tmppwd/replica-db $tmppwd/replica-db.ok $tmppwd/replica-db.kadm5 $tmppwd/replica-db.kadm5.lock \ - $tmppwd/replica-db~ $tmppwd/replica-db~.ok $tmppwd/replica-db~.kadm5 $tmppwd/replica-db~.kadm5.lock - # Creating a new database invalidates the keytab and ccache. - file delete $tmppwd/keytab $tmppwd/tkt -} - -delete_db - -# Put the installed kerberos directories on PATH. -# This needs to be fixed for V5. -# set env(PATH) $env(PATH):/usr/kerberos/bin:/usr/kerberos/etc -# verbose "PATH=$env(PATH)" - -# Some of the tests expect $env(USER) to be set. -if ![info exists env(USER)] { - if [info exists env(LOGNAME)] { - set env(USER) $env(LOGNAME) - } else { - if [info exists logname] { - set env(USER) $logname - } else { - catch "exec whoami" env(USER) - } - } -} - -# set the realm. The user can override this on the runtest line. -if ![info exists REALMNAME] { - set REALMNAME "KRBTEST.COM" -} -verbose "Test realm is $REALMNAME" - -# Find some programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be ...tests/dejagnu. - -foreach i { - {KDB5_UTIL $objdir/../../kadmin/dbutil/kdb5_util} - {KRB5KDC $objdir/../../kdc/krb5kdc} - {KADMIND $objdir/../../kadmin/server/kadmind} - {KADMIN $objdir/../../kadmin/cli/kadmin} - {KADMIN_LOCAL $objdir/../../kadmin/cli/kadmin.local} - {KINIT $objdir/../../clients/kinit/kinit} - {KTUTIL $objdir/../../kadmin/ktutil/ktutil} - {KLIST $objdir/../../clients/klist/klist} - {KDESTROY $objdir/../../clients/kdestroy/kdestroy} - {T_INETD $objdir/../t_inetd} - {KPROPLOG $objdir/../../kprop/kproplog} - {KPASSWD $objdir/../../clients/kpasswd/kpasswd} - {KPROPD $objdir/../../kprop/kpropd} - {KPROP $objdir/../../kprop/kprop} -} { - set varname [lindex $i 0] - if ![info exists $varname] { - eval set varval [lindex $i 1] - set varval [findfile $varval] - set $varname $varval - verbose "$varname=$varval" - } { - eval set varval \$$varname - verbose "$varname already set to $varval" - } -} - -verbose "setting up onexit handler (old handler=[exit -onexit])" -exit -onexit [concat { - verbose "calling stop_kerberos_daemons (onexit handler)" - stop_kerberos_daemons; -} [exit -onexit]] - -# run_once - -# Many tests are independent of the actual enctypes used, which is -# what our passes are (currently) all about. Use this to prevent -# multiple invocations. If a test depends on, say, the master key -# type but nothing else, you could also use the master key type in the -# tag name, and avoid redundant tests in additional passes using the -# same master key type. - -proc run_once { tag body } { - global run_once_tags - if ![info exists run_once_tags($tag)] { - set run_once_tags($tag) 1 - uplevel 1 $body - } -} - -# check_exit_status -# Check the exit status of a spawned program (using the caller's value -# of spawn_id). Returns 1 if the program succeeded, 0 if it failed. - -proc check_exit_status { testname } { - upvar 1 spawn_id spawn_id - - verbose "about to wait ($testname)" - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list ($testname)" - catch "close -i $spawn_id" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { - verbose -log "exit status: $status_list" - fail "$testname" - return 0 - } else { - return 1 - } -} - -# -# ENVSTACK -# - -# These procedures implement an environment variable stack. They use -# the global variable $envvars_tosave for the purpose of identifying -# which environment variables to save. They also track which ones are -# unset at any particular point. The stack pointer is $envstackp, -# which is an integer. The arrays $envstack$envstackp and -# $unenvstack$envstackp store respectively the set of old environment -# variables/values pushed onto the stack and the set of old unset -# environment variables for a given value of $envstackp. - -# Changing the value of $envvars_tosave after performing the first -# push operation may result in strangeness. - -# -# envstack_push -# -# Push set of current environment variables. -# -proc envstack_push { } { - global env - global envvars_tosave - global envstackp - global envstack$envstackp - global unenvstack$envstackp - - verbose "envstack_push: starting, sp=$envstackp" - foreach i $envvars_tosave { - if [info exists env($i)] { - verbose "envstack_push: saving $i=$env($i)" - set envstack${envstackp}($i) $env($i) - } { - verbose "envstack_push: marking $i as unset" - set unenvstack${envstackp}($i) unset - } - } - incr envstackp - verbose "envstack_push: exiting, sp=$envstackp" -} - -# -# envstack_pop -# -# Pop set of current environment variables. -# -proc envstack_pop { } { - global env - global envstackp - - verbose "envstack_pop: starting, sp=$envstackp" - incr envstackp -1 - global envstack$envstackp # YUCK!!! no obvious better way though... - global unenvstack$envstackp - if {$envstackp < 0} { - perror "envstack_pop: stack underflow!" - return - } - if [info exists envstack$envstackp] { - foreach i [array names envstack$envstackp] { - if [info exists env($i)] { - verbose "envstack_pop: $i was $env($i)" - } - eval set env($i) \$envstack${envstackp}($i) - verbose "envstack_pop: restored $i to $env($i)" - } - unset envstack$envstackp - } - if [info exists unenvstack$envstackp] { - foreach i [array names unenvstack$envstackp] { - if [info exists env($i)] { - verbose "envstack_pop: $i was $env($i)" - unset env($i) - verbose "envstack_pop: $i unset" - } { - verbose "envstack_pop: ignoring already unset $i" - } - } - unset unenvstack$envstackp - } - verbose "envstack_pop: exiting, sp=$envstackp" -} - -# -# Initialize the envstack -# -set envvars_tosave { - KRB5_CONFIG KRB5CCNAME KRB5_CLIENT_KTNAME KRB5RCACHEDIR KRB5_KDC_PROFILE - GSS_MECH_CONFIG -} -set krb5_init_vars [list ] -# XXX -- fix me later! -foreach i $runvarlist { - verbose "processing $i" - if {[regexp "^(\[^=\]*)=(.*)" $i foo evar evalue]} { - verbose "adding $evar to savelist" - lappend envvars_tosave $evar - verbose "savelist $envvars_tosave" - lappend krb5_init_vars $i - } - # Make sure we don't get confused by translated messages - # or localized times. - lappend envvars_tosave "LC_ALL" - lappend krb5_init_vars "LC_ALL=C" -} -set envstackp 0 -envstack_push - -# setup_runtime_flags -# Sets the proper flags for shared libraries. -# Configuration is through a site.exp and the runvarlist variable -# Returns 1 if variables were already set, otherwise 0 -proc setup_runtime_env { } { - global env - global krb5_init_vars - - # Set the variables - foreach i $krb5_init_vars { - regexp "^(\[^=\]*)=(.*)" $i foo evar evalue - set env($evar) "$evalue" - verbose "$evar=$evalue" - } - return 0 -} - -# get_hostname -# This procedure sets the global variable hostname to the local -# hostname as seen by krb5_sname_to_principal. Returns 1 on success, -# 0 on failure. - -proc get_hostname { } { - global hostname - global tmppwd - - if {[info exists hostname]} { - return 1 - } - - envstack_push - setup_runtime_env - catch "exec hostname >$tmppwd/hostname" exec_output - envstack_pop - if ![string match "" $exec_output] { - verbose -log $exec_output - perror "can't get hostname" - return 0 - } - set file [open $tmppwd/hostname r] - if { [ gets $file hostname ] == -1 } { - perror "no output from hostname" - return 0 - } - close $file - file delete $tmppwd/hostname - - set hostname [string tolower $hostname] - - return 1 -} - -# modify_principal name options... - -proc modify_principal { name args } { - global KADMIN_LOCAL - global REALMNAME - - envstack_push - setup_kerberos_env kdc - spawn $KADMIN_LOCAL -r $REALMNAME - envstack_pop - expect_after { - eof { - fail "modprinc (kadmin.local)" - return 0 - } - timeout { - fail "modprinc (kadmin.local)" - return 0 - } - } - expect "kadmin.local: " - send "modprinc $args $name\r" - expect -re "modprinc \[^\n\r\]* $name" - expect -re "Principal .* modified." - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status "kadmin.local modprinc"] { - perror "kadmin.local modprinc exited abnormally" - } - return 1 -} - -# kdc listens on +0..+3, depending whether we're testing reachable or not -# client tries +1 and +6 -# kadmind +4 -# kpasswd +5 -# (nothing) +6 -# application servers (krlogind, telnetd, krshd, ftpd, etc) +8 -# iprop +9 (if enabled) -# kpropd +10 -if [info exists PORTBASE] { - set portbase $PORTBASE -} else { - set portbase 3085 -} - -set ulog 0 - -# setup_kerberos_files -# This procedure will create some Kerberos files which must be created -# manually before trying to run any Kerberos programs. Returns 1 on -# success, 0 on failure. - -proc setup_kerberos_files { } { - global REALMNAME - global hostname - global tmppwd - global supported_enctypes - global last_passname_conf - global multipass_name - global master_key_type - global mode - global portbase - global ulog - - if ![get_hostname] { - return 0 - } - - setup_krb5_conf client - setup_krb5_conf server - setup_krb5_conf kdc - setup_krb5_conf replica - - # Create a kdc.conf file. - if { ![file exists $tmppwd/kdc.conf] \ - || $last_passname_conf != $multipass_name } { - set conffile [open $tmppwd/kdc.conf w] - puts $conffile "\[kdcdefaults\]" - puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" - puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" - puts $conffile "" - puts $conffile "\[realms\]" - puts $conffile " $REALMNAME = \{" - # Testing with a colon in the name exercises default handling - # for pathnames. - puts $conffile " key_stash_file = $tmppwd/stash:foo" - puts $conffile " acl_file = $tmppwd/acl" - puts $conffile " kadmind_port = [expr 4 + $portbase]" - puts $conffile " kpasswd_port = [expr 5 + $portbase]" - puts $conffile " max_life = 1:00:00" - puts $conffile " max_renewable_life = 3:00:00" - if [info exists master_key_type] { - puts $conffile " master_key_type = $master_key_type" - } - puts $conffile " master_key_name = master/key" - if [info exists supported_enctypes] { - puts $conffile " supported_enctypes = $supported_enctypes" - } - if { $mode == "tcp" } { - puts $conffile " kdc_listen = [expr 3 + $portbase]" - puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]" - } else { - puts $conffile " kdc_listen = [expr 1 + $portbase]" - puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]" - } - puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" - puts $conffile " default_principal_flags = -postdateable forwardable" - puts $conffile " dict_file = $tmppwd/dictfile" - if { $ulog != 0 } { - puts $conffile " iprop_enable = true" - puts $conffile " iprop_port = [expr 9 + $portbase]" - puts $conffile " iprop_logfile = $tmppwd/db.ulog" - } else { - puts $conffile "# no ulog" - } - puts $conffile " \}" - puts $conffile "" - close $conffile - } - - # Create a config file for the replica KDC (kpropd only, no normal - # KDC processes). - if { ![file exists $tmppwd/replica.conf] \ - || $last_passname_conf != $multipass_name } { - set conffile [open $tmppwd/replica.conf w] - puts $conffile "\[kdcdefaults\]" - puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" - puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" - puts $conffile "" - puts $conffile "\[realms\]" - puts $conffile " $REALMNAME = \{" - # Testing with a colon in the name exercises default handling - # for pathnames. - puts $conffile " key_stash_file = $tmppwd/replica-stash" - puts $conffile " acl_file = $tmppwd/replica-acl" - puts $conffile " kadmind_port = [expr 4 + $portbase]" - puts $conffile " kpasswd_port = [expr 5 + $portbase]" - puts $conffile " max_life = 1:00:00" - puts $conffile " max_renewable_life = 3:00:00" - if [info exists master_key_type] { - puts $conffile " master_key_type = $master_key_type" - } - puts $conffile " master_key_name = master/key" - if [info exists supported_enctypes] { - puts $conffile " supported_enctypes = $supported_enctypes" - } - if { $mode == "tcp" } { - puts $conffile " kdc_listen = [expr 3 + $portbase]" - puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]" - } else { - puts $conffile " kdc_listen = [expr 1 + $portbase]" - puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]" - } - puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" - puts $conffile " default_principal_flags = -postdateable forwardable" - puts $conffile " dict_file = $tmppwd/dictfile" - if { $ulog != 0 } { - puts $conffile " iprop_enable = true" - puts $conffile " iprop_port = [expr 9 + $portbase]" - puts $conffile " iprop_logfile = $tmppwd/replica-db.ulog" - } else { - puts $conffile "# no ulog" - } - puts $conffile " \}" - puts $conffile "" - close $conffile - } - - # Create ACL file. - set aclfile [open $tmppwd/acl w] - puts $aclfile "krbtest/admin@$REALMNAME *" - puts $aclfile "kiprop/$hostname@$REALMNAME p" - close $aclfile - - # Create dictfile file. - if ![file exists $tmppwd/dictfile] { - set dictfile [open $tmppwd/dictfile w] - puts $dictfile "weak_password" - close $dictfile - } - - set last_passname_conf $multipass_name - return 1 -} - -proc reset_kerberos_files { } { - global tmppwd - file delete $tmppwd/kdc.conf $tmppwd/replica.conf \ - $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \ - $tmppwd/krb5.kdc.conf - setup_kerberos_files -} - -proc setup_krb5_conf { {type client} } { - global tmppwd - global hostname - global REALMNAME - global last_passname_conf - global multipass_name - global default_tgs_enctypes - global default_tkt_enctypes - global permitted_enctypes - global allow_weak_crypto - global mode - global portbase - global srcdir - global env - - set pkinit_certs [findfile "[pwd]/$srcdir/../pkinit-certs" "$srcdir/../pkinit-certs"] - # Create a krb5.conf file. - if { ![file exists $tmppwd/krb5.$type.conf] \ - || $last_passname_conf != $multipass_name } { - set conffile [open $tmppwd/krb5.$type.conf w] - puts $conffile "\[libdefaults\]" - puts $conffile " default_realm = $REALMNAME" - puts $conffile " dns_lookup_kdc = false" - puts $conffile " dns_canonicalize_hostname = fallback" - puts $conffile " qualify_shortname = \"\"" - if [info exists allow_weak_crypto($type)] { - puts $conffile " allow_weak_crypto = $allow_weak_crypto($type)" - } else { - puts $conffile " allow_weak_crypto = true" - } - puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem" - if [info exists default_tgs_enctypes($type)] { - puts $conffile \ - " default_tgs_enctypes = $default_tgs_enctypes($type)" - } - if [info exists default_tkt_enctypes($type)] { - puts $conffile \ - " default_tkt_enctypes = $default_tkt_enctypes($type)" - } - if [info exists permitted_enctypes($type)] { - puts $conffile \ - " permitted_enctypes = $permitted_enctypes($type)" - } - if { $mode == "tcp" } { - puts $conffile " udp_preference_limit = 1" - } - puts $conffile " plugin_base_dir = $tmppwd/../../../plugins" - puts $conffile "" - puts $conffile "\[realms\]" - puts $conffile " $REALMNAME = \{" - # There's probably nothing listening here. It would be a good - # test for the handling of a non-responsive KDC address. However, - # on some systems, like Tru64, we often wind up with the client's - # socket bound to this address, causing our request to appear in - # our incoming queue as if it were a response, which causes test - # failures. If we were running the client and KDC on different - # hosts, this would be okay.... - #puts $conffile " kdc = $hostname:[expr 6 + $portbase]" - puts $conffile " pkinit_identity = FILE:$pkinit_certs/kdc.pem,$pkinit_certs/privkey.pem" - puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem" - puts $conffile " kdc = $hostname:[expr 1 + $portbase]" - puts $conffile " admin_server = $hostname:[expr 4 + $portbase]" - puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]" - puts $conffile " database_module = db" - puts $conffile " \}" - puts $conffile "" - puts $conffile "\[domain_realm\]" - puts $conffile " $hostname = $REALMNAME" - puts $conffile "" - puts $conffile "\[logging\]" - puts $conffile " admin_server = FILE:$tmppwd/kadmind5.log" - puts $conffile " kdc = FILE:$tmppwd/kdc.log" - puts $conffile " default = FILE:$tmppwd/others.log" - puts $conffile "" - puts $conffile "\[dbmodules\]" - puts $conffile " db_module_dir = $tmppwd/../../../plugins/kdb" - puts $conffile " db = {" - if [info exists env(K5TEST_LMDB)] { - puts $conffile " db_library = klmdb" - puts $conffile " nosync = true" - } else { - puts $conffile " db_library = db2" - } - puts $conffile " database_name = $tmppwd/$type-db" - puts $conffile " }" - close $conffile - } -} - -# Save the original values of the environment variables we are going -# to muck with. - -# XXX deal with envstack later. - -if [info exists env(KRB5_CONFIG)] { - set orig_krb5_conf $env(KRB5_CONFIG) -} else { - catch "unset orig_krb5_config" -} - -if [info exists env(KRB5CCNAME)] { - set orig_krb5ccname $env(KRB5CCNAME) -} else { - catch "unset orig_krb5ccname" -} - -if [info exists env(KRB5_CLIENT_KTNAME)] { - set orig_krb5clientktname $env(KRB5_CLIENT_KTNAME) -} else { - catch "unset orig_krb5clientktname" -} - -if [ info exists env(KRB5RCACHEDIR)] { - set orig_krb5rcachedir $env(KRB5RCACHEDIR) -} else { - catch "unset orig_krb5rcachedir" -} - -if [ info exists env(GSS_MECH_CONFIG)] { - set orig_gss_mech_config $env(GSS_MECH_CONFIG) -} else { - catch "unset orig_gss_mech_config" -} - -# setup_kerberos_env -# Set the environment variables needed to run Kerberos programs. - -proc setup_kerberos_env { {type client} } { - global REALMNAME - global env - global tmppwd - global hostname - global krb5_init_vars - global portbase - - # Set the environment variable KRB5_CONFIG to point to our krb5.conf file. - # All the Kerberos tools check KRB5_CONFIG. - # Actually, V5 doesn't currently use this. - set env(KRB5_CONFIG) $tmppwd/krb5.$type.conf - verbose "KRB5_CONFIG=$env(KRB5_CONFIG)" - - # Direct the Kerberos programs at a local ticket file. - set env(KRB5CCNAME) $tmppwd/tkt - verbose "KRB5CCNAME=$env(KRB5CCNAME)" - - # Direct the Kerberos programs at a local client keytab. - set env(KRB5_CLIENT_KTNAME) $tmppwd/client_keytab - verbose "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)" - - # Direct the Kerberos server at a cache file stored in the - # temporary directory. - set env(KRB5RCACHEDIR) $tmppwd - verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)" - - # Direct the GSS library at a nonexistent file in the temporary - # directory, to avoid interference from system configuration. - set env(GSS_MECH_CONFIG) $tmppwd/mech.conf - verbose "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)" - - # Get the run time environment variables... (including LD_LIBRARY_PATH) - setup_runtime_env - - # Set our kdc config file, if needed. - switch $type { - client - - server { catch {unset env(KRB5_KDC_PROFILE)} } - kdc { set env(KRB5_KDC_PROFILE) $tmppwd/kdc.conf } - replica { set env(KRB5_KDC_PROFILE) $tmppwd/replica.conf } - default { error "unknown config file type $type" } - } - if [info exists env(KRB5_KDC_PROFILE)] { - verbose "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" - } - - # Create an environment setup script. (For convenience) - if ![file exists $tmppwd/$type-env.sh] { - set envfile [open $tmppwd/$type-env.sh w] - puts $envfile "KRB5_CONFIG=$env(KRB5_CONFIG)" - puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)" - puts $envfile "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)" - puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)" - puts $envfile "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)" - if [info exists env(KRB5_KDC_PROFILE)] { - puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" - } else { - puts $envfile "unset KRB5_KDC_PROFILE" - } - puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR" - puts $envfile "export KRB5_KDC_PROFILE KRB5_CLIENT_KTNAME" - puts $envfile "export GSS_MECH_CONFIG" - foreach i $krb5_init_vars { - regexp "^(\[^=\]*)=(.*)" $i foo evar evalue - puts $envfile "$evar=$env($evar)" - puts $envfile "export $evar" - } - close $envfile - } - if ![file exists $tmppwd/$type-env.csh] { - set envfile [open $tmppwd/$type-env.csh w] - puts $envfile "setenv KRB5_CONFIG $env(KRB5_CONFIG)" - puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)" - puts $envfile "setenv KRB5_CLIENT_KTNAME $env(KRB5_CLIENT_KTNAME)" - puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)" - puts $envfile "setenv GSS_MECH_CONFIG $env(GSS_MECH_CONFIG)" - if [info exists env(KRB5_KDC_PROFILE)] { - puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)" - } else { - puts $envfile "unsetenv KRB5_KDC_PROFILE" - } - foreach i $krb5_init_vars { - regexp "^(\[^=\]*)=(.*)" $i foo evar evalue - puts $envfile "setenv $evar $env($evar)" - } - close $envfile - } - return 1 -} - -# setup_kerberos_db -# Initialize the Kerberos database. If the argument is non-zero, call -# pass at relevant points. Returns 1 on success, 0 on failure. - -proc setup_kerberos_db { standalone } { - global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY - global tmppwd hostname - global spawn_id - global des3_krbtgt - global multipass_name last_passname_db - - set failall 0 - - if {!$standalone && [file exists $tmppwd/kdc-db.ok] \ - && $last_passname_db == $multipass_name} { - return 1 - } - - delete_db - - envstack_push - if { ![setup_kerberos_files] || ![setup_kerberos_env kdc] } { - set failall 1 - } - - # Set up a common expect_after for use in multiple places. - set def_exp_after { - timeout { - set test "$test (timeout)" - break - } - eof { - set test "$test (eof)" - break - } - } - - set test "kdb5_util create" - set body { - if $failall { - break - } - #exec xterm - verbose "starting $test" - spawn $KDB5_UTIL -r $REALMNAME create -W - expect_after $def_exp_after - - expect "Enter KDC database master key:" - - set test "kdb5_util create (verify)" - send "masterkey$KEY\r" - expect "Re-enter KDC database master key to verify:" - - set test "kdb5_util create" - send "masterkey$KEY\r" - expect { - -re "\[Cc\]ouldn't" { - expect eof - break - } - "Cannot find/read stored" exp_continue - "Warning: proceeding without master key" exp_continue - eof { } - } - catch expect_after - if ![check_exit_status kdb5_util] { - break - } - } - set ret [catch $body] - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } - } else { - if $standalone { - pass $test - } - } - - # Stash the master key in a file. - set test "kdb5_util stash" - set body { - if $failall { - break - } - spawn $KDB5_UTIL -r $REALMNAME stash - verbose "starting $test" - expect_after $def_exp_after - expect "Enter KDC database master key:" - send "masterkey$KEY\r" - expect eof - catch expect_after - if ![check_exit_status kdb5_util] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } else { - delete_db - } - } else { - if $standalone { - pass $test - } - } - - # Add an admin user. - set test "kadmin.local ank krbtest/admin" - set body { - if $failall { - break - } - spawn $KADMIN_LOCAL -r $REALMNAME - verbose "starting $test" - expect_after $def_exp_after - - expect "kadmin.local: " - send "ank krbtest/admin@$REALMNAME\r" - # It echos... - expect "ank krbtest/admin@$REALMNAME\r" - expect "Enter password for principal \"krbtest/admin@$REALMNAME\":" - send "adminpass$KEY\r" - expect "Re-enter password for principal \"krbtest/admin@$REALMNAME\":" - send "adminpass$KEY\r" - expect { - "Principal \"krbtest/admin@$REALMNAME\" created" { } - "Principal or policy already exists while creating*" { } - } - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status kadmin_local] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } else { - delete_db - } - } else { - if $standalone { - pass $test - } - } - - # Add an incremental-propagation service. - set test "kadmin.local ank krbtest/fast" - set body { - if $failall { - break - } - spawn $KADMIN_LOCAL -r $REALMNAME - verbose "starting $test" - expect_after $def_exp_after - - expect "kadmin.local: " - send "ank +requires_preauth krbtest/fast@$REALMNAME\r" - expect "Enter password for principal \"krbtest/fast@$REALMNAME\":" - send "adminpass$KEY\r" - expect "Re-enter password for principal \"krbtest/fast@$REALMNAME\":" - send "adminpass$KEY\r" - expect { - "Principal \"krbtest/fast@$REALMNAME\" created" { } - "Principal or policy already exists while creating*" { } - } - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status kadmin_local] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } else { - delete_db - } - } else { - if $standalone { - pass $test - } - } - - if $des3_krbtgt { - # Set the TGT key to DES3. - set test "kadmin.local TGT to DES3" - set body { - if $failall { - break - } - spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal - verbose "starting $test" - expect_after $def_exp_after - - expect "kadmin.local: " - send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" - # It echos... - expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" - expect { - "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } - } - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status kadmin_local] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } else { - delete_db - } - } else { - if $standalone { - pass $test - } - } - } - envstack_pop - - # create the admin database lock file - catch "exec touch $tmppwd/adb.lock" - - set last_passname_db $multipass_name - return 1 -} - -# setup_replica_db -# Initialize the replica Kerberos database. Returns 1 on success, 0 on -# failure. - -proc setup_replica_db { } { - global REALMNAME - global KDB5_UTIL - global KADMIN_LOCAL - global KEY - global tmppwd - global spawn_id - - set failall 0 - - envstack_push - if { ![setup_kerberos_files] || ![setup_kerberos_env replica] } { - set failall 1 - } - - # Set up a common expect_after for use in multiple places. - set def_exp_after { - timeout { - set test "$test (timeout)" - break - } - eof { - set test "$test (eof)" - break - } - } - - set test "replica kdb5_util create " - set body { - if $failall { - break - } - #exec xterm - verbose "starting $test" - spawn $KDB5_UTIL -r $REALMNAME create -W - expect_after $def_exp_after - - expect "Enter KDC database master key:" - - set test "replica kdb5_util create (verify)" - send "masterkey$KEY\r" - expect "Re-enter KDC database master key to verify:" - - set test "replica kdb5_util create" - send "masterkey$KEY\r" - expect { - -re "\[Cc\]ouldn't" { - expect eof - break - } - "Cannot find/read stored" exp_continue - "Warning: proceeding without master key" exp_continue - eof { } - } - catch expect_after - if ![check_exit_status kdb5_util] { - break - } - } - set ret [catch $body] - catch expect_after - if $ret { - set failall 1 - } - - # Stash the master key in a file. - set test "replica kdb5_util stash" - set body { - if $failall { - break - } - spawn $KDB5_UTIL -r $REALMNAME stash - verbose "starting $test" - expect_after $def_exp_after - expect "Enter KDC database master key:" - send "masterkey$KEY\r" - expect eof - catch expect_after - if ![check_exit_status kdb5_util] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - delete_db - } - - if !$failall { - # create the admin database lock file - catch "exec touch $tmppwd/replica-adb.lock" - } - - return [expr !$failall] -} - -proc start_kpropd {} { - global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd - global spawn_id - - envstack_push - setup_kerberos_env replica - spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/keytab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl - set kpropd_pid [exp_pid] - set kpropd_spawn_id $spawn_id - envstack_pop -} - -# start_kerberos_daemons -# A procedure to build a Kerberos database and start up the kerberos -# and kadmind daemons. This sets the global variables kdc_pid, -# kdc_spawn_id, kadmind_pid, and kadmind_spawn_id. The procedure -# stop_kerberos_daemons should be used to stop the daemons. If the -# argument is non-zero, call pass at relevant points. Returns 1 on -# success, 0 on failure. - -proc start_kerberos_daemons { standalone } { - global REALMNAME - global KRB5KDC - global KADMIND - global KEY - global kdc_pid - global kdc_spawn_id - global kadmind_pid - global kadmind_spawn_id - global tmppwd - global env - global timeout - - if ![setup_kerberos_db 0] { - return 0 - } - - if {$standalone} { - file delete $tmppwd/krb.log $tmppwd/kadmind.log $tmppwd/krb5kdc_rcache - } - - # Start up the kerberos daemon - # Why are we doing all this with the log file you may ask. - # We need a handle on when the server starts. If we log the output - # of the server to say stderr, then if we stop looking for output, - # buffers will fill and the server will stop working.... - # So, we look to see when a line is added to the log file and then - # check it.. - # The same thing is done a little later for the kadmind - set kdc_lfile $tmppwd/kdc.log - set kadmind_lfile $tmppwd/kadmind5.log - set kdc_pidfile $tmppwd/kdc.pid - set kadmind_pidfile $tmppwd/kadmind.pid - - envstack_push - setup_kerberos_env kdc - # Nuke pid file - to test if setup - file delete $kdc_pidfile - spawn $KRB5KDC -r $REALMNAME -n -P $kdc_pidfile - envstack_pop - set kdc_pid [exp_pid] - set kdc_spawn_id $spawn_id - - expect { - "starting" { } - eof { - if {$standalone} { - verbose -log "krb5kdc failed to start" - fail "krb5kdc" - } else { - perror "krb5kdc failed to start" - } - stop_kerberos_daemons - return 0 - } - } - - if (![file exists $kdc_pidfile]) { - fail "krb5kdc pidfile" - stop_kerberos_daemons - return 0 - } - set f [open $kdc_pidfile "r"] - if {[gets $f foundpid] < 0 || ![string equal $kdc_pid $foundpid]} { - fail "krb5kdc pid file contents" - close $f - stop_kerberos_daemons - return 0 - } - close $f - - if {$standalone} { - pass "krb5kdc" - } - - # Give the kerberos daemon a few seconds to get set up. -# sleep 2 - - # - # Save setting of KRB5_KTNAME. We do not want to override kdc.conf - # file during kadmind startup. (this is in case user has KRB5_KTNAME - # set before starting make check) - # - if [info exists env(KRB5_KTNAME)] { - set start_save_ktname $env(KRB5_KTNAME) - } - catch "unset env(KRB5_KTNAME)" - - # Start up the kadmind daemon - envstack_push - setup_kerberos_env kdc - file delete $kadmind_pidfile - spawn $KADMIND -r $REALMNAME -W -nofork -P $kadmind_pidfile - envstack_pop - set kadmind_pid [exp_pid] - set kadmind_spawn_id $spawn_id - - # Restore KRB5_KTNAME - if [info exists start_save_ktname] { - set env(KRB5_KTNAME) $start_save_ktname - unset start_save_ktname - } - - expect { - "Seeding random number" exp_continue - "No principal in keytab matches desired name" { - dump_db - exp_continue - } - "starting" { } - eof { - verbose -log "kadmind failed to start" - if {$standalone} { - fail "kadmind" - } else { - perror "kadmind failed to start" - } - stop_kerberos_daemons - return 0 - } - } - - if (![file exists $kadmind_pidfile]) { - fail "kadmind pidfile" - stop_kerberos_daemons - return 0 - } - set f [open $kadmind_pidfile "r"] - if {[gets $f foundpid] < 0 || ![string equal $kadmind_pid $foundpid]} { - fail "kadmind pid file contents" - close $f - stop_kerberos_daemons - return 0 - } - close $f - - if {$standalone} { - pass "kadmind" - } - - # Give the kadmind daemon a few seconds to get set up. -# sleep 2 - - return 1 -} - -# stop_kerberos_daemons -# Stop the kerberos daemons. Returns 1 on success, 0 on failure. - -proc stop_kerberos_daemons { } { - global kdc_pid - global kdc_spawn_id - global kadmind_pid - global kadmind_spawn_id - - verbose "entered stop_kerberos_daemons" - - if [info exists kdc_pid] { - if [catch "exec kill $kdc_pid" msg] { - verbose "kill kdc: $msg" - } - if [catch "expect -i $kdc_spawn_id eof" msg] { - verbose "expect kdc eof: $msg" - } - set kdc_list [wait -i $kdc_spawn_id] - verbose "wait -i $kdc_spawn_id returned $kdc_list (kdc)" - unset kdc_pid - unset kdc_list - } - - if [info exists kadmind_pid] { - if [catch "exec kill $kadmind_pid" msg] { - verbose "kill kadmind: $msg" - } - if [catch "expect -i $kadmind_spawn_id eof" msg] { - verbose "expect kadmind eof: $msg" - } - set kadmind_list [wait -i $kadmind_spawn_id] - verbose "wait -i $kadmind_spawn_id returned $kadmind_list (kadmind5)" - unset kadmind_pid - unset kadmind_list - } - - verbose "exiting stop_kerberos_daemons" - - return 1 -} - -# add_kerberos_key -# Add an key to the Kerberos database. start_kerberos_daemons must be -# called before this procedure. If the standalone argument is -# non-zero, call pass at relevant points. Returns 1 on success, 0 on -# failure. - -proc add_kerberos_key { kkey standalone } { - global REALMNAME - global KADMIN - global KEY - global spawn_id - - # Use kadmin to add an key. - set test "kadmin ank $kkey" - set body { - envstack_push - setup_kerberos_env client - spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $kkey@$REALMNAME" - envstack_pop - verbose "starting $test" - expect_after { - "Cannot contact any KDC" { - set test "$test (lost KDC)" - break - } - timeout { - set test "$test (timeout)" - break - } - eof { - set test "$test (eof)" - break - } - } - expect -re "assword\[^\r\n\]*: *" - send "adminpass$KEY\r" - expect "Enter password for principal \"$kkey@$REALMNAME\":" - send "$kkey" - send "$KEY\r" - expect "Re-enter password for principal \"$kkey@$REALMNAME\":" - send "$kkey" - send "$KEY\r" - expect { - "Principal \"$kkey@$REALMNAME\" created" { } - "Principal or policy already exists while creating*" { } - } - expect eof - if ![check_exit_status kadmin] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - if $standalone { - fail $test - } - return 0 - } else { - if $standalone { - pass $test - } - return 1 - } -} - -# dump_db -proc dump_db { } { - global KADMIN_LOCAL - global REALMNAME - - spawn $KADMIN_LOCAL -r $REALMNAME - expect_after { - eof { - perror "failed to get debugging dump of database (eof)" - } - timeout { - perror "failed to get debugging dump of database (timeout)" - } - } - expect "kadmin.local: " - send "getprincs\r" - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after -} - -# add_random_key -# Add a key with a random password to the Kerberos database. -# start_kerberos_daemons must be called before this procedure. If the -# standalone argument is non-zero, call pass at relevant points. -# Returns 1 on success, 0 on failure. - -proc add_random_key { kkey standalone } { - global REALMNAME - global KADMIN - global KEY - global spawn_id - - # Use kadmin to add an key. - set test "kadmin ark $kkey" - set body { - envstack_push - setup_kerberos_env client - spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $kkey@$REALMNAME" - envstack_pop - expect_after { - timeout { - set test "$test (timeout)" - break - } - eof { - set test "$test (eof)" - break - } - } - expect -re "assword\[^\r\n\]*: *" - send "adminpass$KEY\r" - expect { - "Principal \"$kkey@$REALMNAME\" created" { } - "Principal or policy already exists while creating*" { } - } - expect eof - if ![check_exit_status kadmin] { - break - } - } - if [catch $body] { - catch expect_after - if $standalone { - fail $test - } - return 0 - } else { - catch expect_after - if $standalone { - pass $test - } - return 1 - } -} - -# setup_keytab -# Set up a keytab file. start_kerberos_daemons and add_random_key -# $id/$hostname must be called before this procedure. If the -# argument is non-zero, call pass at relevant points. Returns 1 on -# success, 0 on failure. If the id field is not provided, host is used. - -proc setup_keytab { standalone {id host} } { - global REALMNAME - global KADMIN_LOCAL - global KEY - global tmppwd - global hostname - global spawn_id - global last_service - - if {!$standalone && [file exists $tmppwd/keytab] && $last_service == $id} { - return 1 - } - - file delete $tmppwd/keytab $tmppwd/keytab.old - - if ![get_hostname] { - return 0 - } - - file delete $hostname-new-keytab - - envstack_push - setup_kerberos_env kdc - spawn $KADMIN_LOCAL -r $REALMNAME - envstack_pop - expect_after { - -re "(.*)\r\nkadmin.local: " { - fail "kadmin.local keytab (unmatched output: $expect_out(1,string))" - if {!$standalone} { - file delete $tmppwd/keytab - } - catch "expect_after" - return 0 - } - timeout { - fail "kadmin.local keytab" - if {!$standalone} { - file delete $tmppwd/keytab - } - catch "expect_after" - return 0 - } - eof { - fail "kadmin.local keytab" - if {!$standalone} { - file delete $tmppwd/keytab - } - catch "expect_after" - return 0 - } - } - expect "kadmin.local: " - send "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r" - expect "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r\n" - expect { - -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-keytab." { } - -re "\r\nkadmin.local: " { - if {$standalone} { - fail "kadmin.local keytab" - } else { - file delete $tmppwd/keytab - } - catch expect_after - return 0 - } - } - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status "kadmin.local keytab"] { - if {!$standalone} { - file delete $tmppwd/keytab - } - return 0 - } - - catch "exec mv -f $hostname-new-keytab $tmppwd/keytab" exec_output - if ![string match "" $exec_output] { - verbose -log "$exec_output" - perror "can't mv new keytab" - return 0 - } - - if {$standalone} { - pass "kadmin.local keytab" - } - - # Make the keytab file globally readable in case we are using a - # root shell and the keytab is NFS mounted. - catch "exec chmod a+r $tmppwd/keytab" - - # Remember what we just extracted - set last_service $id - - return 1 -} - -# kinit -# Use kinit to get a ticket. If the argument is non-zero, call pass -# at relevant points. Returns 1 on success, 0 on failure. - -proc kinit { name pass standalone } { - global REALMNAME - global KINIT - global spawn_id - - # Use kinit to get a ticket. - # - # For now always get forwardable tickets. Later when we need to make - # tests that distinguish between forwardable tickets and otherwise - # we should but another option to this proc. --proven - # - spawn $KINIT -5 -f $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - verbose "kinit started" - } - timeout { - fail "kinit" - return 0 - } - eof { - fail "kinit" - return 0 - } - } - send "$pass\r" - expect eof - if ![check_exit_status kinit] { - return 0 - } - - if {$standalone} { - pass "kinit" - } - - return 1 -} - -proc kinit_renew { name pass standalone } { - global REALMNAME - global KINIT - global spawn_id - - spawn $KINIT -5 -f $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - verbose "kinit started" - } - timeout { - fail "kinit" - return 0 - } - eof { - fail "kinit" - return 0 - } - } - send "$pass\r" - expect eof - if ![check_exit_status kinit] { - return 0 - } - - spawn $KINIT -R - expect eof - if ![check_exit_status "kinit_renew"] { - return 0 - } - - return 1 -} - -# Retrieve a ticket using FAST armor -proc kinit_fast { name pass standalone } { - global REALMNAME - global KINIT - global spawn_id - global env - - # Use kinit to get a ticket. - # - spawn $KINIT -5 -f -T $env(KRB5CCNAME) $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - verbose "kinit started" - } - timeout { - fail "kinit_fast" - return 0 - } - eof { - fail "kinit_fast" - return 0 - } - } - send "$pass\r" - expect eof - if ![check_exit_status kinit] { - return 0 - } - - if {$standalone} { - pass "kinit_fast" - } - - return 1 -} - -proc kinit_anonymous { name } { - global REALMNAME - global KINIT - global spawn_id - - # Use kinit to get a ticket. - # - spawn $KINIT -5 -f -n $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - fail "kinit_anonymous (password requested)" - return 0 - } - timeout { - fail "kinit_anonymous (timeout)" - return 0 - } - eof { } - } - if ![check_exit_status kinit] { - fail "kinit anonymous" - } - - pass "kinit anonymous" - return 1 -} - -proc kinit_kt { name keytab standalone testname } { - global REALMNAME - global KINIT - global spawn_id - - # Use kinit to get a ticket. - # - # For now always get forwardable tickets. Later when we need to make - # tests that distinguish between forwardable tickets and otherwise - # we should but another option to this proc. --proven - # - spawn $KINIT -5 -f -k -t $keytab $name@$REALMNAME - expect { - timeout { - fail "kinit $testname" - return 0 - } - eof { } - } - if ![check_exit_status "kinit $testname"] { - return 0 - } - - if {$standalone} { - pass "kinit $testname" - } - - return 1 -} - -# List tickets. Requires client and server names, and test name. -# Checks that klist exist status is zero. -# Records pass or fail, and returns 1 or 0. -proc do_klist { myname servname testname } { - global KLIST - global tmppwd - - spawn $KLIST -5 -e - expect { - -re "Ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Default principal:\[ \]*$myname.*$servname\r\n" { - verbose "klist started" - } - timeout { - fail $testname - return 0 - } - eof { - fail $testname - return 0 - } - } - - expect eof - - if ![check_exit_status $testname] { - return 0 - } - pass $testname - return 1 -} - -proc do_klist_kt { keytab testname } { - global KLIST - global tmppwd - - spawn $KLIST -5 -e -k $keytab - expect { - -re "Keytab name:\[ \]*(.+:)?.*KVNO Principal\r\n---- -*\r\n" { - verbose "klist started" - } - timeout { - fail $testname - return 0 - } - eof { - fail $testname - return 0 - } - } - set more 1 - while {$more} { - expect { - -re { *[0-9][0-9]* *[a-zA-Z/@.-]* \([/a-zA-Z 0-9-]*\) *\r\n} { - verbose -log "key: $expect_out(buffer)" - } - eof { set more 0 } - } - } - - if ![check_exit_status $testname] { - return 0 - } - pass $testname - return 1 -} - -proc do_klist_err { testname } { - global KLIST - global spawn_id - - spawn $KLIST -5 - # Might say "credentials cache" or "credentials cache file". - expect { - -re "klist: No credentials cache found.*\r\n" { - verbose "klist started" - } - timeout { - fail $testname - return 0 - } - eof { - fail $testname - return 0 - } - } - # We can't use check_exit_status, because we expect an exit status - # of 1. - catch "expect eof" - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list ($testname)" - if { [lindex $status_list 2] != 0 } { - fail "$testname (bad exit status) $status_list" - return 0 - } else { if { [lindex $status_list 3] != 1 } { - fail "$testname (bad exit status) $status_list" - return 0 - } else { - pass $testname - } } - return 1 -} - -proc do_kdestroy { testname } { - global KDESTROY - global spawn_id - - spawn $KDESTROY -5 - if ![check_exit_status $testname] { - fail $testname - return 0 - } - pass $testname - return 1 -} - -proc xst { keytab name } { - global KADMIN_LOCAL - global REALMNAME - - envstack_push - setup_kerberos_env kdc - spawn $KADMIN_LOCAL -r $REALMNAME - envstack_pop - catch expect_after - expect_after { - -re "(.*)\r\nkadmin.local: " { - fail "kadmin.local xst $keytab (unmatched output: $expect_out(1,string)" - catch "expect_after" - return 0 - } - timeout { - fail "kadmin.local xst $keytab (timeout)" - catch "expect_after" - return 0 - } - eof { - fail "kadmin.local xst $keytab (eof)" - catch "expect_after" - return 0 - } - } - expect "kadmin.local: " - send "xst -k $keytab $name\r" - expect -re "xst -k \[^\r\n\]*\r\n.*Entry for principal .* added to keytab WRFILE:.*\r\nkadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status "kadmin.local $keytab"] { - perror "kadmin.local xst $keytab exited abnormally" - return 0 - } - return 1 -} - -# helpful sometimes for debugging the test suite -proc export_debug_envvars { } { - global env - foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST KPASSWD REALMNAME GSSCLIENT KPROPLOG} { - global $i - if [info exists $i] { set env($i) [set $i] } - } -} -proc spawn_xterm { } { - export_debug_envvars - exec "xterm" -} -proc spawn_shell { } { - export_debug_envvars - spawn "sh" - exp_interact -} diff --git a/src/tests/dejagnu/deps b/src/tests/dejagnu/deps deleted file mode 100644 index 2feac3c9d3..0000000000 --- a/src/tests/dejagnu/deps +++ /dev/null @@ -1 +0,0 @@ -# No dependencies here. diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp deleted file mode 100644 index 661e3fd9a9..0000000000 --- a/src/tests/dejagnu/krb-standalone/kprop.exp +++ /dev/null @@ -1,158 +0,0 @@ -# Password-changing Kerberos test. -# This is a DejaGnu test script. - -# We are about to start up a couple of daemon processes. We do all -# the rest of the tests inside a proc, so that we can easily kill the -# processes when the procedure ends. - -proc setup_replica {} { - global tmppwd hostname REALMNAME env - file delete $tmppwd/replica-stash $tmppwd/replica-acl - file copy -force $tmppwd/stash:foo $tmppwd/replica-stash - file copy -force $tmppwd/acl $tmppwd/replica-acl - if ![file exists $tmppwd/kpropdacl] { - set aclfile [open $tmppwd/kpropd-acl w] - puts $aclfile "host/$hostname@$REALMNAME" - close $aclfile - } - file copy -force $tmppwd/adb.lock $tmppwd/replica-adb.lock - if [info exists env(K5TEST_LMDB)] { - set suffixes { .mdb .mdb-lock .lockout.mdb .lockout.mdb-lock } - } else { - set suffixes { {} .kadm5 .kadm5.lock .ok } - } - foreach suffix $suffixes { - file copy -force $tmppwd/kdc-db$suffix $tmppwd/replica-db$suffix - } -} - -proc scan_kpropd_output {} { - global kpropd_spawn_id kpropd_pid - - # See if kpropd logged anything. It should exit after processing - # one kprop connection. - expect { - -i $kpropd_spawn_id - eof { - wait -i $kpropd_spawn_id - unset kpropd_spawn_id kpropd_pid - } - timeout { } - -re "Connection from \[a-zA-Z.-\]*" { exp_continue } - -re "krb5_recvauth" { exp_continue } - -re "authenticated client" { exp_continue } - -re "calling kdb5_util to load database\r\n" { exp_continue } - -re "Child PID is \[0-9\]*\r\n" { exp_continue } - -re "Rejected connection" { - fail "kprop (rejected)" - } - } -} - -proc doit { } { - global KLIST KDESTROY - global REALMNAME KEY - global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id - global hostname tmppwd spawn_id timeout - global KRBIV supported_enctypes portbase mode ulog des3_krbtgt - - # Delete any db, ulog files - delete_db - - # Initialize the Kerberos database. The argument tells - # setup_kerberos_db that it is being called from here. - if ![setup_kerberos_db 0] { - return - } - setup_replica - if ![start_kerberos_daemons 0] { - return - } - if ![add_random_key host/$hostname 0] { - fail "kprop (host key)" - return - } - if ![setup_keytab 0] { - fail "kprop (keytab)" - return - } - - # Get kprop server up and running. - envstack_push - setup_kerberos_env replica - start_kpropd - envstack_pop - - # Use kadmin to add a key. - if ![add_kerberos_key wakawaka 0] { - return - } - - # Dump primary database. - envstack_push - setup_kerberos_env kdc - spawn $KDB5_UTIL dump $tmppwd/replica_datatrans - expect eof - if ![check_exit_status "kprop (kdb5_util dump)"] { return } - - # Just in case kpropd is a little slow in starting up... - sleep 1 - - # Try a propagation. - spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname - expect eof - set kprop_exit [check_exit_status "kprop (exit status)"] - # log output for debugging - scan_kpropd_output - if !$kprop_exit { return } - - # Examine new database. - setup_kerberos_env replica - spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs - expect { - wakawaka@ { - expect eof - } - eof { - fail "kprop (updated replica data)" - return - } - timeout { - fail "kprop (examining new db)" - return - } - } - pass "kprop" -} - -run_once kprop { - catch "unset kpropd_pid" - catch "unset kpropd_spawn_id" - - # Set up the Kerberos files and environment. - if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return - } - - set status [catch doit msg] - - stop_kerberos_daemons - - # if kpropd is running, kill it - if [info exists kpropd_pid] { - catch { - exec kill $kpropd_pid - expect -i $kpropd_spawn_id eof - wait -i $kpropd_spawn_id - unset kpropd_pid kpropd_spawn_id - } - } - - delete_db - - if { $status != 0 } { - send_error "ERROR: error in kprop.exp\n" - send_error "$msg\n" - exit 1 - } -} diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp deleted file mode 100644 index d67691e800..0000000000 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ /dev/null @@ -1,287 +0,0 @@ -# Standalone Kerberos test. -# This is a DejaGnu test script. -# This script tests that the Kerberos tools can talk to each other. - -# This mostly just calls procedures in testsuite/config/default.exp. - -# Set up the Kerberos files and environment. -if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return -} - -# Initialize the Kerberos database. The argument tells -# setup_kerberos_db that it is being called from here. -if ![setup_kerberos_db 1] { - return -} - -# We are about to start up a couple of daemon processes. We do all -# the rest of the tests inside a proc, so that we can easily kill the -# processes when the procedure ends. - -proc dump_and_reload {} { - global KDB5_UTIL - global tmppwd - - set dumpfile $tmppwd/dump-file - set dumpokfile $dumpfile.dump_ok - - set test1name "kdb5_util dump" - set test2name "kdb5_util load" - - if [file exists $dumpfile] { file delete $dumpfile } - if [file exists $dumpokfile] { file delete $dumpokfile } - - spawn $KDB5_UTIL dump $dumpfile - expect { - -re "..*" { - fail $test1name - untested $test2name - return - } - timeout { - fail $test1name - untested $test2name - return - } - eof { } - } - if ![check_exit_status $test1name] { - untested $test2name - return - } - if ![file exists $dumpfile]||![file exists $dumpokfile] { - fail $test1name - untested $test2name - return - } - pass $test1name - - spawn $KDB5_UTIL load $dumpfile - expect { - -re "..*" { - fail $test2name - return - } - timeout { - fail $test2name - return - } - eof { } - } - if [check_exit_status $test2name] { - pass $test2name - } -} - -proc kinit_wrong_pw { name badpass } { - global REALMNAME - global KINIT - global spawn_id - - # Use kinit to get a ticket. - # - # For now always get forwardable tickets. Later when we need to make - # tests that distinguish between forwardable tickets and otherwise - # we should but another option to this proc. --proven - # - spawn $KINIT -5 -f $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - verbose "kinit started" - } - timeout { - fail "kinit bad pw" - return 0 - } - eof { - fail "kinit bad pw" - return 0 - } - } - send "$badpass\r" - expect { - "Password incorrect while getting initial credentials" { - } - timeout { - fail "kinit bad pw" - # kill it? - } - eof { - fail "kinit bad pw" - return - } - } - expect eof - - set status_list [wait -i $spawn_id] - catch "close -i $spawn_id" - verbose -log "exit status: $status_list" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { - pass "kinit bad pw" - } else { - fail "kinit bad pw" - } -} - -proc doit { } { - global REALMNAME - global KLIST - global KDESTROY - global KEY - global KADMIN_LOCAL - global KTUTIL - global hostname - global tmppwd - global spawn_id - global supported_enctypes - global KRBIV - global portbase - global mode - global tmppwd - - setup_kerberos_env kdc - - # Start up the kerberos and kadmind daemons. - if ![start_kerberos_daemons 1] { - return - } - - # Use kadmin to add an host key. - if ![add_random_key host/$hostname 1] { - return - } - - spawn $KADMIN_LOCAL -q "addpol fred" - catch expect_after - expect { - timeout { - fail "kadmin.local addpol fred" - } - eof { - pass "kadmin.local addpol fred" - } - } - set k_stat [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" - catch "close -i $spawn_id" - - # Use ksrvutil to create a keytab entry. - if ![setup_keytab 1] { - return - } - - # Test dump and load. Continue on, whatever the result. - dump_and_reload - - spawn $KADMIN_LOCAL -q "getpols" - expect { - fred { - pass "kadmin.local getpols" - expect eof - } - timeout { - fail "kadmin.local getpols" - } - eof { - fail "kadmin.local getpols" - } - } - set k_stat [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" - catch "close -i $spawn_id" - - # Test use of wrong password. - kinit_wrong_pw krbtest/admin wrongpassword - - setup_kerberos_env client - # Use kinit to get a ticket. - if ![kinit krbtest/admin adminpass$KEY 1] { - return - } - - if ![kinit_renew krbtest/admin adminpass$KEY 1] { - return - } - - # Make sure that klist can see the ticket. - if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] { - return - } - -# Get a ticket to later use with FAST - if ![kinit krbtest/fast adminpass$KEY 1] { - return - } - - # Use fast to get a ticket - if ![kinit_fast krbtest/fast adminpass$KEY 1] { - return - } - - # Destroy the ticket. - spawn $KDESTROY -5 - if ![check_exit_status "kdestroy"] { - return - } - pass "kdestroy" - - # Double check that the ticket was destroyed. - if ![do_klist_err "klist after destroy"] { return } - - if ![add_random_key WELLKNOWN/ANONYMOUS 0] { - return - } - - # If we have anonymous then test it - if [file exists "$tmppwd/../../../plugins/preauth/pkinit.so" ] { - kinit_anonymous "WELLKNOWN/ANONYMOUS" - } - - if ![add_random_key foo/bar 1] { - return - } - - set keytab $tmppwd/fookeytab - catch "exec rm -f $keytab" - - modify_principal foo/bar -kvno 252 - foreach vno {253 254 255 256 257 258} { - xst $tmppwd/fookeytab foo/bar - do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno" - kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno" - do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno" - do_kdestroy "kdestroy foo/bar vno $vno" - } - catch "exec rm -f $keytab" - # Check that kadmin.local can actually read the correct kvno, even - # if we don't expect kadmin to be able to. - setup_kerberos_env kdc - spawn $KADMIN_LOCAL -r $REALMNAME - set ok 1 - expect_after { - timeout { fail "kadmin.local correct high kvno" ; set ok 0 } - eof { fail "kadmin.local correct high kvno" ; set ok 0 } - } - expect "kadmin.local: " - send "getprinc foo/bar\r" -# exec sleep 10 - expect "Key: vno $vno," - send "quit\r" - expect eof - if [check_exit_status "kadmin.local examine foo/bar for high kvno"] { - if $ok { - pass "kadmin.local correct high kvno" - } - } -} - -set status [catch doit msg] - -stop_kerberos_daemons - -if { $status != 0 } { - send_error "ERROR: error in standalone.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/t_inetd.c b/src/tests/t_inetd.c index e23c6b9d66..d22cf31ffa 100644 --- a/src/tests/t_inetd.c +++ b/src/tests/t_inetd.c @@ -76,9 +76,6 @@ main(argc, argv) int one = 1; struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ socklen_t namelen = sizeof(f_inaddr); -#ifdef POSIX_SIGNALS - struct sigaction csig; -#endif progname = argv[0]; @@ -126,16 +123,6 @@ main(argc, argv) close(sock); sock = 0; - /* Don't wait for a child signal... Otherwise dejagnu gets confused */ -#ifdef POSIX_SIGNALS - csig.sa_handler = SIG_IGN; - sigemptyset(&csig.sa_mask); - csig.sa_flags = 0; - sigaction(SIGCHLD, &csig, (struct sigaction *)0); -#else - signal(SIGCHLD, SIG_IGN); -#endif - if(execv(path, &argv[3])) fprintf(stderr, "t_inetd: Could not exec %s\n", path); exit(1);