1 # Standalone Kerberos test.
2 # This is a DejaGnu test script.
3 # This script tests that the Kerberos tools can talk to each other.
5 # This mostly just calls procedures in testsuite/config/default.exp.
7 # Set up the Kerberos files and environment.
8 if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
12 # Initialize the Kerberos database. The argument tells
13 # setup_kerberos_db that it is being called from here.
14 if ![setup_kerberos_db 1] {
18 # We are about to start up a couple of daemon processes. We do all
19 # the rest of the tests inside a proc, so that we can easily kill the
20 # processes when the procedure ends.
22 proc dump_and_reload {} {
26 set dumpfile $tmppwd/dump-file
27 set dumpokfile $dumpfile.dump_ok
29 set test1name "kdb5_util dump"
30 set test2name "kdb5_util load"
32 if [file exists $dumpfile] { file delete $dumpfile }
33 if [file exists $dumpokfile] { file delete $dumpokfile }
35 spawn $KDB5_UTIL dump $dumpfile
49 if ![check_exit_status $test1name] {
53 if ![file exists $dumpfile]||![file exists $dumpokfile] {
60 spawn $KDB5_UTIL load $dumpfile
72 if [check_exit_status $test2name] {
77 proc kinit_wrong_pw { name badpass } {
82 # Use kinit to get a ticket.
84 # For now always get forwardable tickets. Later when we need to make
85 # tests that distiguish between forwardable tickets and otherwise
86 # we should but another option to this proc. --proven
88 spawn $KINIT -5 -f $name@$REALMNAME
90 "Password for $name@$REALMNAME:" {
91 verbose "kinit started"
104 "Password incorrect while getting initial credentials" {
117 set status_list [wait -i $spawn_id]
118 catch "close -i $spawn_id"
119 verbose -log "exit status: $status_list"
120 if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
137 global supported_enctypes
142 global KRB5_PA_MODULE_DIR
144 setup_kerberos_env kdc
146 # Start up the kerberos and kadmind daemons.
147 if ![start_kerberos_daemons 1] {
151 # Use kadmin to add an host key.
152 if ![add_random_key host/$hostname 1] {
156 spawn $KADMIN_LOCAL -q "addpol fred"
160 fail "kadmin.local addpol fred"
163 pass "kadmin.local addpol fred"
166 set k_stat [wait -i $spawn_id]
167 verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
168 catch "close -i $spawn_id"
170 # Use ksrvutil to create a srvtab entry.
171 if ![setup_srvtab 1] {
175 # Test dump and load. Continue on, whatever the result.
178 spawn $KADMIN_LOCAL -q "getpols"
181 pass "kadmin.local getpols"
185 fail "kadmin.local getpols"
188 fail "kadmin.local getpols"
191 set k_stat [wait -i $spawn_id]
192 verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
193 catch "close -i $spawn_id"
195 # Test use of wrong password.
196 kinit_wrong_pw krbtest/admin wrongpassword
198 setup_kerberos_env client
199 # Use kinit to get a ticket.
200 if ![kinit krbtest/admin adminpass$KEY 1] {
204 # Make sure that klist can see the ticket.
205 if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
209 # Get a ticket to later use with FAST
210 if ![kinit krbtest/fast adminpass$KEY 1] {
214 # Use fast to get a ticket
215 if ![kinit_fast krbtest/fast adminpass$KEY 1] {
219 # Destroy the ticket.
221 if ![check_exit_status "kdestroy"] {
226 # Double check that the ticket was destroyed.
227 if ![do_klist_err "klist after destroy"] { return }
229 if ![add_random_key WELLKNOWN/ANONYMOUS 0] {
233 # If we have anonymous then test it
234 if [file exists "$tmppwd/../../../util/fakedest$KRB5_PA_MODULE_DIR/pkinit.so" ] {
235 kinit_anonymous "WELLKNOWN/ANONYMOUS"
238 if ![add_random_key foo/bar 1] {
242 set keytab $tmppwd/fookeytab
243 catch "exec rm -f $keytab"
245 modify_principal foo/bar -kvno 252
246 foreach vno {253 254 255 256 257 258} {
247 xst $tmppwd/fookeytab foo/bar
248 do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno"
249 kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
250 do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
251 do_kdestroy "kdestroy foo/bar vno $vno"
253 catch "exec rm -f $keytab"
254 # Check that kadmin.local can actually read the correct kvno, even
255 # if we don't expect kadmin to be able to.
256 setup_kerberos_env kdc
257 spawn $KADMIN_LOCAL -r $REALMNAME
260 timeout { fail "kadmin.local correct high kvno" ; set ok 0 }
261 eof { fail "kadmin.local correct high kvno" ; set ok 0 }
263 expect "kadmin.local: "
264 send "getprinc foo/bar\r"
266 expect "Key: vno $vno,"
269 if [check_exit_status "kadmin.local examine foo/bar for high kvno"] {
271 pass "kadmin.local correct high kvno"
276 set status [catch doit msg]
278 stop_kerberos_daemons
280 if { $status != 0 } {
281 send_error "ERROR: error in standalone.exp\n"