load_lib lib.t # Assumptions: # # Principal "admin" exists, with "get", "add", "modify" and "delete" # access bits and password "admin". # The string "not-the-password" isn't the password of any user in the database. # Database master password is "mrroot". api_exit api_start test "init 1" one_line_fail_test_nochk \ {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE "" \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle} test "init 2" one_line_fail_test_nochk \ {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE @ \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle} test "init 2.5" one_line_fail_test_nochk \ {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle} test "init 3" proc test3 {} { global test if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { error_and_restart "$test: couldn't create principal \"$test/a\"" return } one_line_fail_test_nochk [format { ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle } $test] } if {$RPC} { test3 } test "init 4" proc test4 {} { global test if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { error_and_restart "$test: couldn't delete principal \"$test/a\"" return } one_line_fail_test_nochk [format { ovsec_kadm_init admin admin "%s/a" null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } $test] } if {$RPC} { test4 } test "init 5" if {$RPC} { one_line_fail_test_nochk { ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle } } test "init 6" proc test6 {} { global test send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n" expect { {Enter password:} { } eof { fail "$test: eof instead of password prompt" api_exit api_start return } timeout { fail "$test: timeout instead of password prompt" return } } one_line_succeed_test "admin" if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if { $RPC } { test6 } test "init 7" proc test7 {} { global test send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n" expect { {Enter password:} { } -re "key:$" { } eof { fail "$test: eof instead of password prompt" api_exit api_start return } timeout { fail "$test: timeout instead of password prompt" return } } one_line_succeed_test "admin" if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if { $RPC } { test7 } test "init 8" proc test8 {} { global test if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { error_and_restart "$test: couldn't create principal \"$test/a\"" return } one_line_fail_test_nochk [format { ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } $test] } if {$RPC} { test8 } test "init 9" if {$RPC} { global test one_line_fail_test_nochk { ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } } test "init 10" proc test10 {} { global test # set prms_id 562 # setup_xfail {*-*-*} $prms_id one_line_fail_test_nochk { ovsec_kadm_init null admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } } test10 #test "init 11" # #proc test11 {} { # global test # set prms_id 563 # setup_xfail {*-*-*} $prms_id # one_line_fail_test_nochk { # ovsec_kadm_init "" admin $OVSEC_KADM_ADMIN_SERVICE null \ # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ # server_handle # } #} #test11 test "init 12" proc test12 {} { global test one_line_fail_test_nochk [format { ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } $test] } if {$RPC} { test12 } test "init 13" proc test13 {} { global test one_line_fail_test_nochk [format { ovsec_kadm_init "%s/a@SECURE-TEST.OV.COM" admin \ $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle } $test] } if {$RPC} { test13 } test "init 14" proc test14 {} { global test one_line_fail_test_nochk [format { ovsec_kadm_init "%s/a@BAD.REALM" admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } $test] } if {$RPC} { test14 } test "init 15" if {$RPC} { one_line_fail_test_nochk { ovsec_kadm_init admin@BAD.REALM admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } } test "init 16" proc test16 {} { global test one_line_succeed_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test16 test "init 17" proc test17 {} { global test one_line_succeed_test { ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \ $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test17 test "init 18" proc test18 {} { global test one_line_succeed_test { ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test18 test "init 19" proc test19 {} { global test one_line_succeed_test { ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \ $OVSEC_KADM_ADMIN_SERVICE SECURE-TEST.OV.COM \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test19 test "init 20" proc test20 {} { global test if {! [cmd { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle }]} { error_and_restart "$test: couldn't init database" return } one_line_succeed_test \ {ovsec_kadm_get_principal $server_handle admin principal} if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test20 #test "init 21" # #proc test21 {} { # global test # if {! [cmd { # ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ # server_handle # }]} { # error_and_restart "$test: couldn't init database" # return # } # one_line_fail_test_nochk { # ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ # server_handle # } # if {! [cmd {ovsec_kadm_destroy $server_handle}]} { # error_and_restart "$test: couldn't close database" # } #} #test21 proc test22 {} { global test prompt set prompting 0 send [string trim { ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle }] send "\n" expect { -re ":$" { set prompting 1} -re "\nOK .*$prompt$" { fail "$test: premature success" } -re "\nERROR .*$prompt$" { fail "$test: premature failure" } timeout { fail "$test: timeout" } eof { fail "$test: eof" } } if {$prompting} { one_line_succeed_test mrroot } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if {! $RPC} { test22 } test "init 22.5" proc test225 {} { global test prompt set prompting 0 send [string trim { ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle }] send "\n" expect { -re ":$" { set prompting 1} -re "\nOK .*$prompt$" { fail "$test: premature success" } -re "\nERROR .*$prompt$" { fail "$test: premature failure" } timeout { fail "$test: timeout" } eof { fail "$test: eof" } } if {$prompting} { one_line_succeed_test mrroot } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if {! $RPC} { test225 } test "init 23" proc test23 {} { global test one_line_succeed_test { ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE \ null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if {! $RPC} { test23 } test "init 24" proc test24 {} { global test one_line_succeed_test { ovsec_kadm_init admin admin null null $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if {! $RPC} { test24 } test "init 25" proc test25 {} { global test one_line_succeed_test { ovsec_kadm_init admin admin foobar null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if {! $RPC} { test25 } test "init 26" #proc test26 {} { # global test # # api_exit # api_start # one_line_fail_test_nochk { # ovsec_kadm_get_principal $server_handle admin principal # } #} #test26 #test "init 27" # #proc test27 {} { # global test # # if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { # error_and_restart "$test: couldn't delete principal \"$test/a\"" # return # } # begin_dump # if {[cmd [format { # ovsec_kadm_create_principal $server_handle [simple_principal \ # "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a" # } $test $test]]} { # fail "$test: unexpected success in add" # return # } # end_dump_compare "no-diffs" #} #test27 #test "init 28" # #proc test28 {} { # global test prompt # # if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { # error_and_restart "$test: couldn't create principal \"$test/a\"" # return # } # begin_dump # if {! ([cmd { # ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ # server_handle # }] && [cmd [format { # ovsec_kadm_get_principal $server_handle "%s/a" principal # } $test]])} { # error_and_restart "$test: error getting principal" # return; # } # send "lindex \$principal 8\n" # expect { # -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) } # timeout { # error_and_restart "$test: timeout getting principal kvno" # return # } # eof { # error_and_restart "$test: eof getting principal kvno" # return # } # } # api_exit # api_start # set new_kvno [expr "$kvno + 1"] # if {[cmd [format { # ovsec_kadm_modify_principal $server_handle \ # {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO} # } $test $new_kvno]]} { # fail "$test: unexpected success in modify" # return; # } # end_dump_compare "no-diffs" #} #test28 #test "init 29" # #proc test29 {} { # global test # # if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { # error_and_restart "$test: couldn't create principal \"$test/a\"" # return # } # begin_dump # if {[cmd [format { # ovsec_kadm_delete_principal $server_handle "%s/a" # } $test]]} { # fail "$test: unexpected success in delete" # return # } # end_dump_compare "no-diffs" #} #test29 test "init 30" proc test30 {} { global test if {[cmd { ovsec_kadm_init admin foobar $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle }]} { error_and_restart "$test: unexpected succsess" return } one_line_succeed_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } if ${RPC} { test30 } test "init 31" proc test31 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $bad_struct_version_mask $OVSEC_KADM_API_VERSION_1 \ server_handle } "BAD_STRUCT_VERSION" } test31 test "init 32" proc test32 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $no_struct_version_mask $OVSEC_KADM_API_VERSION_1 \ server_handle } "BAD_STRUCT_VERSION" } test32 test "init 33" proc test33 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $old_struct_version $OVSEC_KADM_API_VERSION_1 \ server_handle } "OLD_STRUCT_VERSION" } test33 test "init 34" proc test34 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $new_struct_version $OVSEC_KADM_API_VERSION_1 \ server_handle } "NEW_STRUCT_VERSION" } test34 test "init 35" proc test35 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $bad_api_version_mask \ server_handle } "BAD_API_VERSION" } test35 test "init 36" proc test36 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $no_api_version_mask \ server_handle } "BAD_API_VERSION" } test36 test "init 37" proc test37 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $old_api_version \ server_handle } "OLD_LIB_API_VERSION" } if { $RPC } test37 test "init 38" proc test38 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $old_api_version \ server_handle } "OLD_SERVER_API_VERSION" } if { ! $RPC } test38 test "init 39" proc test39 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $new_api_version \ server_handle } "NEW_LIB_API_VERSION" } if { $RPC } test39 test "init 40" proc test40 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $new_api_version \ server_handle } "NEW_SERVER_API_VERSION" } if { ! $RPC } test40 test "init 41" proc test41 {} { global test one_line_fail_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_API_VERSION_1 $OVSEC_KADM_STRUCT_VERSION \ server_handle } "BAD_" } test41 test "init 42" proc test42 {} { global test one_line_succeed_test { ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle } if {! [cmd {ovsec_kadm_destroy $server_handle}]} { error_and_restart "$test: couldn't close database" } } test42 proc test45_46 {service} { global test kadmin_local env spawn $kadmin_local -q "delprinc -force $service" expect { -re "Principal .* deleted." {} default { error "kadmin.local delprinc failed\n"; } } expect eof wait one_line_fail_test [concat {ovsec_kadm_init admin admin } \ $service \ { null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ server_handle}] "SECURE_PRINC_MISSING" # this leaves the keytab with an incorrect entry exec $kadmin_local -q "ank -randkey $service" # restart the api so it gets a new ccache api_exit api_start } if {$RPC} { test "init 45" test45_46 ovsec_adm/admin test "init 46" test45_46 ovsec_adm/changepw # re-extract the keytab so it is right exec rm /krb5/ovsec_adm.srvtab exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \ -princ kadmin/admin -princ kadmin/changepw /krb5/ovsec_adm.srvtab } return ""