# Clear away any files left over from a previous run.
# We can't use them now because we don't know the right KEY.
# krb5.conf might change if running tests on another host
-catch "exec rm -f tmpdir/db.ok tmpdir/srvtab tmpdir/krb5.conf"
+catch "exec rm -f tmpdir/db.ok tmpdir/srvtab tmpdir/krb5.conf tmpdir/cpw_srvtab"
# Put the installed kerberos directories on PATH.
# This needs to be fixed for V5.
}
if ![info exists KADMIND] {
- set KADMIND [findfile $objdir/../../kadmin.old/server/kadmind]
+ set KADMIND [findfile $objdir/../../kadmin/v5server/kadmind5]
}
if ![info exists KADMIN] {
- set KADMIN [findfile $objdir/../../kadmin.old/client/kadmin]
+ set KADMIN [findfile $objdir/../../kadmin/v5client/kadmin5]
}
if ![info exists KINIT] {
# Create ACL file.
if ![file exists tmpdir/acl] {
set aclfile [open tmpdir/acl w]
- puts $aclfile "krbtest/admin@KRBTEST.COM *"
+ puts $aclfile "krbtest/kadmin5@KRBTEST.COM *"
close $aclfile
}
}
}
+# setup_kadmind_srvtab
+# A procedure to build the srvtab for kadmind5 so that kadmin5 and it
+# may successfully communicate.
+# Returns 1 on success, 0 on failure.
+proc setup_kadmind_srvtab { } {
+ global KDB5_EDIT
+ global KEY
+ global tmppwd
+
+ catch "exec rm -f tmpdir/cpw_srvtab"
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after {
+ timeout {
+ fail "kdb5_edit cpw_srvtab"
+ catch "exec rm -f tmpdir/cpw_srvtab"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kdb5_edit cpw_srvtab"
+ catch "exec rm -f tmpdir/cpw_srvtab"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter KDC database master key"
+ send "masterkey$KEY\r"
+ expect "kdb5_edit:"
+ send "xst KRBTEST.COM changepw\r"
+ expect "'changepw/KRBTEST.COM@KRBTEST.COM' added to keytab"
+ expect "kdb5_edit:"
+ send "quit\r"
+ expect "\r"
+ expect_after
+ if ![check_exit_status "kdb5_edit cpw_srvtab"] {
+ catch "exec rm -f tmpdir/cpw_srvtab"
+ send_error "ERROR: kdb5_edit cpw_srvtab exited abnormally\n"
+ return 0
+ }
+
+ catch "exec mv -f KRBTEST.COM-new-srvtab tmpdir/cpw_srvtab" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+ send_error "ERROR: can't mv new cpw_srvtab\n"
+ return 0
+ }
+
+ # Make the srvtab file globally readable in case we are using a
+ # root shell and the srvtab is NFS mounted.
+ catch "exec chmod a+r tmpdir/cpw_srvtab"
+
+ return 1
+}
+
# setup_kerberos_db
# Initialize the Kerberos database. If the argument is non-zero, call
# pass at relevant points. Returns 1 on success, 0 on failure.
}
send "masterkey$KEY\r"
expect "kdb5_edit:"
+ send "ank krbtest/kadmin5@KRBTEST.COM\r"
+ expect "Enter password:"
+ send "adminpass$KEY\r"
+ expect "Re-enter password for verification:"
+ send "adminpass$KEY\r"
+ expect "kdb5_edit:"
send "ank krbtest/admin@KRBTEST.COM\r"
expect "Enter password:"
send "adminpass$KEY\r"
expect "Re-enter password for verification:"
send "adminpass$KEY\r"
expect "kdb5_edit:"
- send "ark kadmin/KRBTEST.COM@KRBTEST.COM\r"
+ send "ark changepw/KRBTEST.COM@KRBTEST.COM\r"
expect "kdb5_edit:"
send "quit\r"
expect "\r"
return 0
}
+ if ![setup_kadmind_srvtab] {
+ return 0
+ }
+
if {$standalone} {
pass "kdb5_edit"
}
catch "exec sleep 2"
# Start up the kadmind daemon
- spawn $KADMIND -d $tmppwd/db -p 3750 -a $tmppwd/acl -m -r KRBTEST.COM
+ spawn $KADMIND -d $tmppwd/db -p 3750 -a $tmppwd/acl -T tmpdir/cpw_srvtab -m -r KRBTEST.COM -n
set kadmind_pid [exp_pid]
set kadmind_spawn_id $spawn_id
expect {
return 0
}
eof {
- fail "krb5kdc"
+ fail "kadmind"
stop_kerberos_daemons
return 0
}
}
expect {
+ "cannot bind to network address" {
+ fail "kadmind"
+ stop_kerberos_daemons
+ return 0
+ }
"\r" { }
timeout {
fail "kadmind"
if [info exists kdc_pid] {
catch "close -i $kdc_spawn_id"
catch "exec kill $kdc_pid"
- wait -i $kdc_spawn_id
+ set kdc_list [wait -i $kdc_spawn_id]
+ verbose "wait -i $kdc_spawn_id returned $kdc_list (kdc)"
unset kdc_pid
+ unset kdc_list
}
if [info exists kadmind_pid] {
catch "close -i $kadmind_spawn_id"
catch "exec kill $kadmind_pid"
- wait -i $kadmind_spawn_id
+ set kadmind_list [wait -i $kadmind_spawn_id]
+ verbose "wait -i $kadmind_spawn_id returned $kadmind_list (kadmind5)"
unset kadmind_pid
+ unset kadmind_list
}
return 1
global spawn_id
# Use kadmin to add an key.
- spawn $KADMIN -p 3750 krbtest@KRBTEST.COM
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM
expect_after {
timeout {
fail "kadmin $kkey"
return 0
}
}
- expect "Password for krbtest/admin@KRBTEST.COM:"
- send "adminpass$KEY\r"
- expect -re "Command (.*):"
- send "add $kkey@KRBTEST.COM\r"
- expect {
- "Enter password:" { }
- "Principal Already Exists" {
- expect -re "Command (.*):"
- send "q\r"
- expect "Have a Good Day.\r"
- catch "expect_after"
- if ![check_exit_status kadmin] {
- return 0
- }
- return 1
- }
- }
+ expect "kadmin5:"
+ send "ank $kkey@KRBTEST.COM\r"
+ expect "Enter new password for $kkey@KRBTEST.COM :"
send "$kkey"
send "$KEY\r"
- expect "Re-enter password for verification:"
+ expect "Re-enter new password for $kkey@KRBTEST.COM :"
send "$kkey"
send "$KEY\r"
- expect "Database Addition Successful"
- expect -re "Command (.*):"
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:"
+ send "adminpass$KEY\r"
+ expect {
+ "principal $kkey@KRBTEST.COM added" { }
+ "Principal $kkey@KRBTEST.COM already exists" { }
+ }
+ expect "kadmin5:"
send "q\r"
- expect "Have a Good Day.\r"
+ expect "\r"
expect_after
if ![check_exit_status kadmin] {
return 0
global spawn_id
# Use kadmin to add an key.
- spawn $KADMIN -p 3750 krbtest@KRBTEST.COM
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM
expect_after {
timeout {
fail "kadmin $kkey"
return 0
}
}
- expect "Password for krbtest/admin@KRBTEST.COM:"
+ expect "kadmin5:"
+ send "ark $kkey@KRBTEST.COM\r"
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:"
send "adminpass$KEY\r"
- expect -re "Command (.*):"
- send "addrnd $kkey@KRBTEST.COM\r"
- expect "Database Addition Successful"
- expect -re "Command (.*):"
+ expect {
+ "principal $kkey@KRBTEST.COM added" { }
+ "Principal $kkey@KRBTEST.COM already exists" { }
+ }
+ expect "kadmin5:"
send "q\r"
- expect "Have a Good Day.\r"
+ expect "\r"
expect_after
if ![check_exit_status kadmin] {
return 0
projects / krb5.git / commitdiff