--- /dev/null
+RUNTEST = runtest
+RUNTESTFLAGS =
+
+check::
+ $(RUNTEST) --tool krb --srcdir $(srcdir) $(RUNTESTFLAGS)
--- /dev/null
+# Basic expect script for Kerberos tests.
+# This is a DejaGnu test script.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+# This script is automatically run by DejaGnu before running any of
+# the Kerberos test scripts.
+
+# This file provides several functions which deal with a local
+# Kerberos database. We have to do this such that we don't interfere
+# with any existing Kerberos database. We will create all the files
+# in the directory tmpdir, which will have been created by the
+# testsuite default script. We will use KRBTEST.COM as our Kerberos
+# realm name.
+
+# We do everything in a temporary directory.
+if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status}
+
+set tmppwd "[pwd]/tmpdir"
+
+# On Ultrix, use /bin/sh5 in preference to /bin/sh.
+if ![info exists BINSH] {
+ if [file exists /bin/sh5] {
+ set BINSH /bin/sh5
+ } else {
+ set BINSH /bin/sh
+ }
+}
+
+# For security, we must not use generally known passwords. This is
+# because some of the tests may be run as root. If the passwords were
+# generally know, then somebody could work out the appropriate
+# Kerberos ticket to use, and come in when, say, the telnetd daemon
+# was being tested by root. The window for doing this is very very
+# small, so the password does not have to be perfect, it just can't be
+# constant.
+if ![info exists KEY] {
+ catch {exec $BINSH -c "echo $$"} KEY
+ verbose "KEY is $KEY"
+}
+
+# Clear away any files left over from a previous run.
+# We can't use them now because we don't know the right KEY.
+catch "exec rm -f tmpdir/db.ok tmpdir/srvtab"
+
+# Put the installed kerberos directories on PATH.
+# This needs to be fixed for V5.
+# set env(PATH) $env(PATH):/usr/kerberos/bin:/usr/kerberos/etc
+# verbose "PATH=$env(PATH)"
+
+# Some of the tests expect $env(USER) to be set.
+if ![info exists env(USER)] {
+ if [info exists env(LOGNAME)] {
+ set env(USER) $env(LOGNAME)
+ } else {
+ if [info exists logname] {
+ set env(USER) $logname
+ } else {
+ catch "exec whoami" env(USER)
+ }
+ }
+}
+
+# Find some programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be ...tests/dejagnu.
+
+if ![info exists KDB5_CREATE] {
+ set KDB5_CREATE [findfile $objdir/../../admin/create/kdb5_create]
+}
+
+if ![info exists KDB5_STASH] {
+ set KDB5_STASH [findfile $objdir/../../admin/stash/kdb5_stash]
+}
+
+if ![info exists KDB5_EDIT] {
+ set KDB5_EDIT [findfile $objdir/../../admin/edit/kdb5_edit]
+}
+
+if ![info exists KRB5KDC] {
+ set KRB5KDC [findfile $objdir/../../kdc/krb5kdc]
+}
+
+if ![info exists KADMIND] {
+ set KADMIND [findfile $objdir/../../kadmin/server/kadmind]
+}
+
+if ![info exists KADMIN] {
+ set KADMIN [findfile $objdir/../../kadmin/client/kadmin]
+}
+
+if ![info exists KINIT] {
+ set KINIT [findfile $objdir/../../clients/kinit/kinit]
+}
+
+# We use a couple of variables to hold shell prompts which may be
+# overridden by the user.
+
+if ![info exists ROOT_PROMPT] {
+ set ROOT_PROMPT "(%|#|>|\\$) $"
+}
+
+if ![info exists SHELL_PROMPT] {
+ set SHELL_PROMPT "(%|#|>|\\$) $"
+}
+
+# check_k5login
+# Most of the tests won't work if the user has a .k5login file, unless
+# the user's name appears unadorned in .k5login (in which case kuserok
+# will assume a null instance and the local realm). This procedure
+# returns 1 if the .k5login file appears to be OK, 0 otherwise. This
+# check is not foolproof.
+
+proc check_k5login { testname } {
+ global env
+
+ if ![file exists ~/.k5login] {
+ return 1
+ }
+
+ set file [open ~/.k5login r]
+ while { [gets $file principal] != -1 } {
+ if { $principal == $env(USER) } {
+ close $file
+ return 1
+ }
+ }
+ close $file
+
+ untested "$testname test requires that your name appear in your ~/.k5login"
+ untested "file with no realm or instance."
+
+ return 0
+}
+
+# check_exit_status
+# Check the exit status of a spawned program. Returns 1 if the
+# program succeeded, 0 if it failed.
+
+proc check_exit_status { testname } {
+ global spawn_id
+
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list ($testname)"
+ catch "close -i $spawn_id"
+ if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
+ send_log "exit status: $status_list\n"
+ verbose "exit status: $status_list"
+ fail "$testname"
+ return 0
+ } else {
+ return 1
+ }
+}
+
+# get_hostname
+# This procedure will get the local hostname. It sets the global
+# variables hostname (the full name) and localhostname (the first part
+# of the name). Returns 1 on success, 0 on failure.
+
+proc get_hostname { } {
+ global hostname
+ global localhostname
+
+ if {[info exists hostname] && [info exists localhostname]} {
+ return 1
+ }
+
+ catch "exec hostname >tmpdir/hostname" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+ send_error "ERROR: can't get hostname\n"
+ return 0
+ }
+ set file [open tmpdir/hostname r]
+ if { [ gets $file hostname ] == -1 } {
+ send_error "ERROR: no output from hostname\n"
+ return 0
+ }
+ close $file
+ catch "exec rm -f tmpdir/hostname" exec_output
+ regexp "^\[^.\]*" $hostname localhostname
+ verbose "hostname: $hostname; localhostname: $localhostname"
+
+ return 1
+}
+
+# setup_kerberos_files
+# This procedure will create some Kerberos files which must be created
+# manually before trying to run any Kerberos programs. Returns 1 on
+# success, 0 on failure.
+
+proc setup_kerberos_files { } {
+ global hostname
+
+ if ![get_hostname] {
+ return 0
+ }
+
+ # Create a krb.conf file.
+ # We don't bother to do this for V5, we use an environment
+ # variable instead.
+ # if ![file exists tmpdir/krb.conf] {
+ # set conffile [open tmpdir/krb.conf w]
+ # puts $conffile "KRBTEST.COM"
+ # puts $conffile "KRBTEST.COM $hostname:3750 admin server"
+ # close $conffile
+ # }
+
+ # Create ACL file.
+ if ![file exists tmpdir/acl] {
+ set aclfile [open tmpdir/acl w]
+ puts $aclfile "krbtest/admin@KRBTEST.COM *"
+ close $aclfile
+ }
+
+ return 1
+}
+
+# Save the original values of the environment variables we are going
+# to muck with.
+
+#if [info exists env(KRB_CONF)] {
+# set orig_krb_conf $env(KRB_CONF)
+#} else {
+# catch "unset orig_krb_conf"
+#}
+
+if [info exists env(KRB5CCNAME)] {
+ set orig_krb5ccname $env(KRB5CCNAME)
+} else {
+ catch "unset orig_krb5ccname"
+}
+
+if [ info exists env(KRB5RCACHEDIR)] {
+ set orig_krb5rcachedir $env(KRB5RCACHEDIR)
+} else {
+ catch "unset orig_krb5rcachedir"
+}
+
+if [ info exists env(KERBEROS_SERVER)] {
+ set orig_kerberos_server $env(KERBEROS_SERVER)
+} else {
+ catch "unset orig_kerberos_server"
+}
+
+# setup_kerberos_env
+# Set the environment variables needed to run Kerberos programs.
+
+proc setup_kerberos_env { } {
+ global env
+ global tmppwd
+ global hostname
+
+ # Set the environment variable KRB_CONF to point to our krb.conf file.
+ # All the Kerberos tools check KRB_CONF.
+ # Actually, V5 doesn't currently use this.
+ # set env(KRB_CONF) $tmppwd/krb.conf
+ # verbose "KRB_CONF=$env(KRB_CONF)"
+
+ # Direct the Kerberos programs at a local ticket file.
+ set env(KRB5CCNAME) FILE:$tmppwd/tkt
+ verbose "KRB5CCNAME=$env(KRB5CCNAME)"
+
+ # Direct the Kerberos server at a cache file stored in the
+ # temporary directory.
+ set env(KRB5RCACHEDIR) $tmppwd
+ verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
+
+ # Tell the Kerberos tools how to contact the KRBTEST.COM server.
+ set env(KERBEROS_SERVER) "KRBTEST.COM:$hostname:3088"
+ verbose "KERBEROS_SERVER=$env(KERBEROS_SERVER)"
+
+ return 1
+}
+
+# Restore the Kerberos environment, in case setup_kerberos_env was
+# already called by an earlier test.
+
+proc restore_kerberos_env { } {
+ global env
+ global orig_krb_conf
+ global orig_krb5ccname
+ global orig_krb5rcachedir
+ global orig_kerberos_server
+
+ # if [info exists orig_krb_conf] {
+ # set env(KRB_CONF) $orig_krb_conf
+ # } else {
+ # catch "unset env(KRB_CONF)"
+ # }
+
+ if [info exists orig_krb5ccname] {
+ set env(KRB5CCNAME) $orig_krb5ccname
+ } else {
+ catch "unset env(KRB5CCNAME)"
+ }
+
+ if [info exists orig_krb5rcachedir] {
+ set env(KRB5RCACHEDIR) $orig_krb5rcachedir
+ } else {
+ catch "unset env(KRB5RCACHEDIR)"
+ }
+
+ if [info exists orig_kerberos_server] {
+ set env(KERBEROS_SERVER) $orig_kerberos_server
+ } else {
+ catch "unset env(KERBEROS_SERVER)"
+ }
+}
+
+# setup_kerberos_db
+# Initialize the Kerberos database. If the argument is non-zero, call
+# pass at relevant points. Returns 1 on success, 0 on failure.
+
+proc setup_kerberos_db { standalone } {
+ global KDB5_CREATE
+ global KDB5_STASH
+ global KDB5_EDIT
+ global KEY
+ global tmppwd
+ global spawn_id
+
+ if {!$standalone && [file exists tmpdir/db.ok]} {
+ return 1
+ }
+
+ catch "exec rm -f [glob -nocomplain tmpdir/db*]"
+
+ # Creating a new database means we need a new srvtab.
+ catch "exec rm -f tmpdir/srvtab"
+
+ if { ![setup_kerberos_files] || ![setup_kerberos_env] } {
+ return 0
+ }
+
+ spawn $KDB5_CREATE -r KRBTEST.COM -d $tmppwd/db
+ expect {
+ "Enter KDC database master key:" {
+ verbose "kdb5_create started"
+ }
+ timeout {
+ fail "kdb5_create"
+ return 0
+ }
+ eof {
+ fail "kdb5_create"
+ return 0
+ }
+ }
+ send "masterkey$KEY\r"
+ set failed 0
+ expect {
+ "Re-enter KDC database master key to verify:" { }
+ timeout {
+ fail "kdb5_create"
+ return 0
+ }
+ eof {
+ fail "kdb5_create"
+ return 0
+ }
+ }
+ send "masterkey$KEY\r"
+ expect {
+ -re "\[Cc\]ouldn't" {
+ fail "kdb5_create"
+ return 0
+ }
+ timeout {
+ fail "kdb5_create"
+ return 0
+ }
+ eof { }
+ }
+ if ![check_exit_status kdb5_create] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kdb5_create"
+ }
+
+ # Stash the master key in a file.
+ spawn $KDB5_STASH -f $tmppwd/stash -d $tmppwd/db -r KRBTEST.COM
+ expect {
+ "Enter KDC database master key:" {
+ verbose "kdb5_stash started"
+ }
+ timeout {
+ fail "kdb5_stash"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+ eof {
+ fail "kdb5_stash"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+ }
+ send "masterkey$KEY\r"
+ expect {
+ eof { }
+ timeout {
+ fail "kdb5_stash"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+ }
+ if ![check_exit_status kdb5_stash] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kdb5_stash"
+ }
+
+ # Add an admin user.
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after {
+ timeout {
+ catch "expect_after"
+ fail "kdb5_edit"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+ eof {
+ catch "expect_after"
+ fail "kdb5_edit"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+ }
+ expect {
+ "Enter KDC database master key" {
+ verbose "kdb5_edit started"
+ }
+ }
+ send "masterkey$KEY\r"
+ expect "kdb5_edit:"
+ send "ank krbtest/admin@KRBTEST.COM\r"
+ expect "Enter password:"
+ send "adminpass$KEY\r"
+ expect "Re-enter password for verification:"
+ send "adminpass$KEY\r"
+ expect "kdb5_edit:"
+ send "ark kadmin/KRBTEST.COM@KRBTEST.COM\r"
+ expect "kdb5_edit:"
+ send "quit\r"
+ expect "\r"
+ expect_after
+ if ![check_exit_status kdb5_edit] {
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok"
+ }
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kdb5_edit"
+ }
+
+ return 1
+}
+
+# start_kerberos_daemons
+# A procedure to build a Kerberos database and start up the kerberos
+# and kadmind daemons. This sets the global variables kdc_pid,
+# kdc_spawn_id, kadmind_pid, and kadmind_spawn_id. The procedure
+# stop_kerberos_daemons should be used to stop the daemons. If the
+# argument is non-zero, call pass at relevant points. Returns 1 on
+# success, 0 on failure.
+
+proc start_kerberos_daemons { standalone } {
+ global KRB5KDC
+ global KADMIND
+ global KEY
+ global kdc_pid
+ global kdc_spawn_id
+ global kadmind_pid
+ global kadmind_spawn_id
+ global tmppwd
+
+ if ![setup_kerberos_db 0] {
+ return 0
+ }
+
+ if {$standalone} {
+ catch "exec rm -f tmpdir/krb.log"
+ catch "exec rm -f tmpdir/kadmind.log"
+ }
+
+ # Start up the kerberos daemon
+ spawn $KRB5KDC -r KRBTEST.COM -p 3088 -d $tmppwd/db -m
+ set kdc_pid [exp_pid]
+ set kdc_spawn_id $spawn_id
+ expect {
+ "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ timeout {
+ fail "krb5kdc"
+ stop_kerberos_daemons
+ return 0
+ }
+ eof {
+ fail "krb5kdc"
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+ expect {
+ "\r" { }
+ timeout {
+ fail "krb5kdc"
+ stop_kerberos_daemons
+ return 0
+ }
+ eof {
+ fail "krb5kdc"
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+
+ if {$standalone} {
+ pass "krb5kdc"
+ }
+
+ # Give the kerberos daemon a few seconds to get set up.
+ catch "exec sleep 2"
+
+ # Start up the kadmind daemon
+ spawn $KADMIND -d $tmppwd/db -p 3750 -a $tmppwd/acl -m -r KRBTEST.COM
+ set kadmind_pid [exp_pid]
+ set kadmind_spawn_id $spawn_id
+ expect {
+ "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ timeout {
+ fail "kadmind"
+ stop_kerberos_daemons
+ return 0
+ }
+ eof {
+ fail "krb5kdc"
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+ expect {
+ "\r" { }
+ timeout {
+ fail "kadmind"
+ stop_kerberos_daemons
+ return 0
+ }
+ eof {
+ fail "kadmind"
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+
+ if {$standalone} {
+ pass "kadmind"
+ }
+
+ # Give the kadmind daemon a few seconds to get set up.
+ catch "exec sleep 2"
+
+ return 1
+}
+
+# stop_kerberos_daemons
+# Stop the kerberos daemons. Returns 1 on success, 0 on failure.
+
+proc stop_kerberos_daemons { } {
+ global kdc_pid
+ global kdc_spawn_id
+ global kadmind_pid
+ global kadmind_spawn_id
+
+ if [info exists kdc_pid] {
+ catch "close -i $kdc_spawn_id"
+ catch "exec kill $kdc_pid"
+ wait -i $kdc_spawn_id
+ unset kdc_pid
+ }
+
+ if [info exists kadmind_pid] {
+ catch "close -i $kadmind_spawn_id"
+ catch "exec kill $kadmind_pid"
+ wait -i $kadmind_spawn_id
+ unset kadmind_pid
+ }
+
+ return 1
+}
+
+# add_kerberos_key
+# Add an key to the Kerberos database. start_kerberos_daemons must be
+# called before this procedure. If the standalone argument is
+# non-zero, call pass at relevant points. Returns 1 on success, 0 on
+# failure.
+
+proc add_kerberos_key { kkey standalone } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ # Use kadmin to add an key.
+ spawn $KADMIN -p 3750 krbtest@KRBTEST.COM
+ expect_after {
+ timeout {
+ fail "kadmin $kkey"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin $kkey"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Password for krbtest/admin@KRBTEST.COM:"
+ send "adminpass$KEY\r"
+ expect -re "Command (.*):"
+ send "add $kkey@KRBTEST.COM\r"
+ expect {
+ "Enter password:" { }
+ "Principal Already Exists" {
+ expect -re "Command (.*):"
+ send "q\r"
+ expect "Have a Good Day.\r"
+ catch "expect_after"
+ if ![check_exit_status kadmin] {
+ return 0
+ }
+ return 1
+ }
+ }
+ send "$kkey"
+ send "$KEY\r"
+ expect "Re-enter password for verification:"
+ send "$kkey"
+ send "$KEY\r"
+ expect "Database Addition Successful"
+ expect -re "Command (.*):"
+ send "q\r"
+ expect "Have a Good Day.\r"
+ expect_after
+ if ![check_exit_status kadmin] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kadmin $kkey"
+ }
+
+ return 1
+}
+
+# add_random_key
+# Add a key with a random password to the Kerberos database.
+# start_kerberos_daemons must be called before this procedure. If the
+# standalone argument is non-zero, call pass at relevant points.
+# Returns 1 on success, 0 on failure.
+
+proc add_random_key { kkey standalone } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ # Use kadmin to add an key.
+ spawn $KADMIN -p 3750 krbtest@KRBTEST.COM
+ expect_after {
+ timeout {
+ fail "kadmin $kkey"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin $kkey"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Password for krbtest/admin@KRBTEST.COM:"
+ send "adminpass$KEY\r"
+ expect -re "Command (.*):"
+ send "addrnd $kkey@KRBTEST.COM\r"
+ expect "Database Addition Successful"
+ expect -re "Command (.*):"
+ send "q\r"
+ expect "Have a Good Day.\r"
+ expect_after
+ if ![check_exit_status kadmin] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kadmin $kkey"
+ }
+
+ return 1
+}
+
+# setup_srvtab
+# Set up a srvtab file. start_kerberos_daemons and add_random_key
+# host/$hostname must be called before this procedure. If the
+# argument is non-zero, call pass at relevant points. Returns 1 on
+# success, 0 on failure.
+
+proc setup_srvtab { standalone } {
+ global KDB5_EDIT
+ global KEY
+ global tmppwd
+ global hostname
+ global spawn_id
+
+ if {!$standalone && [file exists tmpdir/srvtab]} {
+ return 1
+ }
+
+ catch "exec rm -f tmpdir/srvtab tmpdir/srvtab.old"
+
+ if ![get_hostname] {
+ return 0
+ }
+
+ catch "exec rm -f $hostname-new-srvtab"
+
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after {
+ timeout {
+ fail "kdb5_edit srvtab"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/srvtab"
+ }
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kdb5_edit srvtab"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/srvtab"
+ }
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter KDC database master key"
+ send "masterkey$KEY\r"
+ expect "kdb5_edit:"
+ send "xst $hostname host\r"
+ expect "'host/$hostname@KRBTEST.COM' added to keytab"
+ expect "kdb5_edit:"
+ send "quit\r"
+ expect "\r"
+ expect_after
+ if ![check_exit_status "kdb5_edit srvtab"] {
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/srvtab"
+ }
+ return 0
+ }
+
+ catch "exec mv -f $hostname-new-srvtab tmpdir/srvtab" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+ send_error "ERROR: can't mv new srvtab\n"
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kdb5_edit srvtab"
+ }
+
+ # Make the srvtab file globally readable in case we are using a
+ # root shell and the srvtab is NFS mounted.
+ catch "exec chmod a+r tmpdir/srvtab"
+
+ return 1
+}
+
+# kinit
+# Use kinit to get a ticket. If the argument is non-zero, call pass
+# at relevant points. Returns 1 on success, 0 on failure.
+
+proc kinit { name pass standalone } {
+ global KINIT
+ global spawn_id
+
+ # Use kinit to get a ticket.
+ spawn $KINIT $name@KRBTEST.COM
+ expect {
+ "Password for $name@KRBTEST.COM:" {
+ verbose "kinit started"
+ }
+ timeout {
+ fail "kinit"
+ return 0
+ }
+ eof {
+ fail "kinit"
+ return 0
+ }
+ }
+ send "$pass\r"
+ # This last expect seems useless, but without it the test hangs on
+ # AIX.
+ expect {
+ "\r" { }
+ }
+ if ![check_exit_status kinit] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kinit"
+ }
+
+ return 1
+}
+
+# Set up a root shell using rlogin $hostname -l root. This is used
+# when testing the daemons that must be run as root, such as telnetd
+# or rlogind. This sets the global variables rlogin_spawn_id and
+# rlogin_pid. Returns 1 on success, 0 on failure.
+#
+# This procedure will only succeed if the person running the test has
+# a valid ticket for a name listed in the /.klogin file. Naturally,
+# Kerberos must already be installed on this machine. It's a pain,
+# but I can't think of a better approach.
+
+proc setup_root_shell { testname } {
+ global BINSH
+ global ROOT_PROMPT
+ global KEY
+ global hostname
+ global rlogin_spawn_id
+ global rlogin_pid
+ global tmppwd
+
+ # Make sure we are using the original values of the environment
+ # variables. This means that the caller must call
+ # setup_kerberos_env after calling this procedure.
+
+ restore_kerberos_env
+
+ if ![get_hostname] {
+ return 0
+ }
+
+ # If you have not installed Kerberos on your system, and you want
+ # to run these tests, you can do it if you are willing to put your
+ # root password in this file (this is not a very good idea, but
+ # it's safe enough if you disconnect from the network and remember
+ # to remove the password later). Change the rlogin in the next
+ # line to be /usr/ucb/rlogin (or whatever is appropriate for your
+ # system). Then change the lines after "word:" a few lines
+ # farther down to be
+ # send "rootpassword\r"
+ # exp_continue
+
+ spawn rlogin $hostname -l root
+ set rlogin_spawn_id $spawn_id
+ set rlogin_pid [exp_pid]
+ expect {
+ "word:" {
+ untested "$testname test requires ability to rlogin as root"
+ stop_root_shell
+ return 0
+ }
+ "Kerberos rlogin failed" {
+ untested "$testname test requires ability to rlogin as root"
+ stop_root_shell
+ return 0
+ }
+ eof {
+ untested "$testname test requires ability to rlogin as root"
+ stop_root_shell
+ return 0
+ }
+ -re "$ROOT_PROMPT" { }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ send_error "ERROR: If you have an unusual root prompt,\n"
+ send_error "ERROR: try running with ROOT_PROMPT=\"regexp\"\n"
+ stop_root_shell
+ return 0
+ }
+ }
+
+ expect_after {
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ stop_root_shell
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ stop_root_shell
+ catch "expect_after"
+ return 0
+ }
+ }
+
+ # Make sure the root shell is using /bin/sh.
+ send "$BINSH\r"
+ expect {
+ -re "$ROOT_PROMPT" { }
+ }
+
+ # Set up a shell variable tmppwd. The callers use this to keep
+ # command line lengths down. The command line length is important
+ # because we are feeding input to a shell via a pty. On some
+ # systems a pty will only accept 255 characters.
+ send "tmppwd=$tmppwd\r"
+ expect {
+ -re "$ROOT_PROMPT" { }
+ }
+
+ # Move over to the right directory.
+ set dir [pwd]
+ send "cd $dir\r"
+ expect {
+ -re "$ROOT_PROMPT" { }
+ "$dir:" {
+ send_error "ERROR: root shell can not cd to $dir\n"
+ stop_root_shell
+ return 0
+ }
+ }
+
+ expect_after
+
+ return 1
+}
+
+# Kill off a root shell started by setup_root_shell.
+
+proc stop_root_shell { } {
+ global rlogin_spawn_id
+ global rlogin_pid
+
+ catch "close -i $rlogin_spawn_id"
+ catch "exec kill $rlogin_pid"
+ catch "exec sleep 1"
+ catch "exec kill -9 $rlogin_pid"
+ catch "wait -i $rlogin_spawn_id"
+}
+
+# Check the date. The string will be the output of date on this
+# system, and we must make sure that it is in the same timezone as the
+# output of date run a second time. The first date will be run on an
+# rlogin or some such connection to the local system. This is to test
+# to make sure that the TZ environment variable is handled correctly.
+# Returns 1 on sucess, 0 on failure.
+
+proc check_date { date } {
+ catch "exec date" ndate
+ set atz ""
+ set ntz ""
+ scan $date "%s %s %d %d:%d:%d %s %d" adow amon adom ahr amn asc atz ayr
+ scan $ndate "%s %s %d %d:%d:%d %s %d" ndow nmon ndom nhr nmn nsc ntz nyr
+ if { $atz != $ntz } {
+ verbose "date check failed: $atz != $ntz"
+ send_log "date check failed: $atz != $ntz\n"
+ return 0
+ }
+ return 1
+}
--- /dev/null
+AC_INIT(Makefile.in)
+WITH_CCOPTS
+CONFIG_RULES
+AC_CONFIG_FRAGMENTS(.. ../.. ../../.. ../../../.. ../../../../.. ../../../../../..)
+AC_SUBST(BUILDTOP)
+BUILDTOP=[$]ac_reltopdir
+AC_PROG_INSTALL
+WITH_NETLIB
+KRB_INCLUDE
+WITH_KRB5ROOT
+V5_AC_OUTPUT_MAKEFILE
--- /dev/null
+# Kerberos rlogin test.
+# This is a DejaGnu test script.
+# This script tests Kerberos rlogin.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+
+# Find the programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be .../kerberos/src.
+
+if ![info exists RLOGIN] {
+ set RLOGIN [findfile $objdir/../../appl/bsd/rlogin]
+}
+
+if ![info exists KRLOGIND] {
+ set KRLOGIND [findfile $objdir/../../appl/bsd/krlogind]
+}
+
+if ![info exists LOGINKRB5] {
+ set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5]
+}
+
+# Start up a root shell.
+if ![setup_root_shell rlogin] {
+ return
+}
+
+# Make sure .k5login is reasonable.
+if ![check_k5login rlogin] {
+ stop_root_shell
+ return
+}
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ stop_root_shell
+ return
+}
+
+# A procedure to start up the rlogin daemon.
+
+proc start_rlogin_daemon { option } {
+ global KRLOGIND
+ global LOGINKRB5
+ global ROOT_PROMPT
+ global tmppwd
+ global hostname
+ global rlogin_spawn_id
+ global krlogind_pid
+
+ # The -p argument tells it to accept a single connection, so we
+ # don't need to use inetd. The 3543 is the port to listen at.
+ # Note that tmppwd here is a shell variable, which is set in
+ # setup_root_shell, not a TCL variable.
+ send -i $rlogin_spawn_id "$KRLOGIND -K -D 3543 -S \$tmppwd/srvtab -M KRBTEST.COM -L $LOGINKRB5 $option &\r"
+ expect {
+ -i $rlogin_spawn_id
+ -re "$ROOT_PROMPT" { }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+ send -i $rlogin_spawn_id "echo \$!\r"
+ expect {
+ -i $rlogin_spawn_id
+ -re "\[0-9\]+" {
+ set krlogind_pid $expect_out(0,string)
+ verbose "krlogind process ID is $krlogind_pid"
+ }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+ expect {
+ -i $rlogin_spawn_id
+ -re "$ROOT_PROMPT" { }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+
+ # Give the rlogin daemon a few seconds to get set up.
+ catch "exec sleep 2"
+}
+
+# A procedure to stop the rlogin daemon.
+
+proc stop_rlogin_daemon { } {
+ global krlogind_pid
+
+ if [info exists krlogind_pid] {
+ catch "exec kill $krlogind_pid"
+ unset krlogind_pid
+ }
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc rlogin_test { } {
+ global RLOGIN
+ global BINSH
+ global SHELL_PROMPT
+ global KEY
+ global hostname
+ global hostname
+ global env
+
+ # Start up the kerberos and kadmind daemons and get a srvtab and a
+ # ticket file.
+ if {![start_kerberos_daemons 0] \
+ || ![add_kerberos_key host/$hostname 0] \
+ || ![setup_srvtab 0] \
+ || ![add_kerberos_key $env(USER) 0] \
+ || ![kinit $env(USER) $env(USER)$KEY 0]} {
+ return
+ }
+
+ # Start up the rlogin daemon.
+ start_rlogin_daemon -K
+
+ # Make an rlogin connection.
+ spawn $RLOGIN $hostname -k KRBTEST.COM -D 3543
+
+ expect_after {
+ timeout {
+ fail "$testname (timeout)"
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "rlogin"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Switch to /bin/sh to try to avoid confusion from the shell
+ # prompt.
+ set testname "shell"
+ send "$BINSH\r"
+ expect -re "$SHELL_PROMPT"
+
+ set testname "date"
+ send "date\r"
+ expect "date"
+ expect {
+ -re "\[A-Za-z0-9 :\]+\[\r\n\]+" {
+ if [check_date $expect_out(0,string)] {
+ pass "date"
+ } else {
+ fail "date"
+ }
+ }
+ }
+ expect -re "$SHELL_PROMPT"
+
+ set testname "exit"
+ send "exit\r"
+ expect -re "$SHELL_PROMPT"
+ send "exit\r"
+ expect {
+ "Connection closed.\r" {
+ pass $testname
+ }
+ }
+
+ expect_after
+
+ if [check_exit_status "exit status"] {
+ pass "exit status"
+ }
+
+ # The rlogin daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_rlogin_daemon
+
+ # Try an encrypted connection.
+ start_rlogin_daemon -x
+ spawn $RLOGIN $hostname -x -k KRBTEST.COM -D 3543
+
+ expect_after {
+ timeout {
+ fail "$testname (timeout)"
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "encrypted rlogin"
+ expect "using DES encryption for all data transmissions"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Switch to /bin/sh to try to avoid confusion from the shell
+ # prompt.
+ set testname "shell"
+ send "$BINSH\r"
+ expect -re "$SHELL_PROMPT"
+
+ # Make sure the encryption is not destroying the text.
+ set testname "echo"
+ send "echo hello\r"
+ expect "echo hello"
+ expect "hello"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Send some characters which might cause an interrupt, and then
+ # make sure we can still talk to the shell.
+ set testname "interrupt characters"
+ send "\003\177\034\r"
+ expect -re "$SHELL_PROMPT"
+ send "echo hello\r"
+ expect "echo hello"
+ expect "hello"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ set testname "~."
+ send "~."
+ expect {
+ "Closed connection.\r" {
+ pass $testname
+ }
+ }
+
+ expect_after
+
+ if [check_exit_status "exit status"] {
+ pass "exit status"
+ }
+
+ # The rlogin daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_rlogin_daemon
+}
+
+# Run the test. Logging in sometimes takes a while, so increase the
+# timeout.
+set oldtimeout $timeout
+set timeout 60
+set status [catch rlogin_test msg]
+set timeout $oldtimeout
+
+# Shut down the kerberos daemons, the rlogin daemon, and the root
+# process.
+stop_kerberos_daemons
+
+stop_rlogin_daemon
+
+stop_root_shell
+
+if { $status != 0 } {
+ send_error "ERROR: error in rlogin.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
--- /dev/null
+# Kerberos telnet test.
+# This is a DejaGnu test script.
+# This script tests Kerberos telnet.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+
+# Find the programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be .../kerberos/src.
+
+if ![info exists TELNET] {
+ set TELNET [findfile $objdir/../../appl/telnet/telnet/telnet]
+}
+
+if ![info exists TELNETD] {
+ set TELNETD [findfile $objdir/../../appl/telnet/telnetd/telnetd]
+}
+
+if ![info exists LOGINKRB5] {
+ set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5]
+}
+
+# Start up a root shell.
+if ![setup_root_shell telnet] {
+ return
+}
+
+# Make sure .k5login is reasonable.
+if ![check_k5login rlogin] {
+ stop_root_shell
+ return
+}
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ stop_root_shell
+ return
+}
+
+# A procedure to start up the telnet daemon.
+
+proc start_telnet_daemon { } {
+ global TELNETD
+ global LOGINKRB5
+ global ROOT_PROMPT
+ global tmppwd
+ global hostname
+ global rlogin_spawn_id
+ global telnetd_pid
+
+ # The -debug argument tells it to accept a single connection, so
+ # we don't need to use inetd. The 3023 is the port to listen at.
+ # Note that tmppwd here is a shell variable, which is set in
+ # setup_root_shell, not a TCL variable.
+ send -i $rlogin_spawn_id "$TELNETD -debug -t \$tmppwd/srvtab -R KRBTEST.COM -L $LOGINKRB5 -X KERBEROS_V4 3023 &\r"
+ expect {
+ -i $rlogin_spawn_id
+ -re "$ROOT_PROMPT" { }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+ send -i $rlogin_spawn_id "echo \$!\r"
+ expect {
+ -i $rlogin_spawn_id
+ -re "\[0-9\]+" {
+ set telnetd_pid $expect_out(0,string)
+ verbose "telnetd process ID is $telnetd_pid"
+ }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+ expect {
+ -i $rlogin_spawn_id
+ -re "$ROOT_PROMPT" { }
+ timeout {
+ send_error "ERROR: timeout from rlogin $hostname -l root\n"
+ return
+ }
+ eof {
+ send_error "ERROR: eof from rlogin $hostname -l root\n"
+ return
+ }
+ }
+
+ # Give the telnet daemon a few seconds to get set up.
+ catch "exec sleep 2"
+}
+
+# A procedure to stop the telnet daemon.
+
+proc stop_telnet_daemon { } {
+ global telnetd_pid
+
+ if [info exists telnetd_pid] {
+ catch "exec kill $telnetd_pid"
+ unset telnetd_pid
+ }
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc telnet_test { } {
+ global TELNET
+ global BINSH
+ global SHELL_PROMPT
+ global KEY
+ global hostname
+ global localhostname
+ global env
+
+ # Start up the kerberos and kadmind daemons and get a srvtab and a
+ # ticket file.
+ if {![start_kerberos_daemons 0] \
+ || ![add_kerberos_key host/$hostname 0] \
+ || ![setup_srvtab 0] \
+ || ![add_kerberos_key $env(USER) 0] \
+ || ![kinit $env(USER) $env(USER)$KEY 0]} {
+ return
+ }
+
+ # Start up the telnet daemon.
+ start_telnet_daemon
+
+ # Start up our telnet connection. We first try it without
+ # authentication, so the daemon should prompt for a login.
+ spawn $TELNET $hostname -3023
+
+ expect_after {
+ timeout {
+ fail $testname
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail $testname
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "simple telnet"
+ expect {
+ "ogin:" {
+ pass $testname
+ }
+ }
+
+ # Move back to telnet command mode and make sure it seems
+ # reasonable.
+ set testname "telnet command mode"
+ send "\035"
+ expect {
+ "telnet>" {
+ pass $testname
+ }
+ }
+
+ set testname "telnet status"
+ send "status\r"
+ expect {
+ -re "Connected to $localhostname.*Operating in single character mode.*Catching signals locally.*Remote character echo.*flow control.*Escape character is '.\]'" {
+ pass $testname
+ }
+ }
+
+ set testname "back to command mode"
+ send "\035"
+ expect {
+ "telnet>" {
+ pass $testname
+ }
+ }
+
+ set testname "quit"
+ send "quit\r"
+ expect {
+ "Connection closed.\r" {
+ pass $testname
+ }
+ }
+
+ expect_after
+
+ if ![check_exit_status "exit status"] {
+ return
+ }
+
+ pass "exit status"
+
+ # The telnet daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_telnet_daemon
+
+ # Try an authenticated connection.
+ start_telnet_daemon
+ spawn $TELNET -a -k KRBTEST.COM $hostname -3023
+
+ expect_after {
+ timeout {
+ fail "$testname (timeout)"
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "authenticated telnet"
+ expect "Kerberos V5 accepts you"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Switch to /bin/sh to try to avoid confusion from the shell
+ # prompt.
+ set testname "shell"
+ send "$BINSH\r"
+ expect -re "$SHELL_PROMPT"
+
+ set testname "date"
+ send "date\r"
+ expect "date"
+ expect {
+ -re "\[A-Za-z0-9 :\]+\[\r\n\]+" {
+ if [check_date $expect_out(0,string)] {
+ pass "date"
+ } else {
+ fail "date"
+ }
+ }
+ }
+ expect -re "$SHELL_PROMPT"
+
+ set testname "exit"
+ send "exit\r"
+ expect -re "$SHELL_PROMPT"
+ send "exit\r"
+ expect {
+ "Connection closed by foreign host.\r" {
+ pass $testname
+ }
+ }
+
+ expect_after
+
+ # We can't use check_exit_status, because we expect an exit status
+ # of 1.
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list (klist)"
+ if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
+ send_log "exit status: $status_list\n"
+ verbose "exit status: $status_list"
+ fail "exit status"
+ } else {
+ pass "exit status"
+ }
+
+ # The telnet daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_telnet_daemon
+
+ # Try an authenticated encrypted connection.
+ start_telnet_daemon
+ spawn $TELNET -a -x -k KRBTEST.COM $hostname -3023
+
+ expect_after {
+ timeout {
+ fail $testname
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail $testname
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "encrypted telnet"
+ expect "Kerberos V5 accepts you"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Make sure the encryption is not destroying the text.
+ set testname "echo"
+ send "echo hello\r"
+ expect "echo hello"
+ expect "hello"
+ expect {
+ -re "$SHELL_PROMPT" {
+ pass $testname
+ }
+ }
+
+ # Move back to telnet command mode and check the encryption status.
+ set testname "encryption status"
+ send "\035"
+ expect "telnet>"
+ send "status\r"
+ expect {
+ -re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" {
+ pass $testname
+ }
+ }
+
+ set testname "exit status"
+ send "exit\r"
+ expect "Connection closed by foreign host.\r"
+
+ expect_after
+
+ # We can't use check_exit_status, because we expect an exit status
+ # of 1.
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list (klist)"
+ if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
+ send_log "exit status: $status_list\n"
+ verbose "exit status: $status_list"
+ fail "exit status"
+ } else {
+ pass "exit status"
+ }
+
+ # The telnet daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_telnet_daemon
+}
+
+# Run the test. Logging in sometimes takes a while, so increase the
+# timeout.
+set oldtimeout $timeout
+set timeout 60
+set status [catch telnet_test msg]
+set timeout $oldtimeout
+
+# Shut down the kerberos daemons, the telnet daemon, and the rlogin
+# process.
+stop_kerberos_daemons
+
+stop_telnet_daemon
+
+stop_root_shell
+
+if { $status != 0 } {
+ send_error "ERROR: error in telnet.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
--- /dev/null
+# Kerberos rcp test.
+# This is a DejaGnu test script.
+# This script tests Kerberos rcp.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+
+# Find the programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be .../kerberos/src.
+
+if ![info exists RCP] {
+ set RCP [findfile $objdir/../../appl/bsd/rcp]
+}
+
+if ![info exists KRSHD] {
+ set KRSHD [findfile $objdir/../../appl/bsd/krshd]
+}
+
+# Make sure .k5login is reasonable.
+if ![check_k5login rcp] {
+ return
+}
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ return
+}
+
+# A procedure to start up the rsh daemon (rcp talks to the rsh
+# daemon).
+
+proc start_rsh_daemon { } {
+ global KRSHD
+ global RCP
+ global tmppwd
+ global krshd_spawn_id
+ global krshd_pid
+
+ # The -D argument tells it to accept a single connection, so we
+ # don't need to use inetd. The 3544 is the port to listen at.
+ spawn $KRSHD -K -D 3544 -P [file dirname $RCP] -S $tmppwd/srvtab -M KRBTEST.COM
+ set krshd_spawn_id $spawn_id
+ set krshd_pid [exp_pid]
+
+ # Give the rsh daemon a few seconds to get set up.
+ catch "exec sleep 2"
+}
+
+# A procedure to stop the rsh daemon.
+
+proc stop_rsh_daemon { } {
+ global krshd_spawn_id
+ global krshd_pid
+
+ if [info exists krshd_pid] {
+ catch "close -i $krshd_spawn_id"
+ catch "exec kill $krshd_pid"
+ catch "wait -i $krshd_spawn_id"
+ unset krshd_pid
+ }
+}
+
+# Create a file to use for rcp testing.
+set file [open tmpdir/rcp-test w]
+puts $file "This file is used for rcp testing."
+close $file
+
+# Test that a file was copied correctly.
+proc check_file { filename } {
+ if ![file exists $filename] {
+ verbose "$filename does not exist"
+ send_log "$filename does not exist\n"
+ return 0
+ }
+
+ set file [open $filename r]
+ if { [gets $file line] == -1 } {
+ verbose "$filename is empty"
+ send_log "$filename is empty\n"
+ close $file
+ return 0
+ }
+
+ if ![string match "This file is used for rcp testing." $line] {
+ verbose "$filename contains $line"
+ send_log "$filename contains $line\n"
+ close $file
+ return 0
+ }
+
+ if { [gets $file line] != -1} {
+ verbose "$filename is too long ($line)"
+ send_log "$filename is too long ($line)\n"
+ close $file
+ return 0
+ }
+
+ close $file
+
+ return 1
+}
+
+# Test copying one file to another.
+proc rcp_one_test { testname options frompref topref } {
+ global RCP
+ global tmppwd
+
+ send_log "rm -f tmpdir/copy\n"
+ verbose "exec rm -f tmpdir/copy"
+ catch "exec rm -f tmpdir/copy"
+
+ set from [format "%s%s" $frompref $tmppwd/rcp-test]
+ set to [format "%s%s" $topref $tmppwd/copy]
+
+ send_log "$RCP $options -D 3544 -N -k KRBTEST.COM $from $to\n"
+ verbose "$RCP $options -D 3544 -N -k KRBTEST.COM $from $to"
+ catch "exec $RCP $options -D 3544 -N -k KRBTEST.COM $from $to" exec_output
+
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose "$exec_output"
+ fail $testname
+ return 0
+ }
+
+ if ![check_file tmpdir/copy] {
+ fail $testname
+ return 0
+ }
+
+ pass $testname
+
+ return 1
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc rcp_test { } {
+ global RCP
+ global KEY
+ global hostname
+ global hostname
+ global env
+
+ # Start up the kerberos and kadmind daemons and get a srvtab and a
+ # ticket file.
+ if {![start_kerberos_daemons 0] \
+ || ![add_kerberos_key host/$hostname 0] \
+ || ![setup_srvtab 0] \
+ || ![add_kerberos_key $env(USER) 0] \
+ || ![kinit $env(USER) $env(USER)$KEY 0]} {
+ return
+ }
+
+ rcp_one_test "local rcp" "" "" ""
+
+ start_rsh_daemon
+ rcp_one_test "rcp from" "" "$hostname:" ""
+ stop_rsh_daemon
+
+ start_rsh_daemon
+ rcp_one_test "rcp to" "" "" "$hostname:"
+ stop_rsh_daemon
+
+ # Doing rcp between two hosts actually just executes rsh rcp on
+ # the source. We could test this, but we're not set up for it
+ # right now. Also, it's pretty much covered by the other rcp
+ # tests and by the rsh tests.
+ # start_rsh_daemon
+ # rcp_one_test "rcp between" "" "$hostname:" "$hostname:"
+ # stop_rsh_daemon
+
+ setup_xfail "*-*-*"
+ start_rsh_daemon
+ rcp_one_test "encrypted rcp from" "-x" "$hostname:" ""
+ stop_rsh_daemon
+
+ setup_xfail "*-*-*"
+ start_rsh_daemon
+ rcp_one_test "encrypted rcp to" "-x" "" "$hostname:"
+ stop_rsh_daemon
+
+ # Doing rcp between two hosts actually just executes rsh rcp on
+ # the source. We could test this, but we're not set up for it
+ # right now. Also, it's pretty much covered by the other rcp
+ # tests and by the rsh tests.
+ # start_rsh_daemon
+ # rcp_one_test "encrypted rcp between" "-x" "$hostname:" "$hostname:"
+ # stop_rsh_daemon
+}
+
+# Run the test.
+set status [catch rcp_test msg]
+
+# Shut down the kerberos daemons and the rsh daemon.
+stop_kerberos_daemons
+
+stop_rsh_daemon
+
+if { $status != 0 } {
+ send_error "ERROR: error in rcp.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
--- /dev/null
+# Kerberos rsh test.
+# This is a DejaGnu test script.
+# This script tests Kerberos rsh.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+
+# Find the programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be .../kerberos/src.
+
+if ![info exists RSH] {
+ set RSH [findfile $objdir/../../appl/bsd/rsh]
+}
+
+if ![info exists KRSHD] {
+ set KRSHD [findfile $objdir/../../appl/bsd/krshd]
+}
+
+# Make sure .k5login is reasonable.
+if ![check_k5login rsh] {
+ return
+}
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ return
+}
+
+# A procedure to start up the rsh daemon.
+
+proc start_rsh_daemon { option } {
+ global KRSHD
+ global tmppwd
+ global krshd_spawn_id
+ global krshd_pid
+
+ # The -D argument tells it to accept a single connection, so we
+ # don't need to use inetd. The 3544 is the port to listen at.
+ spawn $KRSHD -K -D 3544 -S $tmppwd/srvtab -M KRBTEST.COM -A $option
+ set krshd_spawn_id $spawn_id
+ set krshd_pid [exp_pid]
+
+ # Give the rsh daemon a few seconds to get set up.
+ catch "exec sleep 2"
+}
+
+# A procedure to stop the rsh daemon.
+
+proc stop_rsh_daemon { } {
+ global krshd_spawn_id
+ global krshd_pid
+
+ if [info exists krshd_pid] {
+ catch "close -i $krshd_spawn_id"
+ catch "exec kill $krshd_pid"
+ catch "wait -i $krshd_spawn_id"
+ unset krshd_pid
+ }
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc rsh_test { } {
+ global RSH
+ global KEY
+ global BINSH
+ global hostname
+ global env
+ global spawn_id
+
+ # Start up the kerberos and kadmind daemons and get a srvtab and a
+ # ticket file.
+ if {![start_kerberos_daemons 0] \
+ || ![add_kerberos_key host/$hostname 0] \
+ || ![setup_srvtab 0] \
+ || ![add_kerberos_key $env(USER) 0] \
+ || ![kinit $env(USER) $env(USER)$KEY 0]} {
+ return
+ }
+
+ # Start up the rsh daemon.
+ start_rsh_daemon -K
+
+ # Run rsh date.
+ set testname "date"
+ spawn $RSH $hostname -k KRBTEST.COM -D 3544 -A date
+ expect {
+ -re "\[A-Za-z0-9 :\]+\[\r\n\]+$" {
+ set result $expect_out(0,string)
+ }
+ timeout {
+ fail "$testname (timeout)"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ return
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return
+ }
+
+ if [check_date $result] {
+ pass $testname
+ } else {
+ fail $testname
+ }
+
+ # The rsh daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_rsh_daemon
+
+ # Check encrypted rsh.
+ set failed no
+ start_rsh_daemon -x
+ set testname "encrypted rsh"
+ spawn $RSH $hostname -x -k KRBTEST.COM -D 3544 -A echo hello
+ expect {
+ "hello" { }
+ timeout {
+ fail "$testname (timeout)"
+ set failed yes
+ }
+ eof {
+ fail "$testname (eof)"
+ set failed yes
+ }
+ }
+
+ if { $failed == "no" } {
+ if ![check_exit_status $testname] {
+ return
+ }
+ pass $testname
+ } else {
+ catch "wait -i $spawn_id"
+ catch "close -i $spawn_id"
+ stop_rsh_daemon
+ }
+
+ # Check stderr
+ start_rsh_daemon -K
+ set testname "rsh to stderr"
+ spawn $RSH $hostname -k KRBTEST.COM -D 3544 -A $BINSH -c "'echo hello 1>&2'"
+ expect {
+ "hello" { }
+ timeout {
+ fail "$testname (timeout)"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ return
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return
+ }
+
+ pass $testname
+
+ start_rsh_daemon -x
+ set testname "encrypted rsh to stderr"
+ spawn $RSH $hostname -x -k KRBTEST.COM -D 3544 -A $BINSH -c "'echo hello 1>&2'"
+ expect {
+ "hello" { }
+ timeout {
+ fail "$testname (timeout)"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ return
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return
+ }
+
+ pass $testname
+
+ # The rsh daemon should have stopped, but we have no easy way
+ # of checking whether it actually did. Kill it just in case.
+ stop_rsh_daemon
+}
+
+# Run the test.
+set status [catch rsh_test msg]
+
+# Shut down the kerberos daemons and the rsh daemon.
+stop_kerberos_daemons
+
+stop_rsh_daemon
+
+if { $status != 0 } {
+ send_error "ERROR: error in rsh.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
--- /dev/null
+# Standalone Kerberos test.
+# This is a DejaGnu test script.
+# This script tests that the Kerberos tools can talk to each other.
+
+# This mostly just calls procedures in testsuite/config/default.exp.
+
+if ![info exists KLIST] {
+ set KLIST [findfile $objdir/../../clients/klist/klist]
+}
+
+if ![info exists KDESTROY] {
+ set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+# Set up the Kerberos files and environment.
+if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ return
+}
+
+# Initialize the Kerberos database. The argument tells
+# setup_kerberos_db that it is being called from here.
+if ![setup_kerberos_db 1] {
+ return
+}
+
+# We are about to start up a couple of daemon processes. We do all
+# the rest of the tests inside a proc, so that we can easily kill the
+# processes when the procedure ends.
+
+proc doit { } {
+ global KLIST
+ global KDESTROY
+ global KEY
+ global hostname
+ global tmppwd
+ global spawn_id
+
+ # Start up the kerberos and kadmind daemons.
+ if ![start_kerberos_daemons 1] {
+ return
+ }
+
+ # Use kadmin to add an host key.
+ if ![add_random_key host/$hostname 1] {
+ return
+ }
+
+ # Use ksrvutil to create a srvtab entry.
+ if ![setup_srvtab 1] {
+ return
+ }
+
+ # Use kinit to get a ticket.
+ if ![kinit krbtest/admin adminpass$KEY 1] {
+ return
+ }
+
+ # Make sure that klist can see the ticket.
+ spawn $KLIST
+ expect {
+ -re "Ticket cache:\[ \]*$tmppwd/tkt.*Default principal:\[ \]*krbtest/admin@KRBTEST.COM.*krbtgt/KRBTEST.COM@KRBTEST.COM" {
+ verbose "klist started"
+ }
+ timeout {
+ fail "klist"
+ return
+ }
+ eof {
+ fail "klist"
+ return
+ }
+ }
+ if ![check_exit_status "klist"] {
+ return
+ }
+ pass "klist"
+
+ # Destroy the ticket.
+ spawn $KDESTROY
+ if ![check_exit_status "kdestroy"] {
+ return
+ }
+ pass "kdestroy"
+
+ # Double check that the ticket was destroyed.
+ spawn $KLIST
+ expect {
+ -re "klist: No credentials cache file found.*\r" {
+ verbose "klist started"
+ }
+ timeout {
+ fail "klist after kdestroy"
+ return
+ }
+ eof {
+ fail "klist after kdestroy"
+ return
+ }
+ }
+ # We can't use check_exit_status, because we expect an exit status
+ # of 1.
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list (klist)"
+ if { [lindex $status_list 2] != 0 } {
+ fail "klist (bad exit status) $status_list"
+ return
+ } else { if { [lindex $status_list 3] != 1 } {
+ fail "klist (bad exit status) $status_list"
+ return
+ } else {
+ pass klist
+ } }
+}
+
+set status [catch doit msg]
+
+stop_kerberos_daemons
+
+if { $status != 0 } {
+ send_error "ERROR: error in standalone.exp\n"
+ send_error "$msg\n"
+ exit 1
+}