--- /dev/null
+# Kerberos kadmin test.
+# This is a DejaGnu test script.
+# This script tests Kerberos kadmin5 using kdb5_edit as verification.
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ return
+}
+
+# find kpasswd
+if ![info exists KPASSWD] {
+ set KPASSWD [findfile $objdir/../../kadmin/kpasswd/kpasswd]
+}
+
+# find kdestroy
+if ![info exists KDESTROY] {
+ set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+#++
+# kadmin_add - Test add new v5 principal function of kadmin.
+#
+# Adds principal $pname with password $password. Returns 1 on success.
+#--
+proc kadmin_add { pname password } {
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+ global kadmind_spawn_id
+
+ set good 0
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM ank $pname
+ expect_after {
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter new password for $pname :" { send "$password\r" }
+ expect "Re-enter new password for $pname :" { send "$password\r" }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname added" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
+ catch "close -i $spawn_id"
+ #
+ # Read the kadmind message too. It checks the operation of kadmind,
+ # and also, on some systems the write to standard error will block if
+ # too many messages back up.
+ #
+ expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after { -i $spawn_id
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect -i $spawn_id "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect {
+ -re "Name: $pname@KRBTEST.COM\r\nKey version: 1\r\n.*Last modified by krbtest/kadmin5@KRBTEST.COM.*Salt: 0.*Alt salt: 0" {
+ set good 1
+ }
+ }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_addv4 - Test add new v4 principal subfunction of kadmin.
+#
+# Adds principal $pname with $password with V4 salt. Returns 1 on success.
+#--
+proc kadmin_addv4 { pname password } {
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+ global kadmind_spawn_id
+
+ set good 0
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM ank $pname salttype=v4
+ expect_after {
+ timeout {
+ fail "kadmin addv4 $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin addv4 $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter new password for $pname :" { send "$password\r" }
+ expect "Re-enter new password for $pname :" { send "$password\r" }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname added" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin addv4)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that a principal was created and that its
+ # salt types are 1 (v4).
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after { -i $spawn_id
+ timeout {
+ fail "kadmin addv4 $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin addv4 $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect -i $spawn_id "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect {
+ -re "Name: $pname@KRBTEST.COM\r\nKey version: 1\r\n.*Last modified by krbtest/kadmin5@KRBTEST.COM.*Salt: 1.*Alt salt: 1" {
+ set good 1
+ }
+ }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin addv4 $pname"
+ return 1
+ }
+ else {
+ fail "kadmin addv4 $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin addv4 $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_add_rnd - Test add new v5 principal with random key function.
+#
+# Adds principal $pname with random key. Returns 1 on success.
+#--
+proc kadmin_add_rnd { pname } {
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+ global kadmind_spawn_id
+
+ set good 0
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM ark $pname
+ expect_after {
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname added" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after { -i $spawn_id
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect -i $spawn_id "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect {
+ -re "Name: $pname@KRBTEST.COM\r\nKey version: 1\r\n.*Last modified by krbtest/kadmin5@KRBTEST.COM.*Salt: 0.*Alt salt: 0" {
+ set good 1
+ }
+ }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add_rnd $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_show - Test show principal function of kadmin.
+#
+# Retrieves entry for $pname. Returns 1 on success.
+#--
+proc kadmin_show { pname } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM show $pname
+ expect_after {
+ timeout {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:"
+ send "adminpass$KEY\r"
+ expect -re "\r.*-*Principal: $pname.*Last modified by: .*Flags:.*-*"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
+ catch "close -i $spawn_id"
+ pass "kadmin show $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw - Test change password function of kadmin
+#
+# Change password of $pname to $password. Returns 1 on success.
+#--
+proc kadmin_cpw { pname password } {
+ global KADMIN
+ global KEY
+ global spawn_id
+ global kadmind_spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM cpw $pname
+ expect_after {
+ timeout {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter new password for $pname:" { send "$password\r" }
+ expect "Re-enter new password for $pname:" { send "$password\r" }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "password changed for $pname"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Change Password operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ pass "kadmin cpw $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw_rnd - Test change random key function of kadmin.
+#
+# Changes principal $pname's key to a new random key. Returns 1 on success.
+#--
+proc kadmin_cpw_rnd { pname } {
+ global KADMIN
+ global KEY
+ global spawn_id
+ global kadmind_spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM crk $pname
+ expect_after {
+ timeout {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "password changed for $pname"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Change Random Password operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ pass "kadmin cpw_rnd $pname"
+ return 1
+}
+
+#++
+# kadmin_modify - Test modify principal function of kadmin.
+#
+# Modifies principal $pname with flags $flags. Returns 1 on success.
+#--
+proc kadmin_modify { pname flags } {
+ global KADMIN
+ global KEY
+ global spawn_id
+ global kadmind_spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM modent $pname $flags
+ expect_after {
+ timeout {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:"
+ send "adminpass$KEY\r"
+ expect "principal $pname modified"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Modify Principal operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ pass "kadmin modify $pname"
+ return 1
+}
+
+#++
+# kadmin_rename - Test rename function of kadmin.
+#
+# Rename principal $pname to $npname. Returns 1 on success.
+#--
+proc kadmin_rename { pname npname } {
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+ global kadmind_spawn_id
+
+ set good 0
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM renent -force $pname $npname
+ expect_after {
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname renamed to $npname" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Rename Principal operation from $pname to $npname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the new principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after { -i $spawn_id
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect -i $spawn_id "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ expect "kdb5_edit:" { send "show $npname\r" }
+ expect {
+ -re "Name: $npname@KRBTEST.COM\r\n.*Last modified by krbtest/kadmin5@KRBTEST.COM.*Salt: 0.*Alt salt: 0" {
+ set good 1
+ }
+ }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the old principal is not present.
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after {
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "Enter KDC database master key" { send "masterkey$KEY\r" }
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Principal $pname not found" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin renent $pname $npname"
+ return 1
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+}
+
+#++
+# kadmin_list - Test list database function of kadmin.
+#
+# Lists the database and verifies that output matches regular expression
+# "(.*@KRBTEST.COM)*". Returns 1 on success.
+#--
+proc kadmin_list { } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM ldb
+ expect_after {
+ timeout {
+ fail "kadmin ldb"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin ldb"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect -re "\(.*@KRBTEST.COM\r\n\)*"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin list)"
+ catch "close -i $spawn_id"
+ pass "kadmin ldb"
+ return 1
+}
+
+#++
+# kadmin_extract - Test extract service key function of kadmin.
+#
+# Extracts service key for service name $name instance $instance. Returns
+# 1 on success.
+#--
+proc kadmin_extract { instance name } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM xst $instance $name
+ expect_after {
+ timeout {
+ fail "kadmin xst $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin xst $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "extracted entry $name to key table $instance-new-srvtab"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
+ catch "close -i $spawn_id"
+ catch "exec rm -f $instance-new-srvtab"
+ pass "kadmin xst $instance $name"
+ return 1
+}
+
+#++
+# kadmin_extractv4 - Test extract service key in v4 format function of
+# kadmin.
+#
+# Extracts service key for service name $name instance $instance in version
+# 4 format. Returns 1 on success.
+#--
+proc kadmin_extractv4 { instance name } {
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM xst4 $instance $name
+ expect_after {
+ timeout {
+ fail "kadmin xst4 $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin xst4 $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "extracted entry $name to key table $instance-new-v4-srvtab"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
+ catch "close -i $spawn_id"
+ catch "exec rm -f $instance-new-v4-srvtab"
+ pass "kadmin xst4 $instance $name"
+ return 1
+}
+
+#++
+# kadmin_delete - Test delete principal function of kadmin.
+#
+# Deletes principal $pname. Returns 1 on success.
+#--
+proc kadmin_delete { pname } {
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+ global kadmind_spawn_id
+
+ set good 0
+ spawn $KADMIN -m -p krbtest/kadmin5@KRBTEST.COM delent -force $pname
+ expect_after {
+ timeout {
+ fail "kadmin delent $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin delent $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password for krbtest/kadmin5@KRBTEST.COM:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname deleted" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin delent)"
+ catch "close -i $spawn_id"
+ expect -i $kadmind_spawn_id "Delete Principal operation for $pname successfully issued by krbtest/kadmin5@KRBTEST.COM"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the old principal is not present.
+ #
+ spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM
+ expect_after { -i $spawn_id
+ timeout {
+ fail "kadmin delent $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin delent $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect -i $spawn_id "Enter KDC database master key" {
+ send "masterkey$KEY\r"
+ }
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Principal $pname not found" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin delent $pname"
+ return 1
+ }
+ else {
+ fail "kadmin delent $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin delent $pname"
+ return 0
+ }
+}
+
+#++
+# kpasswd_cpw - Test password changing using kpasswd.
+#
+# Change $princ's password from $opw to $npw. Returns 1 on success.
+#--
+proc kpasswd_cpw { princ opw npw } {
+ global KPASSWD
+ global kadmind_spawn_id
+
+ spawn $KPASSWD -u $princ
+ expect_after {
+ timeout {
+ fail "kpasswd $princ $npw"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kpasswd $princ $npw"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter old password for $princ:" { send "$opw\r" }
+ expect "Enter new password:" { send "$npw\r" }
+ expect "Re-enter new password:" { send "$npw\r" }
+ expect -i $kadmind_spawn_id "changed password for $princ"
+ if ![check_exit_status "kpasswd"] {
+ fail "kpasswd $princ $npw"
+ return 0
+ }
+ pass "kpasswd $princ $npw"
+ return 1
+}
+
+#++
+# kdestroy
+#--
+proc kdestroy { } {
+ global KDESTROY
+
+ spawn $KDESTROY
+ if ![check_exit_status "kdestroy"] {
+ return 0
+ }
+ return 1
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc kadmin_test { } {
+
+ # Start up the kerberos and kadmind daemons
+ if {![start_kerberos_daemons 0] } {
+ return
+ }
+
+ # Test basic kadmin functions.
+ if {![kadmin_add v5principal/instance1 v5principal] \
+ || ![kadmin_addv4 v4principal/instance2 v4principal] \
+ || ![kadmin_add_rnd v5random] \
+ || ![kadmin_show v5principal/instance1] \
+ || ![kadmin_show v4principal/instance2] \
+ || ![kadmin_show v5random] \
+ || ![kadmin_cpw v5principal/instance1 faroutman] \
+ || ![kadmin_cpw v4principal/instance2 honkydory] \
+ || ![kadmin_cpw_rnd v5random] \
+ || ![kadmin_modify v5random -allow_tickets] \
+ || ![kadmin_modify v5random +allow_tickets] \
+ || ![kadmin_rename v5random randomkey] \
+ || ![kadmin_show randomkey] \
+ || ![kadmin_list] \
+ || ![kadmin_extract instance1 v5principal] \
+ || ![kadmin_extractv4 instance2 v4principal] \
+ || ![kadmin_delete randomkey] \
+ || ![kadmin_delete v4principal/instance2] \
+ || ![kadmin_delete v5principal/instance1]} {
+ return
+ }
+
+ # now test kpasswd
+ if {![kadmin_add testprinc/instance thisisatest] \
+ || ![kpasswd_cpw testprinc/instance thisisatest anothertest] \
+ || ![kpasswd_cpw testprinc/instance anothertest goredsox] \
+ || ![kadmin_delete testprinc/instance]} {
+ return
+ }
+
+ # now test that we can kinit with principals/passwords.
+ if {![kadmin_add testprinc1/instance thisisatest] \
+ || ![kinit testprinc1/instance thisisatest 0] \
+ || ![kdestroy] \
+ || ![kpasswd_cpw testprinc1/instance thisisatest anothertest] \
+ || ![kinit testprinc1/instance anothertest 0] \
+ || ![kdestroy] \
+ || ![kpasswd_cpw testprinc1/instance anothertest goredsox] \
+ || ![kinit testprinc1/instance goredsox 0] \
+ || ![kdestroy] \
+ || ![kadmin_cpw testprinc1/instance betterwork] \
+ || ![kinit testprinc1/instance betterwork 0] \
+ || ![kdestroy] \
+ || ![kadmin_delete testprinc1/instance]} {
+ return
+ }
+
+ verbose "kadmin_test succeeded"
+}
+
+# Run the test.
+set status [catch kadmin_test msg]
+
+# Shut down the kerberos daemons and the rsh daemon.
+stop_kerberos_daemons
+
+if { $status != 0 } {
+ send_error "ERROR: error in kadmin.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
projects / krb5.git / commitdiff