--- /dev/null
+# Kerberos ftp test.
+# This is a DejaGnu test script.
+# This script tests Kerberos ftp.
+# Originally written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+# Modified bye Ezra Peisach for GSSAPI support.
+
+# Find the programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be .../kerberos/build/tests/dejagnu
+
+if ![info exists FTP] {
+ set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp]
+}
+
+if ![info exists FTPD] {
+ set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd]
+}
+
+# If we do not have what is for a V4 test - return
+if ![v4_compatible_enctype] {
+ return
+}
+
+# Make sure .klogin is reasonable.
+if ![check_k5login ftp] {
+ return
+}
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ return
+}
+
+# A procedure to start up the ftp daemon.
+
+proc start_ftp_daemon { } {
+ global FTPD
+ global tmppwd
+ global ftpd_spawn_id
+ global ftpd_pid
+
+ # The -p argument tells it to accept a single connection, so we
+ # don't need to use inetd. The 3021 is the port to listen at.
+ # We rely on KRB5_KTNAME being set to the proper keyfile as there is
+ # no way to cleanly set it with the gssapi API.
+ spawn $FTPD -p 3021 -r $tmppwd/krb.conf
+ set ftpd_spawn_id $spawn_id
+ set ftpd_pid [exp_pid]
+
+ # Give the ftp daemon a few seconds to get set up.
+ catch "exec sleep 2"
+}
+
+# A procedure to stop the ftp daemon.
+
+proc stop_ftp_daemon { } {
+ global ftpd_spawn_id
+ global ftpd_pid
+
+ if [info exists ftpd_pid] {
+ catch "close -i $ftpd_spawn_id"
+ catch "exec kill $ftpd_pid"
+ catch "wait -i $ftpd_spawn_id"
+ unset ftpd_pid
+ }
+}
+
+# Create a file to use for ftp testing.
+set file [open tmpdir/ftp-test w]
+puts $file "This file is used for ftp testing."
+close $file
+
+# Test that a file was copied correctly.
+proc check_file { filename } {
+ if ![file exists $filename] {
+ verbose "$filename does not exist"
+ send_log "$filename does not exist\n"
+ return 0
+ }
+
+ set file [open $filename r]
+ if { [gets $file line] == -1 } {
+ verbose "$filename is empty"
+ send_log "$filename is empty\n"
+ close $file
+ return 0
+ }
+
+ if ![string match "This file is used for ftp testing." $line] {
+ verbose "$filename contains $line"
+ send_log "$filename contains $line\n"
+ close $file
+ return 0
+ }
+
+ if { [gets $file line] != -1} {
+ verbose "$filename is too long ($line)"
+ send_log "$filename is too long ($line)\n"
+ close $file
+ return 0
+ }
+
+ close $file
+
+ return 1
+}
+
+#
+# Restore environment variables possibly set.
+#
+proc ftp_restore_env { } {
+ global env
+ global ftp_save_ktname
+
+ catch "unset env(KRB5_KTNAME)"
+ if [info exists ftp_save_ktname] {
+ set env(KRB5_KTNAME) $ftp_save_ktname
+ unset ftp_save_ktname
+ }
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc v4ftp_test { } {
+ global FTP
+ global KEY
+ global hostname
+ global localhostname
+ global env
+ global ftpd_spawn_id
+ global ftpd_pid
+ global spawn_id
+ global tmppwd
+ global ftp_save_ktname
+
+ # Start up the kerberos and kadmind daemons and get a srvtab and a
+ # ticket file.
+ if {![start_kerberos_daemons 0] \
+ || ![add_random_key ftp/$hostname 0] \
+ || ![setup_srvtab 0 ftp] \
+ || ![add_kerberos_key $env(USER) 0] \
+ || ![v4kinit $env(USER) $env(USER)$KEY 0]} {
+ return
+ }
+
+ #
+ # Save settings of KRB5_KTNAME
+ #
+ if [info exists env(KRB5_KTNAME)] {
+ set ftp_save_ktname $env(KRB5_KTNAME)
+ }
+
+ #
+ # set KRB5_KTNAME
+ #
+ set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
+ verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
+
+ # Start the ftp daemon.
+ start_ftp_daemon
+
+ # Make an ftp client connection to it.
+ spawn $FTP $hostname 3021
+
+ expect_after {
+ timeout {
+ fail "$testname (timeout)"
+ catch "expect_after"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ catch "expect_after"
+ return
+ }
+ }
+
+ set testname "ftp connection(v4)"
+ expect -nocase "connected to $hostname"
+ expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
+ expect -re "Using authentication type GSSAPI; ADAT must follow"
+ expect "GSSAPI accepted as authentication type"
+ expect "GSSAPI error major: Miscellaneous failure"
+ expect "GSSAPI error minor: Unsupported credentials cache format version number"
+ expect "GSSAPI error: initializing context"
+ expect "GSSAPI authentication failed"
+ expect -re "Using authentication type KERBEROS_V4; ADAT must follow"
+ expect {
+ "Kerberos V4 authentication succeeded" { pass "ftp authentication" }
+ eof { fail "ftp authentication" ; catch "expect_after" ; return }
+ "Kerberos V4 authentication failed" { fail "ftp authentication";
+ send "quit\r"; catch "expect_after";
+ return}
+ }
+ expect -nocase "name ($hostname:$env(USER)): "
+ send "$env(USER)\r"
+# expect "User $env(USER) logged in."
+# expect "Remote system type is UNIX."
+# expect "Using binary mode to transfer files."
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "binary(v4)"
+ send "binary\r"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "status(v4)"
+ send "status\r"
+ expect -nocase "connected to $hostname."
+ expect "Authentication type: KERBEROS_V4"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "ls(v4)"
+ send "ls $tmppwd/ftp-test\r"
+ expect -re "Opening ASCII mode data connection for .*ls."
+ expect -re ".* $tmppwd/ftp-test"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "nlist(v4)"
+ send "nlist $tmppwd/ftp-test\r"
+ expect -re "Opening ASCII mode data connection for file list."
+ expect -re "$tmppwd/ftp-test"
+ expect -re ".* Transfer complete."
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "ls missing(v4)"
+ send "ls $tmppwd/ftp-testmiss\r"
+ expect -re "Opening ASCII mode data connection for .*ls."
+ expect {
+ -re "$tmppwd/ftp-testmiss not found" {}
+ -re "$tmppwd/ftp-testmiss: No such file or directory"
+ }
+ expect "ftp> " {
+ pass $testname
+ }
+
+
+ set testname "get(v4)"
+ catch "exec rm -f tmpdir/copy"
+ send "get $tmppwd/ftp-test $tmppwd/copy\r"
+ expect "Opening BINARY mode data connection for $tmppwd/ftp-test"
+ expect "Transfer complete"
+ expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
+ expect "ftp> "
+ if [check_file tmpdir/copy] {
+ pass $testname
+ } else {
+ fail $testname
+ }
+
+ set testname "put(v4)"
+ catch "exec rm -f tmpdir/copy"
+ send "put $tmppwd/ftp-test $tmppwd/copy\r"
+ expect "Opening BINARY mode data connection for $tmppwd/copy"
+ expect "Transfer complete"
+ expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds"
+ expect "ftp> "
+ if [check_file tmpdir/copy] {
+ pass $testname
+ } else {
+ fail $testname
+ }
+
+ set testname "cd(v4)"
+ send "cd $tmppwd\r"
+ expect "CWD command successful."
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "lcd(v4)"
+ send "lcd tmpdir\r"
+ expect "Local directory now $tmppwd"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "local get(v4)"
+ catch "exec rm -f tmpdir/copy"
+ send "get ftp-test copy\r"
+ expect "Opening BINARY mode data connection for ftp-test"
+ expect "Transfer complete"
+ expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
+ expect "ftp> "
+ if [check_file tmpdir/copy] {
+ pass $testname
+ } else {
+ fail $testname
+ }
+
+ set testname "start encryption(v4)"
+ send "private\r"
+ expect "Data channel protection level set to private"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "status(v4)"
+ send "status\r"
+ expect "Protection Level: private"
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "encrypted get(v4)"
+ catch "exec rm -f tmpdir/copy"
+ send "get ftp-test copy\r"
+ expect "Opening BINARY mode data connection for ftp-test"
+ expect "Transfer complete"
+ expect {
+ -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" {}
+ -re "krb_rd_priv failed for KERBEROS_V4" {
+ fail $testname
+ send "quit\r"
+ catch "expect_after"
+ return
+ }
+ }
+ expect "ftp> "
+ if [check_file tmpdir/copy] {
+ pass $testname
+ } else {
+ fail $testname
+ }
+
+ set testname "close(v4)"
+ send "close\r"
+ expect "Goodbye."
+ expect "ftp> "
+ set status_list [wait -i $ftpd_spawn_id]
+ verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)"
+ catch "close -i $ftpd_spawn_id"
+ if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
+ send_log "exit status: $status_list\n"
+ verbose "exit status: $status_list"
+ fail $testname
+ } else {
+ pass $testname
+ unset ftpd_pid
+ }
+
+ set testname "quit(v4)"
+ send "quit\r"
+ expect "\r"
+ if [check_exit_status $testname] {
+ pass $testname
+ }
+
+}
+
+# The ftp client will look in $HOME/.netrc for the user name to use.
+# To avoid confusing the testsuite, point $HOME at a directory where
+# we know there is no .netrc file.
+if [info exists env(HOME)] {
+ set home $env(HOME)
+} elseif [info exists home] {
+ unset home
+}
+set env(HOME) $tmppwd
+
+# Run the test. Logging in sometimes takes a while, so increase the
+# timeout.
+set oldtimeout $timeout
+set timeout 60
+set status [catch v4ftp_test msg]
+set timeout $oldtimeout
+
+# Shut down the kerberos daemons and the ftp daemon.
+stop_kerberos_daemons
+
+stop_ftp_daemon
+
+ftp_restore_env
+
+# Reset $HOME, for safety in case we are going to run more tests.
+if [info exists home] {
+ set env(HOME) $home
+} else {
+ unset env(HOME)
+}
+
+if { $status != 0 } {
+ send_error "ERROR: error in ftp.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
projects / krb5.git / commitdiff