proc delete_db {} {
global tmppwd
file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \
- $tmppwd/kdc-db.ulog \
$tmppwd/kdc-db.kadm5.lock \
- $tmppwd/slave-db \
+ $tmppwd/kdc-db.ulog \
+ $tmppwd/slave-db $tmppwd/slave-db.ok $tmppwd/slave-db.kadm5 $tmppwd/slave-db.kadm5.lock \
+ $tmppwd/slave-db~ $tmppwd/slave-db~.ok $tmppwd/slave-db~.kadm5 $tmppwd/slave-db~.kadm5.lock \
$tmppwd/srvtab $tmppwd/cpw_srvtab
}
{T_INETD $objdir/t_inetd}
{KPROPLOG $objdir/../../slave/kproplog}
{KPASSWD $objdir/../../clients/kpasswd/kpasswd}
+ {KPROPD $objdir/../../slave/kpropd}
+ {KPROP $objdir/../../slave/kprop}
} {
set varname [lindex $i 0]
if ![info exists $varname] {
# client tries +1 and +6
# kadmind +4
# kpasswd +5
+# (nothing) +6
# krb524 +7
# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
# iprop +9 (if enabled)
}
# helpful sometimes for debugging the test suite
-proc spawn_xterm { } {
+proc export_debug_envvars { } {
global env
foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIND FTP FTPD KPASSWD REALMNAME GSSCLIENT} {
global $i
if [info exists $i] { set env($i) [set $i] }
}
+}
+proc spawn_xterm { } {
+ export_debug_envvars
exec "xterm"
}
+proc spawn_shell { } {
+ export_debug_envvars
+ spawn "sh"
+ exp_interact
+}
--- /dev/null
+# Password-changing Kerberos test.
+# This is a DejaGnu test script.
+
+# We are about to start up a couple of daemon processes. We do all
+# the rest of the tests inside a proc, so that we can easily kill the
+# processes when the procedure ends.
+
+proc setup_slave {} {
+ global tmppwd hostname REALMNAME
+ file delete $tmppwd/slave-stash $tmppwd/slave-acl
+ file copy -force $tmppwd/stash:foo $tmppwd/slave-stash
+ file copy -force $tmppwd/acl $tmppwd/slave-acl
+ if ![file exists $tmppwd/kpropdacl] {
+ set aclfile [open $tmppwd/kpropd-acl w]
+ puts $aclfile "host/$hostname@$REALMNAME"
+ close $aclfile
+ }
+ file copy -force $tmppwd/adb.lock $tmppwd/slave-adb.lock
+ foreach suffix { {} .kadm5 .kadm5.lock .ok } {
+ file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix
+ }
+}
+
+proc start_kpropd {} {
+ global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd
+ global spawn_id
+
+ envstack_push
+ setup_kerberos_env slave
+# spawn $T_INETD [expr 10 + $portbase] $KPROPD -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL
+ spawn $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
+# spawn strace -o /tmp/3 -f $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
+ set kpropd_pid [exp_pid]
+ set kpropd_spawn_id $spawn_id
+ envstack_pop
+}
+
+proc scan_kpropd_output {} {
+ global timeout kpropd_spawn_id
+
+ # See if kpropd logged anything.
+ set timeout 1
+ expect {
+ -i $kpropd_spawn_id
+ eof {
+ fail "kprop (server exited)"
+ return
+ }
+ timeout { }
+ -re "Connection from \[a-zA-Z.-\]*" { }
+ -re "krb5_recvauth" { }
+ -re "Rejected connection" {
+ fail "kprop (rejected)"
+ return
+ }
+ }
+}
+
+proc doit { } {
+ global KLIST KDESTROY
+ global REALMNAME KEY
+ global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id
+ global hostname tmppwd spawn_id timeout
+ global KRBIV supported_enctypes portbase mode ulog des3_krbtgt
+
+ # Delete any db, ulog files
+ delete_db
+
+ # Initialize the Kerberos database. The argument tells
+ # setup_kerberos_db that it is being called from here.
+ if ![setup_kerberos_db 0] {
+ return
+ }
+ setup_slave
+ if ![start_kerberos_daemons 0] {
+ return
+ }
+ if ![add_random_key host/$hostname 0] {
+ fail "kprop (host key)"
+ return
+ }
+ if ![setup_srvtab 0] {
+ fail "kprop (srvtab)"
+ return
+ }
+
+ # Get kprop server up and running.
+ envstack_push
+ setup_kerberos_env slave
+ start_kpropd
+ envstack_pop
+
+ # Use kadmin to add a key.
+ if ![add_kerberos_key wakawaka 0] {
+ return
+ }
+
+ # Dump master database.
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KDB5_UTIL dump $tmppwd/slave_datatrans
+ expect eof
+ if ![check_exit_status "kprop (kdb5_util dump)"] { return }
+
+ # Just in case kpropd is a little slow in starting up...
+ sleep 1
+
+ # Try a propagation.
+ spawn $KPROP -f $tmppwd/slave_datatrans -P [expr 10 + $portbase] -s $tmppwd/srvtab $hostname
+ expect eof
+ set kprop_exit [check_exit_status "kprop (exit status)"]
+ # log output for debugging
+ scan_kpropd_output
+ if !$kprop_exit { return }
+
+ # Examine new database.
+ setup_kerberos_env slave
+ spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
+ expect {
+ wakawaka@ {
+ expect eof
+ }
+ eof {
+ fail "kprop (updated slave data)"
+ return
+ }
+ timeout {
+ fail "kprop (examining new db)"
+ return
+ }
+ }
+ pass "kprop"
+}
+
+run_once kprop {
+ catch "unset kpropd_pid"
+ catch "unset kpropd_spawn_id"
+
+ # Set up the Kerberos files and environment.
+ if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ return
+ }
+
+ set status [catch doit msg]
+
+ stop_kerberos_daemons
+
+ # if kpropd is running, kill it
+ if [info exists kpropd_pid] {
+ catch {
+ exec kill $kpropd_pid
+ expect -i $kpropd_spawn_id eof
+ wait -i $kpropd_spawn_id
+ }
+ }
+
+ delete_db
+
+ if { $status != 0 } {
+ send_error "ERROR: error in kprop.exp\n"
+ send_error "$msg\n"
+ exit 1
+ }
+}
projects / krb5.git / commitdiff