+Fri May 3 21:44:24 1996 Ken Raeburn <raeburn@cygnus.com>
+
+ Fri Mar 29 15:05:30 1996 Chris Provenzano <proven@cygnus.com>
+
+ * rsh.exp: Add tests for ticket forwarding.
+
+ Thu Mar 28 19:30:53 1996 Marc Horowitz <marc@mit.edu>
+
+ * kadmin.exp and gssapi.exp: Fix syntax of expect_after blocks.
+ The -i $foo must be inside the {, and the { must be by itself at
+ the end of the line.
+ * gssftp.exp (start_ftp_daemon): use krb5.conf, not krb.conf
+
+ Thu Mar 28 17:32:47 1996 Ken Raeburn <raeburn@cygnus.com>
+
+ * gssftp.exp (ftp_test): Explicitly select binary mode.
+
+ Wed Mar 27 22:45:53 1996 Ken Raeburn <raeburn@cygnus.com>
+
+ * kadmin.exp: Don't look at output from kadmind to drain it; that
+ problem is handled elsewhere now.
+
+ Thu Mar 14 14:57:19 1996 Mark Eichin <eichin@cygnus.com>
+
+ * kadmin.exp (kadmin_delete, kamind_add, kadmin_add_rnd,
+ kadmin_examine, kadmin_cpw, kadmin_cpw_rnd, kadmin_modify,
+ kadmin_rename, kadmin_list, kadmin_extract, kadmin_extractv4):
+ check for "lost KDC" as well.
+
+ Sun Feb 18 00:56:52 1996 Mark W. Eichin <eichin@cygnus.com>
+
+ * kadmin.exp (kadmin_show): extend regexp to match current kadmin
+ interface.
+ (kadmin_add): match more of extended output (tentative change,
+ should be expanded later to actually check the values.)
+
Wed Apr 17 17:53:51 1996 Theodore Y. Ts'o <tytso@mit.edu>
* gssftp.exp: Fix the expect string so that it doesn't assume that
set env(KRB5CCNAME) $tmppwd/gss_tk_0
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest0"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient0
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient0
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_1
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest1"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient1
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient1
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_2
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest2"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient2
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient2
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_3
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest3"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient3
catch "expect_after"
expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\" at"
expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\""
catch "expect_after"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient3
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_0
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest0"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient0
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient0
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_1
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest1"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient1
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient1
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_2
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest2"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient2
catch "expect_after"
}
expect -i $spawn_id "Signature verified"
catch "expect_after"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient2
catch "expect_after"
set env(KRB5CCNAME) $tmppwd/gss_tk_3
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest3"
- expect_after -i $gss_server_spawn_id {
+ expect_after {
+ -i $gss_server_spawn_id
timeout {
fail gssclient3
catch "expect_after"
expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\" at"
expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\""
catch "expect_after"
- expect_after -i $spawn_id {
+ expect_after {
+ -i $spawn_id
timeout {
fail gssclient3
catch "expect_after"
# don't need to use inetd. The 3021 is the port to listen at.
# We rely on KRB5_KTNAME being set to the proper keyfile as there is
# no way to cleanly set it with the gssapi API.
- spawn $FTPD -p 3021 -r $tmppwd/krb.conf
+ spawn $FTPD -p 3021 -r $tmppwd/krb5.conf
set ftpd_spawn_id $spawn_id
set ftpd_pid [exp_pid]
set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
# Start the ftp daemon.
start_ftp_daemon
expect -re "$localhostname.*FTP server .Version \[0-9.\]*. ready."
expect -re "Using authentication type GSSAPI; ADAT must follow"
expect "GSSAPI accepted as authentication type"
- expect "GSSAPI authentication succeeded"
+ expect {
+ "GSSAPI authentication succeeded" { pass "ftp authentication" }
+ eof { fail "ftp authentication" ; catch "expect_after" ; return }
+ }
expect "Name ($hostname:$env(USER)): "
send "$env(USER)\r"
expect "User $env(USER) logged in."
- expect "Remote system type is UNIX."
- expect "Using binary mode to transfer files."
+# expect "Remote system type is UNIX."
+# expect "Using binary mode to transfer files."
+ expect "ftp> " {
+ pass $testname
+ }
+
+ set testname "binary"
+ send "binary\r"
expect "ftp> " {
pass $testname
}
global KEY
global spawn_id
global tmppwd
- global kadmind_spawn_id
set good 0
spawn $KADMIN -m -p krbtest/admin@$REALMNAME ank $pname
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
catch "close -i $spawn_id"
- #
- # Read the kadmind message too. It checks the operation of kadmind,
- # and also, on some systems the write to standard error will block if
- # too many messages back up.
- #
- expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME"
if { $good == 1 } {
#
# use kdb5_edit to verify that a principal was created and that its
# salt types are 0 (normal).
#
spawn $KDB5_EDIT -r $REALMNAME
- expect_after { -i $spawn_id
+ expect_after {
+ -i $spawn_id
timeout {
fail "kadmin add $pname"
catch "expect_after"
set good 0
expect "kdb5_edit:" { send "show $pname\r" }
expect "Name: $pname@$REALMNAME" { set good 1 }
+
+ expect "Maximum life:" { verbose "got max life" }
+ expect "Maximum renewable life:" { verbose "got max rlife" }
+ expect "Expiration:" { verbose "got expiration" }
+ expect "Password expiration:" { verbose "got pw expiration" }
+ expect "Last successful password:" { verbose "last succ pw" }
+ expect "Last failed password attempt:" { verbose "last pw attempt" }
+ expect "Failed password attempts:" { verbose "num failed attempts" }
+ expect "Attributes:" { verbose "attributes" }
+ expect "Number of keys:" { verbose "num keys"}
expect "kdb5_edit:" { send "q\r" }
expect_after
expect eof
global KEY
global spawn_id
global tmppwd
- global kadmind_spawn_id
set good 0
spawn $KADMIN -m -p krbtest/admin@$REALMNAME ark $pname
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME"
if { $good == 1 } {
#
# use kdb5_edit to verify that a principal was created and that its
# salt types are 0 (normal).
#
spawn $KDB5_EDIT -r $REALMNAME
- expect_after { -i $spawn_id
+ expect_after {
+ -i $spawn_id
timeout {
fail "kadmin add_rnd $pname"
catch "expect_after"
global KADMIN
global KEY
global spawn_id
- global kadmind_spawn_id
spawn $KADMIN -m -p krbtest/admin@$REALMNAME cpw $pname
expect_after {
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Change Password operation for $pname successfully issued by krbtest/admin@$REALMNAME"
pass "kadmin cpw $pname"
return 1
}
global KADMIN
global KEY
global spawn_id
- global kadmind_spawn_id
spawn $KADMIN -m -p krbtest/admin@$REALMNAME crk $pname
expect_after {
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Change Random Password operation for $pname successfully issued by krbtest/admin@$REALMNAME"
pass "kadmin cpw_rnd $pname"
return 1
}
global KADMIN
global KEY
global spawn_id
- global kadmind_spawn_id
spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- modent $pname $flags
expect_after {
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Modify Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME"
pass "kadmin modify $pname"
return 1
}
global KEY
global spawn_id
global tmppwd
- global kadmind_spawn_id
set good 0
spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- renent -force $pname $npname
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Rename Principal operation from $pname to $npname successfully issued by krbtest/admin@$REALMNAME"
if { $good == 1 } {
#
# use kdb5_edit to verify that the new principal was created and that its
# salt types are 0 (normal).
#
spawn $KDB5_EDIT -r $REALMNAME
- expect_after { -i $spawn_id
+ expect_after {
+ -i $spawn_id
timeout {
fail "kadmin renent $pname $npname"
catch "expect_after"
global KEY
global spawn_id
global tmppwd
- global kadmind_spawn_id
set good 0
spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- delent -force $pname
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin delent)"
catch "close -i $spawn_id"
- expect -i $kadmind_spawn_id "Delete Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME"
if { $good == 1 } {
#
# use kdb5_edit to verify that the old principal is not present.
#
spawn $KDB5_EDIT -r $REALMNAME
- expect_after { -i $spawn_id
+ expect_after {
+ -i $spawn_id
timeout {
fail "kadmin delent $pname"
catch "expect_after"
#--
proc kpasswd_cpw { princ opw npw } {
global KPASSWD
- global kadmind_spawn_id
spawn $KPASSWD -u $princ
expect_after {
expect "Enter old password for $princ:" { send "$opw\r" }
expect "Enter new password:" { send "$npw\r" }
expect "Re-enter new password:" { send "$npw\r" }
- expect -i $kadmind_spawn_id "changed password for $princ"
if ![check_exit_status "kpasswd"] {
fail "kpasswd $princ $npw"
return 0
set KRSHD [findfile $objdir/../../appl/bsd/kshd]
}
+if ![info exists KLIST] {
+ set KLIST [findfile $objdir/../../clients/klist/klist]
+}
+
# Make sure .k5login is reasonable.
if ![check_k5login rsh] {
return
proc rsh_test { } {
global REALMNAME
+ global KLIST
global RSH
global KEY
global BINSH
stop_rsh_daemon
}
+ # Check ticket forwarding
+ set failed no
+ start_rsh_daemon -k
+ set testname "rsh forwarding tickets"
+ spawn $RSH $hostname -f -k $REALMNAME -D 3544 -A $BINSH -c $KLIST
+ expect {
+ "Ticket cache:" { }
+ "klist: No credentials cache file found" {
+ fail "$testname (not forwarded)"
+ return
+ }
+ timeout {
+ fail "$testname (timeout)"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ return
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return
+ }
+
+ pass $testname
+
+ stop_rsh_daemon
+
+ # Check encrypted ticket forwarding
+ set failed no
+ start_rsh_daemon -e
+ set testname "encrypted rsh forwarding tickets"
+ spawn $RSH $hostname -x -f -k $REALMNAME -D 3544 -A $BINSH -c $KLIST
+ expect {
+ "Ticket cache:" { }
+ "klist: No credentials cache file found" {
+ fail "$testname (not forwarded)"
+ return
+ }
+ timeout {
+ fail "$testname (timeout)"
+ return
+ }
+ eof {
+ fail "$testname (eof)"
+ return
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return
+ }
+
+ pass $testname
+
+ stop_rsh_daemon
+
+
# Check stderr
start_rsh_daemon -k
set testname "rsh to stderr"
- # Standalone Kerberos test.
+# Standalone Kerberos test.
# This is a DejaGnu test script.
# This script tests that the Kerberos tools can talk to each other.
projects / krb5.git / commitdiff