+++ /dev/null
-# Kerberos kadmin test.
-# This is a DejaGnu test script.
-# This script tests Kerberos kadmin5 using kdb5_edit as verification.
-
-# Set up the kerberos database.
-if {![get_hostname] \
- || ![setup_kerberos_files] \
- || ![setup_kerberos_env] \
- || ![setup_kerberos_db 0]} {
- return
-}
-
-# find kpasswd
-if ![info exists KPASSWD] {
- set KPASSWD [findfile $objdir/../../kadmin/kpasswd/kpasswd]
-}
-
-# find kdestroy
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-#++
-# kadmin_add - Test add new v5 principal function of kadmin.
-#
-# Adds principal $pname with password $password. Returns 1 on success.
-#--
-proc kadmin_add { pname password } {
- global REALMNAME
- global KADMIN
- global KDB5_EDIT
- global KEY
- global spawn_id
- global tmppwd
-
- set good 0
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME ank $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin add$pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin add $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin add $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "Enter new password for $pname :" { send "$password\r" }
- expect "Re-enter new password for $pname :" { send "$password\r" }
- expect "principal $pname added" { set good 1 }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that a principal was created and that its
- # salt types are 0 (normal).
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- -i $spawn_id
- timeout {
- fail "kadmin add $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin add $pname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Name: $pname@$REALMNAME" { set good 1 }
-
- expect "Maximum life:" { verbose "got max life" }
- expect "Maximum renewable life:" { verbose "got max rlife" }
- expect "Expiration:" { verbose "got expiration" }
- expect "Password expiration:" { verbose "got pw expiration" }
- expect "Last successful password:" { verbose "last succ pw" }
- expect "Last failed password attempt:" { verbose "last pw attempt" }
- expect "Failed password attempts:" { verbose "num failed attempts" }
- expect "Attributes:" { verbose "attributes" }
- expect "Number of keys:" { verbose "num keys"}
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- pass "kadmin add $pname"
- return 1
- }
- else {
- fail "kadmin add $pname"
- return 0
- }
- }
- else {
- fail "kadmin add $pname"
- return 0
- }
-}
-
-#++
-# kadmin_add_rnd - Test add new v5 principal with random key function.
-#
-# Adds principal $pname with random key. Returns 1 on success.
-#--
-proc kadmin_add_rnd { pname } {
- global REALMNAME
- global KADMIN
- global KDB5_EDIT
- global KEY
- global spawn_id
- global tmppwd
-
- set good 0
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME ark $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin add rnd $pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin add_rnd $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin add_rnd $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "principal $pname added" { set good 1 }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that a principal was created and that its
- # salt types are 0 (normal).
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- -i $spawn_id
- timeout {
- fail "kadmin add_rnd $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin add_rnd $pname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Name: $pname@$REALMNAME" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- pass "kadmin add_rnd $pname"
- return 1
- }
- else {
- fail "kadmin add_rnd $pname"
- return 0
- }
- }
- else {
- fail "kadmin add_rnd $pname"
- return 0
- }
-}
-
-#++
-# kadmin_show - Test show principal function of kadmin.
-#
-# Retrieves entry for $pname. Returns 1 on success.
-#--
-proc kadmin_show { pname } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME show $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin show $pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin show $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin show $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:"
- send "adminpass$KEY\r"
- expect -re "\r.*-*Principal: $pname.*Flags: .*Key: .*-*"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
- catch "close -i $spawn_id"
- pass "kadmin show $pname"
- return 1
-}
-
-#++
-# kadmin_cpw - Test change password function of kadmin
-#
-# Change password of $pname to $password. Returns 1 on success.
-#--
-proc kadmin_cpw { pname password } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME cpw $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin cpw $pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin cpw $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin cpw $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "Enter new password for $pname:" { send "$password\r" }
- expect "Re-enter new password for $pname:" { send "$password\r" }
- # When in doubt, jam one of these in there.
- expect "\r"
- expect "password changed for $pname"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
- catch "close -i $spawn_id"
- pass "kadmin cpw $pname"
- return 1
-}
-
-#++
-# kadmin_cpw_rnd - Test change random key function of kadmin.
-#
-# Changes principal $pname's key to a new random key. Returns 1 on success.
-#--
-proc kadmin_cpw_rnd { pname } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME crk $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin cpw_rnd $pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin cpw_rnd $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin cpw_rnd $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- # When in doubt, jam one of these in there.
- expect "\r"
- expect "password changed for $pname"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
- catch "close -i $spawn_id"
- pass "kadmin cpw_rnd $pname"
- return 1
-}
-
-#++
-# kadmin_modify - Test modify principal function of kadmin.
-#
-# Modifies principal $pname with flags $flags. Returns 1 on success.
-#--
-proc kadmin_modify { pname flags } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- modent $pname $flags
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin modify $pname ($flags) lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin modify $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin modify $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:"
- send "adminpass$KEY\r"
- expect "principal $pname modified"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
- catch "close -i $spawn_id"
- pass "kadmin modify $pname"
- return 1
-}
-
-#++
-# kadmin_rename - Test rename function of kadmin.
-#
-# Rename principal $pname to $npname. Returns 1 on success.
-#--
-proc kadmin_rename { pname npname } {
- global REALMNAME
- global KADMIN
- global KDB5_EDIT
- global KEY
- global spawn_id
- global tmppwd
-
- set good 0
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- renent -force $pname $npname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin rename $pname $npname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "principal $pname renamed to $npname" { set good 1 }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that the new principal was created and that its
- # salt types are 0 (normal).
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- -i $spawn_id
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $npname\r" }
- expect "Name: $npname@$REALMNAME" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
-
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that the old principal is not present.
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Principal $pname not found" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- pass "kadmin renent $pname $npname"
- return 1
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
-}
-
-#++
-# kadmin_list - Test list database function of kadmin.
-#
-# Lists the database and verifies that output matches regular expression
-# "(.*@$REALMNAME)*". Returns 1 on success.
-#--
-proc kadmin_list { } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME ldb
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin ldb lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin ldb"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin ldb"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect -re "\(.*@$REALMNAME\r\n\)*"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin list)"
- catch "close -i $spawn_id"
- pass "kadmin ldb"
- return 1
-}
-
-#++
-# kadmin_extract - Test extract service key function of kadmin.
-#
-# Extracts service key for service name $name instance $instance. Returns
-# 1 on success.
-#--
-proc kadmin_extract { instance name } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME xst $instance $name
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin xst $instance $name lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin xst $instance $name"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin xst $instance $name"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "extracted entry $name to key table $instance-new-srvtab"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
- catch "close -i $spawn_id"
- catch "exec rm -f $instance-new-srvtab"
- pass "kadmin xst $instance $name"
- return 1
-}
-
-#++
-# kadmin_extractv4 - Test extract service key in v4 format function of
-# kadmin.
-#
-# Extracts service key for service name $name instance $instance in version
-# 4 format. Returns 1 on success.
-#--
-proc kadmin_extractv4 { instance name } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME xst4 $instance $name
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin xst4 $instance $name lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin xst4 $instance $name"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin xst4 $instance $name"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "extracted entry $name to key table $instance-new-v4-srvtab"
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
- catch "close -i $spawn_id"
- catch "exec rm -f $instance-new-v4-srvtab"
- pass "kadmin xst4 $instance $name"
- return 1
-}
-
-#++
-# kadmin_delete - Test delete principal function of kadmin.
-#
-# Deletes principal $pname. Returns 1 on success.
-#--
-proc kadmin_delete { pname } {
- global REALMNAME
- global KADMIN
- global KDB5_EDIT
- global KEY
- global spawn_id
- global tmppwd
-
- set good 0
- spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- delent -force $pname
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin_delete $pname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin delent $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin delent $pname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password for krbtest/admin@$REALMNAME:" {
- send "adminpass$KEY\r"
- }
- expect "principal $pname deleted" { set good 1 }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin delent)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that the old principal is not present.
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- -i $spawn_id
- timeout {
- fail "kadmin delent $pname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin delent $pname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Principal $pname not found" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- pass "kadmin delent $pname"
- return 1
- }
- else {
- fail "kadmin delent $pname"
- return 0
- }
- }
- else {
- fail "kadmin delent $pname"
- return 0
- }
-}
-
-#++
-# kpasswd_cpw - Test password changing using kpasswd.
-#
-# Change $princ's password from $opw to $npw. Returns 1 on success.
-#--
-proc kpasswd_cpw { princ opw npw } {
- global KPASSWD
-
- spawn $KPASSWD -u $princ
- expect_after {
- timeout {
- fail "kpasswd $princ $npw"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kpasswd $princ $npw"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter old password for $princ:" { send "$opw\r" }
- expect "Enter new password:" { send "$npw\r" }
- expect "Re-enter new password:" { send "$npw\r" }
- expect "\r"
-
- if ![check_exit_status "kpasswd"] {
- fail "kpasswd $princ $npw"
- return 0
- }
- pass "kpasswd $princ $npw"
- return 1
-}
-
-#++
-# kdestroy
-#--
-proc kdestroy { } {
- global KDESTROY
-
- spawn $KDESTROY
- if ![check_exit_status "kdestroy"] {
- return 0
- }
- return 1
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc kadmin_test { } {
-
- # Start up the kerberos and kadmind daemons
- if {![start_kerberos_daemons 0] } {
- return
- }
-
- # Test basic kadmin functions.
- if {![kadmin_add v5principal/instance1 v5principal] \
- || ![kadmin_add v4principal/instance2 v4principal] \
- || ![kadmin_add_rnd v5random] \
- || ![kadmin_show v5principal/instance1] \
- || ![kadmin_show v4principal/instance2] \
- || ![kadmin_show v5random] \
- || ![kadmin_cpw v5principal/instance1 faroutman] \
- || ![kadmin_cpw v4principal/instance2 honkydory] \
- || ![kadmin_cpw_rnd v5random] \
- || ![kadmin_modify v5random -allow-tickets] \
- || ![kadmin_modify v5random +allow-tickets] \
- || ![kadmin_rename v5random randomkey] \
- || ![kadmin_show randomkey] \
- || ![kadmin_list] \
- || ![kadmin_extract instance1 v5principal] \
- || ![kadmin_extractv4 instance2 v4principal] \
- || ![kadmin_delete randomkey] \
- || ![kadmin_delete v4principal/instance2] \
- || ![kadmin_delete v5principal/instance1]} {
- return
- }
-
- # now test kpasswd
- if {![kadmin_add testprinc/instance thisisatest] \
- || ![kpasswd_cpw testprinc/instance thisisatest anothertest] \
- || ![kpasswd_cpw testprinc/instance anothertest goredsox] \
- || ![kadmin_delete testprinc/instance]} {
- return
- }
-
- # now test that we can kinit with principals/passwords.
- if {![kadmin_add testprinc1/instance thisisatest] \
- || ![kinit testprinc1/instance thisisatest 0] \
- || ![kdestroy] \
- || ![kpasswd_cpw testprinc1/instance thisisatest anothertest] \
- || ![kinit testprinc1/instance anothertest 0] \
- || ![kdestroy] \
- || ![kpasswd_cpw testprinc1/instance anothertest goredsox] \
- || ![kinit testprinc1/instance goredsox 0] \
- || ![kdestroy] \
- || ![kadmin_cpw testprinc1/instance betterwork] \
- || ![kinit testprinc1/instance betterwork 0] \
- || ![kdestroy] \
- || ![kadmin_delete testprinc1/instance]} {
- return
- }
- # now test modify changes.
- if {![kadmin_add testuser longtestpw] \
- || ![kinit testuser longtestpw 0] \
- || ![kdestroy] \
- || ![kadmin_modify testuser maxlife=2500] \
- || ![kinit testuser longtestpw 0] \
- || ![kdestroy] \
- || ![kadmin_delete testuser]} {
- return
- }
-
- verbose "kadmin_test succeeded"
-}
-
-# Run the test.
-set status [catch kadmin_test msg]
-
-# Shut down the kerberos daemons and the rsh daemon.
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in kadmin.exp\n"
- send_error "$msg\n"
- exit 1
-}
projects / krb5.git / commitdiff