+2004-03-14 Ken Raeburn <raeburn@mit.edu>
+
+ * default.exp: Set new variable portbase from $PORTBASE or
+ default.
+ (setup_kerberos_files, setup_krb5_conf, setup_kerberos_env): Use
+ portbase to select all port numbers.
+
2004-02-25 Ken Raeburn <raeburn@mit.edu>
* default.exp (passes): Add "mode=udp" to existing pass
return 1
}
+# kdc listens on +0..+3, depending whether we're testing reachable or not
+# client tries +1 and +6
+# kadmind +4
+# kpasswd +5
+# krb524 +7
+# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
+if [info exists PORTBASE] {
+ set portbase $PORTBASE
+} else {
+ set portbase 3085
+}
+
# setup_kerberos_files
# This procedure will create some Kerberos files which must be created
# manually before trying to run any Kerberos programs. Returns 1 on
global multipass_name
global master_key_type
global mode
+ global portbase
if ![get_hostname] {
return 0
}
set conffile [open $tmppwd/kdc.conf w]
puts $conffile "\[kdcdefaults\]"
- puts $conffile " kdc_ports = 3085,3086,3087,3088,3089"
- puts $conffile " kdc_tcp_ports = 3085,3086,3087,3088,3089"
+ puts $conffile " kdc_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
+ puts $conffile " kdc_tcp_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
puts $conffile ""
puts $conffile "\[realms\]"
puts $conffile " $REALMNAME = \{"
puts $conffile " admin_database_lockfile = $tmppwd/adb.lock"
puts $conffile " key_stash_file = $tmppwd/stash"
puts $conffile " acl_file = $tmppwd/acl"
- puts $conffile " kadmind_port = 3750"
- puts $conffile " kpasswd_port = 3751"
+ puts $conffile " kadmind_port = [expr 4 + $portbase]"
+ puts $conffile " kpasswd_port = [expr 5 + $portbase]"
puts $conffile " max_life = 1:00:00"
puts $conffile " max_renewable_life = 3:00:00"
puts $conffile " master_key_type = $master_key_type"
puts $conffile " supported_enctypes = $supported_enctypes"
puts $conffile " kdc_supported_enctypes = $kdc_supported_enctypes"
if { $mode == "tcp" } {
- puts $conffile " kdc_ports = 3081"
- puts $conffile " kdc_tcp_ports = 3088,3091"
+ puts $conffile " kdc_ports = [expr 3 + $portbase]"
+ puts $conffile " kdc_tcp_ports = [expr 1 + $portbase],[expr 3 + $portbase]"
} else {
- puts $conffile " kdc_ports = 3088"
- puts $conffile " kdc_tcp_ports = 3081"
+ puts $conffile " kdc_ports = [expr 1 + $portbase]"
+ puts $conffile " kdc_tcp_ports = [expr 3 + $portbase]"
}
puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
puts $conffile " default_principal_flags = -postdateable forwardable"
if ![file exists $tmppwd/krb.conf] {
set conffile [open $tmppwd/krb.conf w]
puts $conffile "$REALMNAME"
- puts $conffile "$REALMNAME $hostname:3088 admin server"
+ puts $conffile "$REALMNAME $hostname:[expr 1 + $portbase] admin server"
close $conffile
}
global default_tkt_enctypes
global permitted_enctypes
global mode
+ global portbase
# Create a krb5.conf file.
if { ![file exists $tmppwd/krb5.$type.conf] \
puts $conffile "\[realms\]"
puts $conffile " $REALMNAME = \{"
# I hope nothing's listening on 15294...
- puts $conffile " kdc = $hostname:15294"
- puts $conffile " kdc = $hostname:3088"
- puts $conffile " admin_server = $hostname:3750"
- puts $conffile " kpasswd_server = $hostname:3751"
+ puts $conffile " kdc = $hostname:[expr 6 + $portbase]"
+ puts $conffile " kdc = $hostname:[expr 1 + $portbase]"
+ puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
+ puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
puts $conffile " default_domain = $domain"
- puts $conffile " krb524_server = $hostname:3752"
+ puts $conffile " krb524_server = $hostname:[expr 7 + $portbase]"
puts $conffile " \}"
puts $conffile ""
puts $conffile "\[domain_realm\]"
global tmppwd
global hostname
global krb5_init_vars
+ global portbase
# Set the environment variable KRB5_CONFIG to point to our krb5.conf file.
# All the Kerberos tools check KRB5_CONFIG.
verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
# Tell the Kerberos tools how to contact the $REALMNAME server.
- set env(KERBEROS_SERVER) "$REALMNAME:$hostname:3088"
+ set env(KERBEROS_SERVER) "$REALMNAME:$hostname:[expr 1 + $portbase]"
verbose "KERBEROS_SERVER=$env(KERBEROS_SERVER)"
# Get the run time environment variables... (including LD_LIBRARY_PATH)
+2004-03-14 Ken Raeburn <raeburn@mit.edu>
+
+ * rlogin.exp (start_rlogin_daemon, rlogin_test): Use portbase to
+ compute all port numbers.
+ * telnet.exp (start_telnet_daemon, telnet_test): Likewise.
+
2003-12-13 Ken Raeburn <raeburn@mit.edu>
* telnet.exp: Skip tests if no DES key types are enabled.
global hostname
global rlogin_spawn_id
global krlogind_pid
+ global portbase
# The -p argument tells it to accept a single connection, so we
# don't need to use inetd. The 3543 is the port to listen at.
# setup_root_shell, not a TCL variable. The sh -c is to workaround
# the broken controlling tty handling in hpux, and shouldn't hurt
# anything else.
- send -i $rlogin_spawn_id "sh -c \"$KRLOGIND -k -c -D 3543 -S \$tmppwd/srvtab -M $REALMNAME -L $LOGINKRB5 $option\" &\r"
+ send -i $rlogin_spawn_id "sh -c \"$KRLOGIND -k -c -D [expr 8 + $portbase] -S \$tmppwd/srvtab -M $REALMNAME -L $LOGINKRB5 $option\" &\r"
expect {
-i $rlogin_spawn_id
-re "$ROOT_PROMPT" { }
global hostname
global hostname
global env
+ global portbase
# Start up the kerberos and kadmind daemons and get a srvtab and a
# ticket file.
start_rlogin_daemon -k
# Make an rlogin connection.
- spawn $KRLOGIN $hostname -k $REALMNAME -D 3543
+ spawn $KRLOGIN $hostname -k $REALMNAME -D [expr 8 + $portbase]
expect_after {
timeout {
# Try an encrypted connection.
start_rlogin_daemon -e
- spawn $KRLOGIN $hostname -x -k $REALMNAME -D 3543
+ spawn $KRLOGIN $hostname -x -k $REALMNAME -D [expr 8 + $portbase]
expect_after {
timeout {
global hostname
global rlogin_spawn_id
global telnetd_pid
+ global portbase
# Setup the shared library wrapper for login.krb5
if ![file exists $tmppwd/login.wrap] {
}
# The -debug argument tells it to accept a single connection, so
- # we don't need to use inetd. The 3023 is the port to listen at.
+ # we don't need to use inetd. The portbase+8 is the port to listen at.
# Note that tmppwd here is a shell variable, which is set in
# setup_root_shell, not a TCL variable.
- send -i $rlogin_spawn_id "sh -c \"$TELNETD -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 3023\" &\r"
+ send -i $rlogin_spawn_id "sh -c \"$TELNETD -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r"
expect {
-i $rlogin_spawn_id
-re "$ROOT_PROMPT" { }
global hostname
global localhostname
global env
+ global portbase
# Start up the kerberos and kadmind daemons and get a srvtab and a
# ticket file.
# Start up our telnet connection. We first try it without
# authentication, so the daemon should prompt for a login.
- spawn $TELNET -- $hostname -3023
+ spawn $TELNET -- $hostname -[expr 8 + $portbase]
set telnet_pid [exp_pid]
expect_after {
# Try an authenticated connection.
start_telnet_daemon
- spawn $TELNET -a -k $REALMNAME -- $hostname -3023
+ spawn $TELNET -a -k $REALMNAME -- $hostname -[expr 8 + $portbase]
expect_after {
timeout {
# Try an authenticated encrypted connection.
start_telnet_daemon
- spawn $TELNET -a -x -k $REALMNAME -- $hostname -3023
+ spawn $TELNET -a -x -k $REALMNAME -- $hostname -[expr 8 + $portbase]
expect_after {
timeout {
+2004-03-14 Ken Raeburn <raeburn@mit.edu>
+
+ * gssapi.exp (run_client, doit): Use portbase to compute all port
+ numbers.
+ * gssftp.exp (start_ftp_daemon, ftp_test): Likewise.
+ * rcp.exp (start_rsh_daemon, rcp_one_test): Likewise.
+ * rsh.exp (start_rsh_daemon, rsh_test): Likewise.
+ * sample.exp (start_sserver_daemon, test_sclient): Likewise.
+ * v4gssftp.exp (start_ftp_daemon, v4ftp_test): Likewise.
+ * v4krb524d.exp (start_k524_daemon): Likewise.
+
2004-02-25 Ken Raeburn <raeburn@mit.edu>
* rcp.exp (stop_rsh_daemon): Check for any output before eof,
global spawn_id
global gss_server_spawn_id
global REALMNAME
+ global portbase
set env(KRB5CCNAME) $tkfile
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
verbose "spawning gssclient, identity=$client"
- spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from $client"
+ spawn $GSSCLIENT -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client"
set got_client 0
set got_server 0
expect_after {
global gss_server_spawn_id
global gss_save_ccname
global gss_save_ktname
+ global portbase
# Start up the kerberos and kadmind daemons.
if ![start_kerberos_daemons 0] {
verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
# Now start the gss-server.
- spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port 5556 gssservice@$hostname
+ spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname
set gss_server_pid [exp_pid]
set gss_server_spawn_id $spawn_id
sleep 2
global tmppwd
global ftpd_spawn_id
global ftpd_pid
+ global portbase
# The -p argument tells it to accept a single connection, so we
- # don't need to use inetd. The 3021 is the port to listen at.
+ # don't need to use inetd. Portbase+8 is the port to listen at.
# We rely on KRB5_KTNAME being set to the proper keyfile as there is
# no way to cleanly set it with the gssapi API.
# The -U argument tells it to use an alternate ftpusers file (using
# /dev/null will allow root to login regardless of /etc/ftpusers).
# The -a argument requires authorization, to mitigate any
# vulnerability introduced by circumventing ftpusers.
- spawn $FTPD -p 3021 -a -U /dev/null -r $tmppwd/krb5.conf
+ spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb5.conf
set ftpd_spawn_id $spawn_id
set ftpd_pid [exp_pid]
global spawn_id
global tmppwd
global ftp_save_ktname
+ global portbase
# Start up the kerberos and kadmind daemons and get a srvtab and a
# ticket file.
start_ftp_daemon
# Make an ftp client connection to it.
- spawn $FTP $hostname 3021
+ spawn $FTP $hostname [expr 8 + $portbase]
expect_after {
"GSSAPI authentication failed" {
global tmppwd
global krshd_spawn_id
global krshd_pid
+ global portbase
# Setup the shared library wrapper for login.krb5
if ![file exists $tmppwd/rcp] {
# The -D argument tells it to accept a single connection, so we
- # don't need to use inetd. The 3544 is the port to listen at.
+ # don't need to use inetd. The portbase+8 is the port to listen at.
#
# The -L ENV_SET is for the I/S Athena brokeness in dot files where
# LD_LIBRARY_PATH will be overridden causing the "exec csh -c rcp ..."
# a users shell might be sh...
# Later a proper fix would be to have kshd exec rcp directly
# shell indirection...
- spawn $KRSHD -k -c -D 3544 -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET
+ spawn $KRSHD -k -c -D [expr 8 + $portbase] -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET
set krshd_spawn_id $spawn_id
set krshd_pid [exp_pid]
global REALMNAME
global RCP
global tmppwd
+ global portbase
send_log "rm -f $tmppwd/copy\n"
verbose "exec rm -f $tmppwd/copy"
set from [format "%s%s" $frompref $tmppwd/rcp-test]
set to [format "%s%s" $topref $tmppwd/copy]
- send_log "$RCP $options -D 3544 -N -k $REALMNAME $from $to\n"
- verbose "$RCP $options -D 3544 -N -k $REALMNAME $from $to"
- catch "exec $RCP $options -D 3544 -N -k $REALMNAME $from $to" exec_output
+ send_log "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to\n"
+ verbose "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to"
+ catch "exec $RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" exec_output
if ![string match "" $exec_output] {
send_log "$exec_output\n"
global tmppwd
global krshd_spawn_id
global krshd_pid
+ global portbase
# The -D argument tells it to accept a single connection, so we
- # don't need to use inetd. The 3544 is the port to listen at.
- spawn $KRSHD -k -c -D 3544 -S $tmppwd/srvtab -M $REALMNAME -A $option
+ # don't need to use inetd. The portbase+8 is the port to listen at.
+ spawn $KRSHD -k -c -D [expr 8 + $portbase] -S $tmppwd/srvtab -M $REALMNAME -A $option
set krshd_spawn_id $spawn_id
set krshd_pid [exp_pid]
global env
global spawn_id
global tmppwd
+ global portbase
# Start up the kerberos and kadmind daemons and get a srvtab and a
# ticket file.
# Run rsh date.
set testname "date"
- spawn $RSH $hostname -k $REALMNAME -D 3544 -A date
+ spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A date
expect {
-re "\[A-Za-z0-9\]+ \[A-Za-z0-9\]+ +\[0-9\]+ \[0-9\]+:\[0-9\]+:\[0-9\]+ \[A-Za-z0-9\]+ \[0-9\]+\r\n" {
set result $expect_out(0,string)
set failed no
start_rsh_daemon -ek
set testname "encrypted rsh"
- spawn $RSH $hostname -x -k $REALMNAME -D 3544 -A echo hello
+ spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A echo hello
expect {
"hello" { expect eof }
timeout {
# runtime environment
setup_wrapper $tmppwd/klist.wrap $KLIST
- spawn $RSH $hostname -f -k $REALMNAME -D 3544 -A $BINSH -c $tmppwd/klist.wrap
+ spawn $RSH $hostname -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap
expect {
"Ticket cache:*\r" {
expect eof
set failed no
start_rsh_daemon -e
set testname "encrypted rsh forwarding tickets"
- spawn $RSH $hostname -x -f -k $REALMNAME -D 3544 -A $BINSH -c $tmppwd/klist.wrap
+ spawn $RSH $hostname -x -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap
expect {
"Ticket cache:*\r" {
expect eof
# Check stderr
start_rsh_daemon -k
set testname "rsh to stderr"
- spawn $RSH $hostname -k $REALMNAME -D 3544 -A $BINSH -c "'echo hello 1>&2'"
+ spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
expect {
"hello" { expect eof }
timeout {
start_rsh_daemon -e
set testname "encrypted rsh to stderr"
- spawn $RSH $hostname -x -k $REALMNAME -D 3544 -A $BINSH -c "'echo hello 1>&2'"
+ spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
expect {
"hello" { expect eof }
timeout {
global SSERVER
global T_INETD
global tmppwd
+ global portbase
# if inetd = 0, then we are running stand-alone
if !{$inetd} {
# Start the sserver
- spawn $SSERVER -p 3964 -S $tmppwd/srvtab
+ spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
set sserver_pid [exp_pid]
set sserver_spawn_id $spawn_id
verbose "sserver_spawn is $sserver_spawn_id" 1
} else {
# Start the sserver
- spawn $T_INETD 3964 $SSERVER sserver -S $tmppwd/srvtab
+ spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/srvtab
set sserver_pid [exp_pid]
set sserver_spawn_id $spawn_id
global SCLIENT
global hostname
global spawn_id
-
+ global portbase
# Test the client
- spawn $SCLIENT $hostname 3964
+ spawn $SCLIENT $hostname [expr 8 + $portbase]
verbose "sclient_spawn is $spawn_id" 1
expect {
global tmppwd
global ftpd_spawn_id
global ftpd_pid
+ global portbase
# The -p argument tells it to accept a single connection, so we
- # don't need to use inetd. The 3021 is the port to listen at.
+ # don't need to use inetd. Portbase+8 is the port to listen at.
# We rely on KRB5_KTNAME being set to the proper keyfile as there is
# no way to cleanly set it with the gssapi API.
# The -U argument tells it to use an alternate ftpusers file (using
# /dev/null will allow root to login regardless of /etc/ftpusers).
# The -a argument requires authorization, to mitigate any
# vulnerability introduced by circumventing ftpusers.
- spawn $FTPD -p 3021 -a -U /dev/null -r $tmppwd/krb.conf
+ spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb.conf
set ftpd_spawn_id $spawn_id
set ftpd_pid [exp_pid]
global ftp_save_ktname
global ftp_save_ccname
global des3_krbtgt
+ global portbase
if {$des3_krbtgt} {
return
start_ftp_daemon
# Make an ftp client connection to it.
- spawn $FTP $hostname 3021
+ spawn $FTP $hostname [expr 8 + $portbase]
expect_after {
timeout {
global k524d_spawn_id
global k524d_pid
global REALMNAME
+ global portbase
- spawn $KRB524D -m -p 3752 -r $REALMNAME -nofork
+ spawn $KRB524D -m -p [expr 7 + $portbase] -r $REALMNAME -nofork
set k524d_spawn_id $spawn_id
set k524d_pid [exp_pid]
projects / krb5.git / commitdiff