set KDB5_UTIL [findfile $objdir/../../kadmin/dbutil/kdb5_util]
}
-if ![info exists KDB5_EDIT] {
- set KDB5_EDIT [findfile $objdir/../../admin/edit/kdb5_edit]
-}
-
if ![info exists KRB5KDC] {
set KRB5KDC [findfile $objdir/../../kdc/krb5kdc]
}
set KADMIN [findfile $objdir/../../kadmin/cli/kadmin]
}
+if ![info exists KADMIN_LOCAL] {
+ set KADMIN_LOCAL [findfile $objdir/../../kadmin/cli/kadmin.local]
+}
+
+
if ![info exists KINIT] {
set KINIT [findfile $objdir/../../clients/kinit/kinit]
}
# Returns 1 on success, 0 on failure.
proc setup_kadmind_srvtab { } {
global REALMNAME
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global tmppwd
catch "exec rm -f tmpdir/admin-keytab"
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
timeout {
- fail "kdb5_edit admin-keytab (timeout)"
+ fail "kadmin.local admin-keytab (timeout)"
catch "exec rm -f tmpdir/admin-keytab"
catch "expect_after"
return 0
}
eof {
- fail "kdb5_edit admin-keytab (eof)"
+ fail "kadmin.local admin-keytab (eof)"
catch "exec rm -f tmpdir/admin-keytab"
catch "expect_after"
return 0
}
}
- expect "kdb5_edit:"
- send "xst admin kadmin\r"
- expect "'kadmin/admin@$REALMNAME' added to keytab"
- expect "kdb5_edit:"
+ expect "kadmin.local: "
+ send "xst -k admin-new-srvtab kadmin/admin\r"
+ expect -re ".*Entry for principal kadmin/admin.* added to keytab WRFILE:admin-new-srvtab."
+ expect "kadmin.local: "
catch "exec mv -f admin-new-srvtab changepw-new-srvtab" exec_output
if ![string match "" $exec_output] {
return 0
}
- send "xst changepw kadmin\r"
- expect "'kadmin/changepw@$REALMNAME' added to keytab"
- expect "kdb5_edit:"
+ send "xst -k changepw-new-srvtab kadmin/changepw\r"
+ expect -re ".*Entry for principal kadmin/changepw.* added to keytab WRFILE:changepw-new-srvtab."
+ expect "kadmin.local: "
send "quit\r"
expect "\r"
expect_after
- if ![check_exit_status "kdb5_edit admin-keytab"] {
+ if ![check_exit_status "kadmin.local admin-keytab"] {
catch "exec rm -f tmpdir/admin-keytab"
- send_error "ERROR: kdb5_edit admin-keytab exited abnormally\n"
+ send_error "ERROR: kadmin.local admin-keytab exited abnormally\n"
return 0
}
proc setup_kerberos_db { standalone } {
global REALMNAME
global KDB5_UTIL
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global tmppwd
global spawn_id
}
# Add an admin user.
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
timeout {
catch "expect_after"
- fail "kdb5_edit (timeout)"
+ fail "kadmin.local (timeout)"
if {!$standalone} {
catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
}
}
eof {
catch "expect_after"
- fail "kdb5_edit (eof)"
+ fail "kadmin.local (eof)"
if {!$standalone} {
catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
}
return 0
}
}
- expect "kdb5_edit:"
+ expect "kadmin.local: "
send "ank krbtest/admin@$REALMNAME\r"
- expect "Enter password:"
+ # It echos...
+ expect "ank krbtest/admin@$REALMNAME\r"
+ expect "Enter password for principal \"krbtest/admin@$REALMNAME\":"
send "adminpass$KEY\r"
- expect "Re-enter password for verification:"
+ expect "Re-enter password for principal \"krbtest/admin@$REALMNAME\":"
send "adminpass$KEY\r"
- expect "kdb5_edit:"
+ expect {
+ "Principal \"krbtest/admin@$REALMNAME\" created" { }
+ "Principal or policy already exists while creating*" { expect eof }
+ }
+ expect "kadmin.local: "
send "quit\r"
expect "\r"
expect_after
- if ![check_exit_status kdb5_edit] {
+ if ![check_exit_status kadmin_local] {
if {!$standalone} {
catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
}
catch "exec touch tmpdir/adb.lock"
if {$standalone} {
- pass "kdb5_edit"
+ pass "kadmin_local"
}
return 1
proc setup_srvtab { standalone {id host} } {
global REALMNAME
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global tmppwd
global hostname
catch "exec rm -f $hostname-new-srvtab"
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
timeout {
- fail "kdb5_edit srvtab"
+ fail "kadmin.local srvtab"
if {!$standalone} {
catch "exec rm -f tmpdir/srvtab"
}
return 0
}
eof {
- fail "kdb5_edit srvtab"
+ fail "kadmin.local srvtab"
if {!$standalone} {
catch "exec rm -f tmpdir/srvtab"
}
return 0
}
}
- expect "kdb5_edit:"
- send "xst $hostname $id\r"
- expect "'$id/$hostname@$REALMNAME' added to keytab"
- expect "kdb5_edit:"
+ expect "kadmin.local: "
+ send "xst -k $hostname-new-srvtab $id/$hostname\r"
+ expect -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-srvtab."
+ expect "kadmin.local: "
send "quit\r"
expect "\r"
expect_after
- if ![check_exit_status "kdb5_edit srvtab"] {
+ if ![check_exit_status "kadmin.local srvtab"] {
if {!$standalone} {
catch "exec rm -f tmpdir/srvtab"
}
}
if {$standalone} {
- pass "kdb5_edit srvtab"
+ pass "kadmin.local srvtab"
}
# Make the srvtab file globally readable in case we are using a
# Kerberos kadmin test.
# This is a DejaGnu test script.
-# This script tests Kerberos kadmin5 using kdb5_edit as verification.
+# This script tests Kerberos kadmin5 using kadmin.local as verification.
# Set up the kerberos database.
if {![get_hostname] \
proc kadmin_add { pname password } {
global REALMNAME
global KADMIN
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global spawn_id
global tmppwd
catch "close -i $spawn_id"
if { $good == 1 } {
#
- # use kdb5_edit to verify that a principal was created and that its
+ # use kadmin.local to verify that a principal was created and that its
# salt types are 0 (normal).
#
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
-i $spawn_id
timeout {
}
}
set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Name: $pname@$REALMNAME" { set good 1 }
-
- expect "Maximum life:" { verbose "got max life" }
+ expect "kadmin.local: " { send "getprinc $pname\r" }
+ expect "Principal: $pname@$REALMNAME" { set good 1 }
+ expect "Expiration date:" { verbose "got expiration date" }
+ expect "Last password change:" { verbose "got last pwchange" }
+ expect "Password expiration date:" { verbose "got pwexpire date" }
+ expect "Maximum ticket life:" { verbose "got max life" }
expect "Maximum renewable life:" { verbose "got max rlife" }
- expect "Expiration:" { verbose "got expiration" }
- expect "Password expiration:" { verbose "got pw expiration" }
- expect "Last successful password:" { verbose "last succ pw" }
- expect "Last failed password attempt:" { verbose "last pw attempt" }
+ expect "Last modified:" { verbose "got last modified" }
+ expect "Last successful authentication:" { verbose "last succ auth" }
+ expect "Last failed authentication:" { verbose "last pw failed" }
expect "Failed password attempts:" { verbose "num failed attempts" }
- expect "Attributes:" { verbose "attributes" }
expect "Number of keys:" { verbose "num keys"}
- expect "kdb5_edit:" { send "q\r" }
+ expect {
+ "Key: " { verbose "Key listed"
+ exp_continue
+ }
+ "Attributes:" { verbose "attributes" }
+ }
+ expect "kadmin.local: " { send "q\r" }
+
expect_after
expect eof
set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
catch "close -i $spawn_id"
if { $good == 1 } {
pass "kadmin add $pname"
proc kadmin_add_rnd { pname } {
global REALMNAME
global KADMIN
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global spawn_id
global tmppwd
catch "close -i $spawn_id"
if { $good == 1 } {
#
- # use kdb5_edit to verify that a principal was created and that its
+ # use kadmin.local to verify that a principal was created and that its
# salt types are 0 (normal).
#
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
-i $spawn_id
timeout {
}
}
set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Name: $pname@$REALMNAME" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
+ expect "kadmin.local:" { send "getprinc $pname\r" }
+ expect "Principal: $pname@$REALMNAME" { set good 1 }
+ expect "kadmin.local:" { send "q\r" }
expect_after
expect eof
set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
catch "close -i $spawn_id"
if { $good == 1 } {
pass "kadmin add_rnd $pname"
}
expect "Enter password:"
send "adminpass$KEY\r"
+ # When in doubt, jam one of these in there.
+ expect "\r"
expect "Principal \"$pname@$REALMNAME\" modified."
expect_after
expect eof
return 1
}
-#++
-# kadmin_rename - Test rename function of kadmin.
-#
-# Rename principal $pname to $npname. Returns 1 on success.
-#--
-proc kadmin_rename { pname npname } {
- global REALMNAME
- global KADMIN
- global KDB5_EDIT
- global KEY
- global spawn_id
- global tmppwd
-
- set good 0
- spawn $KADMIN -p krbtest/admin@$REALMNAME -q "renprinc -force $pname $npname"
- expect_after {
- "Cannot contact any KDC" {
- fail "kadmin rename $pname $npname lost KDC"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- expect "Enter password:" {
- send "adminpass$KEY\r"
- }
- expect "principal $pname renamed to $npname" { set good 1 }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that the new principal was created and that its
- # salt types are 0 (normal).
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- -i $spawn_id
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $npname\r" }
- expect "Name: $npname@$REALMNAME" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
-
- if { $good == 1 } {
- #
- # use kdb5_edit to verify that the old principal is not present.
- #
- spawn $KDB5_EDIT -r $REALMNAME
- expect_after {
- timeout {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin renent $pname $npname"
- catch "expect_after"
- return 0
- }
- }
- set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Principal $pname not found" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
- expect_after
- expect eof
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
- catch "close -i $spawn_id"
- if { $good == 1 } {
- pass "kadmin renent $pname $npname"
- return 1
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
- }
- else {
- fail "kadmin renent $pname $npname"
- return 0
- }
-}
#++
# kadmin_list - Test list database function of kadmin.
proc kadmin_delete { pname } {
global REALMNAME
global KADMIN
- global KDB5_EDIT
+ global KADMIN_LOCAL
global KEY
global spawn_id
global tmppwd
catch "close -i $spawn_id"
if { $good == 1 } {
#
- # use kdb5_edit to verify that the old principal is not present.
+ # use kadmin.local to verify that the old principal is not present.
#
- spawn $KDB5_EDIT -r $REALMNAME
+ spawn $KADMIN_LOCAL -r $REALMNAME
expect_after {
-i $spawn_id
timeout {
}
}
set good 0
- expect "kdb5_edit:" { send "show $pname\r" }
- expect "Principal $pname not found" { set good 1 }
- expect "kdb5_edit:" { send "q\r" }
+ expect "kadmin.local: " { send "getprinc $pname\r" }
+ expect "Principal does not exist while retrieving \"$pname@$REALMNAME\"." { set good 1 }
+ expect "kadmin.local: " { send "quit\r" }
expect_after
expect eof
set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
catch "close -i $spawn_id"
if { $good == 1 } {
pass "kadmin delprinc $pname"
return
}
-# These tests were removed as you currently cannot rename a random key
-# This is a bug....
-# || ![kadmin_rename v5random randomkey] \
-# || ![kadmin_show randomkey] \
-# || ![kadmin_delete randomkey] \
# You cannot extract a v4 key...
# || ![kadmin_extractv4 instance2 v4principal] \