From: Mark Eichin Date: Thu, 20 Apr 1995 22:59:52 +0000 (+0000) Subject: dejagnu test cases. (from Ian Taylor ) X-Git-Tag: krb5-1.0-beta5~333 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=10c64a704c1c520197bc103ee0cd366bf7cbb764;p=krb5.git dejagnu test cases. (from Ian Taylor ) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5413 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in new file mode 100644 index 000000000..f62849840 --- /dev/null +++ b/src/tests/dejagnu/Makefile.in @@ -0,0 +1,5 @@ +RUNTEST = runtest +RUNTESTFLAGS = + +check:: + $(RUNTEST) --tool krb --srcdir $(srcdir) $(RUNTESTFLAGS) diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp new file mode 100644 index 000000000..37c48f84b --- /dev/null +++ b/src/tests/dejagnu/config/default.exp @@ -0,0 +1,986 @@ +# Basic expect script for Kerberos tests. +# This is a DejaGnu test script. +# Written by Ian Lance Taylor, Cygnus Support, . +# This script is automatically run by DejaGnu before running any of +# the Kerberos test scripts. + +# This file provides several functions which deal with a local +# Kerberos database. We have to do this such that we don't interfere +# with any existing Kerberos database. We will create all the files +# in the directory tmpdir, which will have been created by the +# testsuite default script. We will use KRBTEST.COM as our Kerberos +# realm name. + +# We do everything in a temporary directory. +if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status} + +set tmppwd "[pwd]/tmpdir" + +# On Ultrix, use /bin/sh5 in preference to /bin/sh. +if ![info exists BINSH] { + if [file exists /bin/sh5] { + set BINSH /bin/sh5 + } else { + set BINSH /bin/sh + } +} + +# For security, we must not use generally known passwords. This is +# because some of the tests may be run as root. If the passwords were +# generally know, then somebody could work out the appropriate +# Kerberos ticket to use, and come in when, say, the telnetd daemon +# was being tested by root. The window for doing this is very very +# small, so the password does not have to be perfect, it just can't be +# constant. +if ![info exists KEY] { + catch {exec $BINSH -c "echo $$"} KEY + verbose "KEY is $KEY" +} + +# Clear away any files left over from a previous run. +# We can't use them now because we don't know the right KEY. +catch "exec rm -f tmpdir/db.ok tmpdir/srvtab" + +# Put the installed kerberos directories on PATH. +# This needs to be fixed for V5. +# set env(PATH) $env(PATH):/usr/kerberos/bin:/usr/kerberos/etc +# verbose "PATH=$env(PATH)" + +# Some of the tests expect $env(USER) to be set. +if ![info exists env(USER)] { + if [info exists env(LOGNAME)] { + set env(USER) $env(LOGNAME) + } else { + if [info exists logname] { + set env(USER) $logname + } else { + catch "exec whoami" env(USER) + } + } +} + +# Find some programs we need. We use the binaries from the build tree +# if they exist. If they do not, then they must be in PATH. We +# expect $objdir to be ...tests/dejagnu. + +if ![info exists KDB5_CREATE] { + set KDB5_CREATE [findfile $objdir/../../admin/create/kdb5_create] +} + +if ![info exists KDB5_STASH] { + set KDB5_STASH [findfile $objdir/../../admin/stash/kdb5_stash] +} + +if ![info exists KDB5_EDIT] { + set KDB5_EDIT [findfile $objdir/../../admin/edit/kdb5_edit] +} + +if ![info exists KRB5KDC] { + set KRB5KDC [findfile $objdir/../../kdc/krb5kdc] +} + +if ![info exists KADMIND] { + set KADMIND [findfile $objdir/../../kadmin/server/kadmind] +} + +if ![info exists KADMIN] { + set KADMIN [findfile $objdir/../../kadmin/client/kadmin] +} + +if ![info exists KINIT] { + set KINIT [findfile $objdir/../../clients/kinit/kinit] +} + +# We use a couple of variables to hold shell prompts which may be +# overridden by the user. + +if ![info exists ROOT_PROMPT] { + set ROOT_PROMPT "(%|#|>|\\$) $" +} + +if ![info exists SHELL_PROMPT] { + set SHELL_PROMPT "(%|#|>|\\$) $" +} + +# check_k5login +# Most of the tests won't work if the user has a .k5login file, unless +# the user's name appears unadorned in .k5login (in which case kuserok +# will assume a null instance and the local realm). This procedure +# returns 1 if the .k5login file appears to be OK, 0 otherwise. This +# check is not foolproof. + +proc check_k5login { testname } { + global env + + if ![file exists ~/.k5login] { + return 1 + } + + set file [open ~/.k5login r] + while { [gets $file principal] != -1 } { + if { $principal == $env(USER) } { + close $file + return 1 + } + } + close $file + + untested "$testname test requires that your name appear in your ~/.k5login" + untested "file with no realm or instance." + + return 0 +} + +# check_exit_status +# Check the exit status of a spawned program. Returns 1 if the +# program succeeded, 0 if it failed. + +proc check_exit_status { testname } { + global spawn_id + + set status_list [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $status_list ($testname)" + catch "close -i $spawn_id" + if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { + send_log "exit status: $status_list\n" + verbose "exit status: $status_list" + fail "$testname" + return 0 + } else { + return 1 + } +} + +# get_hostname +# This procedure will get the local hostname. It sets the global +# variables hostname (the full name) and localhostname (the first part +# of the name). Returns 1 on success, 0 on failure. + +proc get_hostname { } { + global hostname + global localhostname + + if {[info exists hostname] && [info exists localhostname]} { + return 1 + } + + catch "exec hostname >tmpdir/hostname" exec_output + if ![string match "" $exec_output] { + send_log "$exec_output\n" + verbose $exec_output + send_error "ERROR: can't get hostname\n" + return 0 + } + set file [open tmpdir/hostname r] + if { [ gets $file hostname ] == -1 } { + send_error "ERROR: no output from hostname\n" + return 0 + } + close $file + catch "exec rm -f tmpdir/hostname" exec_output + regexp "^\[^.\]*" $hostname localhostname + verbose "hostname: $hostname; localhostname: $localhostname" + + return 1 +} + +# setup_kerberos_files +# This procedure will create some Kerberos files which must be created +# manually before trying to run any Kerberos programs. Returns 1 on +# success, 0 on failure. + +proc setup_kerberos_files { } { + global hostname + + if ![get_hostname] { + return 0 + } + + # Create a krb.conf file. + # We don't bother to do this for V5, we use an environment + # variable instead. + # if ![file exists tmpdir/krb.conf] { + # set conffile [open tmpdir/krb.conf w] + # puts $conffile "KRBTEST.COM" + # puts $conffile "KRBTEST.COM $hostname:3750 admin server" + # close $conffile + # } + + # Create ACL file. + if ![file exists tmpdir/acl] { + set aclfile [open tmpdir/acl w] + puts $aclfile "krbtest/admin@KRBTEST.COM *" + close $aclfile + } + + return 1 +} + +# Save the original values of the environment variables we are going +# to muck with. + +#if [info exists env(KRB_CONF)] { +# set orig_krb_conf $env(KRB_CONF) +#} else { +# catch "unset orig_krb_conf" +#} + +if [info exists env(KRB5CCNAME)] { + set orig_krb5ccname $env(KRB5CCNAME) +} else { + catch "unset orig_krb5ccname" +} + +if [ info exists env(KRB5RCACHEDIR)] { + set orig_krb5rcachedir $env(KRB5RCACHEDIR) +} else { + catch "unset orig_krb5rcachedir" +} + +if [ info exists env(KERBEROS_SERVER)] { + set orig_kerberos_server $env(KERBEROS_SERVER) +} else { + catch "unset orig_kerberos_server" +} + +# setup_kerberos_env +# Set the environment variables needed to run Kerberos programs. + +proc setup_kerberos_env { } { + global env + global tmppwd + global hostname + + # Set the environment variable KRB_CONF to point to our krb.conf file. + # All the Kerberos tools check KRB_CONF. + # Actually, V5 doesn't currently use this. + # set env(KRB_CONF) $tmppwd/krb.conf + # verbose "KRB_CONF=$env(KRB_CONF)" + + # Direct the Kerberos programs at a local ticket file. + set env(KRB5CCNAME) FILE:$tmppwd/tkt + verbose "KRB5CCNAME=$env(KRB5CCNAME)" + + # Direct the Kerberos server at a cache file stored in the + # temporary directory. + set env(KRB5RCACHEDIR) $tmppwd + verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)" + + # Tell the Kerberos tools how to contact the KRBTEST.COM server. + set env(KERBEROS_SERVER) "KRBTEST.COM:$hostname:3088" + verbose "KERBEROS_SERVER=$env(KERBEROS_SERVER)" + + return 1 +} + +# Restore the Kerberos environment, in case setup_kerberos_env was +# already called by an earlier test. + +proc restore_kerberos_env { } { + global env + global orig_krb_conf + global orig_krb5ccname + global orig_krb5rcachedir + global orig_kerberos_server + + # if [info exists orig_krb_conf] { + # set env(KRB_CONF) $orig_krb_conf + # } else { + # catch "unset env(KRB_CONF)" + # } + + if [info exists orig_krb5ccname] { + set env(KRB5CCNAME) $orig_krb5ccname + } else { + catch "unset env(KRB5CCNAME)" + } + + if [info exists orig_krb5rcachedir] { + set env(KRB5RCACHEDIR) $orig_krb5rcachedir + } else { + catch "unset env(KRB5RCACHEDIR)" + } + + if [info exists orig_kerberos_server] { + set env(KERBEROS_SERVER) $orig_kerberos_server + } else { + catch "unset env(KERBEROS_SERVER)" + } +} + +# setup_kerberos_db +# Initialize the Kerberos database. If the argument is non-zero, call +# pass at relevant points. Returns 1 on success, 0 on failure. + +proc setup_kerberos_db { standalone } { + global KDB5_CREATE + global KDB5_STASH + global KDB5_EDIT + global KEY + global tmppwd + global spawn_id + + if {!$standalone && [file exists tmpdir/db.ok]} { + return 1 + } + + catch "exec rm -f [glob -nocomplain tmpdir/db*]" + + # Creating a new database means we need a new srvtab. + catch "exec rm -f tmpdir/srvtab" + + if { ![setup_kerberos_files] || ![setup_kerberos_env] } { + return 0 + } + + spawn $KDB5_CREATE -r KRBTEST.COM -d $tmppwd/db + expect { + "Enter KDC database master key:" { + verbose "kdb5_create started" + } + timeout { + fail "kdb5_create" + return 0 + } + eof { + fail "kdb5_create" + return 0 + } + } + send "masterkey$KEY\r" + set failed 0 + expect { + "Re-enter KDC database master key to verify:" { } + timeout { + fail "kdb5_create" + return 0 + } + eof { + fail "kdb5_create" + return 0 + } + } + send "masterkey$KEY\r" + expect { + -re "\[Cc\]ouldn't" { + fail "kdb5_create" + return 0 + } + timeout { + fail "kdb5_create" + return 0 + } + eof { } + } + if ![check_exit_status kdb5_create] { + return 0 + } + + if {$standalone} { + pass "kdb5_create" + } + + # Stash the master key in a file. + spawn $KDB5_STASH -f $tmppwd/stash -d $tmppwd/db -r KRBTEST.COM + expect { + "Enter KDC database master key:" { + verbose "kdb5_stash started" + } + timeout { + fail "kdb5_stash" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + eof { + fail "kdb5_stash" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + } + send "masterkey$KEY\r" + expect { + eof { } + timeout { + fail "kdb5_stash" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + } + if ![check_exit_status kdb5_stash] { + return 0 + } + + if {$standalone} { + pass "kdb5_stash" + } + + # Add an admin user. + spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM + expect_after { + timeout { + catch "expect_after" + fail "kdb5_edit" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + eof { + catch "expect_after" + fail "kdb5_edit" + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + } + expect { + "Enter KDC database master key" { + verbose "kdb5_edit started" + } + } + send "masterkey$KEY\r" + expect "kdb5_edit:" + send "ank krbtest/admin@KRBTEST.COM\r" + expect "Enter password:" + send "adminpass$KEY\r" + expect "Re-enter password for verification:" + send "adminpass$KEY\r" + expect "kdb5_edit:" + send "ark kadmin/KRBTEST.COM@KRBTEST.COM\r" + expect "kdb5_edit:" + send "quit\r" + expect "\r" + expect_after + if ![check_exit_status kdb5_edit] { + if {!$standalone} { + catch "exec rm -f tmpdir/db.ok" + } + return 0 + } + + if {$standalone} { + pass "kdb5_edit" + } + + return 1 +} + +# start_kerberos_daemons +# A procedure to build a Kerberos database and start up the kerberos +# and kadmind daemons. This sets the global variables kdc_pid, +# kdc_spawn_id, kadmind_pid, and kadmind_spawn_id. The procedure +# stop_kerberos_daemons should be used to stop the daemons. If the +# argument is non-zero, call pass at relevant points. Returns 1 on +# success, 0 on failure. + +proc start_kerberos_daemons { standalone } { + global KRB5KDC + global KADMIND + global KEY + global kdc_pid + global kdc_spawn_id + global kadmind_pid + global kadmind_spawn_id + global tmppwd + + if ![setup_kerberos_db 0] { + return 0 + } + + if {$standalone} { + catch "exec rm -f tmpdir/krb.log" + catch "exec rm -f tmpdir/kadmind.log" + } + + # Start up the kerberos daemon + spawn $KRB5KDC -r KRBTEST.COM -p 3088 -d $tmppwd/db -m + set kdc_pid [exp_pid] + set kdc_spawn_id $spawn_id + expect { + "Enter KDC database master key" { + send "masterkey$KEY\r" + } + timeout { + fail "krb5kdc" + stop_kerberos_daemons + return 0 + } + eof { + fail "krb5kdc" + stop_kerberos_daemons + return 0 + } + } + expect { + "\r" { } + timeout { + fail "krb5kdc" + stop_kerberos_daemons + return 0 + } + eof { + fail "krb5kdc" + stop_kerberos_daemons + return 0 + } + } + + if {$standalone} { + pass "krb5kdc" + } + + # Give the kerberos daemon a few seconds to get set up. + catch "exec sleep 2" + + # Start up the kadmind daemon + spawn $KADMIND -d $tmppwd/db -p 3750 -a $tmppwd/acl -m -r KRBTEST.COM + set kadmind_pid [exp_pid] + set kadmind_spawn_id $spawn_id + expect { + "Enter KDC database master key" { + send "masterkey$KEY\r" + } + timeout { + fail "kadmind" + stop_kerberos_daemons + return 0 + } + eof { + fail "krb5kdc" + stop_kerberos_daemons + return 0 + } + } + expect { + "\r" { } + timeout { + fail "kadmind" + stop_kerberos_daemons + return 0 + } + eof { + fail "kadmind" + stop_kerberos_daemons + return 0 + } + } + + if {$standalone} { + pass "kadmind" + } + + # Give the kadmind daemon a few seconds to get set up. + catch "exec sleep 2" + + return 1 +} + +# stop_kerberos_daemons +# Stop the kerberos daemons. Returns 1 on success, 0 on failure. + +proc stop_kerberos_daemons { } { + global kdc_pid + global kdc_spawn_id + global kadmind_pid + global kadmind_spawn_id + + if [info exists kdc_pid] { + catch "close -i $kdc_spawn_id" + catch "exec kill $kdc_pid" + wait -i $kdc_spawn_id + unset kdc_pid + } + + if [info exists kadmind_pid] { + catch "close -i $kadmind_spawn_id" + catch "exec kill $kadmind_pid" + wait -i $kadmind_spawn_id + unset kadmind_pid + } + + return 1 +} + +# add_kerberos_key +# Add an key to the Kerberos database. start_kerberos_daemons must be +# called before this procedure. If the standalone argument is +# non-zero, call pass at relevant points. Returns 1 on success, 0 on +# failure. + +proc add_kerberos_key { kkey standalone } { + global KADMIN + global KEY + global spawn_id + + # Use kadmin to add an key. + spawn $KADMIN -p 3750 krbtest@KRBTEST.COM + expect_after { + timeout { + fail "kadmin $kkey" + catch "expect_after" + return 0 + } + eof { + fail "kadmin $kkey" + catch "expect_after" + return 0 + } + } + expect "Password for krbtest/admin@KRBTEST.COM:" + send "adminpass$KEY\r" + expect -re "Command (.*):" + send "add $kkey@KRBTEST.COM\r" + expect { + "Enter password:" { } + "Principal Already Exists" { + expect -re "Command (.*):" + send "q\r" + expect "Have a Good Day.\r" + catch "expect_after" + if ![check_exit_status kadmin] { + return 0 + } + return 1 + } + } + send "$kkey" + send "$KEY\r" + expect "Re-enter password for verification:" + send "$kkey" + send "$KEY\r" + expect "Database Addition Successful" + expect -re "Command (.*):" + send "q\r" + expect "Have a Good Day.\r" + expect_after + if ![check_exit_status kadmin] { + return 0 + } + + if {$standalone} { + pass "kadmin $kkey" + } + + return 1 +} + +# add_random_key +# Add a key with a random password to the Kerberos database. +# start_kerberos_daemons must be called before this procedure. If the +# standalone argument is non-zero, call pass at relevant points. +# Returns 1 on success, 0 on failure. + +proc add_random_key { kkey standalone } { + global KADMIN + global KEY + global spawn_id + + # Use kadmin to add an key. + spawn $KADMIN -p 3750 krbtest@KRBTEST.COM + expect_after { + timeout { + fail "kadmin $kkey" + catch "expect_after" + return 0 + } + eof { + fail "kadmin $kkey" + catch "expect_after" + return 0 + } + } + expect "Password for krbtest/admin@KRBTEST.COM:" + send "adminpass$KEY\r" + expect -re "Command (.*):" + send "addrnd $kkey@KRBTEST.COM\r" + expect "Database Addition Successful" + expect -re "Command (.*):" + send "q\r" + expect "Have a Good Day.\r" + expect_after + if ![check_exit_status kadmin] { + return 0 + } + + if {$standalone} { + pass "kadmin $kkey" + } + + return 1 +} + +# setup_srvtab +# Set up a srvtab file. start_kerberos_daemons and add_random_key +# host/$hostname must be called before this procedure. If the +# argument is non-zero, call pass at relevant points. Returns 1 on +# success, 0 on failure. + +proc setup_srvtab { standalone } { + global KDB5_EDIT + global KEY + global tmppwd + global hostname + global spawn_id + + if {!$standalone && [file exists tmpdir/srvtab]} { + return 1 + } + + catch "exec rm -f tmpdir/srvtab tmpdir/srvtab.old" + + if ![get_hostname] { + return 0 + } + + catch "exec rm -f $hostname-new-srvtab" + + spawn $KDB5_EDIT -m -d $tmppwd/db -r KRBTEST.COM + expect_after { + timeout { + fail "kdb5_edit srvtab" + if {!$standalone} { + catch "exec rm -f tmpdir/srvtab" + } + catch "expect_after" + return 0 + } + eof { + fail "kdb5_edit srvtab" + if {!$standalone} { + catch "exec rm -f tmpdir/srvtab" + } + catch "expect_after" + return 0 + } + } + expect "Enter KDC database master key" + send "masterkey$KEY\r" + expect "kdb5_edit:" + send "xst $hostname host\r" + expect "'host/$hostname@KRBTEST.COM' added to keytab" + expect "kdb5_edit:" + send "quit\r" + expect "\r" + expect_after + if ![check_exit_status "kdb5_edit srvtab"] { + if {!$standalone} { + catch "exec rm -f tmpdir/srvtab" + } + return 0 + } + + catch "exec mv -f $hostname-new-srvtab tmpdir/srvtab" exec_output + if ![string match "" $exec_output] { + send_log "$exec_output\n" + verbose $exec_output + send_error "ERROR: can't mv new srvtab\n" + return 0 + } + + if {$standalone} { + pass "kdb5_edit srvtab" + } + + # Make the srvtab file globally readable in case we are using a + # root shell and the srvtab is NFS mounted. + catch "exec chmod a+r tmpdir/srvtab" + + return 1 +} + +# kinit +# Use kinit to get a ticket. If the argument is non-zero, call pass +# at relevant points. Returns 1 on success, 0 on failure. + +proc kinit { name pass standalone } { + global KINIT + global spawn_id + + # Use kinit to get a ticket. + spawn $KINIT $name@KRBTEST.COM + expect { + "Password for $name@KRBTEST.COM:" { + verbose "kinit started" + } + timeout { + fail "kinit" + return 0 + } + eof { + fail "kinit" + return 0 + } + } + send "$pass\r" + # This last expect seems useless, but without it the test hangs on + # AIX. + expect { + "\r" { } + } + if ![check_exit_status kinit] { + return 0 + } + + if {$standalone} { + pass "kinit" + } + + return 1 +} + +# Set up a root shell using rlogin $hostname -l root. This is used +# when testing the daemons that must be run as root, such as telnetd +# or rlogind. This sets the global variables rlogin_spawn_id and +# rlogin_pid. Returns 1 on success, 0 on failure. +# +# This procedure will only succeed if the person running the test has +# a valid ticket for a name listed in the /.klogin file. Naturally, +# Kerberos must already be installed on this machine. It's a pain, +# but I can't think of a better approach. + +proc setup_root_shell { testname } { + global BINSH + global ROOT_PROMPT + global KEY + global hostname + global rlogin_spawn_id + global rlogin_pid + global tmppwd + + # Make sure we are using the original values of the environment + # variables. This means that the caller must call + # setup_kerberos_env after calling this procedure. + + restore_kerberos_env + + if ![get_hostname] { + return 0 + } + + # If you have not installed Kerberos on your system, and you want + # to run these tests, you can do it if you are willing to put your + # root password in this file (this is not a very good idea, but + # it's safe enough if you disconnect from the network and remember + # to remove the password later). Change the rlogin in the next + # line to be /usr/ucb/rlogin (or whatever is appropriate for your + # system). Then change the lines after "word:" a few lines + # farther down to be + # send "rootpassword\r" + # exp_continue + + spawn rlogin $hostname -l root + set rlogin_spawn_id $spawn_id + set rlogin_pid [exp_pid] + expect { + "word:" { + untested "$testname test requires ability to rlogin as root" + stop_root_shell + return 0 + } + "Kerberos rlogin failed" { + untested "$testname test requires ability to rlogin as root" + stop_root_shell + return 0 + } + eof { + untested "$testname test requires ability to rlogin as root" + stop_root_shell + return 0 + } + -re "$ROOT_PROMPT" { } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + send_error "ERROR: If you have an unusual root prompt,\n" + send_error "ERROR: try running with ROOT_PROMPT=\"regexp\"\n" + stop_root_shell + return 0 + } + } + + expect_after { + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + stop_root_shell + catch "expect_after" + return 0 + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + stop_root_shell + catch "expect_after" + return 0 + } + } + + # Make sure the root shell is using /bin/sh. + send "$BINSH\r" + expect { + -re "$ROOT_PROMPT" { } + } + + # Set up a shell variable tmppwd. The callers use this to keep + # command line lengths down. The command line length is important + # because we are feeding input to a shell via a pty. On some + # systems a pty will only accept 255 characters. + send "tmppwd=$tmppwd\r" + expect { + -re "$ROOT_PROMPT" { } + } + + # Move over to the right directory. + set dir [pwd] + send "cd $dir\r" + expect { + -re "$ROOT_PROMPT" { } + "$dir:" { + send_error "ERROR: root shell can not cd to $dir\n" + stop_root_shell + return 0 + } + } + + expect_after + + return 1 +} + +# Kill off a root shell started by setup_root_shell. + +proc stop_root_shell { } { + global rlogin_spawn_id + global rlogin_pid + + catch "close -i $rlogin_spawn_id" + catch "exec kill $rlogin_pid" + catch "exec sleep 1" + catch "exec kill -9 $rlogin_pid" + catch "wait -i $rlogin_spawn_id" +} + +# Check the date. The string will be the output of date on this +# system, and we must make sure that it is in the same timezone as the +# output of date run a second time. The first date will be run on an +# rlogin or some such connection to the local system. This is to test +# to make sure that the TZ environment variable is handled correctly. +# Returns 1 on sucess, 0 on failure. + +proc check_date { date } { + catch "exec date" ndate + set atz "" + set ntz "" + scan $date "%s %s %d %d:%d:%d %s %d" adow amon adom ahr amn asc atz ayr + scan $ndate "%s %s %d %d:%d:%d %s %d" ndow nmon ndom nhr nmn nsc ntz nyr + if { $atz != $ntz } { + verbose "date check failed: $atz != $ntz" + send_log "date check failed: $atz != $ntz\n" + return 0 + } + return 1 +} diff --git a/src/tests/dejagnu/configure.in b/src/tests/dejagnu/configure.in new file mode 100644 index 000000000..041a42dd0 --- /dev/null +++ b/src/tests/dejagnu/configure.in @@ -0,0 +1,11 @@ +AC_INIT(Makefile.in) +WITH_CCOPTS +CONFIG_RULES +AC_CONFIG_FRAGMENTS(.. ../.. ../../.. ../../../.. ../../../../.. ../../../../../..) +AC_SUBST(BUILDTOP) +BUILDTOP=[$]ac_reltopdir +AC_PROG_INSTALL +WITH_NETLIB +KRB_INCLUDE +WITH_KRB5ROOT +V5_AC_OUTPUT_MAKEFILE diff --git a/src/tests/dejagnu/krb-root/rlogin.exp b/src/tests/dejagnu/krb-root/rlogin.exp new file mode 100644 index 000000000..fd56361ac --- /dev/null +++ b/src/tests/dejagnu/krb-root/rlogin.exp @@ -0,0 +1,296 @@ +# Kerberos rlogin test. +# This is a DejaGnu test script. +# This script tests Kerberos rlogin. +# Written by Ian Lance Taylor, Cygnus Support, . + +# Find the programs we need. We use the binaries from the build tree +# if they exist. If they do not, then they must be in PATH. We +# expect $objdir to be .../kerberos/src. + +if ![info exists RLOGIN] { + set RLOGIN [findfile $objdir/../../appl/bsd/rlogin] +} + +if ![info exists KRLOGIND] { + set KRLOGIND [findfile $objdir/../../appl/bsd/krlogind] +} + +if ![info exists LOGINKRB5] { + set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] +} + +# Start up a root shell. +if ![setup_root_shell rlogin] { + return +} + +# Make sure .k5login is reasonable. +if ![check_k5login rlogin] { + stop_root_shell + return +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + stop_root_shell + return +} + +# A procedure to start up the rlogin daemon. + +proc start_rlogin_daemon { option } { + global KRLOGIND + global LOGINKRB5 + global ROOT_PROMPT + global tmppwd + global hostname + global rlogin_spawn_id + global krlogind_pid + + # The -p argument tells it to accept a single connection, so we + # don't need to use inetd. The 3543 is the port to listen at. + # Note that tmppwd here is a shell variable, which is set in + # setup_root_shell, not a TCL variable. + send -i $rlogin_spawn_id "$KRLOGIND -K -D 3543 -S \$tmppwd/srvtab -M KRBTEST.COM -L $LOGINKRB5 $option &\r" + expect { + -i $rlogin_spawn_id + -re "$ROOT_PROMPT" { } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + send -i $rlogin_spawn_id "echo \$!\r" + expect { + -i $rlogin_spawn_id + -re "\[0-9\]+" { + set krlogind_pid $expect_out(0,string) + verbose "krlogind process ID is $krlogind_pid" + } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + expect { + -i $rlogin_spawn_id + -re "$ROOT_PROMPT" { } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + + # Give the rlogin daemon a few seconds to get set up. + catch "exec sleep 2" +} + +# A procedure to stop the rlogin daemon. + +proc stop_rlogin_daemon { } { + global krlogind_pid + + if [info exists krlogind_pid] { + catch "exec kill $krlogind_pid" + unset krlogind_pid + } +} + +# Wrap the tests in a procedure, so that we can kill the daemons if +# we get some sort of error. + +proc rlogin_test { } { + global RLOGIN + global BINSH + global SHELL_PROMPT + global KEY + global hostname + global hostname + global env + + # Start up the kerberos and kadmind daemons and get a srvtab and a + # ticket file. + if {![start_kerberos_daemons 0] \ + || ![add_kerberos_key host/$hostname 0] \ + || ![setup_srvtab 0] \ + || ![add_kerberos_key $env(USER) 0] \ + || ![kinit $env(USER) $env(USER)$KEY 0]} { + return + } + + # Start up the rlogin daemon. + start_rlogin_daemon -K + + # Make an rlogin connection. + spawn $RLOGIN $hostname -k KRBTEST.COM -D 3543 + + expect_after { + timeout { + fail "$testname (timeout)" + catch "expect_after" + return + } + eof { + fail "$testname (eof)" + catch "expect_after" + return + } + } + + set testname "rlogin" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Switch to /bin/sh to try to avoid confusion from the shell + # prompt. + set testname "shell" + send "$BINSH\r" + expect -re "$SHELL_PROMPT" + + set testname "date" + send "date\r" + expect "date" + expect { + -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { + if [check_date $expect_out(0,string)] { + pass "date" + } else { + fail "date" + } + } + } + expect -re "$SHELL_PROMPT" + + set testname "exit" + send "exit\r" + expect -re "$SHELL_PROMPT" + send "exit\r" + expect { + "Connection closed.\r" { + pass $testname + } + } + + expect_after + + if [check_exit_status "exit status"] { + pass "exit status" + } + + # The rlogin daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_rlogin_daemon + + # Try an encrypted connection. + start_rlogin_daemon -x + spawn $RLOGIN $hostname -x -k KRBTEST.COM -D 3543 + + expect_after { + timeout { + fail "$testname (timeout)" + catch "expect_after" + return + } + eof { + fail "$testname (eof)" + catch "expect_after" + return + } + } + + set testname "encrypted rlogin" + expect "using DES encryption for all data transmissions" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Switch to /bin/sh to try to avoid confusion from the shell + # prompt. + set testname "shell" + send "$BINSH\r" + expect -re "$SHELL_PROMPT" + + # Make sure the encryption is not destroying the text. + set testname "echo" + send "echo hello\r" + expect "echo hello" + expect "hello" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Send some characters which might cause an interrupt, and then + # make sure we can still talk to the shell. + set testname "interrupt characters" + send "\003\177\034\r" + expect -re "$SHELL_PROMPT" + send "echo hello\r" + expect "echo hello" + expect "hello" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + set testname "~." + send "~." + expect { + "Closed connection.\r" { + pass $testname + } + } + + expect_after + + if [check_exit_status "exit status"] { + pass "exit status" + } + + # The rlogin daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_rlogin_daemon +} + +# Run the test. Logging in sometimes takes a while, so increase the +# timeout. +set oldtimeout $timeout +set timeout 60 +set status [catch rlogin_test msg] +set timeout $oldtimeout + +# Shut down the kerberos daemons, the rlogin daemon, and the root +# process. +stop_kerberos_daemons + +stop_rlogin_daemon + +stop_root_shell + +if { $status != 0 } { + send_error "ERROR: error in rlogin.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp new file mode 100644 index 000000000..22ccb7803 --- /dev/null +++ b/src/tests/dejagnu/krb-root/telnet.exp @@ -0,0 +1,371 @@ +# Kerberos telnet test. +# This is a DejaGnu test script. +# This script tests Kerberos telnet. +# Written by Ian Lance Taylor, Cygnus Support, . + +# Find the programs we need. We use the binaries from the build tree +# if they exist. If they do not, then they must be in PATH. We +# expect $objdir to be .../kerberos/src. + +if ![info exists TELNET] { + set TELNET [findfile $objdir/../../appl/telnet/telnet/telnet] +} + +if ![info exists TELNETD] { + set TELNETD [findfile $objdir/../../appl/telnet/telnetd/telnetd] +} + +if ![info exists LOGINKRB5] { + set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] +} + +# Start up a root shell. +if ![setup_root_shell telnet] { + return +} + +# Make sure .k5login is reasonable. +if ![check_k5login rlogin] { + stop_root_shell + return +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + stop_root_shell + return +} + +# A procedure to start up the telnet daemon. + +proc start_telnet_daemon { } { + global TELNETD + global LOGINKRB5 + global ROOT_PROMPT + global tmppwd + global hostname + global rlogin_spawn_id + global telnetd_pid + + # The -debug argument tells it to accept a single connection, so + # we don't need to use inetd. The 3023 is the port to listen at. + # Note that tmppwd here is a shell variable, which is set in + # setup_root_shell, not a TCL variable. + send -i $rlogin_spawn_id "$TELNETD -debug -t \$tmppwd/srvtab -R KRBTEST.COM -L $LOGINKRB5 -X KERBEROS_V4 3023 &\r" + expect { + -i $rlogin_spawn_id + -re "$ROOT_PROMPT" { } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + send -i $rlogin_spawn_id "echo \$!\r" + expect { + -i $rlogin_spawn_id + -re "\[0-9\]+" { + set telnetd_pid $expect_out(0,string) + verbose "telnetd process ID is $telnetd_pid" + } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + expect { + -i $rlogin_spawn_id + -re "$ROOT_PROMPT" { } + timeout { + send_error "ERROR: timeout from rlogin $hostname -l root\n" + return + } + eof { + send_error "ERROR: eof from rlogin $hostname -l root\n" + return + } + } + + # Give the telnet daemon a few seconds to get set up. + catch "exec sleep 2" +} + +# A procedure to stop the telnet daemon. + +proc stop_telnet_daemon { } { + global telnetd_pid + + if [info exists telnetd_pid] { + catch "exec kill $telnetd_pid" + unset telnetd_pid + } +} + +# Wrap the tests in a procedure, so that we can kill the daemons if +# we get some sort of error. + +proc telnet_test { } { + global TELNET + global BINSH + global SHELL_PROMPT + global KEY + global hostname + global localhostname + global env + + # Start up the kerberos and kadmind daemons and get a srvtab and a + # ticket file. + if {![start_kerberos_daemons 0] \ + || ![add_kerberos_key host/$hostname 0] \ + || ![setup_srvtab 0] \ + || ![add_kerberos_key $env(USER) 0] \ + || ![kinit $env(USER) $env(USER)$KEY 0]} { + return + } + + # Start up the telnet daemon. + start_telnet_daemon + + # Start up our telnet connection. We first try it without + # authentication, so the daemon should prompt for a login. + spawn $TELNET $hostname -3023 + + expect_after { + timeout { + fail $testname + catch "expect_after" + return + } + eof { + fail $testname + catch "expect_after" + return + } + } + + set testname "simple telnet" + expect { + "ogin:" { + pass $testname + } + } + + # Move back to telnet command mode and make sure it seems + # reasonable. + set testname "telnet command mode" + send "\035" + expect { + "telnet>" { + pass $testname + } + } + + set testname "telnet status" + send "status\r" + expect { + -re "Connected to $localhostname.*Operating in single character mode.*Catching signals locally.*Remote character echo.*flow control.*Escape character is '.\]'" { + pass $testname + } + } + + set testname "back to command mode" + send "\035" + expect { + "telnet>" { + pass $testname + } + } + + set testname "quit" + send "quit\r" + expect { + "Connection closed.\r" { + pass $testname + } + } + + expect_after + + if ![check_exit_status "exit status"] { + return + } + + pass "exit status" + + # The telnet daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_telnet_daemon + + # Try an authenticated connection. + start_telnet_daemon + spawn $TELNET -a -k KRBTEST.COM $hostname -3023 + + expect_after { + timeout { + fail "$testname (timeout)" + catch "expect_after" + return + } + eof { + fail "$testname (eof)" + catch "expect_after" + return + } + } + + set testname "authenticated telnet" + expect "Kerberos V5 accepts you" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Switch to /bin/sh to try to avoid confusion from the shell + # prompt. + set testname "shell" + send "$BINSH\r" + expect -re "$SHELL_PROMPT" + + set testname "date" + send "date\r" + expect "date" + expect { + -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { + if [check_date $expect_out(0,string)] { + pass "date" + } else { + fail "date" + } + } + } + expect -re "$SHELL_PROMPT" + + set testname "exit" + send "exit\r" + expect -re "$SHELL_PROMPT" + send "exit\r" + expect { + "Connection closed by foreign host.\r" { + pass $testname + } + } + + expect_after + + # We can't use check_exit_status, because we expect an exit status + # of 1. + set status_list [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $status_list (klist)" + if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { + send_log "exit status: $status_list\n" + verbose "exit status: $status_list" + fail "exit status" + } else { + pass "exit status" + } + + # The telnet daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_telnet_daemon + + # Try an authenticated encrypted connection. + start_telnet_daemon + spawn $TELNET -a -x -k KRBTEST.COM $hostname -3023 + + expect_after { + timeout { + fail $testname + catch "expect_after" + return + } + eof { + fail $testname + catch "expect_after" + return + } + } + + set testname "encrypted telnet" + expect "Kerberos V5 accepts you" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Make sure the encryption is not destroying the text. + set testname "echo" + send "echo hello\r" + expect "echo hello" + expect "hello" + expect { + -re "$SHELL_PROMPT" { + pass $testname + } + } + + # Move back to telnet command mode and check the encryption status. + set testname "encryption status" + send "\035" + expect "telnet>" + send "status\r" + expect { + -re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" { + pass $testname + } + } + + set testname "exit status" + send "exit\r" + expect "Connection closed by foreign host.\r" + + expect_after + + # We can't use check_exit_status, because we expect an exit status + # of 1. + set status_list [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $status_list (klist)" + if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { + send_log "exit status: $status_list\n" + verbose "exit status: $status_list" + fail "exit status" + } else { + pass "exit status" + } + + # The telnet daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_telnet_daemon +} + +# Run the test. Logging in sometimes takes a while, so increase the +# timeout. +set oldtimeout $timeout +set timeout 60 +set status [catch telnet_test msg] +set timeout $oldtimeout + +# Shut down the kerberos daemons, the telnet daemon, and the rlogin +# process. +stop_kerberos_daemons + +stop_telnet_daemon + +stop_root_shell + +if { $status != 0 } { + send_error "ERROR: error in telnet.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-standalone/rcp.exp b/src/tests/dejagnu/krb-standalone/rcp.exp new file mode 100644 index 000000000..5064d0535 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/rcp.exp @@ -0,0 +1,207 @@ +# Kerberos rcp test. +# This is a DejaGnu test script. +# This script tests Kerberos rcp. +# Written by Ian Lance Taylor, Cygnus Support, . + +# Find the programs we need. We use the binaries from the build tree +# if they exist. If they do not, then they must be in PATH. We +# expect $objdir to be .../kerberos/src. + +if ![info exists RCP] { + set RCP [findfile $objdir/../../appl/bsd/rcp] +} + +if ![info exists KRSHD] { + set KRSHD [findfile $objdir/../../appl/bsd/krshd] +} + +# Make sure .k5login is reasonable. +if ![check_k5login rcp] { + return +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return +} + +# A procedure to start up the rsh daemon (rcp talks to the rsh +# daemon). + +proc start_rsh_daemon { } { + global KRSHD + global RCP + global tmppwd + global krshd_spawn_id + global krshd_pid + + # The -D argument tells it to accept a single connection, so we + # don't need to use inetd. The 3544 is the port to listen at. + spawn $KRSHD -K -D 3544 -P [file dirname $RCP] -S $tmppwd/srvtab -M KRBTEST.COM + set krshd_spawn_id $spawn_id + set krshd_pid [exp_pid] + + # Give the rsh daemon a few seconds to get set up. + catch "exec sleep 2" +} + +# A procedure to stop the rsh daemon. + +proc stop_rsh_daemon { } { + global krshd_spawn_id + global krshd_pid + + if [info exists krshd_pid] { + catch "close -i $krshd_spawn_id" + catch "exec kill $krshd_pid" + catch "wait -i $krshd_spawn_id" + unset krshd_pid + } +} + +# Create a file to use for rcp testing. +set file [open tmpdir/rcp-test w] +puts $file "This file is used for rcp testing." +close $file + +# Test that a file was copied correctly. +proc check_file { filename } { + if ![file exists $filename] { + verbose "$filename does not exist" + send_log "$filename does not exist\n" + return 0 + } + + set file [open $filename r] + if { [gets $file line] == -1 } { + verbose "$filename is empty" + send_log "$filename is empty\n" + close $file + return 0 + } + + if ![string match "This file is used for rcp testing." $line] { + verbose "$filename contains $line" + send_log "$filename contains $line\n" + close $file + return 0 + } + + if { [gets $file line] != -1} { + verbose "$filename is too long ($line)" + send_log "$filename is too long ($line)\n" + close $file + return 0 + } + + close $file + + return 1 +} + +# Test copying one file to another. +proc rcp_one_test { testname options frompref topref } { + global RCP + global tmppwd + + send_log "rm -f tmpdir/copy\n" + verbose "exec rm -f tmpdir/copy" + catch "exec rm -f tmpdir/copy" + + set from [format "%s%s" $frompref $tmppwd/rcp-test] + set to [format "%s%s" $topref $tmppwd/copy] + + send_log "$RCP $options -D 3544 -N -k KRBTEST.COM $from $to\n" + verbose "$RCP $options -D 3544 -N -k KRBTEST.COM $from $to" + catch "exec $RCP $options -D 3544 -N -k KRBTEST.COM $from $to" exec_output + + if ![string match "" $exec_output] { + send_log "$exec_output\n" + verbose "$exec_output" + fail $testname + return 0 + } + + if ![check_file tmpdir/copy] { + fail $testname + return 0 + } + + pass $testname + + return 1 +} + +# Wrap the tests in a procedure, so that we can kill the daemons if +# we get some sort of error. + +proc rcp_test { } { + global RCP + global KEY + global hostname + global hostname + global env + + # Start up the kerberos and kadmind daemons and get a srvtab and a + # ticket file. + if {![start_kerberos_daemons 0] \ + || ![add_kerberos_key host/$hostname 0] \ + || ![setup_srvtab 0] \ + || ![add_kerberos_key $env(USER) 0] \ + || ![kinit $env(USER) $env(USER)$KEY 0]} { + return + } + + rcp_one_test "local rcp" "" "" "" + + start_rsh_daemon + rcp_one_test "rcp from" "" "$hostname:" "" + stop_rsh_daemon + + start_rsh_daemon + rcp_one_test "rcp to" "" "" "$hostname:" + stop_rsh_daemon + + # Doing rcp between two hosts actually just executes rsh rcp on + # the source. We could test this, but we're not set up for it + # right now. Also, it's pretty much covered by the other rcp + # tests and by the rsh tests. + # start_rsh_daemon + # rcp_one_test "rcp between" "" "$hostname:" "$hostname:" + # stop_rsh_daemon + + setup_xfail "*-*-*" + start_rsh_daemon + rcp_one_test "encrypted rcp from" "-x" "$hostname:" "" + stop_rsh_daemon + + setup_xfail "*-*-*" + start_rsh_daemon + rcp_one_test "encrypted rcp to" "-x" "" "$hostname:" + stop_rsh_daemon + + # Doing rcp between two hosts actually just executes rsh rcp on + # the source. We could test this, but we're not set up for it + # right now. Also, it's pretty much covered by the other rcp + # tests and by the rsh tests. + # start_rsh_daemon + # rcp_one_test "encrypted rcp between" "-x" "$hostname:" "$hostname:" + # stop_rsh_daemon +} + +# Run the test. +set status [catch rcp_test msg] + +# Shut down the kerberos daemons and the rsh daemon. +stop_kerberos_daemons + +stop_rsh_daemon + +if { $status != 0 } { + send_error "ERROR: error in rcp.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-standalone/rsh.exp b/src/tests/dejagnu/krb-standalone/rsh.exp new file mode 100644 index 000000000..118e59608 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/rsh.exp @@ -0,0 +1,206 @@ +# Kerberos rsh test. +# This is a DejaGnu test script. +# This script tests Kerberos rsh. +# Written by Ian Lance Taylor, Cygnus Support, . + +# Find the programs we need. We use the binaries from the build tree +# if they exist. If they do not, then they must be in PATH. We +# expect $objdir to be .../kerberos/src. + +if ![info exists RSH] { + set RSH [findfile $objdir/../../appl/bsd/rsh] +} + +if ![info exists KRSHD] { + set KRSHD [findfile $objdir/../../appl/bsd/krshd] +} + +# Make sure .k5login is reasonable. +if ![check_k5login rsh] { + return +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return +} + +# A procedure to start up the rsh daemon. + +proc start_rsh_daemon { option } { + global KRSHD + global tmppwd + global krshd_spawn_id + global krshd_pid + + # The -D argument tells it to accept a single connection, so we + # don't need to use inetd. The 3544 is the port to listen at. + spawn $KRSHD -K -D 3544 -S $tmppwd/srvtab -M KRBTEST.COM -A $option + set krshd_spawn_id $spawn_id + set krshd_pid [exp_pid] + + # Give the rsh daemon a few seconds to get set up. + catch "exec sleep 2" +} + +# A procedure to stop the rsh daemon. + +proc stop_rsh_daemon { } { + global krshd_spawn_id + global krshd_pid + + if [info exists krshd_pid] { + catch "close -i $krshd_spawn_id" + catch "exec kill $krshd_pid" + catch "wait -i $krshd_spawn_id" + unset krshd_pid + } +} + +# Wrap the tests in a procedure, so that we can kill the daemons if +# we get some sort of error. + +proc rsh_test { } { + global RSH + global KEY + global BINSH + global hostname + global env + global spawn_id + + # Start up the kerberos and kadmind daemons and get a srvtab and a + # ticket file. + if {![start_kerberos_daemons 0] \ + || ![add_kerberos_key host/$hostname 0] \ + || ![setup_srvtab 0] \ + || ![add_kerberos_key $env(USER) 0] \ + || ![kinit $env(USER) $env(USER)$KEY 0]} { + return + } + + # Start up the rsh daemon. + start_rsh_daemon -K + + # Run rsh date. + set testname "date" + spawn $RSH $hostname -k KRBTEST.COM -D 3544 -A date + expect { + -re "\[A-Za-z0-9 :\]+\[\r\n\]+$" { + set result $expect_out(0,string) + } + timeout { + fail "$testname (timeout)" + return + } + eof { + fail "$testname (eof)" + return + } + } + + if ![check_exit_status $testname] { + return + } + + if [check_date $result] { + pass $testname + } else { + fail $testname + } + + # The rsh daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_rsh_daemon + + # Check encrypted rsh. + set failed no + start_rsh_daemon -x + set testname "encrypted rsh" + spawn $RSH $hostname -x -k KRBTEST.COM -D 3544 -A echo hello + expect { + "hello" { } + timeout { + fail "$testname (timeout)" + set failed yes + } + eof { + fail "$testname (eof)" + set failed yes + } + } + + if { $failed == "no" } { + if ![check_exit_status $testname] { + return + } + pass $testname + } else { + catch "wait -i $spawn_id" + catch "close -i $spawn_id" + stop_rsh_daemon + } + + # Check stderr + start_rsh_daemon -K + set testname "rsh to stderr" + spawn $RSH $hostname -k KRBTEST.COM -D 3544 -A $BINSH -c "'echo hello 1>&2'" + expect { + "hello" { } + timeout { + fail "$testname (timeout)" + return + } + eof { + fail "$testname (eof)" + return + } + } + + if ![check_exit_status $testname] { + return + } + + pass $testname + + start_rsh_daemon -x + set testname "encrypted rsh to stderr" + spawn $RSH $hostname -x -k KRBTEST.COM -D 3544 -A $BINSH -c "'echo hello 1>&2'" + expect { + "hello" { } + timeout { + fail "$testname (timeout)" + return + } + eof { + fail "$testname (eof)" + return + } + } + + if ![check_exit_status $testname] { + return + } + + pass $testname + + # The rsh daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_rsh_daemon +} + +# Run the test. +set status [catch rsh_test msg] + +# Shut down the kerberos daemons and the rsh daemon. +stop_kerberos_daemons + +stop_rsh_daemon + +if { $status != 0 } { + send_error "ERROR: error in rsh.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp new file mode 100644 index 000000000..e6a942428 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -0,0 +1,123 @@ +# Standalone Kerberos test. +# This is a DejaGnu test script. +# This script tests that the Kerberos tools can talk to each other. + +# This mostly just calls procedures in testsuite/config/default.exp. + +if ![info exists KLIST] { + set KLIST [findfile $objdir/../../clients/klist/klist] +} + +if ![info exists KDESTROY] { + set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] +} + +# Set up the Kerberos files and environment. +if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return +} + +# Initialize the Kerberos database. The argument tells +# setup_kerberos_db that it is being called from here. +if ![setup_kerberos_db 1] { + return +} + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc doit { } { + global KLIST + global KDESTROY + global KEY + global hostname + global tmppwd + global spawn_id + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 1] { + return + } + + # Use kadmin to add an host key. + if ![add_random_key host/$hostname 1] { + return + } + + # Use ksrvutil to create a srvtab entry. + if ![setup_srvtab 1] { + return + } + + # Use kinit to get a ticket. + if ![kinit krbtest/admin adminpass$KEY 1] { + return + } + + # Make sure that klist can see the ticket. + spawn $KLIST + expect { + -re "Ticket cache:\[ \]*$tmppwd/tkt.*Default principal:\[ \]*krbtest/admin@KRBTEST.COM.*krbtgt/KRBTEST.COM@KRBTEST.COM" { + verbose "klist started" + } + timeout { + fail "klist" + return + } + eof { + fail "klist" + return + } + } + if ![check_exit_status "klist"] { + return + } + pass "klist" + + # Destroy the ticket. + spawn $KDESTROY + if ![check_exit_status "kdestroy"] { + return + } + pass "kdestroy" + + # Double check that the ticket was destroyed. + spawn $KLIST + expect { + -re "klist: No credentials cache file found.*\r" { + verbose "klist started" + } + timeout { + fail "klist after kdestroy" + return + } + eof { + fail "klist after kdestroy" + return + } + } + # We can't use check_exit_status, because we expect an exit status + # of 1. + set status_list [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $status_list (klist)" + if { [lindex $status_list 2] != 0 } { + fail "klist (bad exit status) $status_list" + return + } else { if { [lindex $status_list 3] != 1 } { + fail "klist (bad exit status) $status_list" + return + } else { + pass klist + } } +} + +set status [catch doit msg] + +stop_kerberos_daemons + +if { $status != 0 } { + send_error "ERROR: error in standalone.exp\n" + send_error "$msg\n" + exit 1 +}