From: Ken Raeburn Date: Mon, 10 Nov 2008 18:27:42 +0000 (+0000) Subject: Delete the pass (one of twelve) that does all KDC exchanges with TCP; X-Git-Tag: krb5-1.7-alpha1~213 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=15ad87eb0f1ee666915d661f10dc812061dd0811;p=krb5.git Delete the pass (one of twelve) that does all KDC exchanges with TCP; add a test case that sets that up and runs kinit. Add a new support proc that allows running a test only once despite multiple passes; use it for the tcp and iprop tests. According to one totally unscientific measurement, this reduces the tests/dejagnu tests run from ~4200 to ~3800, and cuts over 8% off the run time of those tests, without IMNSHO reducing the effectiveness of the testing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21064 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index e2b8533da..becfc3648 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -179,18 +179,6 @@ set passes { {master_key_type=aes256-cts-hmac-sha1-96} {dummy=[verbose -log "AES + DES enctypes"]} } - { - aes-tcp - mode=tcp - des3_krbtgt=0 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal} - {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES via TCP"]} - } { aes-des3 mode=udp @@ -351,6 +339,18 @@ set unused_passes { } {dummy=[verbose -log "DES3 TGT, default enctypes"]} } + { + aes-tcp + mode=tcp + des3_krbtgt=0 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(server)=aes256-cts-hmac-sha1-96} + {master_key_type=aes256-cts-hmac-sha1-96} + {dummy=[verbose -log "AES via TCP"]} + } } # {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal } # {kdc_supported_enctypes= des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal} @@ -489,6 +489,23 @@ exit -onexit [concat { stop_kerberos_daemons; } [exit -onexit]] +# run_once + +# Many tests are independent of the actual enctypes used, which is +# what our passes are (currently) all about. Use this to prevent +# multiple invocations. If a test depends on, say, the master key +# type but nothing else, you could also use the master key type in the +# tag name, and avoid redundant tests in additional passes using the +# same master key type. + +proc run_once { tag body } { + global run_once_tags + if ![info exists run_once_tags($tag)] { + set run_once_tags($tag) 1 + uplevel 1 $body + } +} + # check_k5login # Most of the tests won't work if the user has a .k5login file, unless diff --git a/src/tests/dejagnu/krb-standalone/iprop.exp b/src/tests/dejagnu/krb-standalone/iprop.exp index f4e4be25a..109e6499d 100644 --- a/src/tests/dejagnu/krb-standalone/iprop.exp +++ b/src/tests/dejagnu/krb-standalone/iprop.exp @@ -1,11 +1,6 @@ # Password-changing Kerberos test. # This is a DejaGnu test script. -# Set up the Kerberos files and environment. -if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return -} - # We are about to start up a couple of daemon processes. We do all # the rest of the tests inside a proc, so that we can easily kill the # processes when the procedure ends. @@ -109,16 +104,23 @@ proc doit { } { } } -set status [catch doit msg] +run_once iprop { + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } -stop_kerberos_daemons + set status [catch doit msg] -set ulog 0 -reset_kerberos_files -file delete $tmppwd/adb $tmppwd/adb.ok $tmppwd/db.ulog + stop_kerberos_daemons -if { $status != 0 } { - send_error "ERROR: error in iprop.exp\n" - send_error "$msg\n" - exit 1 + set ulog 0 + reset_kerberos_files + file delete $tmppwd/adb $tmppwd/adb.ok $tmppwd/db.ulog + + if { $status != 0 } { + send_error "ERROR: error in iprop.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index 9a92b9303..47eaaa63c 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -234,36 +234,6 @@ proc doit { } { pass "kadmin.local correct high kvno" } } - - if { $mode == "tcp" } { - set response {} - set got_response 0 - set kdcsock "" - catch { - send_log "connecting to $hostname [expr 3 + $portbase]\n" - set kdcsock [socket $hostname [expr 3 + $portbase]] - fconfigure $kdcsock -encoding binary -blocking 0 -buffering none - puts -nonewline $kdcsock [binary format H* ffffffff] - # XXX - sleep 3 - set response [read $kdcsock] - set got_response 1 - } msg - if [string length $kdcsock] { catch "close $kdcsock" } - if $got_response { -# send_log [list sent length -1, got back $response] -# send_log "\n" - if [string length $response]>10 { - pass "too-long TCP request" - } else { - send_log "response too short\n" - fail "too-long TCP request" - } - } else { - send_log "too-long connect/exchange failure: $msg\n" - fail "too-long TCP request" - } - } } set status [catch doit msg] diff --git a/src/tests/dejagnu/krb-standalone/tcp.exp b/src/tests/dejagnu/krb-standalone/tcp.exp new file mode 100644 index 000000000..db09b895e --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/tcp.exp @@ -0,0 +1,117 @@ +# Standalone Kerberos test. +# This is a DejaGnu test script. +# This script tests that the Kerberos tools can talk to each other. + +# This mostly just calls procedures in testsuite/config/default.exp. + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc doit { } { + global REALMNAME + global KLIST + global KDESTROY + global KEY + global KADMIN_LOCAL + global KTUTIL + global hostname + global tmppwd + global spawn_id + global supported_enctypes + global KRBIV + global portbase + global mode + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 1] { + return + } + + # Use kadmin to add an host key. + if ![add_random_key host/$hostname 1] { + return + } + + # Use ksrvutil to create a srvtab entry. +# if ![setup_srvtab 1] { +# return +# } + + # Use kinit to get a ticket. + if ![kinit krbtest/admin adminpass$KEY 1] { + return + } + + # Make sure that klist can see the ticket. + if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] { + return + } + + # Destroy the ticket. + spawn $KDESTROY -5 + if ![check_exit_status "kdestroy"] { + return + } + pass "kdestroy" + + set response {} + set got_response 0 + set kdcsock "" + catch { + send_log "connecting to $hostname [expr 3 + $portbase]\n" + set kdcsock [socket $hostname [expr 3 + $portbase]] + fconfigure $kdcsock -encoding binary -blocking 0 -buffering none + puts -nonewline $kdcsock [binary format H* ffffffff] + # XXX + sleep 3 + set response [read $kdcsock] + set got_response 1 + } msg + if [string length $kdcsock] { catch "close $kdcsock" } + if $got_response { +# send_log [list sent length -1, got back $response] +# send_log "\n" + if [string length $response]>10 { + pass "too-long TCP request" + } else { + send_log "response too short\n" + fail "too-long TCP request" + } + } else { + send_log "too-long connect/exchange failure: $msg\n" + fail "too-long TCP request" + } +} + +set status 0 +run_once tcp { + # Set up the Kerberos files and environment. + set mode tcp + reset_kerberos_files + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + set mode udp + reset_kerberos_files + return + } + # Reset now, for next time we write the config files. + set mode udp + + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 1] { + reset_kerberos_files + return + } + + set status [catch doit msg] +} + +reset_kerberos_files +stop_kerberos_daemons + +if { $status != 0 } { + send_error "ERROR: error in standalone.exp\n" + send_error "$msg\n" + exit 1 +}