From: Ken Raeburn Date: Mon, 10 Nov 2008 22:43:21 +0000 (+0000) Subject: Generate separate master-KDC and slave-KDC config files, with X-Git-Tag: krb5-1.7-alpha1~211 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ce3859a2a0dcfbb108bc306e1687096481c8ccf8;p=krb5.git Generate separate master-KDC and slave-KDC config files, with different names for the database files. (Slave config files unused as yet.) Ensure that the master-KDC environment is used when running kadmin.local or kdb5_util. Define and use a new proc for deleting all KDC database and keytab files. Set KPASSWD in default.exp. Run kadmin, pwchange, pwhist, gssftp, telnet, v4gssftp tests only once each. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21067 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index becfc3648..138a391d6 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -408,7 +408,18 @@ if ![info exists KEY] { # Clear away any files left over from a previous run. # We can't use them now because we don't know the right KEY. # krb5.conf might change if running tests on another host -file delete $tmppwd/db.ok $tmppwd/srvtab $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/cpw_srvtab $tmppwd/krb.realms $tmppwd/krb.conf +file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/krb.realms $tmppwd/krb.conf + +proc delete_db {} { + global tmppwd + file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \ + $tmppwd/kdc-db.ulog \ + $tmppwd/kdc-db.kadm5.lock \ + $tmppwd/slave-db \ + $tmppwd/srvtab $tmppwd/cpw_srvtab +} + +delete_db # Put the installed kerberos directories on PATH. # This needs to be fixed for V5. @@ -451,6 +462,7 @@ foreach i { {RESOLVE $objdir/../resolve/resolve} {T_INETD $objdir/t_inetd} {KPROPLOG $objdir/../../slave/kproplog} + {KPASSWD $objdir/../../clients/kpasswd/kpasswd} } { set varname [lindex $i 0] if ![info exists $varname] { @@ -769,7 +781,10 @@ proc modify_principal { name args } { global KADMIN_LOCAL global REALMNAME + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { eof { fail "modprinc (kadmin.local)" @@ -799,7 +814,8 @@ proc modify_principal { name args } { # kpasswd +5 # krb524 +7 # application servers (krlogind, telnetd, krshd, ftpd, etc) +8 -# iprop +9 +# iprop +9 (if enabled) +# kpropd +10 if [info exists PORTBASE] { set portbase $PORTBASE } else { @@ -834,6 +850,7 @@ proc setup_kerberos_files { } { setup_krb5_conf client setup_krb5_conf server setup_krb5_conf kdc + setup_krb5_conf slave # Create a kdc.conf file. if { ![file exists $tmppwd/kdc.conf] \ @@ -885,6 +902,57 @@ proc setup_kerberos_files { } { close $conffile } + # Create a config file for the slave KDC (kpropd only, no normal + # KDC processes). + if { ![file exists $tmppwd/slave.conf] \ + || $last_passname_conf != $multipass_name } { + if ![info exists master_key_type] { + set master_key_type des-cbc-md5 + } + set conffile [open $tmppwd/slave.conf w] + puts $conffile "\[kdcdefaults\]" + puts $conffile " kdc_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" + puts $conffile " kdc_tcp_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" + puts $conffile "" + puts $conffile "\[realms\]" + puts $conffile " $REALMNAME = \{" +# puts $conffile " database_name = $tmppwd/slave-db" + puts $conffile " admin_database_name = $tmppwd/slave-adb" + puts $conffile " admin_database_lockfile = $tmppwd/slave-adb.lock" + # Testing with a colon in the name exercises default handling + # for pathnames. + puts $conffile " key_stash_file = $tmppwd/slave-stash" + puts $conffile " acl_file = $tmppwd/slave-acl" + puts $conffile " kadmind_port = [expr 4 + $portbase]" + puts $conffile " kpasswd_port = [expr 5 + $portbase]" + puts $conffile " max_life = 1:00:00" + puts $conffile " max_renewable_life = 3:00:00" + puts $conffile " master_key_type = $master_key_type" + puts $conffile " master_key_name = master/key" + puts $conffile " supported_enctypes = $supported_enctypes" + puts $conffile " kdc_supported_enctypes = $kdc_supported_enctypes" + if { $mode == "tcp" } { + puts $conffile " kdc_ports = [expr 3 + $portbase]" + puts $conffile " kdc_tcp_ports = [expr 1 + $portbase],[expr 3 + $portbase]" + } else { + puts $conffile " kdc_ports = [expr 1 + $portbase]" + puts $conffile " kdc_tcp_ports = [expr 3 + $portbase]" + } + puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" + puts $conffile " default_principal_flags = -postdateable forwardable" + puts $conffile " dict_file = $tmppwd/dictfile" + if { $ulog != 0 } { + puts $conffile " iprop_enable = true" + puts $conffile " iprop_port = [expr 9 + $portbase]" + puts $conffile " iprop_logfile = $tmppwd/slave-db.ulog" + } else { + puts $conffile "# no ulog" + } + puts $conffile " \}" + puts $conffile "" + close $conffile + } + # Create ACL file. if ![file exists $tmppwd/acl] { set aclfile [open $tmppwd/acl w] @@ -997,7 +1065,7 @@ proc setup_krb5_conf { {type client} } { puts $conffile " db_module_dir = $tmppwd/../../../util/fakedest$KRB5_DB_MODULE_DIR" puts $conffile " foo_db2 = {" puts $conffile " db_library = db2" - puts $conffile " database_name = $tmppwd/db" + puts $conffile " database_name = $tmppwd/$type-db" puts $conffile " }" close $conffile } @@ -1160,12 +1228,13 @@ proc setup_kerberos_db { standalone } { set failall 0 - if {!$standalone && [file exists $tmppwd/db.ok] \ + if {!$standalone && [file exists $tmppwd/kdc-db.ok] \ && $last_passname_db == $multipass_name} { return 1 } - catch "file delete [glob -nocomplain $tmppwd/db* $tmppwd/adb*]" +# catch "file delete [glob -nocomplain $tmppwd/db* $tmppwd/adb*]" + delete_db # Creating a new database means we need a new srvtab. file delete $tmppwd/srvtab @@ -1257,7 +1326,7 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - file delete $tmppwd/db.ok $tmppwd/adb.db + delete_db } } else { if $standalone { @@ -1305,7 +1374,8 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - file delete $tmppwd/db.ok $tmppwd/adb.db +# file delete $tmppwd/db.ok $tmppwd/adb.db + delete_db } } else { if $standalone { @@ -1347,7 +1417,8 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - file delete $tmppwd/db.ok $tmppwd/adb.db +# file delete $tmppwd/db.ok $tmppwd/adb.db + delete_db } } else { if $standalone { @@ -1389,7 +1460,8 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - file delete $tmppwd/db.ok $tmppwd/adb.db +# file delete $tmppwd/db.ok $tmppwd/adb.db + delete_db } } else { if $standalone { diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp index c283d6150..57b1e076a 100644 --- a/src/tests/dejagnu/krb-root/telnet.exp +++ b/src/tests/dejagnu/krb-root/telnet.exp @@ -25,29 +25,6 @@ if ![regexp des- $supported_enctypes] { return } -# Remove old wrapper script - catch "exec rm -f $tmppwd/login.wrap" - -# Start up a root shell. -if ![setup_root_shell telnet] { - return -} - -# Make sure .k5login is reasonable. -if ![check_k5login rlogin] { - stop_root_shell - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return -} - # A procedure to start up the telnet daemon. proc start_telnet_daemon { args } { @@ -427,23 +404,48 @@ proc telnet_test { } { stop_telnet_daemon } -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch telnet_test msg] -set timeout $oldtimeout +run_once telnet { + # Remove old wrapper script + catch "exec rm -f $tmppwd/login.wrap" -# Shut down the kerberos daemons, the telnet daemon, and the rlogin -# process. -stop_kerberos_daemons + # Start up a root shell. + if ![setup_root_shell telnet] { + return + } -stop_telnet_daemon + # Make sure .k5login is reasonable. + if ![check_k5login rlogin] { + stop_root_shell + return + } + + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + stop_root_shell + return + } -stop_root_shell + # Run the test. Logging in sometimes takes a while, so increase the + # timeout. + set oldtimeout $timeout + set timeout 60 + set status [catch telnet_test msg] + set timeout $oldtimeout -if { $status != 0 } { - send_error "ERROR: error in telnet.exp\n" - send_error "$msg\n" - exit 1 + # Shut down the kerberos daemons, the telnet daemon, and the rlogin + # process. + stop_kerberos_daemons + + stop_telnet_daemon + + stop_root_shell + + if { $status != 0 } { + send_error "ERROR: error in telnet.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp index 53bc26527..f60aee92a 100644 --- a/src/tests/dejagnu/krb-standalone/gssftp.exp +++ b/src/tests/dejagnu/krb-standalone/gssftp.exp @@ -16,19 +16,6 @@ if ![info exists FTPD] { set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd] } -# Make sure .klogin is reasonable. -if ![check_k5login ftp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - # A procedure to start up the ftp daemon. proc start_ftp_daemon { } { @@ -68,20 +55,6 @@ proc stop_ftp_daemon { } { } } -# Create a file to use for ftp testing. -set file [open $tmppwd/ftp-test w] -puts $file "This file is used for ftp testing." -close $file - -# Create a large file to use for ftp testing. File needs to be -# larger that 2^20 or 1MB for PBSZ testing. -set file [open $tmppwd/bigftp-test w] -puts $file "This file is used for ftp testing.\n" -seek $file 1048576 current -puts $file "This file is used for ftp testing." -close $file - - # Test that a file was copied correctly. proc check_file { filename {bigfile 0}} { if ![file exists $filename] { @@ -470,37 +443,65 @@ proc ftp_test { } { } } -# The ftp client will look in $HOME/.netrc for the user name to use. -# To avoid confusing the testsuite, point $HOME at a directory where -# we know there is no .netrc file. -if [info exists env(HOME)] { - set home $env(HOME) -} elseif [info exists home] { - unset home -} -set env(HOME) $tmppwd +run_once gssftp { + # Make sure .klogin is reasonable. + if ![check_k5login ftp] { + return + } -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch ftp_test msg] -set timeout $oldtimeout + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return + } -# Shut down the kerberos daemons and the ftp daemon. -stop_kerberos_daemons + # Create a file to use for ftp testing. + set file [open $tmppwd/ftp-test w] + puts $file "This file is used for ftp testing." + close $file + + # Create a large file to use for ftp testing. File needs to be + # larger that 2^20 or 1MB for PBSZ testing. + set file [open $tmppwd/bigftp-test w] + puts $file "This file is used for ftp testing.\n" + seek $file 1048576 current + puts $file "This file is used for ftp testing." + close $file -stop_ftp_daemon + # The ftp client will look in $HOME/.netrc for the user name to use. + # To avoid confusing the testsuite, point $HOME at a directory where + # we know there is no .netrc file. + if [info exists env(HOME)] { + set home $env(HOME) + } elseif [info exists home] { + unset home + } + set env(HOME) $tmppwd -ftp_restore_env + # Run the test. Logging in sometimes takes a while, so increase the + # timeout. + set oldtimeout $timeout + set timeout 60 + set status [catch ftp_test msg] + set timeout $oldtimeout -# Reset $HOME, for safety in case we are going to run more tests. -if [info exists home] { - set env(HOME) $home -} else { - unset env(HOME) -} + # Shut down the kerberos daemons and the ftp daemon. + stop_kerberos_daemons + + stop_ftp_daemon -if { $status != 0 } { - perror "error in gssftp.exp: $msg" + ftp_restore_env + + # Reset $HOME, for safety in case we are going to run more tests. + if [info exists home] { + set env(HOME) $home + } else { + unset env(HOME) + } + + if { $status != 0 } { + perror "error in gssftp.exp: $msg" + } } diff --git a/src/tests/dejagnu/krb-standalone/iprop.exp b/src/tests/dejagnu/krb-standalone/iprop.exp index 109e6499d..9f3940800 100644 --- a/src/tests/dejagnu/krb-standalone/iprop.exp +++ b/src/tests/dejagnu/krb-standalone/iprop.exp @@ -23,7 +23,7 @@ proc doit { } { global ulog des3_krbtgt # Delete any db, ulog files - file delete $tmppwd/db $tmppwd/db.ok $tmppwd/db.ulog + delete_db # Update config file set ulog 1 diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index e3e39168d..98214ed52 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -2,24 +2,6 @@ # This is a DejaGnu test script. # This script tests Kerberos kadmin5 using kadmin.local as verification. -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -# find kpasswd -if ![info exists KPASSWD] { - set KPASSWD [findfile $objdir/../../clients/kpasswd/kpasswd] -} - -# find kdestroy -if ![info exists KDESTROY] { - set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] -} - #++ # kadmin_add - Test add new v5 principal function of kadmin. # @@ -68,7 +50,10 @@ proc kadmin_add { pname password } { # use kadmin.local to verify that a principal was created and that its # salt types are 0 (normal). # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -169,7 +154,10 @@ proc kadmin_add_rnd { pname { flags "" } } { # use kadmin.local to verify that a principal was created and that its # salt types are 0 (normal). # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -568,7 +556,10 @@ proc kadmin_delete { pname } { # # use kadmin.local to verify that the old principal is not present. # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -692,7 +683,10 @@ proc kadmin_addpol { pname } { # # use kadmin.local to verify that a policy was created # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -775,7 +769,10 @@ proc kadmin_delpol { pname } { # # use kadmin.local to verify that the old policy is not present. # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -1062,14 +1059,24 @@ proc kadmin_test { } { verbose "kadmin_test succeeded" } -# Run the test. -set status [catch kadmin_test msg] +run_once kadmin { + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return + } -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons + # Run the test. + set status [catch kadmin_test msg] -if { $status != 0 } { - send_error "ERROR: error in kadmin.exp\n" - send_error "$msg\n" - exit 1 + # Shut down the kerberos daemons and the rsh daemon. + stop_kerberos_daemons + + if { $status != 0 } { + send_error "ERROR: error in kadmin.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/pwchange.exp b/src/tests/dejagnu/krb-standalone/pwchange.exp index 486ec058c..9792401c8 100644 --- a/src/tests/dejagnu/krb-standalone/pwchange.exp +++ b/src/tests/dejagnu/krb-standalone/pwchange.exp @@ -1,17 +1,6 @@ # Password-changing Kerberos test. # This is a DejaGnu test script. -# Set up the Kerberos files and environment. -if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return -} - -# Initialize the Kerberos database. The argument tells -# setup_kerberos_db that it is being called from here. -if ![setup_kerberos_db 0] { - return -} - # We are about to start up a couple of daemon processes. We do all # the rest of the tests inside a proc, so that we can easily kill the # processes when the procedure ends. @@ -99,6 +88,7 @@ proc doit { } { return } + setup_kerberos_env kdc spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger" catch expect_after expect { @@ -113,6 +103,7 @@ proc doit { } { verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)" catch "close -i $spawn_id" + setup_kerberos_env client if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] { return } @@ -130,12 +121,25 @@ proc doit { } { pass "kdestroy" } -set status [catch doit msg] +run_once pwchange { + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } -stop_kerberos_daemons + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 0] { + return + } + + set status [catch doit msg] -if { $status != 0 } { - send_error "ERROR: error in pwchange.exp\n" - send_error "$msg\n" - exit 1 + stop_kerberos_daemons + + if { $status != 0 } { + send_error "ERROR: error in pwchange.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/pwhist.exp b/src/tests/dejagnu/krb-standalone/pwhist.exp index f9938e091..ed7a3771a 100644 --- a/src/tests/dejagnu/krb-standalone/pwhist.exp +++ b/src/tests/dejagnu/krb-standalone/pwhist.exp @@ -121,95 +121,97 @@ proc wraptest { test cmd } { } } -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -set failall 0 -wraptest "nkeys=1, nhist=3" { - mustrun { addpol crashpol } - mustrun { modpol crashpol "-history 3"} - mustrun { addprinc crash 1111 } - mustrun { modprinc crash "-policy crashpol" } - chkpass { cpw crash 2222 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 1111 ->[] ]} +run_once pwhist { + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env kdc] \ + || ![setup_kerberos_db 0]} { + return + } -# The following will result in reading/writing past array bounds if -# add_to_history() is not patched. -# -# NOTE: A pass from this test does not mean the bug isn't present; -# check with Purify, valgrind, etc. -wraptest "array bounds ok on nkeys=1, nhist 3->2" { - mustrun { modpol crashpol "-history 2" } - chkpass { cpw crash 3333 } -} -verbose {old_keys [ ->2222 ]} - -wraptest "verify nhist=2" { - mustrun { delprinc crash } - mustrun { addprinc crash 1111 } - mustrun { modprinc crash "-policy crashpol" } - chkpass { cpw crash 2222 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ ->1111 ]} - -# The following will fail if growing the history array causes an extra -# key to be lost due to failure to shift entries. -wraptest "grow nhist 2->3" { - mustrun { modpol crashpol "-history 3" } - chkpass { cpw crash 3333 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 2222 ->1111 ]} - -wraptest "grow nhist 3->4" { - mustrun { modpol crashpol "-history 4" } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } - chkpass { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 2222 3333 ->1111 ]} -wraptest "shrink nhist 4->3" { - mustrun { modpol crashpol "-history 3" } - chkfail { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } - chkpass { cpw crash 5555 } -} -verbose {old_keys [ 4444 ->3333 ]} -wraptest "verify nhist=3" { - chkfail { cpw crash 5555 } - chkfail { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkpass { cpw crash 2222 } -} -verbose {old_keys [ ->4444 5555 ]} -wraptest "shrink nhist 3->2" { - mustrun { modpol crashpol "-history 2" } - chkfail { cpw crash 2222 } - chkfail { cpw crash 5555 } - chkfail { cpw crash 4444 } - chkpass { cpw crash 3333 } -} -verbose {old_keys [ ->2222 ]} + set failall 0 + wraptest "nkeys=1, nhist=3" { + mustrun { addpol crashpol } + mustrun { modpol crashpol "-history 3"} + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 1111 ->[] ]} + + # The following will result in reading/writing past array bounds if + # add_to_history() is not patched. + # + # NOTE: A pass from this test does not mean the bug isn't present; + # check with Purify, valgrind, etc. + wraptest "array bounds ok on nkeys=1, nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkpass { cpw crash 3333 } + } + verbose {old_keys [ ->2222 ]} + + wraptest "verify nhist=2" { + mustrun { delprinc crash } + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ ->1111 ]} + + # The following will fail if growing the history array causes an extra + # key to be lost due to failure to shift entries. + wraptest "grow nhist 2->3" { + mustrun { modpol crashpol "-history 3" } + chkpass { cpw crash 3333 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 2222 ->1111 ]} + + wraptest "grow nhist 3->4" { + mustrun { modpol crashpol "-history 4" } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 2222 3333 ->1111 ]} + wraptest "shrink nhist 4->3" { + mustrun { modpol crashpol "-history 3" } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 5555 } + } + verbose {old_keys [ 4444 ->3333 ]} + wraptest "verify nhist=3" { + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkpass { cpw crash 2222 } + } + verbose {old_keys [ ->4444 5555 ]} + wraptest "shrink nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkfail { cpw crash 2222 } + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkpass { cpw crash 3333 } + } + verbose {old_keys [ ->2222 ]} -delprinc crash -delpol crashpol + delprinc crash + delpol crashpol -stop_kerberos_daemons + stop_kerberos_daemons +} diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index 47eaaa63c..ca601ef48 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -89,6 +89,8 @@ proc doit { } { global portbase global mode + setup_kerberos_env kdc + # Start up the kerberos and kadmind daemons. if ![start_kerberos_daemons 1] { return @@ -138,6 +140,7 @@ proc doit { } { verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" catch "close -i $spawn_id" + setup_kerberos_env client # Use kinit to get a ticket. if ![kinit krbtest/admin adminpass$KEY 1] { return @@ -217,6 +220,7 @@ proc doit { } { catch "exec rm -f $keytab" # Check that kadmin.local can actually read the correct kvno, even # if we don't expect kadmin to be able to. + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME set ok 1 expect_after { diff --git a/src/tests/dejagnu/krb-standalone/v4gssftp.exp b/src/tests/dejagnu/krb-standalone/v4gssftp.exp index b65b3fbad..d75c57280 100644 --- a/src/tests/dejagnu/krb-standalone/v4gssftp.exp +++ b/src/tests/dejagnu/krb-standalone/v4gssftp.exp @@ -21,23 +21,6 @@ if ![v4_compatible_enctype] { return } -# Make sure .klogin is reasonable. -if ![check_k5login ftp] { - return -} - -if ![check_klogin ftp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - # A procedure to start up the ftp daemon. proc start_ftp_daemon { } { @@ -77,19 +60,6 @@ proc stop_ftp_daemon { } { } } -# Create a file to use for ftp testing. -set file [open $tmppwd/ftp-test w] -puts $file "This file is used for ftp testing." -close $file - -# Create a large file to use for ftp testing. File needs to be -# larger that 2^20 or 1MB for PBSZ testing. -set file [open $tmppwd/bigftp-test w] -puts $file "This file is used for ftp testing.\n" -seek $file 1048576 current -puts $file "This file is used for ftp testing." -close $file - # Test that a file was copied correctly. proc check_file { filename {bigfile 0}} { if ![file exists $filename] { @@ -470,37 +440,69 @@ proc v4ftp_test { } { } -# The ftp client will look in $HOME/.netrc for the user name to use. -# To avoid confusing the testsuite, point $HOME at a directory where -# we know there is no .netrc file. -if [info exists env(HOME)] { - set home $env(HOME) -} elseif [info exists home] { - unset home -} -set env(HOME) $tmppwd +run_once v4gssftp { + # Make sure .klogin is reasonable. + if ![check_k5login ftp] { + return + } + + if ![check_klogin ftp] { + return + } -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch v4ftp_test msg] -set timeout $oldtimeout + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return + } -# Shut down the kerberos daemons and the ftp daemon. -stop_kerberos_daemons + # Create a file to use for ftp testing. + set file [open $tmppwd/ftp-test w] + puts $file "This file is used for ftp testing." + close $file -stop_ftp_daemon + # Create a large file to use for ftp testing. File needs to be + # larger that 2^20 or 1MB for PBSZ testing. + set file [open $tmppwd/bigftp-test w] + puts $file "This file is used for ftp testing.\n" + seek $file 1048576 current + puts $file "This file is used for ftp testing." + close $file -ftp_restore_env + # The ftp client will look in $HOME/.netrc for the user name to use. + # To avoid confusing the testsuite, point $HOME at a directory where + # we know there is no .netrc file. + if [info exists env(HOME)] { + set home $env(HOME) + } elseif [info exists home] { + unset home + } + set env(HOME) $tmppwd -# Reset $HOME, for safety in case we are going to run more tests. -if [info exists home] { - set env(HOME) $home -} else { - unset env(HOME) -} + # Run the test. Logging in sometimes takes a while, so increase the + # timeout. + set oldtimeout $timeout + set timeout 60 + set status [catch v4ftp_test msg] + set timeout $oldtimeout -if { $status != 0 } { - perror "error in v4gssftp.exp: $msg" + # Shut down the kerberos daemons and the ftp daemon. + stop_kerberos_daemons + + stop_ftp_daemon + + ftp_restore_env + + # Reset $HOME, for safety in case we are going to run more tests. + if [info exists home] { + set env(HOME) $home + } else { + unset env(HOME) + } + + if { $status != 0 } { + perror "error in v4gssftp.exp: $msg" + } }