From 8548d03ebe66811bc208992d2cb7e6efc0ec010f Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Sat, 4 May 1996 02:04:10 +0000 Subject: [PATCH] * rsh.exp: Add tests for ticket forwarding * kadmin.exp and gssapi.exp: Fix syntax of expect_after blocks. The -i $foo must be inside the {, and the { must be by itself at the end of the line. * gssftp.exp (start_ftp_daemon): use krb5.conf, not krb.conf * gssftp.exp (ftp_test): Explicitly select binary mode. * kadmin.exp: Don't look at output from kadmind to drain it; that problem is handled elsewhere now. * kadmin.exp (kadmin_delete, kamind_add, kadmin_add_rnd, kadmin_examine, kadmin_cpw, kadmin_cpw_rnd, kadmin_modify, kadmin_rename, kadmin_list, kadmin_extract, kadmin_extractv4): check for "lost KDC" as well. * kadmin.exp (kadmin_show): extend regexp to match current kadmin interface. (kadmin_add): match more of extended output (tentative change, should be expanded later to actually check the values.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7896 dc483132-0cff-0310-8789-dd5450dbe970 --- src/tests/dejagnu/krb-standalone/ChangeLog | 36 +++++++++++ src/tests/dejagnu/krb-standalone/gssapi.exp | 48 +++++++++----- src/tests/dejagnu/krb-standalone/gssftp.exp | 18 ++++-- src/tests/dejagnu/krb-standalone/kadmin.exp | 43 ++++++------- src/tests/dejagnu/krb-standalone/rsh.exp | 64 +++++++++++++++++++ .../dejagnu/krb-standalone/standalone.exp | 2 +- 6 files changed, 164 insertions(+), 47 deletions(-) diff --git a/src/tests/dejagnu/krb-standalone/ChangeLog b/src/tests/dejagnu/krb-standalone/ChangeLog index 0430684a1..cce3a4fdf 100644 --- a/src/tests/dejagnu/krb-standalone/ChangeLog +++ b/src/tests/dejagnu/krb-standalone/ChangeLog @@ -1,3 +1,39 @@ +Fri May 3 21:44:24 1996 Ken Raeburn + + Fri Mar 29 15:05:30 1996 Chris Provenzano + + * rsh.exp: Add tests for ticket forwarding. + + Thu Mar 28 19:30:53 1996 Marc Horowitz + + * kadmin.exp and gssapi.exp: Fix syntax of expect_after blocks. + The -i $foo must be inside the {, and the { must be by itself at + the end of the line. + * gssftp.exp (start_ftp_daemon): use krb5.conf, not krb.conf + + Thu Mar 28 17:32:47 1996 Ken Raeburn + + * gssftp.exp (ftp_test): Explicitly select binary mode. + + Wed Mar 27 22:45:53 1996 Ken Raeburn + + * kadmin.exp: Don't look at output from kadmind to drain it; that + problem is handled elsewhere now. + + Thu Mar 14 14:57:19 1996 Mark Eichin + + * kadmin.exp (kadmin_delete, kamind_add, kadmin_add_rnd, + kadmin_examine, kadmin_cpw, kadmin_cpw_rnd, kadmin_modify, + kadmin_rename, kadmin_list, kadmin_extract, kadmin_extractv4): + check for "lost KDC" as well. + + Sun Feb 18 00:56:52 1996 Mark W. Eichin + + * kadmin.exp (kadmin_show): extend regexp to match current kadmin + interface. + (kadmin_add): match more of extended output (tentative change, + should be expanded later to actually check the values.) + Wed Apr 17 17:53:51 1996 Theodore Y. Ts'o * gssftp.exp: Fix the expect string so that it doesn't assume that diff --git a/src/tests/dejagnu/krb-standalone/gssapi.exp b/src/tests/dejagnu/krb-standalone/gssapi.exp index beef7cf6f..06790e97a 100644 --- a/src/tests/dejagnu/krb-standalone/gssapi.exp +++ b/src/tests/dejagnu/krb-standalone/gssapi.exp @@ -224,7 +224,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_0 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest0" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient0 catch "expect_after" @@ -238,7 +239,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient0 catch "expect_after" @@ -263,7 +265,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_1 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest1" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient1 catch "expect_after" @@ -277,7 +280,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient1 catch "expect_after" @@ -302,7 +306,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_2 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest2" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient2 catch "expect_after" @@ -316,7 +321,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient2 catch "expect_after" @@ -341,7 +347,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_3 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5556 $hostname gssservice@$hostname "message from gsstest3" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient3 catch "expect_after" @@ -356,7 +363,8 @@ proc doit { } { expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\" at" expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\"" catch "expect_after" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient3 catch "expect_after" @@ -389,7 +397,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_0 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest0" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient0 catch "expect_after" @@ -403,7 +412,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient0 catch "expect_after" @@ -428,7 +438,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_1 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest1" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient1 catch "expect_after" @@ -442,7 +453,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient1 catch "expect_after" @@ -467,7 +479,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_2 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest2" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient2 catch "expect_after" @@ -481,7 +494,8 @@ proc doit { } { } expect -i $spawn_id "Signature verified" catch "expect_after" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient2 catch "expect_after" @@ -506,7 +520,8 @@ proc doit { } { set env(KRB5CCNAME) $tmppwd/gss_tk_3 verbose "KRB5CCNAME=$env(KRB5CCNAME)" spawn $GSSCLIENT -port 5557 -v2 $hostname gssservice@$hostname "message from gsstest3" - expect_after -i $gss_server_spawn_id { + expect_after { + -i $gss_server_spawn_id timeout { fail gssclient3 catch "expect_after" @@ -521,7 +536,8 @@ proc doit { } { expect -i $gss_server_spawn_id "Accepted connection: \"gsstest3@$REALMNAME\" at" expect -i $gss_server_spawn_id "Received message: \"message from gsstest3\"" catch "expect_after" - expect_after -i $spawn_id { + expect_after { + -i $spawn_id timeout { fail gssclient3 catch "expect_after" diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp index c541414fb..ac67599ff 100644 --- a/src/tests/dejagnu/krb-standalone/gssftp.exp +++ b/src/tests/dejagnu/krb-standalone/gssftp.exp @@ -41,7 +41,7 @@ proc start_ftp_daemon { } { # don't need to use inetd. The 3021 is the port to listen at. # We rely on KRB5_KTNAME being set to the proper keyfile as there is # no way to cleanly set it with the gssapi API. - spawn $FTPD -p 3021 -r $tmppwd/krb.conf + spawn $FTPD -p 3021 -r $tmppwd/krb5.conf set ftpd_spawn_id $spawn_id set ftpd_pid [exp_pid] @@ -155,7 +155,6 @@ proc ftp_test { } { set env(KRB5_KTNAME) FILE:$tmppwd/srvtab verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - # Start the ftp daemon. start_ftp_daemon @@ -180,12 +179,21 @@ proc ftp_test { } { expect -re "$localhostname.*FTP server .Version \[0-9.\]*. ready." expect -re "Using authentication type GSSAPI; ADAT must follow" expect "GSSAPI accepted as authentication type" - expect "GSSAPI authentication succeeded" + expect { + "GSSAPI authentication succeeded" { pass "ftp authentication" } + eof { fail "ftp authentication" ; catch "expect_after" ; return } + } expect "Name ($hostname:$env(USER)): " send "$env(USER)\r" expect "User $env(USER) logged in." - expect "Remote system type is UNIX." - expect "Using binary mode to transfer files." +# expect "Remote system type is UNIX." +# expect "Using binary mode to transfer files." + expect "ftp> " { + pass $testname + } + + set testname "binary" + send "binary\r" expect "ftp> " { pass $testname } diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index 33cb62e73..f088b0f90 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -32,7 +32,6 @@ proc kadmin_add { pname password } { global KEY global spawn_id global tmppwd - global kadmind_spawn_id set good 0 spawn $KADMIN -m -p krbtest/admin@$REALMNAME ank $pname @@ -64,19 +63,14 @@ proc kadmin_add { pname password } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin add)" catch "close -i $spawn_id" - # - # Read the kadmind message too. It checks the operation of kadmind, - # and also, on some systems the write to standard error will block if - # too many messages back up. - # - expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME" if { $good == 1 } { # # use kdb5_edit to verify that a principal was created and that its # salt types are 0 (normal). # spawn $KDB5_EDIT -r $REALMNAME - expect_after { -i $spawn_id + expect_after { + -i $spawn_id timeout { fail "kadmin add $pname" catch "expect_after" @@ -91,6 +85,16 @@ proc kadmin_add { pname password } { set good 0 expect "kdb5_edit:" { send "show $pname\r" } expect "Name: $pname@$REALMNAME" { set good 1 } + + expect "Maximum life:" { verbose "got max life" } + expect "Maximum renewable life:" { verbose "got max rlife" } + expect "Expiration:" { verbose "got expiration" } + expect "Password expiration:" { verbose "got pw expiration" } + expect "Last successful password:" { verbose "last succ pw" } + expect "Last failed password attempt:" { verbose "last pw attempt" } + expect "Failed password attempts:" { verbose "num failed attempts" } + expect "Attributes:" { verbose "attributes" } + expect "Number of keys:" { verbose "num keys"} expect "kdb5_edit:" { send "q\r" } expect_after expect eof @@ -124,7 +128,6 @@ proc kadmin_add_rnd { pname } { global KEY global spawn_id global tmppwd - global kadmind_spawn_id set good 0 spawn $KADMIN -m -p krbtest/admin@$REALMNAME ark $pname @@ -154,14 +157,14 @@ proc kadmin_add_rnd { pname } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Add Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME" if { $good == 1 } { # # use kdb5_edit to verify that a principal was created and that its # salt types are 0 (normal). # spawn $KDB5_EDIT -r $REALMNAME - expect_after { -i $spawn_id + expect_after { + -i $spawn_id timeout { fail "kadmin add_rnd $pname" catch "expect_after" @@ -248,7 +251,6 @@ proc kadmin_cpw { pname password } { global KADMIN global KEY global spawn_id - global kadmind_spawn_id spawn $KADMIN -m -p krbtest/admin@$REALMNAME cpw $pname expect_after { @@ -281,7 +283,6 @@ proc kadmin_cpw { pname password } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Change Password operation for $pname successfully issued by krbtest/admin@$REALMNAME" pass "kadmin cpw $pname" return 1 } @@ -296,7 +297,6 @@ proc kadmin_cpw_rnd { pname } { global KADMIN global KEY global spawn_id - global kadmind_spawn_id spawn $KADMIN -m -p krbtest/admin@$REALMNAME crk $pname expect_after { @@ -327,7 +327,6 @@ proc kadmin_cpw_rnd { pname } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Change Random Password operation for $pname successfully issued by krbtest/admin@$REALMNAME" pass "kadmin cpw_rnd $pname" return 1 } @@ -342,7 +341,6 @@ proc kadmin_modify { pname flags } { global KADMIN global KEY global spawn_id - global kadmind_spawn_id spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- modent $pname $flags expect_after { @@ -370,7 +368,6 @@ proc kadmin_modify { pname flags } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin modify)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Modify Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME" pass "kadmin modify $pname" return 1 } @@ -387,7 +384,6 @@ proc kadmin_rename { pname npname } { global KEY global spawn_id global tmppwd - global kadmind_spawn_id set good 0 spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- renent -force $pname $npname @@ -417,14 +413,14 @@ proc kadmin_rename { pname npname } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin rename)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Rename Principal operation from $pname to $npname successfully issued by krbtest/admin@$REALMNAME" if { $good == 1 } { # # use kdb5_edit to verify that the new principal was created and that its # salt types are 0 (normal). # spawn $KDB5_EDIT -r $REALMNAME - expect_after { -i $spawn_id + expect_after { + -i $spawn_id timeout { fail "kadmin renent $pname $npname" catch "expect_after" @@ -636,7 +632,6 @@ proc kadmin_delete { pname } { global KEY global spawn_id global tmppwd - global kadmind_spawn_id set good 0 spawn $KADMIN -m -p krbtest/admin@$REALMNAME -- delent -force $pname @@ -666,13 +661,13 @@ proc kadmin_delete { pname } { set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin delent)" catch "close -i $spawn_id" - expect -i $kadmind_spawn_id "Delete Principal operation for $pname successfully issued by krbtest/admin@$REALMNAME" if { $good == 1 } { # # use kdb5_edit to verify that the old principal is not present. # spawn $KDB5_EDIT -r $REALMNAME - expect_after { -i $spawn_id + expect_after { + -i $spawn_id timeout { fail "kadmin delent $pname" catch "expect_after" @@ -715,7 +710,6 @@ proc kadmin_delete { pname } { #-- proc kpasswd_cpw { princ opw npw } { global KPASSWD - global kadmind_spawn_id spawn $KPASSWD -u $princ expect_after { @@ -733,7 +727,6 @@ proc kpasswd_cpw { princ opw npw } { expect "Enter old password for $princ:" { send "$opw\r" } expect "Enter new password:" { send "$npw\r" } expect "Re-enter new password:" { send "$npw\r" } - expect -i $kadmind_spawn_id "changed password for $princ" if ![check_exit_status "kpasswd"] { fail "kpasswd $princ $npw" return 0 diff --git a/src/tests/dejagnu/krb-standalone/rsh.exp b/src/tests/dejagnu/krb-standalone/rsh.exp index 893d74ede..e1e11dc6d 100644 --- a/src/tests/dejagnu/krb-standalone/rsh.exp +++ b/src/tests/dejagnu/krb-standalone/rsh.exp @@ -15,6 +15,10 @@ if ![info exists KRSHD] { set KRSHD [findfile $objdir/../../appl/bsd/kshd] } +if ![info exists KLIST] { + set KLIST [findfile $objdir/../../clients/klist/klist] +} + # Make sure .k5login is reasonable. if ![check_k5login rsh] { return @@ -66,6 +70,7 @@ proc stop_rsh_daemon { } { proc rsh_test { } { global REALMNAME + global KLIST global RSH global KEY global BINSH @@ -145,6 +150,65 @@ proc rsh_test { } { stop_rsh_daemon } + # Check ticket forwarding + set failed no + start_rsh_daemon -k + set testname "rsh forwarding tickets" + spawn $RSH $hostname -f -k $REALMNAME -D 3544 -A $BINSH -c $KLIST + expect { + "Ticket cache:" { } + "klist: No credentials cache file found" { + fail "$testname (not forwarded)" + return + } + timeout { + fail "$testname (timeout)" + return + } + eof { + fail "$testname (eof)" + return + } + } + + if ![check_exit_status $testname] { + return + } + + pass $testname + + stop_rsh_daemon + + # Check encrypted ticket forwarding + set failed no + start_rsh_daemon -e + set testname "encrypted rsh forwarding tickets" + spawn $RSH $hostname -x -f -k $REALMNAME -D 3544 -A $BINSH -c $KLIST + expect { + "Ticket cache:" { } + "klist: No credentials cache file found" { + fail "$testname (not forwarded)" + return + } + timeout { + fail "$testname (timeout)" + return + } + eof { + fail "$testname (eof)" + return + } + } + + if ![check_exit_status $testname] { + return + } + + pass $testname + + stop_rsh_daemon + + # Check stderr start_rsh_daemon -k set testname "rsh to stderr" diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index 0b3a4b0bf..fba1e142a 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -1,4 +1,4 @@ - # Standalone Kerberos test. +# Standalone Kerberos test. # This is a DejaGnu test script. # This script tests that the Kerberos tools can talk to each other. -- 2.26.2