krb5 commit: Rewrite not-yet-covered dejagnu tests in Python
Greg Hudson
ghudson at mit.edu
Fri May 21 11:59:57 EDT 2021
https://github.com/krb5/krb5/commit/bbce6a8beee93030b65edf3a6612064c621a34d9
commit bbce6a8beee93030b65edf3a6612064c621a34d9
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu May 20 17:31:49 2021 -0400
Rewrite not-yet-covered dejagnu tests in Python
Remove the dejagnu scripts gssapi.exp, princexpire.exp, sample.exp,
simple.exp, and tcp.exp.
Add server output checking to t_gss_sample.py to match the checks in
gssapi.exp.
Add a test to t_general.py matching the #6428 regression test in
princexpire.exp.
Add new test scripts t_sample.py and t_simply.py for the appl/sample
and appl/simple applications, to match sample.exp and simple.exp.
Adjust the simple and sample servers to allow for startup detection
when stdout is a pipe. Both of these test servers exit after one
client execution; add a k5test function await_daemon_exit() to allow
the daemon exit status to be checked without sending a kill signal.
Change start_in_inetd() not to require the program name to be
specified twice. Adjust the existing t_user2user.py for the
aforementioned changes.
Add a TCP test to t_bigreply.py to match the oversized-TCP-request
test in tcp.exp. The existing t_bigreply.py test already covers a
successful TCP request.
src/appl/gss-sample/t_gss_sample.py | 11 +
src/appl/sample/Makefile.in | 3 +
src/appl/sample/sserver/sserver.c | 4 +
src/appl/sample/t_sample.py | 22 ++
src/appl/simple/Makefile.in | 3 +
src/appl/simple/server/sim_server.c | 1 +
src/appl/simple/t_simple.py | 34 +++
src/appl/user_user/t_user2user.py | 5 +-
src/kdc/t_bigreply.py | 14 +
src/tests/dejagnu/krb-standalone/gssapi.exp | 332 ----------------------
src/tests/dejagnu/krb-standalone/princexpire.exp | 105 -------
src/tests/dejagnu/krb-standalone/sample.exp | 217 --------------
src/tests/dejagnu/krb-standalone/simple.exp | 216 --------------
src/tests/dejagnu/krb-standalone/tcp.exp | 112 --------
src/tests/t_general.py | 10 +
src/util/k5test.py | 9 +-
16 files changed, 113 insertions(+), 985 deletions(-)
diff --git a/src/appl/gss-sample/t_gss_sample.py b/src/appl/gss-sample/t_gss_sample.py
index 77f3978..3608359 100755
--- a/src/appl/gss-sample/t_gss_sample.py
+++ b/src/appl/gss-sample/t_gss_sample.py
@@ -36,6 +36,17 @@ def run_client_server(realm, options, server_options, **kwargs):
server = realm.start_server(server_args, 'starting...')
realm.run([gss_client, '-port', portstr] + options +
[hostname, 'host', 'testmsg'], **kwargs)
+
+ seen1 = seen2 = False
+ while 'expected_code' not in kwargs and not (seen1 and seen2):
+ line = server.stdout.readline()
+ if line == '':
+ fail('gss-server process exited unexpectedly')
+ if line == 'Accepted connection: "user at KRBTEST.COM"\n':
+ seen1 = True
+ if line == 'Received message: "testmsg"\n':
+ seen2 = True
+
stop_daemon(server)
# Run a gss-server and gss-client process, and verify that gss-client
diff --git a/src/appl/sample/Makefile.in b/src/appl/sample/Makefile.in
index 63ac42e..50caa86 100644
--- a/src/appl/sample/Makefile.in
+++ b/src/appl/sample/Makefile.in
@@ -1,3 +1,6 @@
mydir=appl$(S)sample
SUBDIRS = sclient sserver
BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+ $(RUNPYTEST) $(srcdir)/t_sample.py $(PYTESTFLAGS)
diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c
index ffbd883..807e1ef 100644
--- a/src/appl/sample/sserver/sserver.c
+++ b/src/appl/sample/sserver/sserver.c
@@ -179,6 +179,10 @@ main(int argc, char *argv[])
syslog(LOG_ERR, "listen: %m");
exit(3);
}
+
+ printf("starting...\n");
+ fflush(stdout);
+
if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
syslog(LOG_ERR, "accept: %m");
exit(3);
diff --git a/src/appl/sample/t_sample.py b/src/appl/sample/t_sample.py
new file mode 100644
index 0000000..1b75fa2
--- /dev/null
+++ b/src/appl/sample/t_sample.py
@@ -0,0 +1,22 @@
+from k5test import *
+
+sclient = os.path.join(buildtop, 'appl', 'sample', 'sclient', 'sclient')
+sserver = os.path.join(buildtop, 'appl', 'sample', 'sserver', 'sserver')
+
+for realm in multipass_realms(create_host=False):
+ server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+ realm.addprinc(server_princ)
+ realm.extract_keytab(server_princ, realm.keytab)
+
+ portstr = str(realm.server_port())
+ server = realm.start_server([sserver, '-p', portstr], 'starting...')
+ out = realm.run([sclient, hostname, portstr],
+ expected_msg='You are user at KRBTEST.COM')
+ await_daemon_exit(server)
+
+ server = realm.start_in_inetd([sserver])
+ out = realm.run([sclient, hostname, portstr],
+ expected_msg='You are user at KRBTEST.COM')
+ await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
diff --git a/src/appl/simple/Makefile.in b/src/appl/simple/Makefile.in
index a605616..5b9af1b 100644
--- a/src/appl/simple/Makefile.in
+++ b/src/appl/simple/Makefile.in
@@ -1,3 +1,6 @@
mydir=appl$(S)simple
SUBDIRS = client server
BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+ $(RUNPYTEST) $(srcdir)/t_simple.py $(PYTESTFLAGS)
diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c
index ed383a0..093ed55 100644
--- a/src/appl/simple/server/sim_server.c
+++ b/src/appl/simple/server/sim_server.c
@@ -161,6 +161,7 @@ main(int argc, char *argv[])
}
printf("starting...\n");
+ fflush(stdout);
#ifdef DEBUG
printf("socket has port # %d\n", ntohs(s_sock.sin_port));
diff --git a/src/appl/simple/t_simple.py b/src/appl/simple/t_simple.py
new file mode 100644
index 0000000..b720732
--- /dev/null
+++ b/src/appl/simple/t_simple.py
@@ -0,0 +1,34 @@
+from k5test import *
+
+sim_client = os.path.join(buildtop, 'appl', 'simple', 'client', 'sim_client')
+sim_server = os.path.join(buildtop, 'appl', 'simple', 'server', 'sim_server')
+
+for realm in multipass_realms(create_host=False):
+ server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+ realm.addprinc(server_princ)
+ realm.extract_keytab(server_princ, realm.keytab)
+
+ portstr = str(realm.server_port())
+ server = realm.start_server([sim_server, '-p', portstr], 'starting...')
+
+ out = realm.run([sim_client, '-p', portstr, hostname])
+ if ('Sent checksummed message:' not in out or
+ 'Sent encrypted message:' not in out):
+ fail('Expected client messages not seen')
+
+ # sim_server exits after one client execution, so we can read
+ # until it closes stdout.
+ seen1 = seen2 = seen3 = False
+ for line in server.stdout:
+ if line == 'Got authentication info from user at KRBTEST.COM\n':
+ seen1 = True
+ if line == "Safe message is: 'hi there!'\n":
+ seen2 = True
+ if line == "Decrypted message is: 'hi there!'\n":
+ seen3 = True
+ if not (seen1 and seen2 and seen3):
+ fail('Expected server messages not seen')
+
+ await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
diff --git a/src/appl/user_user/t_user2user.py b/src/appl/user_user/t_user2user.py
index 2c054f1..9c96759 100755
--- a/src/appl/user_user/t_user2user.py
+++ b/src/appl/user_user/t_user2user.py
@@ -5,13 +5,14 @@ debug_compiled=1
for realm in multipass_realms():
if debug_compiled == 0:
- realm.start_in_inetd(['./uuserver', 'uuserver'], port=9999)
+ server = realm.start_in_inetd(['./uuserver'], port=9999)
else:
- srv_output = realm.start_server(['./uuserver', '9999'], 'Server started')
+ server = realm.start_server(['./uuserver', '9999'], 'Server started')
msg = 'uu-client: server says "Hello, other end of connection."'
realm.run(['./uuclient', hostname, 'testing message', '9999'],
expected_msg=msg)
+ await_daemon_exit(server)
success('User-2-user test programs')
diff --git a/src/kdc/t_bigreply.py b/src/kdc/t_bigreply.py
index b630015..ea101ff 100644
--- a/src/kdc/t_bigreply.py
+++ b/src/kdc/t_bigreply.py
@@ -1,4 +1,5 @@
from k5test import *
+import struct
# Set the maximum UDP reply size very low, so that all replies go
# through the RESPONSE_TOO_BIG path.
@@ -15,4 +16,17 @@ msgs = ('Sending initial UDP request',
realm.kinit(realm.user_princ, password('user'), expected_trace=msgs)
realm.run([kvno, realm.host_princ], expected_trace=msgs)
+# Pretend to send an absurdly long request over TCP, and verify that
+# we get back a reply of plausible length to be an encoded
+# KRB_ERR_RESPONSE_TOO_BIG error.
+s = socket.create_connection((hostname, realm.portbase))
+s.sendall(b'\xFF\xFF\xFF\xFF')
+lenbytes = s.recv(4)
+assert(len(lenbytes) == 4)
+resplen, = struct.unpack('>L', lenbytes)
+if resplen < 10:
+ fail('KDC response too short (KRB_ERR_RESPONSE_TOO_BIG error expected)')
+resp = s.recv(resplen)
+assert(len(resp) == resplen)
+
success('Large KDC replies')
diff --git a/src/tests/dejagnu/krb-standalone/gssapi.exp b/src/tests/dejagnu/krb-standalone/gssapi.exp
deleted file mode 100644
index e3357e7..0000000
--- a/src/tests/dejagnu/krb-standalone/gssapi.exp
+++ /dev/null
@@ -1,332 +0,0 @@
-# Test for the GSS-API.
-# This is a DejaGnu test script.
-# This script tests that the GSS-API tester functions correctly.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists GSSCLIENT] {
- set GSSCLIENT [findfile $objdir/../../appl/gss-sample/gss-client]
-}
-
-if ![info exists GSSSERVER] {
- set GSSSERVER [findfile $objdir/../../appl/gss-sample/gss-server]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-#
-# Like kinit in default.exp, but allows us to specify a different ccache.
-#
-proc our_kinit { name pass ccache } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- spawn $KINIT -f -5 -c $ccache $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit"
- return 0
- }
- eof {
- fail "kinit"
- return 0
- }
- }
- send "$pass\r"
- # This last expect seems useless, but without it the test hangs on
- # AIX.
- expect {
- "\r" { }
- }
- expect eof
- if ![check_exit_status kinit] {
- return 0
- }
-
- return 1
-}
-
-#
-# Destroys a particular ccache.
-#
-proc our_kdestroy { ccache } {
- global KDESTROY
- global spawn_id
-
- spawn $KDESTROY -c $ccache
- if ![check_exit_status "kdestroy"] {
- return 0
- }
- return 1
-}
-
-#
-# Stops the gss-server.
-#
-proc stop_gss_server { } {
- global gss_server_pid
- global gss_server_spawn_id
-
- if [info exists gss_server_pid] {
- catch "close -i $gss_server_spawn_id"
- catch "exec kill $gss_server_pid"
- wait -i $gss_server_spawn_id
- unset gss_server_pid
- }
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc gss_restore_env { } {
- global env
- global gss_save_ccname
- global gss_save_ktname
-
- catch "unset env(KRB5CCNAME)"
- if [info exists gss_save_ccname] {
- set env(KRB5CCNAME) $gss_save_ccname
- unset gss_save_ccname
- }
- catch "unset env(KRB5_KTNAME)"
- if [info exists gss_save_ktname] {
- set env(KRB5_KTNAME) $gss_save_ktname
- unset gss_save_ktname
- }
-}
-
-proc run_client {test tkfile client} {
- global env
- global hostname
- global GSSCLIENT
- global spawn_id
- global gss_server_spawn_id
- global REALMNAME
- global portbase
-
- set env(KRB5CCNAME) $tkfile
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
- verbose "spawning gssclient, identity=$client"
- spawn $GSSCLIENT -d -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client"
- set got_client 0
- set got_server 0
- expect_after {
- -i $spawn_id
- timeout {
- if {!$got_client} {
- verbose -log "client timeout"
- fail $test
- catch "expect_after"
- return
- }
- }
- eof {
- if {!$got_client} {
- verbose -log "client eof"
- fail $test
- catch "expect_after"
- return
- }
- }
- -i $gss_server_spawn_id
- timeout {
- if {!$got_server} {
- verbose -log "server timeout"
- fail $test
- catch "expect_after"
- return
- }
- }
- eof {
- if {!$got_server} {
- verbose -log "server eof"
- fail $test
- catch "expect_after"
- return
- }
- }
- }
- expect {
- -i $gss_server_spawn_id
- "Accepted connection: \"$client@$REALMNAME\"" exp_continue
- "Received message: \"message from $client\"" {
- set got_server 1
- if {!$got_client} {
- exp_continue
- }
- }
- -i $spawn_id
- "Signature verified" {
- set got_client 1
- if {!$got_server} {
- exp_continue
- }
- }
- }
- catch "expect_after"
- if ![check_exit_status $test] {
- # check_exit_staus already calls fail for us
- return
- }
- pass $test
-}
-
-proc doit { } {
- global REALMNAME
- global env
- global KLIST
- global KDESTROY
- global KEY
- global GSSTEST
- global GSSSERVER
- global GSSCLIENT
- global hostname
- global tmppwd
- global spawn_id
- global timeout
- global gss_server_pid
- global gss_server_spawn_id
- global gss_save_ccname
- global gss_save_ktname
- global portbase
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- perror "failed to start kerberos daemons"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest0 0] {
- perror "failed to set up gsstest0 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest1 0] {
- perror "failed to set up gsstest1 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest2 0] {
- perror "failed to set up gsstest2 key"
- }
-
- # Use kadmin to add a key for us.
- if ![add_kerberos_key gsstest3 0] {
- perror "failed to set up gsstest3 key"
- }
-
- # Use kadmin to add a service key for us.
- if ![add_random_key gssservice/$hostname 0] {
- perror "failed to set up gssservice/$hostname key"
- }
-
- # Use kdb5_edit to create a keytab entry for gssservice
- if ![setup_keytab 0 gssservice] {
- perror "failed to set up gssservice keytab"
- }
-
- catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] {
- perror "failed to kinit gsstest0"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] {
- perror "failed to kinit gsstest1"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] {
- perror "failed to kinit gsstest2"
- }
-
- # Use kinit to get a ticket.
- if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] {
- perror "failed to kinit gsstest3"
- }
-
- #
- # Save settings of KRB5CCNAME and KRB5_KTNAME
- #
- if [info exists env(KRB5CCNAME)] {
- set gss_save_ccname $env(KRB5CCNAME)
- }
- if [info exists env(KRB5_KTNAME)] {
- set gss_save_ktname $env(KRB5_KTNAME)
- }
-
- #
- # set KRB5CCNAME and KRB5_KTNAME
- #
- set env(KRB5_KTNAME) FILE:$tmppwd/keytab
- verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
- # Now start the gss-server.
- spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname
- set gss_server_pid [exp_pid]
- set gss_server_spawn_id $spawn_id
-
- expect {
- "starting" { }
- eof { perror "gss-server failed to start" }
- }
-
- run_client gssclient0 $tmppwd/gss_tk_0 gssclient0
- run_client gssclient1 $tmppwd/gss_tk_1 gssclient1
- run_client gssclient2 $tmppwd/gss_tk_2 gssclient2
- run_client gssclient3 $tmppwd/gss_tk_3 gssclient3
-
- stop_gss_server
- gss_restore_env
-
- if ![our_kdestroy $tmppwd/gss_tk_0] {
- perror "failed kdestroy gss_tk_0" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_1] {
- perror "failed kdestroy gss_tk_1" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_2] {
- perror "failed kdestroy gss_tk_2" 0
- }
-
- if ![our_kdestroy $tmppwd/gss_tk_3] {
- perror "failed kdestroy gss_tk_3" 0
- }
-
- catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
-
- return
-}
-
-set status [catch doit msg]
-
-stop_gss_server
-gss_restore_env
-stop_kerberos_daemons
-
-if { $status != 0 } {
- perror "error in gssapi.exp" 0
- perror $msg 0
-}
diff --git a/src/tests/dejagnu/krb-standalone/princexpire.exp b/src/tests/dejagnu/krb-standalone/princexpire.exp
deleted file mode 100644
index 5228141..0000000
--- a/src/tests/dejagnu/krb-standalone/princexpire.exp
+++ /dev/null
@@ -1,105 +0,0 @@
-proc doit { } {
- global REALMNAME
- global KLIST
- global KINIT
- global KDESTROY
- global KEY
- global KADMIN_LOCAL
- global KTUTIL
- global hostname
- global tmppwd
- global spawn_id
- global supported_enctypes
- global KRBIV
- global portbase
- global mode
-
- set princ "expiredprinc"
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return 1
- }
-
- # Use kadmin to add a key.
- if ![add_kerberos_key $princ 0] {
- return 1
- }
-
- setup_kerberos_env kdc
-
- set test "kadmin.local modprinc -expire"
- spawn $KADMIN_LOCAL -q "modprinc -expire \"2 days ago\" $princ"
- catch expect_after
- expect {
- timeout {
- fail $test
- }
- eof {
- pass $test
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat ($test)"
- catch "close -i $spawn_id"
-
- set test "kadmin.local -pwexpire"
- spawn $KADMIN_LOCAL -q "modprinc -pwexpire \"2 days ago\" $princ"
- catch expect_after
- expect {
- timeout {
- fail $test
- }
- eof {
- pass $test
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat ($test)"
- catch "close -i $spawn_id"
-
- setup_kerberos_env client
- spawn $KINIT -5 -k -t /dev/null $princ
- expect {
- "entry in database has expired" {
- pass $test
- }
- "Password has expired" {
- fail "$test (inappropriate password expiration message)"
- }
- timeout {
- expect eof
- fail "$test (timeout)"
- return 0
- }
- eof {
- fail "$test (eof)"
- return 0
- }
- }
- expect eof
- return 0
-}
-
-run_once princexpire {
- # Set up the Kerberos files and environment.
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
- }
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is not being called from
- # standalone.exp.
- if ![setup_kerberos_db 0] {
- return
- }
-
- set status [catch doit msg]
-
- stop_kerberos_daemons
-
- if { $status != 0 } {
- send_error "ERROR: error in pwchange.exp\n"
- send_error "$msg\n"
- exit 1
- }
-}
diff --git a/src/tests/dejagnu/krb-standalone/sample.exp b/src/tests/dejagnu/krb-standalone/sample.exp
deleted file mode 100644
index 93a75f1..0000000
--- a/src/tests/dejagnu/krb-standalone/sample.exp
+++ /dev/null
@@ -1,217 +0,0 @@
-# Test for the sample clients
-# This is a DejaGnu test script.
-# This script tests that sample user-user communication works.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists SSERVER] {
- set SSERVER [findfile $objdir/../../appl/sample/sserver/sserver]
-}
-if ![info exists SCLIENT] {
- set SCLIENT [findfile $objdir/../../appl/sample/sclient/sclient]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-proc start_sserver_daemon { inetd } {
- global spawn_id
- global sserver_pid
- global sserver_spawn_id
- global SSERVER
- global T_INETD
- global tmppwd
- global portbase
-
- # if inetd = 0, then we are running stand-alone
- if !{$inetd} {
- # Start the sserver
- spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
- set sserver_pid [exp_pid]
- set sserver_spawn_id $spawn_id
-
- verbose "sserver_spawn is $sserver_spawn_id" 1
-
- # Give sserver some time to start
- sleep 2
- } else {
- # Start the sserver
- spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/keytab
- set sserver_pid [exp_pid]
- set sserver_spawn_id $spawn_id
-
- verbose "sserver_spawn (t_inetd) is $sserver_spawn_id" 1
-
- expect {
- -ex "Ready!" { }
- eof { error "couldn't start t_inetd helper" }
- }
- }
-
- return 1
-}
-
-
-proc stop_sserver_daemon { } {
- global sserver_pid
- global sserver_spawn_id
-
- if [info exists sserver_pid] {
- catch "close -i $sserver_spawn_id"
- catch "exec kill $sserver_pid"
- wait -i $sserver_spawn_id
- unset sserver_pid
- }
-
- return 1
-}
-
-proc stop_check_sserver_daemon { } {
- global sserver_spawn_id
- global sserver_pid
-
- # Check the exit status of sserver - should exit here
- set status_list [wait -i $sserver_spawn_id]
- verbose "wait -i $sserver_spawn_id returned $status_list (sserver)"
- catch "close -i $sserver_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail "sserver"
- } else {
- pass "sserver"
- }
- # In either case the server shutdown
- unset sserver_pid
-}
-
-proc test_sclient { msg } {
- global REALMNAME
- global SCLIENT
- global hostname
- global spawn_id
- global portbase
-
- # Test the client
- spawn $SCLIENT $hostname [expr 8 + $portbase]
- verbose "sclient_spawn is $spawn_id" 1
-
- expect {
- "sendauth succeeded, reply is:" {
- verbose "Start proper message"
- }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- "You are krbtest/admin@$REALMNAME\r" {
- verbose "received valid sample message"}
- eof {
- fail $msg
- return 0
- }
- }
- # This last expect seems useless, but without it the test hangs on
- # NETBSD.
- expect {
- "\r" { }
- }
-
- if ![check_exit_status "ssample"] {
- return 0
- }
-
- return 1
-}
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global hostname
- global KEY
- global sserver_pid
- global sserver_spawn_id
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key sample/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a keytab entry for sample
- if ![setup_keytab 1 sample] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- run_once sample_standalone {
- if ![start_sserver_daemon 0 ] {
- return
- }
-
- if ![test_sclient sclient] {
- return
- }
-
- pass "sample - standalone"
-
- stop_check_sserver_daemon
- }
-
- if ![start_sserver_daemon 1 ] {
- return
- }
-
- if ![test_sclient sclient-inetd] {
- return
- }
-
- pass "sample - inetd"
-
- stop_check_sserver_daemon
- return
-}
-
-set status [catch doit msg]
-
-stop_sserver_daemon
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in sample.exp\n"
- send_error "$msg\n"
- exit 1
-}
diff --git a/src/tests/dejagnu/krb-standalone/simple.exp b/src/tests/dejagnu/krb-standalone/simple.exp
deleted file mode 100644
index d8b2182..0000000
--- a/src/tests/dejagnu/krb-standalone/simple.exp
+++ /dev/null
@@ -1,216 +0,0 @@
-# Test for the simple clients
-# This is a DejaGnu test script.
-# This script tests that krb-safe and krb-priv messages work.
-
-# This mostly just calls procedures in test/dejagnu/config/default.exp.
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-if ![info exists SIM_SERVER] {
- set SIM_SERVER [findfile $objdir/../../appl/simple/server/sim_server]
-}
-if ![info exists SIM_CLIENT] {
- set SIM_CLIENT [findfile $objdir/../../appl/simple/client/sim_client]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 0] {
- return
-}
-
-proc start_sim_server_daemon { } {
- global spawn_id
- global sim_server_pid
- global sim_server_spawn_id
- global SIM_SERVER
- global T_INETD
- global tmppwd
- global portbase
-
- # Start the sim_server
- spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
- set sim_server_pid [exp_pid]
- set sim_server_spawn_id $spawn_id
-
- verbose "sim_server_spawn is $sim_server_spawn_id" 1
-
- expect {
- "starting" { }
- eof { perror "sim_server failed to start" }
- }
-
- return 1
-}
-
-
-proc stop_sim_server_daemon { } {
- global sim_server_pid
- global sim_server_spawn_id
-
- if [info exists sim_server_pid] {
- catch "close -i $sim_server_spawn_id"
- catch "exec kill $sim_server_pid"
- wait -i $sim_server_spawn_id
- unset sim_server_pid
- }
-
- return 1
-}
-
-proc stop_check_sim_server_daemon { } {
- global sim_server_spawn_id
- global sim_server_pid
-
- # Check the exit status of sim_server - should exit here
- set status_list [wait -i $sim_server_spawn_id]
- verbose "wait -i $sim_server_spawn_id returned $status_list (sim_server)"
- catch "close -i $sim_server_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail "sim_server"
- } else {
- pass "sim_server"
- }
- # In either case the server shutdown
- unset sim_server_pid
-}
-
-proc test_sim_client { msg } {
- global REALMNAME
- global SIM_CLIENT
- global hostname
- global spawn_id
- global portbase
- global sim_server_spawn_id
-
- # Test the client
- spawn $SIM_CLIENT -p [expr 8 + $portbase] $hostname
- verbose "sim_client_spawn is $spawn_id" 1
-
- expect {
- "Sent checksummed message: " {
- verbose "received safe message"
- }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- "Sent encrypted message: " {
- verbose "received private message"
- }
- eof {
- fail $msg
- return 0
- }
- }
- expect {
- "\r" { }
- }
-
- expect {
- -i $sim_server_spawn_id
- "Safe message is: 'hi there!'" { }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- expect {
- -i $sim_server_spawn_id
- "Decrypted message is: 'hi there!'" { }
- timeout {
- fail $msg
- return 0
- }
- eof {
- fail $msg
- return 0
- }
- }
-
- if ![check_exit_status "simple"] {
- return 0
- }
-
- return 1
-}
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global hostname
- global KEY
- global sim_server_pid
- global sim_server_spawn_id
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 0] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key sample/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a keytab entry for sample
- if ![setup_keytab 1 sample] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- if ![start_sim_server_daemon] {
- return
- }
-
- if ![test_sim_client sim_client] {
- return
- }
-
- pass "simple - standalone"
-
- stop_check_sim_server_daemon
- return
-}
-
-set status [catch doit msg]
-
-stop_sim_server_daemon
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in simple.exp\n"
- send_error "$msg\n"
- exit 1
-}
diff --git a/src/tests/dejagnu/krb-standalone/tcp.exp b/src/tests/dejagnu/krb-standalone/tcp.exp
deleted file mode 100644
index df3195b..0000000
--- a/src/tests/dejagnu/krb-standalone/tcp.exp
+++ /dev/null
@@ -1,112 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global KADMIN_LOCAL
- global KTUTIL
- global hostname
- global tmppwd
- global spawn_id
- global supported_enctypes
- global KRBIV
- global portbase
- global mode
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- # Make sure that klist can see the ticket.
- if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
- return
- }
-
- # Destroy the ticket.
- spawn $KDESTROY -5
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "kdestroy"
-
- set response {}
- set got_response 0
- set kdcsock ""
- catch {
- send_log "connecting to $hostname [expr 3 + $portbase]\n"
- set kdcsock [socket $hostname [expr 3 + $portbase]]
- fconfigure $kdcsock -encoding binary -blocking 0 -buffering none
- puts -nonewline $kdcsock [binary format H* ffffffff]
- # XXX
- sleep 3
- set response [read $kdcsock]
- set got_response 1
- } msg
- if [string length $kdcsock] { catch "close $kdcsock" }
- if $got_response {
-# send_log [list sent length -1, got back $response]
-# send_log "\n"
- if [string length $response]>10 {
- pass "too-long TCP request"
- } else {
- send_log "response too short\n"
- fail "too-long TCP request"
- }
- } else {
- send_log "too-long connect/exchange failure: $msg\n"
- fail "too-long TCP request"
- }
-}
-
-set status 0
-run_once tcp {
- # Set up the Kerberos files and environment.
- set mode tcp
- reset_kerberos_files
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- set mode udp
- reset_kerberos_files
- return
- }
- # Reset now, for next time we write the config files.
- set mode udp
-
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is being called from here.
- if ![setup_kerberos_db 1] {
- reset_kerberos_files
- return
- }
-
- set status [catch doit msg]
-}
-
-reset_kerberos_files
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
diff --git a/src/tests/t_general.py b/src/tests/t_general.py
index 043f751..8e81db1 100755
--- a/src/tests/t_general.py
+++ b/src/tests/t_general.py
@@ -37,6 +37,16 @@ realm.stop()
realm = K5Realm(create_host=False)
+# Regression test for #6428 (KDC should prefer account expiration
+# error to password expiration error).
+mark('#6428 regression test')
+realm.run([kadminl, 'addprinc', '-randkey', '-pwexpire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+ expected_msg='Password has expired')
+realm.run([kadminl, 'modprinc', '-expire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+ expected_msg="Client's entry in database has expired")
+
# Regression test for #8454 (responder callback isn't used when
# preauth is not required).
mark('#8454 regression test')
diff --git a/src/util/k5test.py b/src/util/k5test.py
index c26bc69..e41bf36 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -867,6 +867,13 @@ def stop_daemon(proc):
_daemons.remove(proc)
+def await_daemon_exit(proc):
+ code = proc.wait()
+ _daemons.remove(proc)
+ if code != 0:
+ fail('Daemon process %d exited with status %d' % (proc.pid, code))
+
+
class K5Realm(object):
"""An object representing a functional krb5 test realm."""
@@ -1034,7 +1041,7 @@ class K5Realm(object):
port = self.server_port()
if env is None:
env = self.env
- inetd_args = [t_inetd, str(port)] + args
+ inetd_args = [t_inetd, str(port), args[0]] + args
return _start_daemon(inetd_args, env, 'Ready!')
def create_kdb(self):
More information about the cvs-krb5
mailing list