krb5 commit: Remove dejagnu test suite
Greg Hudson
ghudson at mit.edu
Sat May 29 17:24:57 EDT 2021
https://github.com/krb5/krb5/commit/7f8f1fae5682762b2752791d11cdddbb11d423c6
commit 7f8f1fae5682762b2752791d11cdddbb11d423c6
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu May 20 22:59:47 2021 -0400
Remove dejagnu test suite
Of the remaining test scripts, kprop.exp has a corresponding Python
script, and standalone.exp is covered by t_general.py, t_dump.py,
t_keytab.py, and t_pkinit.py.
.github/workflows/build.yml | 2 +-
.gitignore | 7 -
doc/build/doing_build.rst | 26 +-
doc/build/options2configure.rst | 2 -
src/config/pre.in | 8 -
src/configure.ac | 11 +-
src/tests/Makefile.in | 4 +-
src/tests/dejagnu/Makefile.in | 37 -
src/tests/dejagnu/config/default.exp | 2094 -----------------------
src/tests/dejagnu/deps | 1 -
src/tests/dejagnu/krb-standalone/kprop.exp | 158 --
src/tests/dejagnu/krb-standalone/standalone.exp | 287 ----
src/tests/t_inetd.c | 13 -
13 files changed, 12 insertions(+), 2638 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8d1042b..4408df8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -32,7 +32,7 @@ jobs:
if: startsWith(matrix.os, 'ubuntu')
run: |
sudo apt-get update -qq
- sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libresolv-wrapper libsasl2-dev libssl-dev python3-kdcproxy python3-pip slapd tcl-dev tcsh
+ sudo apt-get install -y bison gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libresolv-wrapper libsasl2-dev libssl-dev python3-kdcproxy python3-pip slapd tcl-dev tcsh
pip3 install pyrad
- name: Build
env:
diff --git a/.gitignore b/.gitignore
index c37b33d..a316321 100644
--- a/.gitignore
+++ b/.gitignore
@@ -436,13 +436,6 @@ local.properties
/src/tests/create/kdb5_mkdums
-/src/tests/dejagnu/dbg.log
-/src/tests/dejagnu/krb.log
-/src/tests/dejagnu/krb.sum
-/src/tests/dejagnu/runenv.vals
-/src/tests/dejagnu/site.exp
-/src/tests/dejagnu/tmpdir/
-
/src/tests/gss-threads/gss-client
/src/tests/gss-threads/gss-server
diff --git a/doc/build/doing_build.rst b/doc/build/doing_build.rst
index 4da1998..59cb546 100644
--- a/doc/build/doing_build.rst
+++ b/doc/build/doing_build.rst
@@ -99,24 +99,14 @@ start building Kerberos; see :ref:`do_build`)::
make check
-However, there are several prerequisites that must be satisfied first:
-
-* Configure and build Kerberos with Tcl support. Tcl is used to drive
- the test suite. This often means passing **-**\ **-with-tcl** to
- configure to tell it the location of the Tcl configuration
- script. (See :ref:`options2configure`.)
-* In addition to Tcl, DejaGnu must be available on the system for some
- of the tests to run. The test suite will still run the other tests
- if DejaGnu is not present, but the test coverage will be reduced
- accordingly.
-* On some operating systems, you have to run ``make install`` before
- running ``make check``, or the test suite will pick up installed
- versions of Kerberos libraries rather than the newly built ones.
- You can install into a prefix that isn't in the system library
- search path, though. Alternatively, you can configure with
- **-**\ **-disable-rpath**, which renders the build tree less suitable for
- installation, but allows testing without interference from
- previously installed libraries.
+On some operating systems, you have to run ``make install`` before
+running ``make check``, or the test suite will pick up installed
+versions of Kerberos libraries rather than the newly built ones. You
+can install into a prefix that isn't in the system library search
+path, though. Alternatively, you can configure with
+**-**\ **-disable-rpath**, which renders the build tree less suitable
+for installation, but allows testing without interference from
+previously installed libraries.
There are additional regression tests available, which are not run
by ``make check``. These tests require manual setup and teardown of
diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst
index a895962..aeca87f 100644
--- a/doc/build/options2configure.rst
+++ b/doc/build/options2configure.rst
@@ -360,8 +360,6 @@ Optional packages
**-**\ **-with-readline**
Compile and link against GNU readline, as an alternative to libedit.
- Building with readline breaks the dejagnu test suite, which is a
- subset of the tests run by 'make check'.
**-**\ **-with-system-verto**
Use an installed version of libverto. If the libverto header and
diff --git a/src/config/pre.in b/src/config/pre.in
index b2d17b0..3adbc4c 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -230,14 +230,6 @@ KRB5_INCSUBDIRS = \
SKIPTESTS = $(BUILDTOP)/skiptests
-# Dejagnu variables.
-# We have to set the host with --host so that setup_xfail will work.
-# If we don't set it, then the host type used is "native", which
-# doesn't match "*-*-*".
-host=@krb5_cv_host@
-DEJAFLAGS = --debug --srcdir $(srcdir) --host $(host)
-RUNTEST = runtest $(DEJAFLAGS)
-
RUNPYTEST = PYTHONPATH=$(top_srcdir)/util VALGRIND="$(VALGRIND)" \
$(PYTHON)
diff --git a/src/configure.ac b/src/configure.ac
index 4f16fee..58bc50b 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1175,14 +1175,6 @@ AC_SUBST(PKINIT)
# for lib/apputils
AC_REPLACE_FUNCS(daemon)
-# for tests/
-if test x"$RUNTEST" != x; then
- HAVE_RUNTEST=yes
-else
- HAVE_RUNTEST=no
-fi
-AC_SUBST(HAVE_RUNTEST)
-
# For Python tests. Python version 3.2.4 is required as prior
# versions do not accept string input to subprocess.Popen.communicate
# when universal_newlines is set.
@@ -1364,7 +1356,6 @@ fi
# Compile with libedit support in ss by default if available. Compile
# with readline only if asked, to avoid a default GPL dependency.
-# Building with readline also breaks the dejagnu test suite.
AC_ARG_WITH([libedit],
[AS_HELP_STRING([--without-libedit], [do not compile with libedit])],
[], [with_libedit=default])
@@ -1571,5 +1562,5 @@ V5_AC_OUTPUT_MAKEFILE(.
appl/gss-sample appl/user_user
tests tests/asn.1 tests/create tests/hammer tests/verify tests/gssapi
- tests/dejagnu tests/threads tests/shlib tests/gss-threads tests/misc
+ tests/threads tests/shlib tests/gss-threads tests/misc
)
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 02a3cc0..fc6fcc0 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -1,7 +1,7 @@
mydir=tests
BUILDTOP=$(REL)..
-SUBDIRS = asn.1 create hammer verify gssapi dejagnu shlib gss-threads misc \
- threads softpkcs11
+SUBDIRS = asn.1 create hammer verify gssapi shlib gss-threads misc threads \
+ softpkcs11
RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND)
diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in
deleted file mode 100644
index 8c301c5..0000000
--- a/src/tests/dejagnu/Makefile.in
+++ /dev/null
@@ -1,37 +0,0 @@
-mydir=tests$(S)dejagnu
-BUILDTOP=$(REL)..$(S)..
-RUNTEST = @RUNTEST@ $(DEJAFLAGS)
-RUNTESTFLAGS =
-
-all:
-
-install:
-
-check: check-runtest- at HAVE_RUNTEST@
-
-check-runtest-no:
- @echo "+++"
- @echo "+++ WARNING: tests/dejagnu tests not run."
- @echo "+++ runtest is unavailable."
- @echo "+++"
- @echo 'Skipped dejagnu tests: runtest not found' >> $(SKIPTESTS)
-
-# Set VALGRIND at run time, that may be changed when running 'make'.
-check-runtest-yes: site.exp
- $(RUNTEST) --tool krb VALGRIND="$(VALGRIND)" $(RUNTESTFLAGS)
-
-clean:
- $(RM) site.exp runenv.vars runenv.vals
-
-clean-unix::
- $(RM) -rf tmpdir dbg.log krb.log krb.sum
-
-runenv.vals: Makefile
- $(RUN_SETUP); for i in $(RUN_VARS); do \
- eval echo "{$$i=\$$$$i}"; done > runenv.vals
-
-site.exp: runenv.vals Makefile
- echo "set runvarlist [list `cat runenv.vals | tr '\n' ' '`]" | \
- sed -e 's%=\.%='`pwd`'/.%g' > site.exp
- echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp
-
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
deleted file mode 100644
index c298066..0000000
--- a/src/tests/dejagnu/config/default.exp
+++ /dev/null
@@ -1,2094 +0,0 @@
-# Basic expect script for Kerberos tests.
-# This is a DejaGnu test script.
-# Written by Ian Lance Taylor, Cygnus Support, <ian at cygnus.com>.
-# This script is automatically run by DejaGnu before running any of
-# the Kerberos test scripts.
-
-# This file provides several functions which deal with a local
-# Kerberos database. We have to do this such that we don't interfere
-# with any existing Kerberos database. We will create all the files
-# in the directory $tmppwd, which will have been created by the
-# testsuite default script. We will use $REALMNAME as our Kerberos
-# realm name, defaulting to KRBTEST.COM.
-
-set timeout 100
-set stty_init {erase \^h kill \^u}
-set env(TERM) dumb
-
-set des3_krbtgt 0
-
-if { [string length $VALGRIND] } {
- rename spawn valgrind_aux_spawn
- proc spawn { args } {
- global VALGRIND
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- # Only run valgrind for local programs, not
- # system ones.
-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
- set newargs [concat $newargs $VALGRIND]
- }
- }
- lappend newargs $arg
- }
- set pid [eval valgrind_aux_spawn $newargs]
- return $pid
- }
-}
-
-# Hack around Solaris 9 kernel race condition that causes last output
-# from a pty to get dropped.
-if { $PRIOCNTL_HACK } {
- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
- rename spawn oldspawn
- proc spawn { args } {
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- set newargs [concat $newargs {priocntl -e -c FX -p 0}]
- }
- lappend newargs $arg
- }
- set pid [eval oldspawn $newargs]
- return $pid
- }
-}
-
-# The names of the individual passes must be unique; lots of things
-# depend on it. The PASSES variable may not contain comments; only
-# small pieces get evaluated, so comments will do strange things.
-
-# Most of the purpose of using multiple passes is to exercise the
-# dependency of various bugs on configuration file settings,
-# particularly with regards to encryption types.
-
-set passes {
- {
- des3
- mode=udp
- des3_krbtgt=1
- {supported_enctypes=des3-cbc-sha1:normal}
- {dummy=[verbose -log "DES3 TGT, DES3 enctype"]}
- }
- {
- aes-only
- mode=udp
- des3_krbtgt=0
- {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
- {allow_weak_crypto(kdc)=false}
- {allow_weak_crypto(replica)=false}
- {allow_weak_crypto(client)=false}
- {allow_weak_crypto(server)=false}
- {master_key_type=aes256-cts-hmac-sha1-96}
- {dummy=[verbose -log "AES enctypes"]}
- }
- {
- aes-sha2-only
- mode=udp
- des3_krbtgt=0
- {supported_enctypes=aes256-sha2:normal}
- {permitted_enctypes(kdc)=aes256-sha2}
- {permitted_enctypes(replica)=aes256-sha2}
- {permitted_enctypes(client)=aes256-sha2}
- {permitted_enctypes(server)=aes256-sha2}
- {allow_weak_crypto(kdc)=false}
- {allow_weak_crypto(replica)=false}
- {allow_weak_crypto(client)=false}
- {allow_weak_crypto(server)=false}
- {master_key_type=aes256-sha2}
- {dummy=[verbose -log "aes256-sha2 enctype"]}
- }
- {
- camellia-only
- mode=udp
- des3_krbtgt=0
- {supported_enctypes=camellia256-cts:normal}
- {permitted_enctypes(kdc)=camellia256-cts}
- {permitted_enctypes(replica)=camellia256-cts}
- {permitted_enctypes(client)=camellia256-cts}
- {permitted_enctypes(server)=camellia256-cts}
- {allow_weak_crypto(kdc)=false}
- {allow_weak_crypto(replica)=false}
- {allow_weak_crypto(client)=false}
- {allow_weak_crypto(server)=false}
- {master_key_type=camellia256-cts}
- {dummy=[verbose -log "Camellia-256 enctype"]}
- }
- {
- aes-des3
- mode=udp
- des3_krbtgt=0
- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal}
- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {master_key_type=aes256-cts-hmac-sha1-96}
- {dummy=[verbose -log "AES + DES3 + DES enctypes"]}
- }
- {
- aes-des3tgt
- mode=udp
- des3_krbtgt=1
- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal}
- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
- {master_key_type=aes256-cts-hmac-sha1-96}
- {dummy=[verbose -log "AES enctypes, DES3 TGT"]}
- }
- {
- all-enctypes
- mode=udp
- des3_krbtgt=0
- {allow_weak_crypto(kdc)=false}
- {allow_weak_crypto(replica)=false}
- {allow_weak_crypto(client)=false}
- {allow_weak_crypto(server)=false}
- {dummy=[verbose -log "all default enctypes"]}
- }
-}
-
-# This shouldn't be necessary on dejagnu-1.4 and later, but 1.3 seems
-# to need it because its runtest.exp doesn't deal with PASS at all.
-if [info exists PASS] {
- foreach pass $passes {
- if { [lsearch -exact $PASS [lindex $pass 0]] >= 0 } {
- lappend MULTIPASS $pass
- }
- }
-} else {
- set MULTIPASS $passes
-}
-
-set last_passname_conf ""
-set last_passname_db ""
-
-# We do everything in a temporary directory.
-if ![info exists TMPDIR] {
- set tmppwd "[pwd]/tmpdir"
- if ![file isdirectory $tmppwd] {
- catch "exec mkdir $tmppwd" status
- }
-} else {
- set tmppwd $TMPDIR
-}
-verbose "tmppwd=$tmppwd"
-
-# On Ultrix, use /bin/sh5 in preference to /bin/sh.
-if ![info exists BINSH] {
- if [file exists /bin/sh5] {
- set BINSH /bin/sh5
- } else {
- set BINSH /bin/sh
- }
-}
-
-# For security, we must not use generally known passwords. This is
-# because some of the tests may be run as root. If the passwords were
-# generally know, then somebody could work out the appropriate
-# Kerberos ticket to use, and come in when, say, the telnetd daemon
-# was being tested by root. The window for doing this is very very
-# small, so the password does not have to be perfect, it just can't be
-# constant.
-if ![info exists KEY] {
- catch {exec $BINSH -c "echo $$"} KEY
- verbose "KEY is $KEY"
- set keyfile [open $tmppwd/KEY w]
- puts $keyfile "$KEY"
- close $keyfile
-}
-
-# Clear away any files left over from a previous run.
-# We can't use them now because we don't know the right KEY.
-# krb5.conf might change if running tests on another host
-file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/replica.conf \
- $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \
- $tmppwd/krb5.kdc.conf $tmppwd/krb5.replica.conf
-
-proc delete_db {} {
- global tmppwd
- # Master and replica db files
- file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \
- $tmppwd/kdc-db.kadm5.lock $tmppwd/kdc-db.mdb $tmppwd/kdc-db.mdb-lock \
- $tmppwd/kdc-db.lockout.mdb $tmppwd/kdc-db.lockout.mdb-lock \
- $tmppwd/kdc-db.ulog \
- $tmppwd/replica-db $tmppwd/replica-db.ok $tmppwd/replica-db.kadm5 $tmppwd/replica-db.kadm5.lock \
- $tmppwd/replica-db~ $tmppwd/replica-db~.ok $tmppwd/replica-db~.kadm5 $tmppwd/replica-db~.kadm5.lock
- # Creating a new database invalidates the keytab and ccache.
- file delete $tmppwd/keytab $tmppwd/tkt
-}
-
-delete_db
-
-# Put the installed kerberos directories on PATH.
-# This needs to be fixed for V5.
-# set env(PATH) $env(PATH):/usr/kerberos/bin:/usr/kerberos/etc
-# verbose "PATH=$env(PATH)"
-
-# Some of the tests expect $env(USER) to be set.
-if ![info exists env(USER)] {
- if [info exists env(LOGNAME)] {
- set env(USER) $env(LOGNAME)
- } else {
- if [info exists logname] {
- set env(USER) $logname
- } else {
- catch "exec whoami" env(USER)
- }
- }
-}
-
-# set the realm. The user can override this on the runtest line.
-if ![info exists REALMNAME] {
- set REALMNAME "KRBTEST.COM"
-}
-verbose "Test realm is $REALMNAME"
-
-# Find some programs we need. We use the binaries from the build tree
-# if they exist. If they do not, then they must be in PATH. We
-# expect $objdir to be ...tests/dejagnu.
-
-foreach i {
- {KDB5_UTIL $objdir/../../kadmin/dbutil/kdb5_util}
- {KRB5KDC $objdir/../../kdc/krb5kdc}
- {KADMIND $objdir/../../kadmin/server/kadmind}
- {KADMIN $objdir/../../kadmin/cli/kadmin}
- {KADMIN_LOCAL $objdir/../../kadmin/cli/kadmin.local}
- {KINIT $objdir/../../clients/kinit/kinit}
- {KTUTIL $objdir/../../kadmin/ktutil/ktutil}
- {KLIST $objdir/../../clients/klist/klist}
- {KDESTROY $objdir/../../clients/kdestroy/kdestroy}
- {T_INETD $objdir/../t_inetd}
- {KPROPLOG $objdir/../../kprop/kproplog}
- {KPASSWD $objdir/../../clients/kpasswd/kpasswd}
- {KPROPD $objdir/../../kprop/kpropd}
- {KPROP $objdir/../../kprop/kprop}
-} {
- set varname [lindex $i 0]
- if ![info exists $varname] {
- eval set varval [lindex $i 1]
- set varval [findfile $varval]
- set $varname $varval
- verbose "$varname=$varval"
- } {
- eval set varval \$$varname
- verbose "$varname already set to $varval"
- }
-}
-
-verbose "setting up onexit handler (old handler=[exit -onexit])"
-exit -onexit [concat {
- verbose "calling stop_kerberos_daemons (onexit handler)"
- stop_kerberos_daemons;
-} [exit -onexit]]
-
-# run_once
-
-# Many tests are independent of the actual enctypes used, which is
-# what our passes are (currently) all about. Use this to prevent
-# multiple invocations. If a test depends on, say, the master key
-# type but nothing else, you could also use the master key type in the
-# tag name, and avoid redundant tests in additional passes using the
-# same master key type.
-
-proc run_once { tag body } {
- global run_once_tags
- if ![info exists run_once_tags($tag)] {
- set run_once_tags($tag) 1
- uplevel 1 $body
- }
-}
-
-# check_exit_status
-# Check the exit status of a spawned program (using the caller's value
-# of spawn_id). Returns 1 if the program succeeded, 0 if it failed.
-
-proc check_exit_status { testname } {
- upvar 1 spawn_id spawn_id
-
- verbose "about to wait ($testname)"
- set status_list [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $status_list ($testname)"
- catch "close -i $spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- verbose -log "exit status: $status_list"
- fail "$testname"
- return 0
- } else {
- return 1
- }
-}
-
-#
-# ENVSTACK
-#
-
-# These procedures implement an environment variable stack. They use
-# the global variable $envvars_tosave for the purpose of identifying
-# which environment variables to save. They also track which ones are
-# unset at any particular point. The stack pointer is $envstackp,
-# which is an integer. The arrays $envstack$envstackp and
-# $unenvstack$envstackp store respectively the set of old environment
-# variables/values pushed onto the stack and the set of old unset
-# environment variables for a given value of $envstackp.
-
-# Changing the value of $envvars_tosave after performing the first
-# push operation may result in strangeness.
-
-#
-# envstack_push
-#
-# Push set of current environment variables.
-#
-proc envstack_push { } {
- global env
- global envvars_tosave
- global envstackp
- global envstack$envstackp
- global unenvstack$envstackp
-
- verbose "envstack_push: starting, sp=$envstackp"
- foreach i $envvars_tosave {
- if [info exists env($i)] {
- verbose "envstack_push: saving $i=$env($i)"
- set envstack${envstackp}($i) $env($i)
- } {
- verbose "envstack_push: marking $i as unset"
- set unenvstack${envstackp}($i) unset
- }
- }
- incr envstackp
- verbose "envstack_push: exiting, sp=$envstackp"
-}
-
-#
-# envstack_pop
-#
-# Pop set of current environment variables.
-#
-proc envstack_pop { } {
- global env
- global envstackp
-
- verbose "envstack_pop: starting, sp=$envstackp"
- incr envstackp -1
- global envstack$envstackp # YUCK!!! no obvious better way though...
- global unenvstack$envstackp
- if {$envstackp < 0} {
- perror "envstack_pop: stack underflow!"
- return
- }
- if [info exists envstack$envstackp] {
- foreach i [array names envstack$envstackp] {
- if [info exists env($i)] {
- verbose "envstack_pop: $i was $env($i)"
- }
- eval set env($i) \$envstack${envstackp}($i)
- verbose "envstack_pop: restored $i to $env($i)"
- }
- unset envstack$envstackp
- }
- if [info exists unenvstack$envstackp] {
- foreach i [array names unenvstack$envstackp] {
- if [info exists env($i)] {
- verbose "envstack_pop: $i was $env($i)"
- unset env($i)
- verbose "envstack_pop: $i unset"
- } {
- verbose "envstack_pop: ignoring already unset $i"
- }
- }
- unset unenvstack$envstackp
- }
- verbose "envstack_pop: exiting, sp=$envstackp"
-}
-
-#
-# Initialize the envstack
-#
-set envvars_tosave {
- KRB5_CONFIG KRB5CCNAME KRB5_CLIENT_KTNAME KRB5RCACHEDIR KRB5_KDC_PROFILE
- GSS_MECH_CONFIG
-}
-set krb5_init_vars [list ]
-# XXX -- fix me later!
-foreach i $runvarlist {
- verbose "processing $i"
- if {[regexp "^(\[^=\]*)=(.*)" $i foo evar evalue]} {
- verbose "adding $evar to savelist"
- lappend envvars_tosave $evar
- verbose "savelist $envvars_tosave"
- lappend krb5_init_vars $i
- }
- # Make sure we don't get confused by translated messages
- # or localized times.
- lappend envvars_tosave "LC_ALL"
- lappend krb5_init_vars "LC_ALL=C"
-}
-set envstackp 0
-envstack_push
-
-# setup_runtime_flags
-# Sets the proper flags for shared libraries.
-# Configuration is through a site.exp and the runvarlist variable
-# Returns 1 if variables were already set, otherwise 0
-proc setup_runtime_env { } {
- global env
- global krb5_init_vars
-
- # Set the variables
- foreach i $krb5_init_vars {
- regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
- set env($evar) "$evalue"
- verbose "$evar=$evalue"
- }
- return 0
-}
-
-# get_hostname
-# This procedure sets the global variable hostname to the local
-# hostname as seen by krb5_sname_to_principal. Returns 1 on success,
-# 0 on failure.
-
-proc get_hostname { } {
- global hostname
- global tmppwd
-
- if {[info exists hostname]} {
- return 1
- }
-
- envstack_push
- setup_runtime_env
- catch "exec hostname >$tmppwd/hostname" exec_output
- envstack_pop
- if ![string match "" $exec_output] {
- verbose -log $exec_output
- perror "can't get hostname"
- return 0
- }
- set file [open $tmppwd/hostname r]
- if { [ gets $file hostname ] == -1 } {
- perror "no output from hostname"
- return 0
- }
- close $file
- file delete $tmppwd/hostname
-
- set hostname [string tolower $hostname]
-
- return 1
-}
-
-# modify_principal name options...
-
-proc modify_principal { name args } {
- global KADMIN_LOCAL
- global REALMNAME
-
- envstack_push
- setup_kerberos_env kdc
- spawn $KADMIN_LOCAL -r $REALMNAME
- envstack_pop
- expect_after {
- eof {
- fail "modprinc (kadmin.local)"
- return 0
- }
- timeout {
- fail "modprinc (kadmin.local)"
- return 0
- }
- }
- expect "kadmin.local: "
- send "modprinc $args $name\r"
- expect -re "modprinc \[^\n\r\]* $name"
- expect -re "Principal .* modified."
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status "kadmin.local modprinc"] {
- perror "kadmin.local modprinc exited abnormally"
- }
- return 1
-}
-
-# kdc listens on +0..+3, depending whether we're testing reachable or not
-# client tries +1 and +6
-# kadmind +4
-# kpasswd +5
-# (nothing) +6
-# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
-# iprop +9 (if enabled)
-# kpropd +10
-if [info exists PORTBASE] {
- set portbase $PORTBASE
-} else {
- set portbase 3085
-}
-
-set ulog 0
-
-# setup_kerberos_files
-# This procedure will create some Kerberos files which must be created
-# manually before trying to run any Kerberos programs. Returns 1 on
-# success, 0 on failure.
-
-proc setup_kerberos_files { } {
- global REALMNAME
- global hostname
- global tmppwd
- global supported_enctypes
- global last_passname_conf
- global multipass_name
- global master_key_type
- global mode
- global portbase
- global ulog
-
- if ![get_hostname] {
- return 0
- }
-
- setup_krb5_conf client
- setup_krb5_conf server
- setup_krb5_conf kdc
- setup_krb5_conf replica
-
- # Create a kdc.conf file.
- if { ![file exists $tmppwd/kdc.conf] \
- || $last_passname_conf != $multipass_name } {
- set conffile [open $tmppwd/kdc.conf w]
- puts $conffile "\[kdcdefaults\]"
- puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
- puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
- puts $conffile ""
- puts $conffile "\[realms\]"
- puts $conffile " $REALMNAME = \{"
- # Testing with a colon in the name exercises default handling
- # for pathnames.
- puts $conffile " key_stash_file = $tmppwd/stash:foo"
- puts $conffile " acl_file = $tmppwd/acl"
- puts $conffile " kadmind_port = [expr 4 + $portbase]"
- puts $conffile " kpasswd_port = [expr 5 + $portbase]"
- puts $conffile " max_life = 1:00:00"
- puts $conffile " max_renewable_life = 3:00:00"
- if [info exists master_key_type] {
- puts $conffile " master_key_type = $master_key_type"
- }
- puts $conffile " master_key_name = master/key"
- if [info exists supported_enctypes] {
- puts $conffile " supported_enctypes = $supported_enctypes"
- }
- if { $mode == "tcp" } {
- puts $conffile " kdc_listen = [expr 3 + $portbase]"
- puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]"
- } else {
- puts $conffile " kdc_listen = [expr 1 + $portbase]"
- puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]"
- }
- puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
- puts $conffile " default_principal_flags = -postdateable forwardable"
- puts $conffile " dict_file = $tmppwd/dictfile"
- if { $ulog != 0 } {
- puts $conffile " iprop_enable = true"
- puts $conffile " iprop_port = [expr 9 + $portbase]"
- puts $conffile " iprop_logfile = $tmppwd/db.ulog"
- } else {
- puts $conffile "# no ulog"
- }
- puts $conffile " \}"
- puts $conffile ""
- close $conffile
- }
-
- # Create a config file for the replica KDC (kpropd only, no normal
- # KDC processes).
- if { ![file exists $tmppwd/replica.conf] \
- || $last_passname_conf != $multipass_name } {
- set conffile [open $tmppwd/replica.conf w]
- puts $conffile "\[kdcdefaults\]"
- puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
- puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
- puts $conffile ""
- puts $conffile "\[realms\]"
- puts $conffile " $REALMNAME = \{"
- # Testing with a colon in the name exercises default handling
- # for pathnames.
- puts $conffile " key_stash_file = $tmppwd/replica-stash"
- puts $conffile " acl_file = $tmppwd/replica-acl"
- puts $conffile " kadmind_port = [expr 4 + $portbase]"
- puts $conffile " kpasswd_port = [expr 5 + $portbase]"
- puts $conffile " max_life = 1:00:00"
- puts $conffile " max_renewable_life = 3:00:00"
- if [info exists master_key_type] {
- puts $conffile " master_key_type = $master_key_type"
- }
- puts $conffile " master_key_name = master/key"
- if [info exists supported_enctypes] {
- puts $conffile " supported_enctypes = $supported_enctypes"
- }
- if { $mode == "tcp" } {
- puts $conffile " kdc_listen = [expr 3 + $portbase]"
- puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]"
- } else {
- puts $conffile " kdc_listen = [expr 1 + $portbase]"
- puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]"
- }
- puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
- puts $conffile " default_principal_flags = -postdateable forwardable"
- puts $conffile " dict_file = $tmppwd/dictfile"
- if { $ulog != 0 } {
- puts $conffile " iprop_enable = true"
- puts $conffile " iprop_port = [expr 9 + $portbase]"
- puts $conffile " iprop_logfile = $tmppwd/replica-db.ulog"
- } else {
- puts $conffile "# no ulog"
- }
- puts $conffile " \}"
- puts $conffile ""
- close $conffile
- }
-
- # Create ACL file.
- set aclfile [open $tmppwd/acl w]
- puts $aclfile "krbtest/admin@$REALMNAME *"
- puts $aclfile "kiprop/$hostname@$REALMNAME p"
- close $aclfile
-
- # Create dictfile file.
- if ![file exists $tmppwd/dictfile] {
- set dictfile [open $tmppwd/dictfile w]
- puts $dictfile "weak_password"
- close $dictfile
- }
-
- set last_passname_conf $multipass_name
- return 1
-}
-
-proc reset_kerberos_files { } {
- global tmppwd
- file delete $tmppwd/kdc.conf $tmppwd/replica.conf \
- $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \
- $tmppwd/krb5.kdc.conf
- setup_kerberos_files
-}
-
-proc setup_krb5_conf { {type client} } {
- global tmppwd
- global hostname
- global REALMNAME
- global last_passname_conf
- global multipass_name
- global default_tgs_enctypes
- global default_tkt_enctypes
- global permitted_enctypes
- global allow_weak_crypto
- global mode
- global portbase
- global srcdir
- global env
-
- set pkinit_certs [findfile "[pwd]/$srcdir/../pkinit-certs" "$srcdir/../pkinit-certs"]
- # Create a krb5.conf file.
- if { ![file exists $tmppwd/krb5.$type.conf] \
- || $last_passname_conf != $multipass_name } {
- set conffile [open $tmppwd/krb5.$type.conf w]
- puts $conffile "\[libdefaults\]"
- puts $conffile " default_realm = $REALMNAME"
- puts $conffile " dns_lookup_kdc = false"
- puts $conffile " dns_canonicalize_hostname = fallback"
- puts $conffile " qualify_shortname = \"\""
- if [info exists allow_weak_crypto($type)] {
- puts $conffile " allow_weak_crypto = $allow_weak_crypto($type)"
- } else {
- puts $conffile " allow_weak_crypto = true"
- }
- puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem"
- if [info exists default_tgs_enctypes($type)] {
- puts $conffile \
- " default_tgs_enctypes = $default_tgs_enctypes($type)"
- }
- if [info exists default_tkt_enctypes($type)] {
- puts $conffile \
- " default_tkt_enctypes = $default_tkt_enctypes($type)"
- }
- if [info exists permitted_enctypes($type)] {
- puts $conffile \
- " permitted_enctypes = $permitted_enctypes($type)"
- }
- if { $mode == "tcp" } {
- puts $conffile " udp_preference_limit = 1"
- }
- puts $conffile " plugin_base_dir = $tmppwd/../../../plugins"
- puts $conffile ""
- puts $conffile "\[realms\]"
- puts $conffile " $REALMNAME = \{"
- # There's probably nothing listening here. It would be a good
- # test for the handling of a non-responsive KDC address. However,
- # on some systems, like Tru64, we often wind up with the client's
- # socket bound to this address, causing our request to appear in
- # our incoming queue as if it were a response, which causes test
- # failures. If we were running the client and KDC on different
- # hosts, this would be okay....
- #puts $conffile " kdc = $hostname:[expr 6 + $portbase]"
- puts $conffile " pkinit_identity = FILE:$pkinit_certs/kdc.pem,$pkinit_certs/privkey.pem"
- puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem"
- puts $conffile " kdc = $hostname:[expr 1 + $portbase]"
- puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
- puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
- puts $conffile " database_module = db"
- puts $conffile " \}"
- puts $conffile ""
- puts $conffile "\[domain_realm\]"
- puts $conffile " $hostname = $REALMNAME"
- puts $conffile ""
- puts $conffile "\[logging\]"
- puts $conffile " admin_server = FILE:$tmppwd/kadmind5.log"
- puts $conffile " kdc = FILE:$tmppwd/kdc.log"
- puts $conffile " default = FILE:$tmppwd/others.log"
- puts $conffile ""
- puts $conffile "\[dbmodules\]"
- puts $conffile " db_module_dir = $tmppwd/../../../plugins/kdb"
- puts $conffile " db = {"
- if [info exists env(K5TEST_LMDB)] {
- puts $conffile " db_library = klmdb"
- puts $conffile " nosync = true"
- } else {
- puts $conffile " db_library = db2"
- }
- puts $conffile " database_name = $tmppwd/$type-db"
- puts $conffile " }"
- close $conffile
- }
-}
-
-# Save the original values of the environment variables we are going
-# to muck with.
-
-# XXX deal with envstack later.
-
-if [info exists env(KRB5_CONFIG)] {
- set orig_krb5_conf $env(KRB5_CONFIG)
-} else {
- catch "unset orig_krb5_config"
-}
-
-if [info exists env(KRB5CCNAME)] {
- set orig_krb5ccname $env(KRB5CCNAME)
-} else {
- catch "unset orig_krb5ccname"
-}
-
-if [info exists env(KRB5_CLIENT_KTNAME)] {
- set orig_krb5clientktname $env(KRB5_CLIENT_KTNAME)
-} else {
- catch "unset orig_krb5clientktname"
-}
-
-if [ info exists env(KRB5RCACHEDIR)] {
- set orig_krb5rcachedir $env(KRB5RCACHEDIR)
-} else {
- catch "unset orig_krb5rcachedir"
-}
-
-if [ info exists env(GSS_MECH_CONFIG)] {
- set orig_gss_mech_config $env(GSS_MECH_CONFIG)
-} else {
- catch "unset orig_gss_mech_config"
-}
-
-# setup_kerberos_env
-# Set the environment variables needed to run Kerberos programs.
-
-proc setup_kerberos_env { {type client} } {
- global REALMNAME
- global env
- global tmppwd
- global hostname
- global krb5_init_vars
- global portbase
-
- # Set the environment variable KRB5_CONFIG to point to our krb5.conf file.
- # All the Kerberos tools check KRB5_CONFIG.
- # Actually, V5 doesn't currently use this.
- set env(KRB5_CONFIG) $tmppwd/krb5.$type.conf
- verbose "KRB5_CONFIG=$env(KRB5_CONFIG)"
-
- # Direct the Kerberos programs at a local ticket file.
- set env(KRB5CCNAME) $tmppwd/tkt
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-
- # Direct the Kerberos programs at a local client keytab.
- set env(KRB5_CLIENT_KTNAME) $tmppwd/client_keytab
- verbose "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)"
-
- # Direct the Kerberos server at a cache file stored in the
- # temporary directory.
- set env(KRB5RCACHEDIR) $tmppwd
- verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
-
- # Direct the GSS library at a nonexistent file in the temporary
- # directory, to avoid interference from system configuration.
- set env(GSS_MECH_CONFIG) $tmppwd/mech.conf
- verbose "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)"
-
- # Get the run time environment variables... (including LD_LIBRARY_PATH)
- setup_runtime_env
-
- # Set our kdc config file, if needed.
- switch $type {
- client -
- server { catch {unset env(KRB5_KDC_PROFILE)} }
- kdc { set env(KRB5_KDC_PROFILE) $tmppwd/kdc.conf }
- replica { set env(KRB5_KDC_PROFILE) $tmppwd/replica.conf }
- default { error "unknown config file type $type" }
- }
- if [info exists env(KRB5_KDC_PROFILE)] {
- verbose "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)"
- }
-
- # Create an environment setup script. (For convenience)
- if ![file exists $tmppwd/$type-env.sh] {
- set envfile [open $tmppwd/$type-env.sh w]
- puts $envfile "KRB5_CONFIG=$env(KRB5_CONFIG)"
- puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)"
- puts $envfile "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)"
- puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
- puts $envfile "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)"
- if [info exists env(KRB5_KDC_PROFILE)] {
- puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)"
- } else {
- puts $envfile "unset KRB5_KDC_PROFILE"
- }
- puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR"
- puts $envfile "export KRB5_KDC_PROFILE KRB5_CLIENT_KTNAME"
- puts $envfile "export GSS_MECH_CONFIG"
- foreach i $krb5_init_vars {
- regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
- puts $envfile "$evar=$env($evar)"
- puts $envfile "export $evar"
- }
- close $envfile
- }
- if ![file exists $tmppwd/$type-env.csh] {
- set envfile [open $tmppwd/$type-env.csh w]
- puts $envfile "setenv KRB5_CONFIG $env(KRB5_CONFIG)"
- puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)"
- puts $envfile "setenv KRB5_CLIENT_KTNAME $env(KRB5_CLIENT_KTNAME)"
- puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)"
- puts $envfile "setenv GSS_MECH_CONFIG $env(GSS_MECH_CONFIG)"
- if [info exists env(KRB5_KDC_PROFILE)] {
- puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)"
- } else {
- puts $envfile "unsetenv KRB5_KDC_PROFILE"
- }
- foreach i $krb5_init_vars {
- regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
- puts $envfile "setenv $evar $env($evar)"
- }
- close $envfile
- }
- return 1
-}
-
-# setup_kerberos_db
-# Initialize the Kerberos database. If the argument is non-zero, call
-# pass at relevant points. Returns 1 on success, 0 on failure.
-
-proc setup_kerberos_db { standalone } {
- global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY
- global tmppwd hostname
- global spawn_id
- global des3_krbtgt
- global multipass_name last_passname_db
-
- set failall 0
-
- if {!$standalone && [file exists $tmppwd/kdc-db.ok] \
- && $last_passname_db == $multipass_name} {
- return 1
- }
-
- delete_db
-
- envstack_push
- if { ![setup_kerberos_files] || ![setup_kerberos_env kdc] } {
- set failall 1
- }
-
- # Set up a common expect_after for use in multiple places.
- set def_exp_after {
- timeout {
- set test "$test (timeout)"
- break
- }
- eof {
- set test "$test (eof)"
- break
- }
- }
-
- set test "kdb5_util create"
- set body {
- if $failall {
- break
- }
- #exec xterm
- verbose "starting $test"
- spawn $KDB5_UTIL -r $REALMNAME create -W
- expect_after $def_exp_after
-
- expect "Enter KDC database master key:"
-
- set test "kdb5_util create (verify)"
- send "masterkey$KEY\r"
- expect "Re-enter KDC database master key to verify:"
-
- set test "kdb5_util create"
- send "masterkey$KEY\r"
- expect {
- -re "\[Cc\]ouldn't" {
- expect eof
- break
- }
- "Cannot find/read stored" exp_continue
- "Warning: proceeding without master key" exp_continue
- eof { }
- }
- catch expect_after
- if ![check_exit_status kdb5_util] {
- break
- }
- }
- set ret [catch $body]
- catch expect_after
- if $ret {
- set failall 1
- if $standalone {
- fail $test
- }
- } else {
- if $standalone {
- pass $test
- }
- }
-
- # Stash the master key in a file.
- set test "kdb5_util stash"
- set body {
- if $failall {
- break
- }
- spawn $KDB5_UTIL -r $REALMNAME stash
- verbose "starting $test"
- expect_after $def_exp_after
- expect "Enter KDC database master key:"
- send "masterkey$KEY\r"
- expect eof
- catch expect_after
- if ![check_exit_status kdb5_util] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- set failall 1
- if $standalone {
- fail $test
- } else {
- delete_db
- }
- } else {
- if $standalone {
- pass $test
- }
- }
-
- # Add an admin user.
- set test "kadmin.local ank krbtest/admin"
- set body {
- if $failall {
- break
- }
- spawn $KADMIN_LOCAL -r $REALMNAME
- verbose "starting $test"
- expect_after $def_exp_after
-
- expect "kadmin.local: "
- send "ank krbtest/admin@$REALMNAME\r"
- # It echos...
- expect "ank krbtest/admin@$REALMNAME\r"
- expect "Enter password for principal \"krbtest/admin@$REALMNAME\":"
- send "adminpass$KEY\r"
- expect "Re-enter password for principal \"krbtest/admin@$REALMNAME\":"
- send "adminpass$KEY\r"
- expect {
- "Principal \"krbtest/admin@$REALMNAME\" created" { }
- "Principal or policy already exists while creating*" { }
- }
- expect "kadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status kadmin_local] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- set failall 1
- if $standalone {
- fail $test
- } else {
- delete_db
- }
- } else {
- if $standalone {
- pass $test
- }
- }
-
- # Add an incremental-propagation service.
- set test "kadmin.local ank krbtest/fast"
- set body {
- if $failall {
- break
- }
- spawn $KADMIN_LOCAL -r $REALMNAME
- verbose "starting $test"
- expect_after $def_exp_after
-
- expect "kadmin.local: "
- send "ank +requires_preauth krbtest/fast@$REALMNAME\r"
- expect "Enter password for principal \"krbtest/fast@$REALMNAME\":"
- send "adminpass$KEY\r"
- expect "Re-enter password for principal \"krbtest/fast@$REALMNAME\":"
- send "adminpass$KEY\r"
- expect {
- "Principal \"krbtest/fast@$REALMNAME\" created" { }
- "Principal or policy already exists while creating*" { }
- }
- expect "kadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status kadmin_local] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- set failall 1
- if $standalone {
- fail $test
- } else {
- delete_db
- }
- } else {
- if $standalone {
- pass $test
- }
- }
-
- if $des3_krbtgt {
- # Set the TGT key to DES3.
- set test "kadmin.local TGT to DES3"
- set body {
- if $failall {
- break
- }
- spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal
- verbose "starting $test"
- expect_after $def_exp_after
-
- expect "kadmin.local: "
- send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
- # It echos...
- expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
- expect {
- "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { }
- }
- expect "kadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status kadmin_local] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- set failall 1
- if $standalone {
- fail $test
- } else {
- delete_db
- }
- } else {
- if $standalone {
- pass $test
- }
- }
- }
- envstack_pop
-
- # create the admin database lock file
- catch "exec touch $tmppwd/adb.lock"
-
- set last_passname_db $multipass_name
- return 1
-}
-
-# setup_replica_db
-# Initialize the replica Kerberos database. Returns 1 on success, 0 on
-# failure.
-
-proc setup_replica_db { } {
- global REALMNAME
- global KDB5_UTIL
- global KADMIN_LOCAL
- global KEY
- global tmppwd
- global spawn_id
-
- set failall 0
-
- envstack_push
- if { ![setup_kerberos_files] || ![setup_kerberos_env replica] } {
- set failall 1
- }
-
- # Set up a common expect_after for use in multiple places.
- set def_exp_after {
- timeout {
- set test "$test (timeout)"
- break
- }
- eof {
- set test "$test (eof)"
- break
- }
- }
-
- set test "replica kdb5_util create "
- set body {
- if $failall {
- break
- }
- #exec xterm
- verbose "starting $test"
- spawn $KDB5_UTIL -r $REALMNAME create -W
- expect_after $def_exp_after
-
- expect "Enter KDC database master key:"
-
- set test "replica kdb5_util create (verify)"
- send "masterkey$KEY\r"
- expect "Re-enter KDC database master key to verify:"
-
- set test "replica kdb5_util create"
- send "masterkey$KEY\r"
- expect {
- -re "\[Cc\]ouldn't" {
- expect eof
- break
- }
- "Cannot find/read stored" exp_continue
- "Warning: proceeding without master key" exp_continue
- eof { }
- }
- catch expect_after
- if ![check_exit_status kdb5_util] {
- break
- }
- }
- set ret [catch $body]
- catch expect_after
- if $ret {
- set failall 1
- }
-
- # Stash the master key in a file.
- set test "replica kdb5_util stash"
- set body {
- if $failall {
- break
- }
- spawn $KDB5_UTIL -r $REALMNAME stash
- verbose "starting $test"
- expect_after $def_exp_after
- expect "Enter KDC database master key:"
- send "masterkey$KEY\r"
- expect eof
- catch expect_after
- if ![check_exit_status kdb5_util] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- set failall 1
- delete_db
- }
-
- if !$failall {
- # create the admin database lock file
- catch "exec touch $tmppwd/replica-adb.lock"
- }
-
- return [expr !$failall]
-}
-
-proc start_kpropd {} {
- global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd
- global spawn_id
-
- envstack_push
- setup_kerberos_env replica
- spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/keytab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
- set kpropd_pid [exp_pid]
- set kpropd_spawn_id $spawn_id
- envstack_pop
-}
-
-# start_kerberos_daemons
-# A procedure to build a Kerberos database and start up the kerberos
-# and kadmind daemons. This sets the global variables kdc_pid,
-# kdc_spawn_id, kadmind_pid, and kadmind_spawn_id. The procedure
-# stop_kerberos_daemons should be used to stop the daemons. If the
-# argument is non-zero, call pass at relevant points. Returns 1 on
-# success, 0 on failure.
-
-proc start_kerberos_daemons { standalone } {
- global REALMNAME
- global KRB5KDC
- global KADMIND
- global KEY
- global kdc_pid
- global kdc_spawn_id
- global kadmind_pid
- global kadmind_spawn_id
- global tmppwd
- global env
- global timeout
-
- if ![setup_kerberos_db 0] {
- return 0
- }
-
- if {$standalone} {
- file delete $tmppwd/krb.log $tmppwd/kadmind.log $tmppwd/krb5kdc_rcache
- }
-
- # Start up the kerberos daemon
- # Why are we doing all this with the log file you may ask.
- # We need a handle on when the server starts. If we log the output
- # of the server to say stderr, then if we stop looking for output,
- # buffers will fill and the server will stop working....
- # So, we look to see when a line is added to the log file and then
- # check it..
- # The same thing is done a little later for the kadmind
- set kdc_lfile $tmppwd/kdc.log
- set kadmind_lfile $tmppwd/kadmind5.log
- set kdc_pidfile $tmppwd/kdc.pid
- set kadmind_pidfile $tmppwd/kadmind.pid
-
- envstack_push
- setup_kerberos_env kdc
- # Nuke pid file - to test if setup
- file delete $kdc_pidfile
- spawn $KRB5KDC -r $REALMNAME -n -P $kdc_pidfile
- envstack_pop
- set kdc_pid [exp_pid]
- set kdc_spawn_id $spawn_id
-
- expect {
- "starting" { }
- eof {
- if {$standalone} {
- verbose -log "krb5kdc failed to start"
- fail "krb5kdc"
- } else {
- perror "krb5kdc failed to start"
- }
- stop_kerberos_daemons
- return 0
- }
- }
-
- if (![file exists $kdc_pidfile]) {
- fail "krb5kdc pidfile"
- stop_kerberos_daemons
- return 0
- }
- set f [open $kdc_pidfile "r"]
- if {[gets $f foundpid] < 0 || ![string equal $kdc_pid $foundpid]} {
- fail "krb5kdc pid file contents"
- close $f
- stop_kerberos_daemons
- return 0
- }
- close $f
-
- if {$standalone} {
- pass "krb5kdc"
- }
-
- # Give the kerberos daemon a few seconds to get set up.
-# sleep 2
-
- #
- # Save setting of KRB5_KTNAME. We do not want to override kdc.conf
- # file during kadmind startup. (this is in case user has KRB5_KTNAME
- # set before starting make check)
- #
- if [info exists env(KRB5_KTNAME)] {
- set start_save_ktname $env(KRB5_KTNAME)
- }
- catch "unset env(KRB5_KTNAME)"
-
- # Start up the kadmind daemon
- envstack_push
- setup_kerberos_env kdc
- file delete $kadmind_pidfile
- spawn $KADMIND -r $REALMNAME -W -nofork -P $kadmind_pidfile
- envstack_pop
- set kadmind_pid [exp_pid]
- set kadmind_spawn_id $spawn_id
-
- # Restore KRB5_KTNAME
- if [info exists start_save_ktname] {
- set env(KRB5_KTNAME) $start_save_ktname
- unset start_save_ktname
- }
-
- expect {
- "Seeding random number" exp_continue
- "No principal in keytab matches desired name" {
- dump_db
- exp_continue
- }
- "starting" { }
- eof {
- verbose -log "kadmind failed to start"
- if {$standalone} {
- fail "kadmind"
- } else {
- perror "kadmind failed to start"
- }
- stop_kerberos_daemons
- return 0
- }
- }
-
- if (![file exists $kadmind_pidfile]) {
- fail "kadmind pidfile"
- stop_kerberos_daemons
- return 0
- }
- set f [open $kadmind_pidfile "r"]
- if {[gets $f foundpid] < 0 || ![string equal $kadmind_pid $foundpid]} {
- fail "kadmind pid file contents"
- close $f
- stop_kerberos_daemons
- return 0
- }
- close $f
-
- if {$standalone} {
- pass "kadmind"
- }
-
- # Give the kadmind daemon a few seconds to get set up.
-# sleep 2
-
- return 1
-}
-
-# stop_kerberos_daemons
-# Stop the kerberos daemons. Returns 1 on success, 0 on failure.
-
-proc stop_kerberos_daemons { } {
- global kdc_pid
- global kdc_spawn_id
- global kadmind_pid
- global kadmind_spawn_id
-
- verbose "entered stop_kerberos_daemons"
-
- if [info exists kdc_pid] {
- if [catch "exec kill $kdc_pid" msg] {
- verbose "kill kdc: $msg"
- }
- if [catch "expect -i $kdc_spawn_id eof" msg] {
- verbose "expect kdc eof: $msg"
- }
- set kdc_list [wait -i $kdc_spawn_id]
- verbose "wait -i $kdc_spawn_id returned $kdc_list (kdc)"
- unset kdc_pid
- unset kdc_list
- }
-
- if [info exists kadmind_pid] {
- if [catch "exec kill $kadmind_pid" msg] {
- verbose "kill kadmind: $msg"
- }
- if [catch "expect -i $kadmind_spawn_id eof" msg] {
- verbose "expect kadmind eof: $msg"
- }
- set kadmind_list [wait -i $kadmind_spawn_id]
- verbose "wait -i $kadmind_spawn_id returned $kadmind_list (kadmind5)"
- unset kadmind_pid
- unset kadmind_list
- }
-
- verbose "exiting stop_kerberos_daemons"
-
- return 1
-}
-
-# add_kerberos_key
-# Add an key to the Kerberos database. start_kerberos_daemons must be
-# called before this procedure. If the standalone argument is
-# non-zero, call pass at relevant points. Returns 1 on success, 0 on
-# failure.
-
-proc add_kerberos_key { kkey standalone } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- # Use kadmin to add an key.
- set test "kadmin ank $kkey"
- set body {
- envstack_push
- setup_kerberos_env client
- spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $kkey@$REALMNAME"
- envstack_pop
- verbose "starting $test"
- expect_after {
- "Cannot contact any KDC" {
- set test "$test (lost KDC)"
- break
- }
- timeout {
- set test "$test (timeout)"
- break
- }
- eof {
- set test "$test (eof)"
- break
- }
- }
- expect -re "assword\[^\r\n\]*: *"
- send "adminpass$KEY\r"
- expect "Enter password for principal \"$kkey@$REALMNAME\":"
- send "$kkey"
- send "$KEY\r"
- expect "Re-enter password for principal \"$kkey@$REALMNAME\":"
- send "$kkey"
- send "$KEY\r"
- expect {
- "Principal \"$kkey@$REALMNAME\" created" { }
- "Principal or policy already exists while creating*" { }
- }
- expect eof
- if ![check_exit_status kadmin] {
- break
- }
- }
- set ret [catch $body]
- catch "expect eof"
- catch expect_after
- if $ret {
- if $standalone {
- fail $test
- }
- return 0
- } else {
- if $standalone {
- pass $test
- }
- return 1
- }
-}
-
-# dump_db
-proc dump_db { } {
- global KADMIN_LOCAL
- global REALMNAME
-
- spawn $KADMIN_LOCAL -r $REALMNAME
- expect_after {
- eof {
- perror "failed to get debugging dump of database (eof)"
- }
- timeout {
- perror "failed to get debugging dump of database (timeout)"
- }
- }
- expect "kadmin.local: "
- send "getprincs\r"
- expect "kadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
-}
-
-# add_random_key
-# Add a key with a random password to the Kerberos database.
-# start_kerberos_daemons must be called before this procedure. If the
-# standalone argument is non-zero, call pass at relevant points.
-# Returns 1 on success, 0 on failure.
-
-proc add_random_key { kkey standalone } {
- global REALMNAME
- global KADMIN
- global KEY
- global spawn_id
-
- # Use kadmin to add an key.
- set test "kadmin ark $kkey"
- set body {
- envstack_push
- setup_kerberos_env client
- spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $kkey@$REALMNAME"
- envstack_pop
- expect_after {
- timeout {
- set test "$test (timeout)"
- break
- }
- eof {
- set test "$test (eof)"
- break
- }
- }
- expect -re "assword\[^\r\n\]*: *"
- send "adminpass$KEY\r"
- expect {
- "Principal \"$kkey@$REALMNAME\" created" { }
- "Principal or policy already exists while creating*" { }
- }
- expect eof
- if ![check_exit_status kadmin] {
- break
- }
- }
- if [catch $body] {
- catch expect_after
- if $standalone {
- fail $test
- }
- return 0
- } else {
- catch expect_after
- if $standalone {
- pass $test
- }
- return 1
- }
-}
-
-# setup_keytab
-# Set up a keytab file. start_kerberos_daemons and add_random_key
-# $id/$hostname must be called before this procedure. If the
-# argument is non-zero, call pass at relevant points. Returns 1 on
-# success, 0 on failure. If the id field is not provided, host is used.
-
-proc setup_keytab { standalone {id host} } {
- global REALMNAME
- global KADMIN_LOCAL
- global KEY
- global tmppwd
- global hostname
- global spawn_id
- global last_service
-
- if {!$standalone && [file exists $tmppwd/keytab] && $last_service == $id} {
- return 1
- }
-
- file delete $tmppwd/keytab $tmppwd/keytab.old
-
- if ![get_hostname] {
- return 0
- }
-
- file delete $hostname-new-keytab
-
- envstack_push
- setup_kerberos_env kdc
- spawn $KADMIN_LOCAL -r $REALMNAME
- envstack_pop
- expect_after {
- -re "(.*)\r\nkadmin.local: " {
- fail "kadmin.local keytab (unmatched output: $expect_out(1,string))"
- if {!$standalone} {
- file delete $tmppwd/keytab
- }
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin.local keytab"
- if {!$standalone} {
- file delete $tmppwd/keytab
- }
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin.local keytab"
- if {!$standalone} {
- file delete $tmppwd/keytab
- }
- catch "expect_after"
- return 0
- }
- }
- expect "kadmin.local: "
- send "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r"
- expect "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r\n"
- expect {
- -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-keytab." { }
- -re "\r\nkadmin.local: " {
- if {$standalone} {
- fail "kadmin.local keytab"
- } else {
- file delete $tmppwd/keytab
- }
- catch expect_after
- return 0
- }
- }
- expect "kadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status "kadmin.local keytab"] {
- if {!$standalone} {
- file delete $tmppwd/keytab
- }
- return 0
- }
-
- catch "exec mv -f $hostname-new-keytab $tmppwd/keytab" exec_output
- if ![string match "" $exec_output] {
- verbose -log "$exec_output"
- perror "can't mv new keytab"
- return 0
- }
-
- if {$standalone} {
- pass "kadmin.local keytab"
- }
-
- # Make the keytab file globally readable in case we are using a
- # root shell and the keytab is NFS mounted.
- catch "exec chmod a+r $tmppwd/keytab"
-
- # Remember what we just extracted
- set last_service $id
-
- return 1
-}
-
-# kinit
-# Use kinit to get a ticket. If the argument is non-zero, call pass
-# at relevant points. Returns 1 on success, 0 on failure.
-
-proc kinit { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distinguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -5 -f $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit"
- return 0
- }
- eof {
- fail "kinit"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if ![check_exit_status kinit] {
- return 0
- }
-
- if {$standalone} {
- pass "kinit"
- }
-
- return 1
-}
-
-proc kinit_renew { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- spawn $KINIT -5 -f $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit"
- return 0
- }
- eof {
- fail "kinit"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if ![check_exit_status kinit] {
- return 0
- }
-
- spawn $KINIT -R
- expect eof
- if ![check_exit_status "kinit_renew"] {
- return 0
- }
-
- return 1
-}
-
-# Retrieve a ticket using FAST armor
-proc kinit_fast { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
- global env
-
- # Use kinit to get a ticket.
- #
- spawn $KINIT -5 -f -T $env(KRB5CCNAME) $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit_fast"
- return 0
- }
- eof {
- fail "kinit_fast"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if ![check_exit_status kinit] {
- return 0
- }
-
- if {$standalone} {
- pass "kinit_fast"
- }
-
- return 1
-}
-
-proc kinit_anonymous { name } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- spawn $KINIT -5 -f -n $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- fail "kinit_anonymous (password requested)"
- return 0
- }
- timeout {
- fail "kinit_anonymous (timeout)"
- return 0
- }
- eof { }
- }
- if ![check_exit_status kinit] {
- fail "kinit anonymous"
- }
-
- pass "kinit anonymous"
- return 1
-}
-
-proc kinit_kt { name keytab standalone testname } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distinguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -5 -f -k -t $keytab $name@$REALMNAME
- expect {
- timeout {
- fail "kinit $testname"
- return 0
- }
- eof { }
- }
- if ![check_exit_status "kinit $testname"] {
- return 0
- }
-
- if {$standalone} {
- pass "kinit $testname"
- }
-
- return 1
-}
-
-# List tickets. Requires client and server names, and test name.
-# Checks that klist exist status is zero.
-# Records pass or fail, and returns 1 or 0.
-proc do_klist { myname servname testname } {
- global KLIST
- global tmppwd
-
- spawn $KLIST -5 -e
- expect {
- -re "Ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Default principal:\[ \]*$myname.*$servname\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
-
- expect eof
-
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-proc do_klist_kt { keytab testname } {
- global KLIST
- global tmppwd
-
- spawn $KLIST -5 -e -k $keytab
- expect {
- -re "Keytab name:\[ \]*(.+:)?.*KVNO Principal\r\n---- -*\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
- set more 1
- while {$more} {
- expect {
- -re { *[0-9][0-9]* *[a-zA-Z/@.-]* \([/a-zA-Z 0-9-]*\) *\r\n} {
- verbose -log "key: $expect_out(buffer)"
- }
- eof { set more 0 }
- }
- }
-
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-proc do_klist_err { testname } {
- global KLIST
- global spawn_id
-
- spawn $KLIST -5
- # Might say "credentials cache" or "credentials cache file".
- expect {
- -re "klist: No credentials cache found.*\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
- # We can't use check_exit_status, because we expect an exit status
- # of 1.
- catch "expect eof"
- set status_list [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $status_list ($testname)"
- if { [lindex $status_list 2] != 0 } {
- fail "$testname (bad exit status) $status_list"
- return 0
- } else { if { [lindex $status_list 3] != 1 } {
- fail "$testname (bad exit status) $status_list"
- return 0
- } else {
- pass $testname
- } }
- return 1
-}
-
-proc do_kdestroy { testname } {
- global KDESTROY
- global spawn_id
-
- spawn $KDESTROY -5
- if ![check_exit_status $testname] {
- fail $testname
- return 0
- }
- pass $testname
- return 1
-}
-
-proc xst { keytab name } {
- global KADMIN_LOCAL
- global REALMNAME
-
- envstack_push
- setup_kerberos_env kdc
- spawn $KADMIN_LOCAL -r $REALMNAME
- envstack_pop
- catch expect_after
- expect_after {
- -re "(.*)\r\nkadmin.local: " {
- fail "kadmin.local xst $keytab (unmatched output: $expect_out(1,string)"
- catch "expect_after"
- return 0
- }
- timeout {
- fail "kadmin.local xst $keytab (timeout)"
- catch "expect_after"
- return 0
- }
- eof {
- fail "kadmin.local xst $keytab (eof)"
- catch "expect_after"
- return 0
- }
- }
- expect "kadmin.local: "
- send "xst -k $keytab $name\r"
- expect -re "xst -k \[^\r\n\]*\r\n.*Entry for principal .* added to keytab WRFILE:.*\r\nkadmin.local: "
- send "quit\r"
- expect eof
- catch expect_after
- if ![check_exit_status "kadmin.local $keytab"] {
- perror "kadmin.local xst $keytab exited abnormally"
- return 0
- }
- return 1
-}
-
-# helpful sometimes for debugging the test suite
-proc export_debug_envvars { } {
- global env
- foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST KPASSWD REALMNAME GSSCLIENT KPROPLOG} {
- global $i
- if [info exists $i] { set env($i) [set $i] }
- }
-}
-proc spawn_xterm { } {
- export_debug_envvars
- exec "xterm"
-}
-proc spawn_shell { } {
- export_debug_envvars
- spawn "sh"
- exp_interact
-}
diff --git a/src/tests/dejagnu/deps b/src/tests/dejagnu/deps
deleted file mode 100644
index 2feac3c..0000000
--- a/src/tests/dejagnu/deps
+++ /dev/null
@@ -1 +0,0 @@
-# No dependencies here.
diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp
deleted file mode 100644
index 661e3fd..0000000
--- a/src/tests/dejagnu/krb-standalone/kprop.exp
+++ /dev/null
@@ -1,158 +0,0 @@
-# Password-changing Kerberos test.
-# This is a DejaGnu test script.
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc setup_replica {} {
- global tmppwd hostname REALMNAME env
- file delete $tmppwd/replica-stash $tmppwd/replica-acl
- file copy -force $tmppwd/stash:foo $tmppwd/replica-stash
- file copy -force $tmppwd/acl $tmppwd/replica-acl
- if ![file exists $tmppwd/kpropdacl] {
- set aclfile [open $tmppwd/kpropd-acl w]
- puts $aclfile "host/$hostname@$REALMNAME"
- close $aclfile
- }
- file copy -force $tmppwd/adb.lock $tmppwd/replica-adb.lock
- if [info exists env(K5TEST_LMDB)] {
- set suffixes { .mdb .mdb-lock .lockout.mdb .lockout.mdb-lock }
- } else {
- set suffixes { {} .kadm5 .kadm5.lock .ok }
- }
- foreach suffix $suffixes {
- file copy -force $tmppwd/kdc-db$suffix $tmppwd/replica-db$suffix
- }
-}
-
-proc scan_kpropd_output {} {
- global kpropd_spawn_id kpropd_pid
-
- # See if kpropd logged anything. It should exit after processing
- # one kprop connection.
- expect {
- -i $kpropd_spawn_id
- eof {
- wait -i $kpropd_spawn_id
- unset kpropd_spawn_id kpropd_pid
- }
- timeout { }
- -re "Connection from \[a-zA-Z.-\]*" { exp_continue }
- -re "krb5_recvauth" { exp_continue }
- -re "authenticated client" { exp_continue }
- -re "calling kdb5_util to load database\r\n" { exp_continue }
- -re "Child PID is \[0-9\]*\r\n" { exp_continue }
- -re "Rejected connection" {
- fail "kprop (rejected)"
- }
- }
-}
-
-proc doit { } {
- global KLIST KDESTROY
- global REALMNAME KEY
- global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id
- global hostname tmppwd spawn_id timeout
- global KRBIV supported_enctypes portbase mode ulog des3_krbtgt
-
- # Delete any db, ulog files
- delete_db
-
- # Initialize the Kerberos database. The argument tells
- # setup_kerberos_db that it is being called from here.
- if ![setup_kerberos_db 0] {
- return
- }
- setup_replica
- if ![start_kerberos_daemons 0] {
- return
- }
- if ![add_random_key host/$hostname 0] {
- fail "kprop (host key)"
- return
- }
- if ![setup_keytab 0] {
- fail "kprop (keytab)"
- return
- }
-
- # Get kprop server up and running.
- envstack_push
- setup_kerberos_env replica
- start_kpropd
- envstack_pop
-
- # Use kadmin to add a key.
- if ![add_kerberos_key wakawaka 0] {
- return
- }
-
- # Dump primary database.
- envstack_push
- setup_kerberos_env kdc
- spawn $KDB5_UTIL dump $tmppwd/replica_datatrans
- expect eof
- if ![check_exit_status "kprop (kdb5_util dump)"] { return }
-
- # Just in case kpropd is a little slow in starting up...
- sleep 1
-
- # Try a propagation.
- spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname
- expect eof
- set kprop_exit [check_exit_status "kprop (exit status)"]
- # log output for debugging
- scan_kpropd_output
- if !$kprop_exit { return }
-
- # Examine new database.
- setup_kerberos_env replica
- spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
- expect {
- wakawaka@ {
- expect eof
- }
- eof {
- fail "kprop (updated replica data)"
- return
- }
- timeout {
- fail "kprop (examining new db)"
- return
- }
- }
- pass "kprop"
-}
-
-run_once kprop {
- catch "unset kpropd_pid"
- catch "unset kpropd_spawn_id"
-
- # Set up the Kerberos files and environment.
- if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
- }
-
- set status [catch doit msg]
-
- stop_kerberos_daemons
-
- # if kpropd is running, kill it
- if [info exists kpropd_pid] {
- catch {
- exec kill $kpropd_pid
- expect -i $kpropd_spawn_id eof
- wait -i $kpropd_spawn_id
- unset kpropd_pid kpropd_spawn_id
- }
- }
-
- delete_db
-
- if { $status != 0 } {
- send_error "ERROR: error in kprop.exp\n"
- send_error "$msg\n"
- exit 1
- }
-}
diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp
deleted file mode 100644
index d67691e..0000000
--- a/src/tests/dejagnu/krb-standalone/standalone.exp
+++ /dev/null
@@ -1,287 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc dump_and_reload {} {
- global KDB5_UTIL
- global tmppwd
-
- set dumpfile $tmppwd/dump-file
- set dumpokfile $dumpfile.dump_ok
-
- set test1name "kdb5_util dump"
- set test2name "kdb5_util load"
-
- if [file exists $dumpfile] { file delete $dumpfile }
- if [file exists $dumpokfile] { file delete $dumpokfile }
-
- spawn $KDB5_UTIL dump $dumpfile
- expect {
- -re "..*" {
- fail $test1name
- untested $test2name
- return
- }
- timeout {
- fail $test1name
- untested $test2name
- return
- }
- eof { }
- }
- if ![check_exit_status $test1name] {
- untested $test2name
- return
- }
- if ![file exists $dumpfile]||![file exists $dumpokfile] {
- fail $test1name
- untested $test2name
- return
- }
- pass $test1name
-
- spawn $KDB5_UTIL load $dumpfile
- expect {
- -re "..*" {
- fail $test2name
- return
- }
- timeout {
- fail $test2name
- return
- }
- eof { }
- }
- if [check_exit_status $test2name] {
- pass $test2name
- }
-}
-
-proc kinit_wrong_pw { name badpass } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distinguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -5 -f $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "kinit started"
- }
- timeout {
- fail "kinit bad pw"
- return 0
- }
- eof {
- fail "kinit bad pw"
- return 0
- }
- }
- send "$badpass\r"
- expect {
- "Password incorrect while getting initial credentials" {
- }
- timeout {
- fail "kinit bad pw"
- # kill it?
- }
- eof {
- fail "kinit bad pw"
- return
- }
- }
- expect eof
-
- set status_list [wait -i $spawn_id]
- catch "close -i $spawn_id"
- verbose -log "exit status: $status_list"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- pass "kinit bad pw"
- } else {
- fail "kinit bad pw"
- }
-}
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global KADMIN_LOCAL
- global KTUTIL
- global hostname
- global tmppwd
- global spawn_id
- global supported_enctypes
- global KRBIV
- global portbase
- global mode
- global tmppwd
-
- setup_kerberos_env kdc
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- spawn $KADMIN_LOCAL -q "addpol fred"
- catch expect_after
- expect {
- timeout {
- fail "kadmin.local addpol fred"
- }
- eof {
- pass "kadmin.local addpol fred"
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
- catch "close -i $spawn_id"
-
- # Use ksrvutil to create a keytab entry.
- if ![setup_keytab 1] {
- return
- }
-
- # Test dump and load. Continue on, whatever the result.
- dump_and_reload
-
- spawn $KADMIN_LOCAL -q "getpols"
- expect {
- fred {
- pass "kadmin.local getpols"
- expect eof
- }
- timeout {
- fail "kadmin.local getpols"
- }
- eof {
- fail "kadmin.local getpols"
- }
- }
- set k_stat [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
- catch "close -i $spawn_id"
-
- # Test use of wrong password.
- kinit_wrong_pw krbtest/admin wrongpassword
-
- setup_kerberos_env client
- # Use kinit to get a ticket.
- if ![kinit krbtest/admin adminpass$KEY 1] {
- return
- }
-
- if ![kinit_renew krbtest/admin adminpass$KEY 1] {
- return
- }
-
- # Make sure that klist can see the ticket.
- if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
- return
- }
-
-# Get a ticket to later use with FAST
- if ![kinit krbtest/fast adminpass$KEY 1] {
- return
- }
-
- # Use fast to get a ticket
- if ![kinit_fast krbtest/fast adminpass$KEY 1] {
- return
- }
-
- # Destroy the ticket.
- spawn $KDESTROY -5
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "kdestroy"
-
- # Double check that the ticket was destroyed.
- if ![do_klist_err "klist after destroy"] { return }
-
- if ![add_random_key WELLKNOWN/ANONYMOUS 0] {
- return
- }
-
- # If we have anonymous then test it
- if [file exists "$tmppwd/../../../plugins/preauth/pkinit.so" ] {
- kinit_anonymous "WELLKNOWN/ANONYMOUS"
- }
-
- if ![add_random_key foo/bar 1] {
- return
- }
-
- set keytab $tmppwd/fookeytab
- catch "exec rm -f $keytab"
-
- modify_principal foo/bar -kvno 252
- foreach vno {253 254 255 256 257 258} {
- xst $tmppwd/fookeytab foo/bar
- do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno"
- kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
- do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
- do_kdestroy "kdestroy foo/bar vno $vno"
- }
- catch "exec rm -f $keytab"
- # Check that kadmin.local can actually read the correct kvno, even
- # if we don't expect kadmin to be able to.
- setup_kerberos_env kdc
- spawn $KADMIN_LOCAL -r $REALMNAME
- set ok 1
- expect_after {
- timeout { fail "kadmin.local correct high kvno" ; set ok 0 }
- eof { fail "kadmin.local correct high kvno" ; set ok 0 }
- }
- expect "kadmin.local: "
- send "getprinc foo/bar\r"
-# exec sleep 10
- expect "Key: vno $vno,"
- send "quit\r"
- expect eof
- if [check_exit_status "kadmin.local examine foo/bar for high kvno"] {
- if $ok {
- pass "kadmin.local correct high kvno"
- }
- }
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
diff --git a/src/tests/t_inetd.c b/src/tests/t_inetd.c
index e23c6b9..d22cf31 100644
--- a/src/tests/t_inetd.c
+++ b/src/tests/t_inetd.c
@@ -76,9 +76,6 @@ main(argc, argv)
int one = 1;
struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */
socklen_t namelen = sizeof(f_inaddr);
-#ifdef POSIX_SIGNALS
- struct sigaction csig;
-#endif
progname = argv[0];
@@ -126,16 +123,6 @@ main(argc, argv)
close(sock);
sock = 0;
- /* Don't wait for a child signal... Otherwise dejagnu gets confused */
-#ifdef POSIX_SIGNALS
- csig.sa_handler = SIG_IGN;
- sigemptyset(&csig.sa_mask);
- csig.sa_flags = 0;
- sigaction(SIGCHLD, &csig, (struct sigaction *)0);
-#else
- signal(SIGCHLD, SIG_IGN);
-#endif
-
if(execv(path, &argv[3]))
fprintf(stderr, "t_inetd: Could not exec %s\n", path);
exit(1);
More information about the cvs-krb5
mailing list