1 # Password-changing Kerberos test.
2 # This is a DejaGnu test script.
5 global tmppwd hostname REALMNAME KDB5_UTIL
6 file delete $tmppwd/slave-stash $tmppwd/slave-acl
7 file copy -force $tmppwd/acl $tmppwd/slave-acl
8 if ![file exists $tmppwd/kpropdacl] {
9 set aclfile [open $tmppwd/kpropd-acl w]
10 puts $aclfile "host/$hostname@$REALMNAME"
14 # copy database - must be used after master db set up
16 setup_kerberos_env kdc
17 set dumpfile $tmppwd/dump-file
18 file delete $dumpfile $dumpfile.dump_ok
19 if [catch {exec $KDB5_UTIL dump -i $dumpfile} msg] {
20 error "master dump failed: $msg"
22 setup_kerberos_env slave
23 foreach suffix { .kadm5.lock .ok } {
24 file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix
26 if [catch {exec $KDB5_UTIL load -i $dumpfile} msg] {
27 send_user "slave load failed: $msg"
28 error "slave load failed: $msg"
32 # We are about to start up a couple of daemon processes. We do all
33 # the rest of the tests inside a proc, so that we can easily kill the
34 # processes when the procedure ends.
38 global KLIST KDESTROY KADMIN_LOCAL KTUTIL KPROPLOG KPROPD KDB5_UTIL
39 global hostname tmppwd spawn_id kpropd_spawn_id kpropd_pid
40 global supported_enctypes KRBIV portbase mode
41 global ulog des3_krbtgt
43 # Delete any db, ulog files
50 # Initialize the Kerberos database. The argument tells
51 # setup_kerberos_db that it is being called from here.
52 if ![setup_kerberos_db 0] {
55 if ![start_kerberos_daemons 0] {
59 # Check that ulog file does exist
60 if [file exists $tmppwd/db.ulog] {
61 pass "create update log"
63 fail "create update log"
68 # Use kadmin to add a key.
69 if ![add_kerberos_key wakawaka 0] {
72 set c chocolate-flavored-school-bus
73 # Long enough to make realloc likely, but not enough to grow
74 # basic ulog entry size.
75 set longname $c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c
76 if ![add_kerberos_key $longname 0] {
79 if ![add_kerberos_key w 0] {
82 if ![modify_principal w -allow_tix] {
85 if ![modify_principal w +allow_tix] {
88 # Should test rename_principal once we have that.
90 # Run kproplog, look at output.
91 setup_kerberos_env kdc
95 fail "kproplog output"
99 fail "kproplog output"
104 expect -re "Kerberos update log"
105 expect -re "Update log dump"
106 expect -re "First serial \# : 1"
108 expect -re "Last serial \# : 9"
109 expect -re "Update Entry"
110 expect -re "Update serial \# : 1"
111 expect -re "Attributes changed : 12"
112 expect -re "Update Entry"
113 expect -re "Update serial \# : 3"
114 expect -re "Attributes changed : 6"
115 expect -re "Update Entry"
116 expect -re "Update serial \# : 5"
117 expect -re "Attributes changed : 12"
118 expect -re "Update Entry"
119 expect -re "Update serial \# : 5"
121 expect -re "Last serial \# : 8"
122 expect -re "Update Entry"
123 expect -re "Update serial \# : 1"
124 expect -re "Attributes changed : 12"
125 expect -re "Update Entry"
126 expect -re "Update serial \# : 3"
127 expect -re "Attributes changed : 12"
128 expect -re "Update Entry"
129 expect -re "Update serial \# : 4"
131 expect -re "Update operation : Add"
132 expect -re "Update principal : wakawaka@KRBTEST.COM"
135 fail "kproplog output"
139 expect -re "Attributes changed : 12"
141 pass "kproplog output"
144 if [check_exit_status kproplog] {
147 add_random_key host/$hostname 0
148 add_random_key kiprop/$hostname 0
150 # Already have kadmind running.
155 # Sleep 11s for built-in delay.
156 verbose "Delaying to bypass contention-avoidance code in kadmind/iprop"
159 # Launch slave kpropd.
161 # setup_kerberos_env slave
162 # send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
166 "Update transfer from master was OK" {
167 exec kill $kpropd_pid
168 wait -i $kpropd_spawn_id
169 unset kpropd_spawn_id kpropd_pid
171 -re ..* { exp_continue }
173 catch { exec kill $kpropd_pid }
177 wait -i $kpropd_spawn_id
178 unset kpropd_spawn_id kpropd_pid
183 # Check slave db for new principal.
184 setup_kerberos_env slave
185 spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
191 fail "kprop (updated slave data)"
195 fail "kprop (examining new db)"
201 # What about testing for full propagation? (Small number of
202 # entries in update log, change one principal's record a lot of
203 # times, then fire up incremental kpropd...) Do later.
207 catch "unset kpropd_pid"
208 catch "unset kpropd_spawn_id"
210 # Set up the Kerberos files and environment.
211 if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
215 set status [catch doit msg]
217 stop_kerberos_daemons
219 # if kpropd is running, kill it
220 if [info exists kpropd_pid] {
222 exec kill $kpropd_pid
223 expect -i $kpropd_spawn_id eof
224 wait -i $kpropd_spawn_id
225 unset kpropd_pid kpropd_spawn_id
233 if { $status != 0 } {
234 send_error "ERROR: error in iprop.exp\n"