Imported Upstream version 1.10.2

[platform/upstream/krb5.git] / src / tests / dejagnu / krb-standalone / standalone.exp

# Standalone Kerberos test.
# This is a DejaGnu test script.
# This script tests that the Kerberos tools can talk to each other.

# This mostly just calls procedures in testsuite/config/default.exp.

# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
    return
}

# Initialize the Kerberos database.  The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 1] {
    return
}

# We are about to start up a couple of daemon processes.  We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.

proc dump_and_reload {} {
    global KDB5_UTIL
    global tmppwd

    set dumpfile $tmppwd/dump-file
    set dumpokfile $dumpfile.dump_ok

    set test1name "kdb5_util dump"
    set test2name "kdb5_util load"

    if [file exists $dumpfile] { file delete $dumpfile }
    if [file exists $dumpokfile] { file delete $dumpokfile }

    spawn $KDB5_UTIL dump $dumpfile
    expect {
        -re "..*" {
            fail $test1name
            untested $test2name
            return
        }
        timeout {
            fail $test1name
            untested $test2name
            return
        }
        eof { }
    }
    if ![check_exit_status $test1name] {
        untested $test2name
        return
    }
    if ![file exists $dumpfile]||![file exists $dumpokfile] {
        fail $test1name
        untested $test2name
        return
    }
    pass $test1name

    spawn $KDB5_UTIL load $dumpfile
    expect {
        -re "..*" {
            fail $test2name
            return
        }
        timeout {
            fail $test2name
            return
        }
        eof { }
    }
    if [check_exit_status $test2name] {
        pass $test2name
    }
}

proc kinit_wrong_pw { name badpass } {
    global REALMNAME
    global KINIT
    global spawn_id

    # Use kinit to get a ticket.
        #
        # For now always get forwardable tickets. Later when we need to make
        # tests that distiguish between forwardable tickets and otherwise
        # we should but another option to this proc. --proven
        #
    spawn $KINIT -5 -f $name@$REALMNAME
    expect {
        "Password for $name@$REALMNAME:" {
            verbose "kinit started"
        }
        timeout {
            fail "kinit bad pw"
            return 0
        }
        eof {
            fail "kinit bad pw"
            return 0
        }
    }
    send "$badpass\r"
    expect {
        "Password incorrect while getting initial credentials" {
        }
        timeout {
            fail "kinit bad pw"
            # kill it?
        }
        eof {
            fail "kinit bad pw"
            return
        }
    }
    expect eof

    set status_list [wait -i $spawn_id]
    catch "close -i $spawn_id"
    verbose -log "exit status: $status_list"
    if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
        pass "kinit bad pw"
    } else {
        fail "kinit bad pw"
    }
}

proc doit { } {
    global REALMNAME
    global KLIST
    global KDESTROY
    global KEY
    global KADMIN_LOCAL
    global KTUTIL
    global hostname
    global tmppwd
    global spawn_id
    global supported_enctypes
    global KRBIV
    global portbase
    global mode
    global tmppwd
    global MODULE_DIR

    setup_kerberos_env kdc

    # Start up the kerberos and kadmind daemons.
    if ![start_kerberos_daemons 1] {
        return
    }

    # Use kadmin to add an host key.
    if ![add_random_key host/$hostname 1] {
        return
    }

    spawn $KADMIN_LOCAL -q "addpol fred"
    catch expect_after
    expect {
        timeout {
            fail "kadmin.local addpol fred"
        }
        eof {
            pass "kadmin.local addpol fred"
        }
    }
    set k_stat [wait -i $spawn_id]
    verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
    catch "close -i $spawn_id"

    # Use ksrvutil to create a srvtab entry.
    if ![setup_srvtab 1] {
        return
    }

    # Test dump and load.  Continue on, whatever the result.
    dump_and_reload

    spawn $KADMIN_LOCAL -q "getpols"
    expect {
        fred {
            pass "kadmin.local getpols"
            expect eof
        }
        timeout {
            fail "kadmin.local getpols"
        }
        eof {
            fail "kadmin.local getpols"
        }
    }
    set k_stat [wait -i $spawn_id]
    verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
    catch "close -i $spawn_id"

    # Test use of wrong password.
    kinit_wrong_pw krbtest/admin wrongpassword

    setup_kerberos_env client
    # Use kinit to get a ticket.
    if ![kinit krbtest/admin adminpass$KEY 1] {
        return
    }

    if ![kinit_renew krbtest/admin adminpass$KEY 1] {
        return
    }

    # Make sure that klist can see the ticket.
    if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
        return
    }

# Get a ticket to later use with FAST
    if ![kinit krbtest/fast adminpass$KEY 1] {
        return
    }

    # Use fast to get a ticket
    if ![kinit_fast krbtest/fast adminpass$KEY 1] {
        return
    }

    # Destroy the ticket.
    spawn $KDESTROY -5
    if ![check_exit_status "kdestroy"] {
        return
    }
    pass "kdestroy"

    # Double check that the ticket was destroyed.
    if ![do_klist_err "klist after destroy"] { return }

    if ![add_random_key WELLKNOWN/ANONYMOUS 0] {
        return
    }

    # If we have anonymous  then test it
    if [file exists "$tmppwd/../../../util/fakedest$MODULE_DIR/preauth/pkinit.so" ] {
        kinit_anonymous "WELLKNOWN/ANONYMOUS"
    }

    if ![add_random_key foo/bar 1] {
        return
    }

    set keytab $tmppwd/fookeytab
    catch "exec rm -f $keytab"

    modify_principal foo/bar -kvno 252
    foreach vno {253 254 255 256 257 258} {
        xst $tmppwd/fookeytab foo/bar
        do_klist_kt $tmppwd/fookeytab "klist keytab foo/bar vno $vno"
        kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
        do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
        do_kdestroy "kdestroy foo/bar vno $vno"
    }
    catch "exec rm -f $keytab"
    # Check that kadmin.local can actually read the correct kvno, even
    # if we don't expect kadmin to be able to.
    setup_kerberos_env kdc
    spawn $KADMIN_LOCAL -r $REALMNAME
    set ok 1
    expect_after {
        timeout         { fail "kadmin.local correct high kvno" ; set ok 0 }
        eof             { fail "kadmin.local correct high kvno" ; set ok 0 }
    }
    expect "kadmin.local: "
    send "getprinc foo/bar\r"
#    exec sleep 10
    expect "Key: vno $vno,"
    send "quit\r"
    expect eof
    if [check_exit_status "kadmin.local examine foo/bar for high kvno"] {
        if $ok {
            pass "kadmin.local correct high kvno"
        }
    }
}

set status [catch doit msg]

stop_kerberos_daemons

if { $status != 0 } {
    send_error "ERROR: error in standalone.exp\n"
    send_error "$msg\n"
    exit 1
}