|
Packit |
fd8b60 |
# Kerberos kadmin test.
|
|
Packit |
fd8b60 |
# This is a DejaGnu test script.
|
|
Packit |
fd8b60 |
# This script tests Kerberos kadmin5 using kadmin.local as verification.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_add - Test add new v5 principal function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Adds principal $pname with password $password. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_add { pname password } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*:" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
|
|
Packit |
fd8b60 |
expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
|
|
Packit |
fd8b60 |
expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to verify that a principal was created and that its
|
|
Packit |
fd8b60 |
# salt types are 0 (normal).
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "getprinc $pname\r" }
|
|
Packit |
fd8b60 |
expect "Principal: $pname@$REALMNAME" { set good 1 }
|
|
Packit |
fd8b60 |
expect "Expiration date:" { verbose "got expiration date" }
|
|
Packit |
fd8b60 |
expect "Last password change:" { verbose "got last pwchange" }
|
|
Packit |
fd8b60 |
expect "Password expiration date:" { verbose "got pwexpire date" }
|
|
Packit |
fd8b60 |
expect "Maximum ticket life:" { verbose "got max life" }
|
|
Packit |
fd8b60 |
expect "Maximum renewable life:" { verbose "got max rlife" }
|
|
Packit |
fd8b60 |
expect "Last modified:" { verbose "got last modified" }
|
|
Packit |
fd8b60 |
expect "Last successful authentication:" { verbose "last succ auth" }
|
|
Packit |
fd8b60 |
expect "Last failed authentication:" { verbose "last pw failed" }
|
|
Packit |
fd8b60 |
expect "Failed password attempts:" { verbose "num failed attempts" }
|
|
Packit |
fd8b60 |
expect "Number of keys:" { verbose "num keys"}
|
|
Packit |
fd8b60 |
expect {
|
|
Packit |
fd8b60 |
"Key: " { verbose "Key listed"
|
|
Packit |
fd8b60 |
exp_continue
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
"Attributes:" { verbose "attributes" }
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "q\r" }
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin add $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin add $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_add_rnd - Test add new v5 principal with random key function.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Adds principal $pname with random key. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_add_rnd { pname { flags "" } } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $flags $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin add rnd $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnd)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to verify that a principal was created and that its
|
|
Packit |
fd8b60 |
# salt types are 0 (normal).
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local:" { send "getprinc $pname\r" }
|
|
Packit |
fd8b60 |
expect "Principal: $pname@$REALMNAME" { set good 1 }
|
|
Packit |
fd8b60 |
expect "kadmin.local:" { send "q\r" }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin add_rnd $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_show - Test show principal function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Retrieves entry for $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_show { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principal $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin show $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin show $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin show $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *"
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
expect -re "\r.*Principal: $pname@$REALMNAME.*Key: .*Attributes:.*Policy: .*\r"
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin show $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_cpw - Test change password function of kadmin
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Change password of $pname to $password. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_cpw { pname password } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin cpw $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin cpw $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin cpw $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
|
|
Packit |
fd8b60 |
expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
|
|
Packit |
fd8b60 |
# When in doubt, jam one of these in there.
|
|
Packit |
fd8b60 |
expect "\r"
|
|
Packit |
fd8b60 |
expect "Password for \"$pname@$REALMNAME\" changed."
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin cpw $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_cpw_rnd - Test change random key function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Changes principal $pname's key to a new random key. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_cpw_rnd { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw -randkey $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin cpw_rnd $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin cpw_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin cpw_rnd $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
# When in doubt, jam one of these in there.
|
|
Packit |
fd8b60 |
expect "\r"
|
|
Packit |
fd8b60 |
expect "Key for \"$pname@$REALMNAME\" randomized."
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin cpw_rnd $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_modify - Test modify principal function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Modifies principal $pname with flags $flags. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_modify { pname flags } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "modprinc $flags $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin modify $pname ($flags) lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin modify $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin modify $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *"
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
# When in doubt, jam one of these in there.
|
|
Packit |
fd8b60 |
expect "\r"
|
|
Packit |
fd8b60 |
expect "Principal \"$pname@$REALMNAME\" modified."
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin modify $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_list - Test list database function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Lists the database and verifies that output matches regular expression
|
|
Packit |
fd8b60 |
# "(.*@$REALMNAME)*". Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_list { } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# "*" would match everything
|
|
Packit |
fd8b60 |
# "*n" should match a few like kadmin/admin but see ticket 5667
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principals *n"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin ldb lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
"Communication failure" {
|
|
Packit |
fd8b60 |
fail "kadmin ldb got RPC error"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin ldb"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin ldb"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "\(.*@$REALMNAME\r\n\)+"
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin list)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin ldb"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_extract - Test extract service key function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Extracts service key for service name $name instance $instance. Returns
|
|
Packit |
fd8b60 |
# 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_extract { instance name } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
catch "exec rm -f $tmppwd/keytab"
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst -k $tmppwd/keytab $name/$instance"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin xst $instance $name lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin xst $instance $name"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin xst $instance $name"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
catch "exec rm -f $instance-new-keytab"
|
|
Packit |
fd8b60 |
pass "kadmin xst $instance $name"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_delete - Test delete principal function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Deletes principal $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_delete { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "delprinc -force $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin_delete $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "Principal \"$pname@$REALMNAME\" deleted." { set good 1 }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin delprinc)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to verify that the old principal is not present.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "getprinc $pname\r" }
|
|
Packit |
fd8b60 |
expect "Principal does not exist while retrieving \"$pname@$REALMNAME\"." { set good 1 }
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "quit\r" }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_delete - Test delete principal function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Deletes principal $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_delete_locked_down { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# First test that we fail, then unlock and retry
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "delprinc -force $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin_delete $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "delete_principal: Operation requires ``delete'' privilege while deleting principal \"$pname@$REALMNAME\"" { set good 1 }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin delprinc)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to remove lockdown.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "modprinc -lockdown_keys $pname\r" }
|
|
Packit |
fd8b60 |
expect "Principal \"$pname@$REALMNAME\" modified." { set good 1 }
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "quit\r" }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
if {[kadmin_delete $pname]} { set good 1 }
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin delprinc $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kpasswd_cpw - Test password changing using kpasswd.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Change $princ's password from $opw to $npw. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kpasswd_cpw { princ opw npw } {
|
|
Packit |
fd8b60 |
global KPASSWD
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KPASSWD $princ
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kpasswd $princ $npw"
|
|
Packit |
fd8b60 |
# catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kpasswd $princ $npw"
|
|
Packit |
fd8b60 |
# catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# expect "Changing password for $princ."
|
|
Packit |
fd8b60 |
# expect "Old password:" { send "$opw\r" }
|
|
Packit |
fd8b60 |
# expect "New password:" { send "$npw\r" }
|
|
Packit |
fd8b60 |
# expect "New password (again):" { send "$npw\r" }
|
|
Packit |
fd8b60 |
expect "Password for $princ@$REALMNAME:" { send "$opw\r" }
|
|
Packit |
fd8b60 |
expect "Enter new password:" { send "$npw\r" }
|
|
Packit |
fd8b60 |
expect "Enter it again:" { send "$npw\r" }
|
|
Packit |
fd8b60 |
# expect "Kerberos password changed."
|
|
Packit |
fd8b60 |
expect "Password changed."
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ![check_exit_status "kpasswd"] {
|
|
Packit |
fd8b60 |
fail "kpasswd $princ $npw"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
pass "kpasswd $princ $npw"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_addpol - Test add new policy function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Adds policy $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_addpol { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "addpol $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to verify that a policy was created
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "getpol $pname\r" }
|
|
Packit |
fd8b60 |
expect "Policy: $pname" { set good 1 }
|
|
Packit |
fd8b60 |
expect "Maximum password life:" { verbose "got max pw life" }
|
|
Packit |
fd8b60 |
expect "Minimum password life:" { verbose "got min pw life" }
|
|
Packit |
fd8b60 |
expect "Minimum password length:" { verbose "got min pw length" }
|
|
Packit |
fd8b60 |
expect "Minimum number of password character classes:" {
|
|
Packit |
fd8b60 |
verbose "got min pw character classes" }
|
|
Packit |
fd8b60 |
expect "Number of old keys kept:" { verbose "got num old keys kept" }
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "q\r" }
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local showpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin addpol $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_delpol - Test delete policy function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Deletes policy $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_delpol { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KADMIN_LOCAL
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
global tmppwd
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "delpol -force $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin_delpol $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin delpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# use kadmin.local to verify that the old policy is not present.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
envstack_push
|
|
Packit |
fd8b60 |
setup_kerberos_env kdc
|
|
Packit |
fd8b60 |
spawn $KADMIN_LOCAL -r $REALMNAME
|
|
Packit |
fd8b60 |
envstack_pop
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
-i $spawn_id
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
set good 0
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "getpol $pname\r" }
|
|
Packit |
fd8b60 |
expect "Policy does not exist while retrieving policy \"$pname\"." {
|
|
Packit |
fd8b60 |
set good 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect "kadmin.local: " { send "quit\r" }
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin.local showpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
if { $good == 1 } {
|
|
Packit |
fd8b60 |
pass "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else {
|
|
Packit |
fd8b60 |
fail "kadmin delpol $pname"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_listpols - Test list policy database function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Lists the policies. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_listpols { } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_policies *"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin lpols lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin lpols"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin lpols"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *" {
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin listpols)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin lpols"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_modpol - Test modify policy function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Modifies policy $pname with flags $flags. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_modpol { pname flags } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "modpol $flags $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin modpol $pname ($flags) lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin modpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin modpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *"
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
# When in doubt, jam one of these in there.
|
|
Packit |
fd8b60 |
expect "\r"
|
|
Packit |
fd8b60 |
# Sadly, kadmin doesn't print a confirmation message for policy operations.
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin modpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin modpol $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kadmin_showpol - Test show policy function of kadmin.
|
|
Packit |
fd8b60 |
#
|
|
Packit |
fd8b60 |
# Retrieves entry for $pname. Returns 1 on success.
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kadmin_showpol { pname } {
|
|
Packit |
fd8b60 |
global REALMNAME
|
|
Packit |
fd8b60 |
global KADMIN
|
|
Packit |
fd8b60 |
global KEY
|
|
Packit |
fd8b60 |
global spawn_id
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_policy $pname"
|
|
Packit |
fd8b60 |
expect_after {
|
|
Packit |
fd8b60 |
"Cannot contact any KDC" {
|
|
Packit |
fd8b60 |
fail "kadmin showpol $pname lost KDC"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
fail "kadmin showpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
fail "kadmin showpol $pname"
|
|
Packit |
fd8b60 |
catch "expect_after"
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
expect -re "assword\[^\r\n\]*: *"
|
|
Packit |
fd8b60 |
send "adminpass$KEY\r"
|
|
Packit |
fd8b60 |
expect -re "\r.*Policy: $pname.*Number of old keys kept: .*\r"
|
|
Packit |
fd8b60 |
expect_after
|
|
Packit |
fd8b60 |
expect eof
|
|
Packit |
fd8b60 |
set k_stat [wait -i $spawn_id]
|
|
Packit |
fd8b60 |
verbose "wait -i $spawn_id returned $k_stat (kadmin showpol)"
|
|
Packit |
fd8b60 |
catch "close -i $spawn_id"
|
|
Packit |
fd8b60 |
pass "kadmin showpol $pname"
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#++
|
|
Packit |
fd8b60 |
# kdestroy
|
|
Packit |
fd8b60 |
#--
|
|
Packit |
fd8b60 |
proc kdestroy { } {
|
|
Packit |
fd8b60 |
global KDESTROY
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
spawn $KDESTROY -5
|
|
Packit |
fd8b60 |
if ![check_exit_status "kdestroy"] {
|
|
Packit |
fd8b60 |
return 0
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
return 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Wrap the tests in a procedure, so that we can kill the daemons if
|
|
Packit |
fd8b60 |
# we get some sort of error.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
proc kadmin_test { } {
|
|
Packit |
fd8b60 |
global hostname
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Start up the kerberos and kadmind daemons
|
|
Packit |
fd8b60 |
if {![start_kerberos_daemons 0] } {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Test basic kadmin functions.
|
|
Packit |
fd8b60 |
if {![kadmin_add v5principal/instance1 v5principal] \
|
|
Packit |
fd8b60 |
|| ![kadmin_addpol standardpol] \
|
|
Packit |
fd8b60 |
|| ![kadmin_showpol standardpol] \
|
|
Packit |
fd8b60 |
|| ![kadmin_listpols] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modpol standardpol "-minlength 5"] \
|
|
Packit |
fd8b60 |
|| ![kadmin_add v4principal/instance2 v4principal] \
|
|
Packit |
fd8b60 |
|| ![kadmin_add_rnd v5random] \
|
|
Packit |
fd8b60 |
|| ![kadmin_show v5principal/instance1] \
|
|
Packit |
fd8b60 |
|| ![kadmin_show v4principal/instance2] \
|
|
Packit |
fd8b60 |
|| ![kadmin_show v5random] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw v5principal/instance1 faroutman] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw v4principal/instance2 honkydory] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw_rnd v5random] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modify v5random -allow_tix] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modify v5random +allow_tix] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modify v5random "-policy standardpol"] \
|
|
Packit |
fd8b60 |
|| ![kadmin_list] \
|
|
Packit |
fd8b60 |
|| ![kadmin_extract instance1 v5principal] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete v5random] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete v4principal/instance2] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete v5principal/instance1] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delpol standardpol]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# You cannot extract a v4 key...
|
|
Packit |
fd8b60 |
# || ![kadmin_extractv4 instance2 v4principal] \
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# now test kpasswd
|
|
Packit |
fd8b60 |
if {![kadmin_add testprinc/instance thisisatest] \
|
|
Packit |
fd8b60 |
|| ![kpasswd_cpw testprinc/instance thisisatest anothertest] \
|
|
Packit |
fd8b60 |
|| ![kpasswd_cpw testprinc/instance anothertest goredsox] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete testprinc/instance]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# now test that we can kinit with principals/passwords.
|
|
Packit |
fd8b60 |
# We defer kdestroying until after kpasswd at least once to test FAST automatic use in kpasswd
|
|
Packit |
fd8b60 |
if {![kadmin_add testprinc1/instance thisisatest] \
|
|
Packit |
fd8b60 |
|| ![kinit testprinc1/instance thisisatest 0] \
|
|
Packit |
fd8b60 |
|| ![kpasswd_cpw testprinc1/instance thisisatest anothertest] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kinit testprinc1/instance anothertest 0] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kpasswd_cpw testprinc1/instance anothertest goredsox] \
|
|
Packit |
fd8b60 |
|| ![kinit testprinc1/instance goredsox 0] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw testprinc1/instance betterwork] \
|
|
Packit |
fd8b60 |
|| ![kinit testprinc1/instance betterwork 0] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete testprinc1/instance]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# now test modify changes.
|
|
Packit |
fd8b60 |
if {![kadmin_add testuser longtestpw] \
|
|
Packit |
fd8b60 |
|| ![kinit testuser longtestpw 0] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modify testuser "-maxlife \"2500 seconds\""] \
|
|
Packit |
fd8b60 |
|| ![kinit testuser longtestpw 0] \
|
|
Packit |
fd8b60 |
|| ![kdestroy] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete testuser]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# now test that reducing the history number doesn't make kadmind vulnerable.
|
|
Packit |
fd8b60 |
if {![kadmin_addpol crashpol] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modpol crashpol "-history 5"] \
|
|
Packit |
fd8b60 |
|| ![kadmin_add crash first] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modify crash "-policy crashpol"] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw crash second] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw crash third] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw crash fourth] \
|
|
Packit |
fd8b60 |
|| ![kadmin_modpol crashpol "-history 3"] \
|
|
Packit |
fd8b60 |
|| ![kadmin_cpw crash fifth] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delete crash] \
|
|
Packit |
fd8b60 |
|| ![kadmin_delpol crashpol]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# test retrieval of large number of principals
|
|
Packit |
fd8b60 |
# bug [2877]
|
|
Packit |
fd8b60 |
for { set i 0 } { $i < 200 } { incr i } {
|
|
Packit |
fd8b60 |
if { ![kadmin_add "foo$i" foopass] } {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if { ![kadmin_list] } {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# test fallback to kadmin/admin
|
|
Packit |
fd8b60 |
if {![kadmin_delete_locked_down kadmin/$hostname] \
|
|
Packit |
fd8b60 |
|| ![kadmin_list] \
|
|
Packit |
fd8b60 |
|| ![kadmin_add_rnd kadmin/$hostname -allow_tgs_req] \
|
|
Packit |
fd8b60 |
|| ![kadmin_list]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
verbose "kadmin_test succeeded"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
run_once kadmin {
|
|
Packit |
fd8b60 |
# Set up the kerberos database.
|
|
Packit |
fd8b60 |
if {![get_hostname] \
|
|
Packit |
fd8b60 |
|| ![setup_kerberos_files] \
|
|
Packit |
fd8b60 |
|| ![setup_kerberos_env] \
|
|
Packit |
fd8b60 |
|| ![setup_kerberos_db 0]} {
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Run the test.
|
|
Packit |
fd8b60 |
set status [catch kadmin_test msg]
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Shut down the kerberos daemons and the rsh daemon.
|
|
Packit |
fd8b60 |
stop_kerberos_daemons
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if { $status != 0 } {
|
|
Packit |
fd8b60 |
send_error "ERROR: error in kadmin.exp\n"
|
|
Packit |
fd8b60 |
send_error "$msg\n"
|
|
Packit |
fd8b60 |
exit 1
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|