# Password-changing Kerberos test.
# This is a DejaGnu test script.

# We are about to start up a couple of daemon processes.  We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.

proc setup_replica {} {
    global tmppwd hostname REALMNAME env
    file delete $tmppwd/replica-stash $tmppwd/replica-acl
    file copy -force $tmppwd/stash:foo $tmppwd/replica-stash
    file copy -force $tmppwd/acl $tmppwd/replica-acl
    if ![file exists $tmppwd/kpropdacl] {
	set aclfile [open $tmppwd/kpropd-acl w]
	puts $aclfile "host/$hostname@$REALMNAME"
	close $aclfile
    }
    file copy -force $tmppwd/adb.lock $tmppwd/replica-adb.lock
    if [info exists env(K5TEST_LMDB)] {
	set suffixes { .mdb .mdb-lock .lockout.mdb .lockout.mdb-lock }
    } else {
	set suffixes { {} .kadm5 .kadm5.lock .ok }
    }
    foreach suffix $suffixes {
	file copy -force $tmppwd/kdc-db$suffix $tmppwd/replica-db$suffix
    }
}

proc scan_kpropd_output {} {
    global kpropd_spawn_id kpropd_pid

    # See if kpropd logged anything.  It should exit after processing
    # one kprop connection.
    expect {
	-i $kpropd_spawn_id
	eof {
	    wait -i $kpropd_spawn_id
	    unset kpropd_spawn_id kpropd_pid
	}
	timeout { }
	-re "Connection from \[a-zA-Z.-\]*" { exp_continue }
	-re "krb5_recvauth" { exp_continue }
	-re "authenticated client" { exp_continue }
	-re "calling kdb5_util to load database\r\n" { exp_continue }
	-re "Child PID is \[0-9\]*\r\n" { exp_continue }
	-re "Rejected connection" {
	    fail "kprop (rejected)"
	}
    }
}

proc doit { } {
    global KLIST KDESTROY
    global REALMNAME KEY
    global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id
    global hostname tmppwd spawn_id timeout
    global KRBIV supported_enctypes portbase mode ulog

    # Delete any db, ulog files
    delete_db

    # Initialize the Kerberos database.  The argument tells
    # setup_kerberos_db that it is being called from here.
    if ![setup_kerberos_db 0] {
	return
    }
    setup_replica
    if ![start_kerberos_daemons 0] {
	return
    }
    if ![add_random_key host/$hostname 0] {
	fail "kprop (host key)"
	return
    }
    if ![setup_keytab 0] {
	fail "kprop (keytab)"
	return
    }

    # Get kprop server up and running.
    envstack_push
    setup_kerberos_env replica
    start_kpropd
    envstack_pop

    # Use kadmin to add a key.
    if ![add_kerberos_key wakawaka 0] {
	return
    }

    # Dump master database.
    envstack_push
    setup_kerberos_env kdc
    spawn $KDB5_UTIL dump $tmppwd/replica_datatrans
    expect eof
    if ![check_exit_status "kprop (kdb5_util dump)"] { return }

    # Just in case kpropd is a little slow in starting up...
    sleep 1

    # Try a propagation.
    spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname
    expect eof
    set kprop_exit [check_exit_status "kprop (exit status)"]
    # log output for debugging
    scan_kpropd_output
    if !$kprop_exit { return }

    # Examine new database.
    setup_kerberos_env replica
    spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
    expect {
	wakawaka@ {
	    expect eof
	}
	eof {
	    fail "kprop (updated replica data)"
	    return
	}
	timeout {
	    fail "kprop (examining new db)"
	    return
	}
    }
    pass "kprop"
}

run_once kprop {
    catch "unset kpropd_pid"
    catch "unset kpropd_spawn_id"

    # Set up the Kerberos files and environment.
    if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
	return
    }

    set status [catch doit msg]

    stop_kerberos_daemons

    # if kpropd is running, kill it
    if [info exists kpropd_pid] {
	catch {
	    exec kill $kpropd_pid
	    expect -i $kpropd_spawn_id eof
	    wait -i $kpropd_spawn_id
	    unset kpropd_pid kpropd_spawn_id
	}
    }

    delete_db

    if { $status != 0 } {
	send_error "ERROR: error in kprop.exp\n"
	send_error "$msg\n"
	exit 1
    }
}