# Password-changing Kerberos test.
# This is a DejaGnu test script.
# We are about to start up a couple of daemon processes. We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.
proc setup_replica {} {
global tmppwd hostname REALMNAME env
file delete $tmppwd/replica-stash $tmppwd/replica-acl
file copy -force $tmppwd/stash:foo $tmppwd/replica-stash
file copy -force $tmppwd/acl $tmppwd/replica-acl
if ![file exists $tmppwd/kpropdacl] {
set aclfile [open $tmppwd/kpropd-acl w]
puts $aclfile "host/$hostname@$REALMNAME"
close $aclfile
}
file copy -force $tmppwd/adb.lock $tmppwd/replica-adb.lock
if [info exists env(K5TEST_LMDB)] {
set suffixes { .mdb .mdb-lock .lockout.mdb .lockout.mdb-lock }
} else {
set suffixes { {} .kadm5 .kadm5.lock .ok }
}
foreach suffix $suffixes {
file copy -force $tmppwd/kdc-db$suffix $tmppwd/replica-db$suffix
}
}
proc scan_kpropd_output {} {
global kpropd_spawn_id kpropd_pid
# See if kpropd logged anything. It should exit after processing
# one kprop connection.
expect {
-i $kpropd_spawn_id
eof {
wait -i $kpropd_spawn_id
unset kpropd_spawn_id kpropd_pid
}
timeout { }
-re "Connection from \[a-zA-Z.-\]*" { exp_continue }
-re "krb5_recvauth" { exp_continue }
-re "authenticated client" { exp_continue }
-re "calling kdb5_util to load database\r\n" { exp_continue }
-re "Child PID is \[0-9\]*\r\n" { exp_continue }
-re "Rejected connection" {
fail "kprop (rejected)"
}
}
}
proc doit { } {
global KLIST KDESTROY
global REALMNAME KEY
global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id
global hostname tmppwd spawn_id timeout
global KRBIV supported_enctypes portbase mode ulog
# Delete any db, ulog files
delete_db
# Initialize the Kerberos database. The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 0] {
return
}
setup_replica
if ![start_kerberos_daemons 0] {
return
}
if ![add_random_key host/$hostname 0] {
fail "kprop (host key)"
return
}
if ![setup_keytab 0] {
fail "kprop (keytab)"
return
}
# Get kprop server up and running.
envstack_push
setup_kerberos_env replica
start_kpropd
envstack_pop
# Use kadmin to add a key.
if ![add_kerberos_key wakawaka 0] {
return
}
# Dump master database.
envstack_push
setup_kerberos_env kdc
spawn $KDB5_UTIL dump $tmppwd/replica_datatrans
expect eof
if ![check_exit_status "kprop (kdb5_util dump)"] { return }
# Just in case kpropd is a little slow in starting up...
sleep 1
# Try a propagation.
spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname
expect eof
set kprop_exit [check_exit_status "kprop (exit status)"]
# log output for debugging
scan_kpropd_output
if !$kprop_exit { return }
# Examine new database.
setup_kerberos_env replica
spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
expect {
wakawaka@ {
expect eof
}
eof {
fail "kprop (updated replica data)"
return
}
timeout {
fail "kprop (examining new db)"
return
}
}
pass "kprop"
}
run_once kprop {
catch "unset kpropd_pid"
catch "unset kpropd_spawn_id"
# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
return
}
set status [catch doit msg]
stop_kerberos_daemons
# if kpropd is running, kill it
if [info exists kpropd_pid] {
catch {
exec kill $kpropd_pid
expect -i $kpropd_spawn_id eof
wait -i $kpropd_spawn_id
unset kpropd_pid kpropd_spawn_id
}
}
delete_db
if { $status != 0 } {
send_error "ERROR: error in kprop.exp\n"
send_error "$msg\n"
exit 1
}
}