# Password-changing Kerberos test.
# This is a DejaGnu test script.
# We are about to start up a couple of daemon processes. We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.
proc kinit_expecting_pwchange { name pass newpass } {
global REALMNAME
global KINIT
global spawn_id
# Use kinit to get a ticket.
#
# For now always get forwardable tickets. Later when we need to make
# tests that distiguish between forwardable tickets and otherwise
# we should but another option to this proc. --proven
#
spawn $KINIT -5 -f $name@$REALMNAME
expect {
"Password for $name@$REALMNAME:" {
verbose "kinit started"
}
timeout {
fail "kinit"
return 0
}
eof {
fail "kinit"
return 0
}
}
send "$pass\r"
expect {
"Enter new password: " { }
timeout {
fail "kinit (new password prompt)"
return 0
}
eof {
fail "kinit (new password prompt)"
return 0
}
}
send "$newpass\r"
expect {
" again: " { }
timeout {
fail "kinit (new password prompt2)"
return 0
}
eof {
fail "kinit (new password prompt2)"
return 0
}
}
send "$newpass\r"
expect eof
if ![check_exit_status kinit] {
return 0
}
return 1
}
proc doit { } {
global REALMNAME
global KLIST
global KDESTROY
global KEY
global KADMIN_LOCAL
global KTUTIL
global hostname
global tmppwd
global spawn_id
global supported_enctypes
global KRBIV
global portbase
global mode
# Start up the kerberos and kadmind daemons.
if ![start_kerberos_daemons 0] {
return
}
# Use kadmin to add a key.
if ![add_kerberos_key pwchanger 0] {
return
}
setup_kerberos_env kdc
spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger"
catch expect_after
expect {
timeout {
fail "kadmin.local modprinc +needchange"
}
eof {
pass "kadmin.local modprinc +needchange"
}
}
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)"
catch "close -i $spawn_id"
setup_kerberos_env client
if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] {
return
}
pass "kinit (password change)"
if ![kinit pwchanger floople 0] {
return
}
pass "kinit (new password)"
# Destroy the ticket.
spawn $KDESTROY -5
if ![check_exit_status "kdestroy"] {
return
}
pass "kdestroy"
}
run_once pwchange {
# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
return
}
# Initialize the Kerberos database. The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 0] {
return
}
set status [catch doit msg]
stop_kerberos_daemons
if { $status != 0 } {
send_error "ERROR: error in pwchange.exp\n"
send_error "$msg\n"
exit 1
}
}