1load_lib lib.t 2 3api_exit 4api_start 5 6proc get_hostname { } { 7 global hostname 8 9 if {[info exists hostname]} { 10 return 1 11 } 12 13 catch "exec hostname >myname" exec_output 14 if ![string match "" $exec_output] { 15 send_log "$exec_output\n" 16 verbose $exec_output 17 send_error "ERROR: can't get hostname\n" 18 return 0 19 } 20 set file [open myname r] 21 if { [ gets $file hostname ] == -1 } { 22 send_error "ERROR: no output from hostname\n" 23 return 0 24 } 25 close $file 26 catch "exec rm -f myname" exec_output 27 28 set hostname [string tolower $hostname] 29 verbose "hostname: $hostname" 30 31 return 1 32} 33 34 35test "init 101" 36proc test101 {} { 37 global test 38 global hostname 39 40 get_hostname 41 tcl_cmd "set hostname $hostname" 42 43 # XXX Fix to work with a remote TEST_SERVER. For now, make sure 44 # it fails in that case. 45 one_line_succeed_test { 46 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 47 [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \ 48 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 49 server_handle 50 } 51 one_line_fail_test { 52 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 53 [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \ 54 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 55 server_handle 56 } "RPC_ERROR" 57} 58if {$RPC} test101 59 60test "init 102" 61proc test102 {} { 62 global test 63 64 one_line_fail_test { 65 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 66 [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \ 67 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 68 server_handle 69 } "CANT_RESOLVE" 70} 71if {$RPC} test102 72 73test "init 103" 74proc test103 {} { 75 global test 76 77 one_line_fail_test { 78 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 79 [config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \ 80 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 81 server_handle 82 } "ENOENT" 83} 84#if {! $RPC} test103 85if {! $RPC} { 86 send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n" 87 untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)" 88} 89 90 91test "init 106" 92proc test106 {} { 93 global test prompt 94 95 set prompting 0 96 send [string trim { 97 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 98 [config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \ 99 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 100 server_handle 101 }] 102 send "\n" 103 expect { 104 -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1} 105 -re "\nOK .*$prompt$" { fail "$test: premature success" } 106 -re "\nERROR .*$prompt$" { fail "$test: premature failure" } 107 timeout { fail "$test: timeout" } 108 eof { fail "$test: eof" } 109 } 110 if {$prompting} { 111 one_line_succeed_test mrroot 112 } 113 if {! [cmd {kadm5_destroy $server_handle}]} { 114 error_and_restart "$test: couldn't close database" 115 } 116} 117if {! $RPC} test106 118 119test "init 107" 120proc test107 {} { 121 global test 122 123 one_line_fail_test { 124 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 125 [config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \ 126 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 127 server_handle 128 } "KDB_CANTREAD_STORED" 129} 130if {! $RPC} test107 131 132test "init 108" 133proc test108 {} { 134 global test 135 136 one_line_fail_test { 137 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 138 [config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \ 139 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 140 server_handle 141 } "KRB5_KDB_CANTREAD_STORED" 142} 143if {! $RPC} test108 144 145test "init 109-113" 146proc test109 {} { 147 global test prompt 148 149 delete_principal "$test/a" 150 151 # I'd like to specify flags explicitly and check them, as in the 152 # following config_params, but tcl gets mighty confused if I do and 153 # I have no idea why. 154# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ] 155 156 if {! [cmd { 157 kadm5_init admin admin $KADM5_ADMIN_SERVICE \ 158 [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \ 159 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 160 server_handle 161 }]} { 162 fail "$test: cannot init with max_life" 163 return 164 } 165 if {! [cmd [format { 166 kadm5_create_principal $server_handle [simple_principal "%s/a"] \ 167 {KADM5_PRINCIPAL} testpass 168 } $test]]} { 169 fail "$test: can not create principal" 170 return; 171 } 172 if {! [cmd [format { 173 kadm5_get_principal $server_handle "%s/a" p \ 174 {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} 175 } $test]]} { 176 fail "$test: can not get principal" 177 return; 178 } 179 send "puts \$p\n" 180 expect { 181 -re "$prompt" { } 182 timeout { 183 error_and_restart "$test: timeout getting prompt" 184 return 185 } 186 eof { 187 error_and_restart "$test: eof getting prompt" 188 return 189 } 190 } 191 send "lindex \$p 4\n" 192 expect { 193 -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } 194 timeout { 195 error_and_restart "$test: timeout getting max_life" 196 return 197 } 198 eof { 199 error_and_restart "$test: eof getting max_life" 200 return 201 } 202 } 203 send "lindex \$p 12\n" 204 expect { 205 -re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) } 206 timeout { 207 error_and_restart "$test: timeout getting max_rlife" 208 return 209 } 210 eof { 211 error_and_restart "$test: eof getting max_rlife" 212 return 213 } 214 } 215 send "lindex \$p 1\n" 216 expect { 217 -re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) } 218 timeout { 219 error_and_restart "$test: timeout getting expiration" 220 return 221 } 222 eof { 223 error_and_restart "$test: eof getting expiration" 224 return 225 } 226 } 227 send "lindex \$p 7\n" 228 expect { 229 -re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) } 230 timeout { 231 error_and_restart "$test: timeout getting flags" 232 return 233 } 234 eof { 235 error_and_restart "$test: eof getting flags" 236 return 237 } 238 } 239 # This sorta worries me. Since the test is setting ENCTYPES to 240 # nothing, the principal has no keys. That means that nothing is 241 # printed for the keys in the correct case; but it feels too 242 # likely that nothing will be printed in the case of some problem. 243 send "lindex \$p 18\n" 244 expect { 245 -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } 246 -re "\n$prompt" { set key_data {} } 247 timeout { 248 error_and_restart "$test: timeout getting flags" 249 return 250 } 251 eof { 252 error_and_restart "$test: eof getting flags" 253 return 254 } 255 } 256 if { ! [cmd {kadm5_destroy $server_handle}]} { 257 perror "$test: unexpected failure in destroy" 258 return 259 } 260 if {$max_life == 10} { 261 pass "$test" 262 } else { 263 fail "$test: $max_life is not 10" 264 } 265 if {$max_rlife == 20} { 266 pass "$test" 267 } else { 268 fail "$test: $max_rlife is not 20" 269 } 270 if {$expiration == 30} { 271 pass "$test" 272 } else { 273 fail "$test: $expiration is not 30" 274 } 275 if {$flags == ""} { 276 pass "$test" 277 } else { 278 fail "$test: flags $flags are wrong" 279 } 280 if {$key_data == {}} { 281 pass "$test" 282 } else { 283 fail "$test: key_data $key_data is wrong" 284 } 285} 286if {! $RPC} test109 287 288test "init 116" 289proc test116 {} { 290 global test 291 292 delete_principal "$test/a" 293 294 if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \ 295 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 296 get_add_handle}]} { 297 error_and_restart "$test: couldn't init with admin/get-add" 298 } 299 300 if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \ 301 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 302 mod_delete_handle}]} { 303 error_and_restart "$test: couldn't init with admin/get-add" 304 } 305 306 one_line_succeed_test { 307 kadm5_get_principal $get_add_handle testuser p \ 308 KADM5_PRINCIPAL_NORMAL_MASK 309 } 310 one_line_succeed_test [format { 311 kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \ 312 {KADM5_PRINCIPAL} testpass 313 } $test] 314 one_line_fail_test { 315 kadm5_modify_principal $get_add_handle [simple_principal testuser] \ 316 {KADM5_PRINC_EXPIRE_TIME} 317 } "AUTH_MODIFY" 318 one_line_fail_test { 319 kadm5_delete_principal $get_add_handle testuser 320 } "AUTH_DELETE" 321 322 one_line_fail_test { 323 kadm5_get_principal $mod_delete_handle testuser p \ 324 KADM5_PRINCIPAL_NORMAL_MASK 325 } "AUTH_GET" 326 one_line_fail_test [format { 327 kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \ 328 {KADM5_PRINCIPAL} testpass 329 } $test] "AUTH_ADD" 330 one_line_succeed_test { 331 kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \ 332 {KADM5_PRINC_EXPIRE_TIME} 333 } 334 one_line_succeed_test [format { 335 kadm5_delete_principal $mod_delete_handle "%s/a" 336 } $test] 337 338 if {! [cmd {kadm5_destroy $get_add_handle}]} { 339 error_and_restart "$test: couldn't close get_add_handle" 340 } 341 if {! [cmd {kadm5_destroy $mod_delete_handle}]} { 342 error_and_restart "$test: couldn't close mod_delete_handle" 343 } 344} 345if {$RPC} test116 346 347test "init 117" 348proc test117 {} { 349 global test env prompt 350 351 if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} { 352 warning \ 353 "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test" 354 return 355 } 356 357 if {! (( ! [principal_exists "$test/a"]) || 358 [delete_principal "$test/a"])} { 359 error_and_restart "$test: couldn't delete principal \"$test/a\"" 360 return 361 } 362 363 if {! [cmd { 364 kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ 365 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 366 server_handle 367 }]} { 368 fail "$test: unexpected failure in init" 369 return 370 } 371 372 if {! [cmd [format { 373 kadm5_create_principal $server_handle [simple_principal "%s/a"] \ 374 {KADM5_PRINCIPAL} "%s/a" 375 } $test $test]]} { 376 perror "$test: unexpected failure creating principal" 377 } 378 if {! [cmd [format { 379 kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE 380 } $test]]} { 381 error_and_restart "$test: could not retrieve principal" 382 return 383 } 384 send "lindex \$principal 4\n" 385 expect { 386 -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } 387 timeout { 388 error_and_restart "$test: timeout getting max_life" 389 return 390 } 391 eof { 392 error_and_restart "$test: eof getting max_life" 393 return 394 } 395 } 396 397 if {$max_life == 86400} { 398 pass "$test" 399 } else { 400 fail "$test: max_life $max_life should be 86400" 401 } 402 403 if {! [cmd {kadm5_destroy $server_handle}]} { 404 error_and_restart "$test: couldn't close server_handle" 405 } 406} 407test117 408 409send "puts \$KADM5_ADMIN_SERVICE\n" 410expect { 411 -re "(\[a-zA-Z/@\]+)\n$prompt" { 412 set KADM5_ADMIN_SERVICE $expect_out(1,string) 413 } 414 default { 415 error_and_restart "$test: timeout/eof getting admin_service" 416 return 417 } 418} 419 420send "puts \$KADM5_CHANGEPW_SERVICE\n" 421expect { 422 -re "(\[a-zA-Z/@\]+)\n$prompt" { 423 set KADM5_CHANGEPW_SERVICE $expect_out(1,string) 424 } 425 default { 426 error_and_restart "$test: timeout/eof getting changepw_service" 427 return 428 } 429} 430 431test "init 150" 432proc test150 {} { 433 global test KADM5_ADMIN_SERVICE 434 435 kdestroy 436 kinit testuser notathena "-S $KADM5_ADMIN_SERVICE" 437 one_line_succeed_test { 438 kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ 439 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 440 server_handle 441 } 442 kdestroy 443} 444if {$RPC} test150 445 446test "init 151" 447proc test151 {} { 448 global test KADM5_CHANGEPW_SERVICE 449 450 kdestroy 451 kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE" 452 one_line_succeed_test { 453 kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \ 454 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 455 server_handle 456 } 457 kdestroy 458} 459if {$RPC} test151 460 461test "init 152" 462proc test152 {} { 463 global test KADM5_ADMIN_SERVICE 464 465 kdestroy 466 one_line_fail_test { 467 kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ 468 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 469 server_handle 470 } "KRB5_FCC_NOFILE" 471} 472if {$RPC} test152 473 474test "init 153" 475proc test153 {} { 476 global test KADM5_ADMIN_SERVICE 477 478 kinit testuser notathena 479 one_line_fail_test { 480 kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ 481 null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 482 server_handle 483 } "KRB5_CC_NOTFOUND" 484} 485if {$RPC} test153 486 487test "init 154" 488proc test154 {} { 489 global test env 490 491 set orig $env(KRB5_KDC_PROFILE) 492 set env(KRB5_KDC_PROFILE) /does-not-exist 493 api_exit; api_start 494 set env(KRB5_KDC_PROFILE) $orig 495 496 one_line_fail_test { 497 kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ 498 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 499 server_handle 500 } "ENOENT" 501 502 api_exit; lib_start_api 503} 504if {0 && ! $RPC} test154 505 506return "" 507