1load_lib lib.t
2
3api_exit
4api_start
5
6proc get_hostname { } {
7    global hostname
8
9    if {[info exists hostname]} {
10	return 1
11    }
12
13    catch "exec hostname >myname" exec_output
14    if ![string match "" $exec_output] {
15	send_log "$exec_output\n"
16	verbose $exec_output
17	send_error "ERROR: can't get hostname\n"
18	return 0
19    }
20    set file [open myname r]
21    if { [ gets $file hostname ] == -1 } {
22	send_error "ERROR: no output from hostname\n"
23	return 0
24    }
25    close $file
26    catch "exec rm -f myname" exec_output
27
28    set hostname [string tolower $hostname]
29    verbose "hostname: $hostname"
30
31    return 1
32}
33
34
35test "init 101"
36proc test101 {} {
37    global test
38    global hostname
39
40    get_hostname
41    tcl_cmd "set hostname $hostname"
42
43    # XXX Fix to work with a remote TEST_SERVER.  For now, make sure
44    # it fails in that case.
45    one_line_succeed_test {
46	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
47		[config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \
48		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
49		server_handle
50    }
51    one_line_fail_test {
52	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
53		[config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \
54		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
55		server_handle
56    } "RPC_ERROR"
57}
58if {$RPC} test101
59
60test "init 102"
61proc test102 {} {
62    global test
63
64    one_line_fail_test {
65	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
66		[config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
67		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
68		server_handle
69    } "CANT_RESOLVE"
70}
71if {$RPC} test102
72
73test "init 103"
74proc test103 {} {
75    global test
76
77    one_line_fail_test {
78	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
79		[config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \
80		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
81		server_handle
82    } "ENOENT"
83}
84#if {! $RPC} test103
85if {! $RPC} {
86    send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n"
87    untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)"
88}
89
90
91test "init 106"
92proc test106 {} {
93    global test prompt
94
95    set prompting 0
96    send [string trim {
97	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
98		[config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \
99		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
100		server_handle
101    }]
102    send "\n"
103    expect {
104	-re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
105	-re "\nOK .*$prompt$" { fail "$test: premature success" }
106	-re "\nERROR .*$prompt$" { fail "$test: premature failure" }
107	timeout { fail "$test: timeout" }
108	eof { fail "$test: eof" }
109    }
110    if {$prompting} {
111	one_line_succeed_test mrroot
112    }
113    if {! [cmd {kadm5_destroy $server_handle}]} {
114	error_and_restart "$test: couldn't close database"
115    }
116}
117if {! $RPC} test106
118
119test "init 107"
120proc test107 {} {
121    global test
122
123    one_line_fail_test {
124	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
125		[config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \
126		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
127		server_handle
128    } "KDB_CANTREAD_STORED"
129}
130if {! $RPC} test107
131
132test "init 108"
133proc test108 {} {
134    global test
135
136    one_line_fail_test {
137	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
138		[config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \
139		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
140		server_handle
141    } "KRB5_KDB_CANTREAD_STORED"
142}
143if {! $RPC} test108
144
145test "init 109-113"
146proc test109 {} {
147    global test prompt
148
149    delete_principal "$test/a"
150
151    # I'd like to specify flags explicitly and check them, as in the
152    # following config_params, but tcl gets mighty confused if I do and
153    # I have no idea why.
154#		[config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ]
155
156    if {! [cmd {
157	kadm5_init admin admin $KADM5_ADMIN_SERVICE \
158		[config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \
159		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
160		server_handle
161    }]} {
162	fail "$test: cannot init with max_life"
163	return
164    }
165    if {! [cmd [format {
166	kadm5_create_principal $server_handle [simple_principal "%s/a"] \
167		{KADM5_PRINCIPAL} testpass
168    } $test]]} {
169	fail "$test: can not create principal"
170	return;
171    }
172    if {! [cmd [format {
173	kadm5_get_principal $server_handle "%s/a" p \
174		{KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
175    } $test]]} {
176	fail "$test: can not get principal"
177	return;
178    }
179    send "puts \$p\n"
180    expect {
181	-re "$prompt" { }
182	timeout {
183	    error_and_restart "$test: timeout getting prompt"
184	    return
185	}
186	eof {
187	    error_and_restart "$test: eof getting prompt"
188	    return
189	}
190    }
191    send "lindex \$p 4\n"
192    expect {
193	-re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
194	timeout {
195	    error_and_restart "$test: timeout getting max_life"
196	    return
197	}
198	eof {
199	    error_and_restart "$test: eof getting max_life"
200	    return
201	}
202    }
203    send "lindex \$p 12\n"
204    expect {
205	-re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) }
206	timeout {
207	    error_and_restart "$test: timeout getting max_rlife"
208	    return
209	}
210	eof {
211	    error_and_restart "$test: eof getting max_rlife"
212	    return
213	}
214    }
215    send "lindex \$p 1\n"
216    expect {
217	-re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) }
218	timeout {
219	    error_and_restart "$test: timeout getting expiration"
220	    return
221	}
222	eof {
223	    error_and_restart "$test: eof getting expiration"
224	    return
225	}
226    }
227    send "lindex \$p 7\n"
228    expect {
229	-re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) }
230	timeout {
231	    error_and_restart "$test: timeout getting flags"
232	    return
233	}
234	eof {
235	    error_and_restart "$test: eof getting flags"
236	    return
237	}
238    }
239    # This sorta worries me.  Since the test is setting ENCTYPES to
240    # nothing, the principal has no keys.  That means that nothing is
241    # printed for the keys in the correct case; but it feels too
242    # likely that nothing will be printed in the case of some problem.
243    send "lindex \$p 18\n"
244    expect {
245	-re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
246	-re "\n$prompt" { set key_data {} }
247	timeout {
248	    error_and_restart "$test: timeout getting flags"
249	    return
250	}
251	eof {
252	    error_and_restart "$test: eof getting flags"
253	    return
254	}
255    }
256    if { ! [cmd {kadm5_destroy $server_handle}]} {
257	perror "$test: unexpected failure in destroy"
258	return
259    }
260    if {$max_life == 10} {
261	pass "$test"
262    } else {
263	fail "$test: $max_life is not 10"
264    }
265    if {$max_rlife == 20} {
266	pass "$test"
267    } else {
268	fail "$test: $max_rlife is not 20"
269    }
270    if {$expiration == 30} {
271	pass "$test"
272    } else {
273	fail "$test: $expiration is not 30"
274    }
275    if {$flags == ""} {
276	pass "$test"
277    } else {
278	fail "$test: flags $flags are wrong"
279    }
280    if {$key_data == {}} {
281	pass "$test"
282    } else {
283	fail "$test: key_data $key_data is wrong"
284    }
285}
286if {! $RPC} test109
287
288test "init 116"
289proc test116 {} {
290    global test
291
292    delete_principal "$test/a"
293
294    if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \
295	    null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
296	    get_add_handle}]} {
297	error_and_restart "$test: couldn't init with admin/get-add"
298    }
299
300    if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \
301	    null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
302	    mod_delete_handle}]} {
303	error_and_restart "$test: couldn't init with admin/get-add"
304    }
305
306    one_line_succeed_test {
307	kadm5_get_principal $get_add_handle testuser p \
308		KADM5_PRINCIPAL_NORMAL_MASK
309    }
310    one_line_succeed_test [format {
311	kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \
312		{KADM5_PRINCIPAL} testpass
313    } $test]
314    one_line_fail_test {
315	kadm5_modify_principal $get_add_handle [simple_principal testuser] \
316		{KADM5_PRINC_EXPIRE_TIME}
317    } "AUTH_MODIFY"
318    one_line_fail_test {
319	kadm5_delete_principal $get_add_handle testuser
320    } "AUTH_DELETE"
321
322    one_line_fail_test {
323	kadm5_get_principal $mod_delete_handle testuser p \
324		KADM5_PRINCIPAL_NORMAL_MASK
325    } "AUTH_GET"
326    one_line_fail_test [format {
327	kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \
328		{KADM5_PRINCIPAL} testpass
329    } $test] "AUTH_ADD"
330    one_line_succeed_test {
331	kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \
332		{KADM5_PRINC_EXPIRE_TIME}
333    }
334    one_line_succeed_test [format {
335	kadm5_delete_principal $mod_delete_handle "%s/a"
336    } $test]
337
338    if {! [cmd {kadm5_destroy $get_add_handle}]} {
339	error_and_restart "$test: couldn't close get_add_handle"
340    }
341    if {! [cmd {kadm5_destroy $mod_delete_handle}]} {
342	error_and_restart "$test: couldn't close mod_delete_handle"
343    }
344}
345if {$RPC} test116
346
347test "init 117"
348proc test117 {} {
349    global test env prompt
350
351    if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} {
352	warning \
353	   "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test"
354	return
355    }
356
357    if {! (( ! [principal_exists "$test/a"]) ||
358        [delete_principal "$test/a"])} {
359        error_and_restart "$test: couldn't delete principal \"$test/a\""
360	return
361    }
362
363    if {! [cmd {
364	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
365		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
366		server_handle
367    }]} {
368	fail "$test: unexpected failure in init"
369	return
370    }
371
372    if {! [cmd [format {
373	kadm5_create_principal $server_handle [simple_principal "%s/a"] \
374		{KADM5_PRINCIPAL} "%s/a"
375    } $test $test]]} {
376	perror "$test: unexpected failure creating principal"
377    }
378    if {! [cmd [format {
379	kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE
380    } $test]]} {
381	error_and_restart "$test: could not retrieve principal"
382	return
383    }
384    send "lindex \$principal 4\n"
385    expect {
386	-re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
387	timeout {
388	    error_and_restart "$test: timeout getting max_life"
389	    return
390	}
391	eof {
392	    error_and_restart "$test: eof getting max_life"
393	    return
394	}
395    }
396
397    if {$max_life == 86400} {
398	pass "$test"
399    } else {
400	fail "$test: max_life $max_life should be 86400"
401    }
402
403    if {! [cmd {kadm5_destroy $server_handle}]} {
404	error_and_restart "$test: couldn't close server_handle"
405    }
406}
407test117
408
409send "puts \$KADM5_ADMIN_SERVICE\n"
410expect {
411    -re "(\[a-zA-Z/@\]+)\n$prompt" {
412	set KADM5_ADMIN_SERVICE $expect_out(1,string)
413    }
414    default {
415	error_and_restart "$test: timeout/eof getting admin_service"
416	return
417    }
418}
419
420send "puts \$KADM5_CHANGEPW_SERVICE\n"
421expect {
422    -re "(\[a-zA-Z/@\]+)\n$prompt" {
423	set KADM5_CHANGEPW_SERVICE $expect_out(1,string)
424    }
425    default {
426	error_and_restart "$test: timeout/eof getting changepw_service"
427	return
428    }
429}
430
431test "init 150"
432proc test150 {} {
433    global test KADM5_ADMIN_SERVICE
434
435    kdestroy
436    kinit testuser notathena "-S $KADM5_ADMIN_SERVICE"
437    one_line_succeed_test {
438	kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
439		null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
440		server_handle
441    }
442    kdestroy
443}
444if {$RPC} test150
445
446test "init 151"
447proc test151 {} {
448    global test KADM5_CHANGEPW_SERVICE
449
450    kdestroy
451    kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE"
452    one_line_succeed_test {
453	kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \
454		null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
455		server_handle
456    }
457    kdestroy
458}
459if {$RPC} test151
460
461test "init 152"
462proc test152 {} {
463    global test KADM5_ADMIN_SERVICE
464
465    kdestroy
466    one_line_fail_test {
467	kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
468		null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
469		server_handle
470    } "KRB5_FCC_NOFILE"
471}
472if {$RPC} test152
473
474test "init 153"
475proc test153 {} {
476    global test KADM5_ADMIN_SERVICE
477
478    kinit testuser notathena
479    one_line_fail_test {
480	kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
481		null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
482		server_handle
483    } "KRB5_CC_NOTFOUND"
484}
485if {$RPC} test153
486
487test "init 154"
488proc test154 {} {
489    global test env
490
491    set orig $env(KRB5_KDC_PROFILE)
492    set env(KRB5_KDC_PROFILE) /does-not-exist
493    api_exit; api_start
494    set env(KRB5_KDC_PROFILE) $orig
495
496    one_line_fail_test {
497	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
498		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
499		server_handle
500    } "ENOENT"
501
502    api_exit; lib_start_api
503}
504if {0 && ! $RPC} test154
505
506return ""
507