1# Test for the GSS-API. 2# This is a DejaGnu test script. 3# This script tests that the GSS-API tester functions correctly. 4 5# This mostly just calls procedures in test/dejagnu/config/default.exp. 6 7if ![info exists KDESTROY] { 8 set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] 9} 10 11if ![info exists GSSCLIENT] { 12 set GSSCLIENT [findfile $objdir/../../appl/gss-sample/gss-client] 13} 14 15if ![info exists GSSSERVER] { 16 set GSSSERVER [findfile $objdir/../../appl/gss-sample/gss-server] 17} 18 19# Set up the Kerberos files and environment. 20if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { 21 return 22} 23 24# Initialize the Kerberos database. The argument tells 25# setup_kerberos_db that it is being called from here. 26if ![setup_kerberos_db 0] { 27 return 28} 29 30# 31# Like kinit in default.exp, but allows us to specify a different ccache. 32# 33proc our_kinit { name pass ccache } { 34 global REALMNAME 35 global KINIT 36 global spawn_id 37 38 # Use kinit to get a ticket. 39 spawn $KINIT -f -5 -c $ccache $name@$REALMNAME 40 expect { 41 "Password for $name@$REALMNAME:" { 42 verbose "kinit started" 43 } 44 timeout { 45 fail "kinit" 46 return 0 47 } 48 eof { 49 fail "kinit" 50 return 0 51 } 52 } 53 send "$pass\r" 54 # This last expect seems useless, but without it the test hangs on 55 # AIX. 56 expect { 57 "\r" { } 58 } 59 expect eof 60 if ![check_exit_status kinit] { 61 return 0 62 } 63 64 return 1 65} 66 67# 68# Destroys a particular ccache. 69# 70proc our_kdestroy { ccache } { 71 global KDESTROY 72 global spawn_id 73 74 spawn $KDESTROY -c $ccache 75 if ![check_exit_status "kdestroy"] { 76 return 0 77 } 78 return 1 79} 80 81# 82# Stops the gss-server. 83# 84proc stop_gss_server { } { 85 global gss_server_pid 86 global gss_server_spawn_id 87 88 if [info exists gss_server_pid] { 89 catch "close -i $gss_server_spawn_id" 90 catch "exec kill $gss_server_pid" 91 wait -i $gss_server_spawn_id 92 unset gss_server_pid 93 } 94} 95 96# 97# Restore environment variables possibly set. 98# 99proc gss_restore_env { } { 100 global env 101 global gss_save_ccname 102 global gss_save_ktname 103 104 catch "unset env(KRB5CCNAME)" 105 if [info exists gss_save_ccname] { 106 set env(KRB5CCNAME) $gss_save_ccname 107 unset gss_save_ccname 108 } 109 catch "unset env(KRB5_KTNAME)" 110 if [info exists gss_save_ktname] { 111 set env(KRB5_KTNAME) $gss_save_ktname 112 unset gss_save_ktname 113 } 114} 115 116proc run_client {test tkfile client} { 117 global env 118 global hostname 119 global GSSCLIENT 120 global spawn_id 121 global gss_server_spawn_id 122 global REALMNAME 123 global portbase 124 125 set env(KRB5CCNAME) $tkfile 126 verbose "KRB5CCNAME=$env(KRB5CCNAME)" 127 verbose "spawning gssclient, identity=$client" 128 spawn $GSSCLIENT -d -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client" 129 set got_client 0 130 set got_server 0 131 expect_after { 132 -i $spawn_id 133 timeout { 134 if {!$got_client} { 135 verbose -log "client timeout" 136 fail $test 137 catch "expect_after" 138 return 139 } 140 } 141 eof { 142 if {!$got_client} { 143 verbose -log "client eof" 144 fail $test 145 catch "expect_after" 146 return 147 } 148 } 149 -i $gss_server_spawn_id 150 timeout { 151 if {!$got_server} { 152 verbose -log "server timeout" 153 fail $test 154 catch "expect_after" 155 return 156 } 157 } 158 eof { 159 if {!$got_server} { 160 verbose -log "server eof" 161 fail $test 162 catch "expect_after" 163 return 164 } 165 } 166 } 167 expect { 168 -i $gss_server_spawn_id 169 "Accepted connection: \"$client@$REALMNAME\"" exp_continue 170 "Received message: \"message from $client\"" { 171 set got_server 1 172 if {!$got_client} { 173 exp_continue 174 } 175 } 176 -i $spawn_id 177 "Signature verified" { 178 set got_client 1 179 if {!$got_server} { 180 exp_continue 181 } 182 } 183 } 184 catch "expect_after" 185 if ![check_exit_status $test] { 186 # check_exit_staus already calls fail for us 187 return 188 } 189 pass $test 190} 191 192proc doit { } { 193 global REALMNAME 194 global env 195 global KLIST 196 global KDESTROY 197 global KEY 198 global GSSTEST 199 global GSSSERVER 200 global GSSCLIENT 201 global hostname 202 global tmppwd 203 global spawn_id 204 global timeout 205 global gss_server_pid 206 global gss_server_spawn_id 207 global gss_save_ccname 208 global gss_save_ktname 209 global portbase 210 211 # Start up the kerberos and kadmind daemons. 212 if ![start_kerberos_daemons 0] { 213 perror "failed to start kerberos daemons" 214 } 215 216 # Use kadmin to add a key for us. 217 if ![add_kerberos_key gsstest0 0] { 218 perror "failed to set up gsstest0 key" 219 } 220 221 # Use kadmin to add a key for us. 222 if ![add_kerberos_key gsstest1 0] { 223 perror "failed to set up gsstest1 key" 224 } 225 226 # Use kadmin to add a key for us. 227 if ![add_kerberos_key gsstest2 0] { 228 perror "failed to set up gsstest2 key" 229 } 230 231 # Use kadmin to add a key for us. 232 if ![add_kerberos_key gsstest3 0] { 233 perror "failed to set up gsstest3 key" 234 } 235 236 # Use kadmin to add a service key for us. 237 if ![add_random_key gssservice/$hostname 0] { 238 perror "failed to set up gssservice/$hostname key" 239 } 240 241 # Use kdb5_edit to create a keytab entry for gssservice 242 if ![setup_keytab 0 gssservice] { 243 perror "failed to set up gssservice keytab" 244 } 245 246 catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3" 247 248 # Use kinit to get a ticket. 249 if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] { 250 perror "failed to kinit gsstest0" 251 } 252 253 # Use kinit to get a ticket. 254 if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] { 255 perror "failed to kinit gsstest1" 256 } 257 258 # Use kinit to get a ticket. 259 if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] { 260 perror "failed to kinit gsstest2" 261 } 262 263 # Use kinit to get a ticket. 264 if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] { 265 perror "failed to kinit gsstest3" 266 } 267 268 # 269 # Save settings of KRB5CCNAME and KRB5_KTNAME 270 # 271 if [info exists env(KRB5CCNAME)] { 272 set gss_save_ccname $env(KRB5CCNAME) 273 } 274 if [info exists env(KRB5_KTNAME)] { 275 set gss_save_ktname $env(KRB5_KTNAME) 276 } 277 278 # 279 # set KRB5CCNAME and KRB5_KTNAME 280 # 281 set env(KRB5_KTNAME) FILE:$tmppwd/keytab 282 verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" 283 284 # Now start the gss-server. 285 spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname 286 set gss_server_pid [exp_pid] 287 set gss_server_spawn_id $spawn_id 288 289 expect { 290 "starting" { } 291 eof { perror "gss-server failed to start" } 292 } 293 294 run_client gssclient0 $tmppwd/gss_tk_0 gssclient0 295 run_client gssclient1 $tmppwd/gss_tk_1 gssclient1 296 run_client gssclient2 $tmppwd/gss_tk_2 gssclient2 297 run_client gssclient3 $tmppwd/gss_tk_3 gssclient3 298 299 stop_gss_server 300 gss_restore_env 301 302 if ![our_kdestroy $tmppwd/gss_tk_0] { 303 perror "failed kdestroy gss_tk_0" 0 304 } 305 306 if ![our_kdestroy $tmppwd/gss_tk_1] { 307 perror "failed kdestroy gss_tk_1" 0 308 } 309 310 if ![our_kdestroy $tmppwd/gss_tk_2] { 311 perror "failed kdestroy gss_tk_2" 0 312 } 313 314 if ![our_kdestroy $tmppwd/gss_tk_3] { 315 perror "failed kdestroy gss_tk_3" 0 316 } 317 318 catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3" 319 320 return 321} 322 323set status [catch doit msg] 324 325stop_gss_server 326gss_restore_env 327stop_kerberos_daemons 328 329if { $status != 0 } { 330 perror "error in gssapi.exp" 0 331 perror $msg 0 332} 333