Add an initial test for wallet-rekey

This confirms basic functionality, but doesn't test more interesting
things like rekeying multiple keys in the same keytab or skipping
principals that aren't from the local realm.

7 files changed, 70 insertions, 2 deletions

diff --git a/.gitignore b/.gitignore
index 67f4760..576e160 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@
 /tests/client/basic-t
 /tests/client/full-t
 /tests/client/prompt-t
+/tests/client/rekey-t
 /tests/data/.placeholder
 /tests/data/test.keytab
 /tests/data/test.password
diff --git a/Makefile.am b/Makefile.am
index 0b5593f..af5f25f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -39,8 +39,8 @@ EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod		   \
 	tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data	   \
 	tests/data/fake-kadmin tests/data/fake-keytab			   \
 	tests/data/fake-keytab-2 tests/data/fake-keytab-merge		   \
-	tests/data/fake-keytab-old tests/data/fake-srvtab		   \
-	tests/data/full.conf tests/data/wallet.conf			   \
+	tests/data/fake-keytab-old tests/data/fake-keytab-rekey		   \
+	tests/data/fake-srvtab tests/data/full.conf tests/data/wallet.conf \
 	tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t	   \
 	tests/server/backend-t tests/server/keytab-t tests/server/report-t \
 	tests/tap/kerberos.sh tests/tap/libtap.sh tests/tap/remctl.sh	   \
diff --git a/configure.ac b/configure.ac
index df97861..9f2d284 100644
--- a/configure.ac
+++ b/configure.ac
@@ -68,4 +68,5 @@ AC_CONFIG_FILES([Makefile perl/Makefile.PL])
 AC_CONFIG_FILES([tests/client/basic-t], [chmod +x tests/client/basic-t])
 AC_CONFIG_FILES([tests/client/full-t], [chmod +x tests/client/full-t])
 AC_CONFIG_FILES([tests/client/prompt-t], [chmod +x tests/client/prompt-t])
+AC_CONFIG_FILES([tests/client/rekey-t], [chmod +x tests/client/rekey-t])
 AC_OUTPUT
diff --git a/tests/TESTS b/tests/TESTS
index 161941c..54b8190 100644
--- a/tests/TESTS
+++ b/tests/TESTS
@@ -1,6 +1,7 @@
 client/basic
 client/full
 client/prompt
+client/rekey
 docs/pod
 docs/pod-spelling
 portable/asprintf
diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in
new file mode 100644
index 0000000..9127f6c
--- /dev/null
+++ b/tests/client/rekey-t.in
@@ -0,0 +1,65 @@
+#! /bin/sh
+#
+# Test suite for the wallet-rekey command-line client.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2006, 2007, 2008, 2010
+#     Board of Trustees, Leland Stanford Jr. University
+#
+# See LICENSE for licensing terms.
+
+# Load the test library.
+. "$SOURCE/tap/libtap.sh"
+. "$SOURCE/tap/kerberos.sh"
+. "$SOURCE/tap/remctl.sh"
+cd "$SOURCE"
+
+# We need a modified krb5.conf file to test wallet configuration settings in
+# krb5.conf.  Despite the hard-coding of test-k5.stanford.edu, this test isn't
+# Stanford-specific; it just matches the files that are distributed with the
+# package.
+krb5conf=
+for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
+    if [ -r "$p" ] ; then
+        krb5conf="$p"
+        sed -e '/^[ 	]*test-k5.stanford.edu =/,/}/d' \
+            -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \
+            -e 's/^[ 	]*wallet_.*//' \
+            -e '/^[ 	]*wallet[ 	]*=[ 	]*{/,/}/d' \
+            "$p" > ./krb5.conf
+        KRB5_CONFIG="./krb5.conf"
+        export KRB5_CONFIG
+        break
+    fi
+done
+if [ -z "$krb5conf" ] ; then
+    skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
+fi
+
+# Test setup.
+kerberos_setup
+if [ $? != 0 ] ; then
+    rm krb5.conf
+    skip_all 'Kerberos tests not configured'
+elif [ -z '@REMCTLD@' ] ; then
+    rm krb5.conf
+    skip_all 'No remctld found'
+else
+    plan 2
+fi
+remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf"
+wallet="$BUILD/../client/wallet-rekey"
+
+# Rekeying should result in a merged keytab with both the old and new keys.
+cp data/fake-keytab-old keytab
+ok_program '' 0 '' \
+    "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab
+ktutil_list keytab klist-seen
+ktutil_list data/fake-keytab-rekey klist-good
+ok '...and the rekeyed keytab is correct' cmp klist-seen klist-good
+rm -f keytab klist-good klist-seen
+
+# Clean up.
+rm -f autocreated krb5.conf
+remctld_stop
+kerberos_cleanup
diff --git a/tests/data/fake-keytab-merge b/tests/data/fake-keytab-merge
index 31ddc49..4858eb4 100644
--- a/tests/data/fake-keytab-merge
+++ b/tests/data/fake-keytab-merge
diff --git a/tests/data/fake-keytab-rekey b/tests/data/fake-keytab-rekey
new file mode 100644
index 0000000..6c9c7f2
--- /dev/null
+++ b/tests/data/fake-keytab-rekey