diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-08-25 18:01:37 -0700 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-08-25 18:01:37 -0700 |
| commit | 5cc66fdef38a67e25850159c0c5282d6dc927178 (patch) | |
| tree | 9636351ee75eacc2f74a989fd8fad712fe95e6ec /tests/client | |
| parent | d46528a011f58881af9e9fb0c11de6422d469f17 (diff) | |
| parent | e91c0b93355b28617f7c0d756026856762ece242 (diff) | |
Merge commit 'upstream/0.12' into debian
Diffstat (limited to 'tests/client')
| -rw-r--r-- | tests/client/basic-t.in | 6 | ||||
| -rw-r--r-- | tests/client/rekey-t.in | 100 |
2 files changed, 103 insertions, 3 deletions
diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 86e24d5..11f0bce 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -114,10 +114,10 @@ rm -f srvtab srvtab.bak # Test keytab merging. ok_program 'keytab merging' 0 '' \ "$wallet" -f keytab get keytab service/fake-keytab -(klist -keK keytab 2>&1) | sed '/Keytab name:/d' > klist-seen -(klist -keK data/fake-keytab-merge 2>&1) | sed '/Keytab name:/d' > klist-good +ktutil_list keytab klist-seen +ktutil_list data/fake-keytab-merge klist-good ok '...and the merged keytab is correct' cmp klist-seen klist-good -rm -f keytab klist-seen klist-good +rm -f keytab klist-good klist-seen # Test srvtab download into a merged keytab with an older version. cp data/fake-keytab-old keytab diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in new file mode 100644 index 0000000..390a362 --- /dev/null +++ b/tests/client/rekey-t.in @@ -0,0 +1,100 @@ +#! /bin/sh +# +# Test suite for the wallet-rekey command-line client. +# +# Written by Russ Allbery <rra@stanford.edu> +# Copyright 2006, 2007, 2008, 2010 +# Board of Trustees, Leland Stanford Jr. University +# +# See LICENSE for licensing terms. + +# Load the test library. +. "$SOURCE/tap/libtap.sh" +. "$SOURCE/tap/kerberos.sh" +. "$SOURCE/tap/remctl.sh" +cd "$SOURCE" + +# We need a modified krb5.conf file to test wallet configuration settings in +# krb5.conf. Despite the hard-coding of test-k5.stanford.edu, this test isn't +# Stanford-specific; it just matches the files that are distributed with the +# package. +krb5conf= +for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do + if [ -r "$p" ] ; then + krb5conf="$p" + sed -e '/^[ ]*test-k5.stanford.edu =/,/}/d' \ + -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \ + -e 's/^[ ]*wallet_.*//' \ + -e '/^[ ]*wallet[ ]*=[ ]*{/,/}/d' \ + "$p" > ./krb5.conf + KRB5_CONFIG="./krb5.conf" + export KRB5_CONFIG + break + fi +done +if [ -z "$krb5conf" ] ; then + skip_all 'no krb5.conf found, put one in tests/data/krb5.conf' +fi + +# Test setup. +kerberos_setup +if [ $? != 0 ] ; then + rm krb5.conf + skip_all 'Kerberos tests not configured' +elif [ -z '@REMCTLD@' ] ; then + rm krb5.conf + skip_all 'No remctld found' +else + plan 9 +fi +remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf" +wallet="$BUILD/../client/wallet-rekey" + +# Rekeying should result in a merged keytab with both the old and new keys. +cp data/fake-keytab-old keytab +ok_program 'basic wallet-rekey' 0 '' \ + "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab +ktutil_list keytab klist-seen +ktutil_list data/fake-keytab-rekey klist-good +ok '...and the rekeyed keytab is correct' cmp klist-seen klist-good +rm -f keytab klist-good klist-seen + +# Rekeying a keytab that contains no principals in the local domain should +# produce an error message and do nothing. +cp data/fake-keytab-foreign keytab +ok_program 'foreign wallet-rekey' 1 'wallet: no rekeyable principals found' \ + "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab +ok '...and the keytab was untouched' cmp keytab data/fake-keytab-foreign +rm -f keytab + +# Rekeying a keytab where we can't retrieve the principal should produce an +# error message and abort when it's the first principal. +cp data/fake-keytab-unknown keytab +ok_program 'unknown wallet-rekey' 1 \ +'wallet: Unknown keytab service/real-keytab +wallet: error rekeying for principal service/real-keytab +wallet: aborting, keytab unchanged' \ + "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab +ok '...and the keytab was untouched' cmp keytab data/fake-keytab-unknown +rm -f keytab + +# Rekeying a keytab where we can't retrieve a later principal should leave the +# original keytab as keytab.old and store, in the new keytab, only the things +# that it was able to rekey. +cp data/fake-keytab-partial keytab +ok_program 'partial wallet-rekey' 1 \ +'wallet: Unknown keytab service/real-keytab +wallet: error rekeying for principal service/real-keytab +wallet: partial failure to rekey keytab keytab, old keytab left in keytab.old'\ + "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab +ktutil_list keytab klist-seen +ktutil_list data/fake-keytab-partial-result klist-good +ok '...and the rekeyed keytab is correct' cmp klist-seen klist-good +ok '...and the backup keytab is correct' \ + cmp keytab.old data/fake-keytab-partial +rm -f keytab keytab.old klist-seen klist-good + +# Clean up. +rm -f autocreated krb5.conf +remctld_stop +kerberos_cleanup |