Add an initial test for wallet-rekey

This confirms basic functionality, but doesn't test more interesting
things like rekeying multiple keys in the same keytab or skipping
principals that aren't from the local realm.

4 files changed, 66 insertions, 0 deletions

diff --git a/tests/TESTS b/tests/TESTS
index 161941c..54b8190 100644
--- a/tests/TESTS
+++ b/tests/TESTS
@@ -1,6 +1,7 @@
 client/basic
 client/full
 client/prompt
+client/rekey
 docs/pod
 docs/pod-spelling
 portable/asprintf
diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in
new file mode 100644
index 0000000..9127f6c
--- /dev/null
+++ b/tests/client/rekey-t.in
@@ -0,0 +1,65 @@
+#! /bin/sh
+#
+# Test suite for the wallet-rekey command-line client.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2006, 2007, 2008, 2010
+#     Board of Trustees, Leland Stanford Jr. University
+#
+# See LICENSE for licensing terms.
+
+# Load the test library.
+. "$SOURCE/tap/libtap.sh"
+. "$SOURCE/tap/kerberos.sh"
+. "$SOURCE/tap/remctl.sh"
+cd "$SOURCE"
+
+# We need a modified krb5.conf file to test wallet configuration settings in
+# krb5.conf.  Despite the hard-coding of test-k5.stanford.edu, this test isn't
+# Stanford-specific; it just matches the files that are distributed with the
+# package.
+krb5conf=
+for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
+    if [ -r "$p" ] ; then
+        krb5conf="$p"
+        sed -e '/^[ 	]*test-k5.stanford.edu =/,/}/d' \
+            -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \
+            -e 's/^[ 	]*wallet_.*//' \
+            -e '/^[ 	]*wallet[ 	]*=[ 	]*{/,/}/d' \
+            "$p" > ./krb5.conf
+        KRB5_CONFIG="./krb5.conf"
+        export KRB5_CONFIG
+        break
+    fi
+done
+if [ -z "$krb5conf" ] ; then
+    skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
+fi
+
+# Test setup.
+kerberos_setup
+if [ $? != 0 ] ; then
+    rm krb5.conf
+    skip_all 'Kerberos tests not configured'
+elif [ -z '@REMCTLD@' ] ; then
+    rm krb5.conf
+    skip_all 'No remctld found'
+else
+    plan 2
+fi
+remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf"
+wallet="$BUILD/../client/wallet-rekey"
+
+# Rekeying should result in a merged keytab with both the old and new keys.
+cp data/fake-keytab-old keytab
+ok_program '' 0 '' \
+    "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab
+ktutil_list keytab klist-seen
+ktutil_list data/fake-keytab-rekey klist-good
+ok '...and the rekeyed keytab is correct' cmp klist-seen klist-good
+rm -f keytab klist-good klist-seen
+
+# Clean up.
+rm -f autocreated krb5.conf
+remctld_stop
+kerberos_cleanup
diff --git a/tests/data/fake-keytab-merge b/tests/data/fake-keytab-merge
index 31ddc49..4858eb4 100644
--- a/tests/data/fake-keytab-merge
+++ b/tests/data/fake-keytab-merge
diff --git a/tests/data/fake-keytab-rekey b/tests/data/fake-keytab-rekey
new file mode 100644
index 0000000..6c9c7f2
--- /dev/null
+++ b/tests/data/fake-keytab-rekey