5 files changed, 86 insertions, 2 deletions

diff --git a/TODO b/TODO
index 0dfa69c..fc4bf11 100644
--- a/TODO
+++ b/TODO
@@ -2,8 +2,6 @@
 
 Release 1.0:
 
-* Add a test suite for the wallet -u option.
-
 * Rewrite the server checks to avoid using IO::String, since one of the
   tests already requires Perl 5.8's internal string handling.
 
diff --git a/configure.ac b/configure.ac
index 708d5d4..ebff04f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -64,6 +64,7 @@ AC_CONFIG_FILES([Makefile perl/Makefile.PL tests/data/full.conf])
 AC_CONFIG_FILES([tests/client/basic-t], [chmod +x tests/client/basic-t])
 AC_CONFIG_FILES([tests/client/full-t], [chmod +x tests/client/full-t])
 AC_CONFIG_FILES([tests/client/pod-t], [chmod +x tests/client/pod-t])
+AC_CONFIG_FILES([tests/client/prompt-t], [chmod +x tests/client/prompt-t])
 AC_CONFIG_FILES([tests/data/cmd-wrapper], [chmod +x tests/data/cmd-wrapper])
 AC_CONFIG_FILES([tests/kasetkey/basic-t], [chmod +x tests/kasetkey/basic-t])
 AC_CONFIG_FILES([tests/server/admin-t], [chmod +x tests/server/admin-t])
diff --git a/tests/TESTS b/tests/TESTS
index 4ff4a3b..a446643 100644
--- a/tests/TESTS
+++ b/tests/TESTS
@@ -1,6 +1,7 @@
 client/basic
 client/full
 client/pod
+client/prompt
 portable/asprintf
 portable/snprintf
 portable/strlcat
diff --git a/tests/client/prompt-t.in b/tests/client/prompt-t.in
new file mode 100644
index 0000000..2d6097d
--- /dev/null
+++ b/tests/client/prompt-t.in
@@ -0,0 +1,79 @@
+#!/usr/bin/perl -w
+# $Id$
+#
+# tests/client/prompt-t -- Password prompting tests for the wallet client.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+#
+# See LICENSE for licensing terms.
+
+BEGIN { our $total = 5 }
+use Test::More tests => $total;
+
+use lib '@abs_top_srcdir@/perl';
+use Wallet::Admin;
+
+use lib '@abs_top_srcdir@/perl/t/lib';
+use Util;
+
+# cd to the correct directory.
+chdir '@abs_top_srcdir@/tests'
+    or die "Cannot chdir to @abs_top_srcdir@/tests: $!\n";
+
+SKIP: {
+    skip 'no password configuration', $total
+        unless -f '@abs_top_builddir@/tests/data/test.password';
+    my $remctld = '@REMCTLD@';
+    skip 'remctld not found', $total unless $remctld;
+    eval { require Expect };
+    skip 'Exepct module not found', $total if $@;
+
+    # Disable sending of wallet's output to our standard output.  Do this
+    # twice to avoid Perl warnings.
+    $Expect::Log_Stdout = 0;
+    $Expect::Log_Stdout = 0;
+
+    # Spawn remctld and set up with a different ticket cache.
+    unlink ('krb5cc_test', 'test-pid');
+    my $principal = contents ('@abs_top_builddir@/tests/data/test.principal');
+    remctld_spawn ($remctld, $principal,
+                   '@abs_top_builddir@/tests/data/test.keytab',
+                   '@abs_top_builddir@/tests/data/basic.conf');
+    $ENV{KRB5CCNAME} = 'krb5cc_test';
+
+    # Read in the principal and password.
+    open (PASS, '<', '@abs_top_builddir@/tests/data/test.password')
+        or die "Cannot open @abs_top_builddir@/tests/data/test.password: $!\n";
+    my $user = <PASS>;
+    my $password = <PASS>;
+    close PASS;
+    chomp ($user, $password);
+
+    # Spawn wallet and check an invalid password.
+    my $wallet = Expect->spawn ('@abs_top_builddir@/client/wallet', '-k',
+                                $principal, '-p', 14373, '-s', 'localhost',
+                                '-c', 'fake-wallet', '-u', $user, 'get',
+                                'keytab', 'service/fake-output');
+    is ($wallet->expect (2, '-re', 'Password.*: '), 1, 'Saw password prompt');
+    $wallet->send ("invalid-$password\n");
+    is ($wallet->expect (2, 'wallet: authentication failed: '), 1,
+        ' and saw error message from an invalid password');
+    $wallet->soft_close;
+
+    # Now check a valid password.
+    $wallet = Expect->spawn ('@abs_top_builddir@/client/wallet', '-k',
+                             $principal, '-p', 14373, '-s', 'localhost',
+                             '-c', 'fake-wallet', '-u', $user, 'get',
+                             'keytab', 'service/fake-output');
+    is ($wallet->expect (2, '-re', 'Password.*: '), 1, 'Saw password prompt');
+    $wallet->send ("$password\n");
+    is ($wallet->expect (2, 'This is a fake keytab'), 1,
+        ' and saw the right output');
+    $wallet->soft_close;
+    ok (!-f 'krb5cc_test', ' and no ticket cache is left behind');
+
+    # All done.
+    remctld_stop;
+    unlink 'test-pid';
+}
diff --git a/tests/data/README b/tests/data/README
index 9187035..f5ebf07 100644
--- a/tests/data/README
+++ b/tests/data/README
@@ -12,6 +12,11 @@ If your krb5.conf file is not in /etc or /usr/local/etc, put a copy of
 your krb5.conf file in this directory.  The tests need to generate a
 modified copy in order to test some behavior.
 
+To enable tests of password prompting, create a file named test.password
+that contains two lines.  The first line should be a test principal and
+the second line should be the password for that principal.  The newline is
+not taken to be part of the password.
+
 To enable tests of kasetkey (assuming that you've configured wallet with
 --with-afs), create a K4 srvtab with ADMIN access to an AFS kaserver and
 put it in test.srvtab.  Then, put the fully-qualified K4 principal name