#! /bin/sh
# $Id$
#
# Test suite for the wallet command-line client.
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2006, 2007 Board of Trustees, Leland Stanford Jr. University
# See LICENSE for licensing terms.

# The count starts at 1 and is updated each time ok is printed.  printcount
# takes "ok" or "not ok".
count=1
printcount () {
    echo "$1 $count $2"
    count=`expr $count + 1`
}

# Run a program expected to succeed, and print ok if it does and produces
# the correct output.
runsuccess () {
    w_output="$1"
    shift
    principal=`cat data/test.principal`
    output=`$wallet -k "$principal" -p 14444 -s localhost "$@" 2>&1`
    status=$?
    if [ $status = 0 ] && [ x"$output" = x"$w_output" ] ; then
        printcount "ok"
    else
        printcount "not ok"
        echo "  saw: $output"
        echo "  not: $w_output"
    fi
}

# Run a program expected to fail and make sure it fails with the correct
# exit status and the correct failure message.  Strip the second colon and
# everything after it off the error message since it's system-specific.
runfailure () {
    w_status="$1"
    shift
    w_output="$1"
    shift
    principal=`cat data/test.principal`
    output=`$wallet -k "$principal" -p 14444 -s localhost "$@" 2>&1`
    status=$?
    output=`echo "$output" | sed 's/\(:[^:]*\):.*/\1/'`
    if [ $status = $w_status ] && [ x"$output" = x"$w_output" ] ; then
        printcount "ok"
    else
        printcount "not ok"
        echo "  saw: ($status) $output"
        echo "  not: ($w_status) $w_output"
    fi
}

# Print the number of tests.
echo 17

# Find the client program.
if [ -f ../data/test.keytab ] ; then
    cd ..
else
    if [ -f tests/data/test.keytab ] ; then
        cd tests
    fi
fi
if [ ! -f data/test.keytab ] || [ -z "@REMCTLD@" ] ; then
    for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ; do
        echo ok $n \# skip -- no Kerberos configuration
    done
    exit 0
fi
wallet=../client/wallet
if [ ! -x "$wallet" ] ; then
    echo 'Cannot locate wallet client binary' >&2
    exit 1
fi

# Start the remctld daemon and wait for it to start.
rm -f data/pid
( @REMCTLD@ -m -p 14444 -s `cat data/test.principal` -P data/pid \
    -f data/wallet.conf -S -F -k data/test.keytab &)
KRB5CCNAME=data/test.cache; export KRB5CCNAME
kinit -k -t data/test.keytab `cat data/test.principal` > /dev/null 2>&1
if [ $? != 0 ] ; then
    kinit -t data/test.keytab `cat data/test.principal` > /dev/null 2>&1
fi
if [ $? != 0 ] ; then
    kinit -k -K data/test.keytab `cat data/test.principal` > /dev/null 2>&1
fi
if [ $? != 0 ] ; then
    echo 'Unable to obtain Kerberos tickets' >&2
    exit 1
fi
[ -f data/pid ] || sleep 1
if [ ! -f data/pid ] ; then
    echo 'remctld did not start' >&2
    exit 1
fi

# We need a modified krb5.conf file for the srvtab test to work, since we need
# to add a v4_realm setting for the test-k5.stanford.edu realm that the keytab
# is for.
krb5conf=
for p in /etc/krb5.conf /usr/local/etc/krb5.conf ; do
    if [ -r "$p" ] ; then
        krb5conf="$p"
        sed -e '/^ *test-k5.stanford.edu =/,/}/d' \
            -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \
            "$p" > ./krb5.conf
        cat >> krb5.conf <<EOF

[realms]
    test-k5.stanford.edu = {
        v4_realm = TEST.STANFORD.EDU
    }
EOF
        KRB5_CONFIG="./krb5.conf"
        export KRB5_CONFIG
        break
    fi
done

# Make sure everything's clean.
rm -f keytab keytab.bak srvtab srvtab.bak sync-kaserver

# Now, we can finally run our tests.
runsuccess "" -c fake-wallet get keytab -f keytab service/fake-test
if cmp keytab data/fake-data >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
if [ -f keytab.bak ] || [ -f keytab.new ] ; then
    printcount "not ok"
else
    printcount "ok"
fi
runsuccess "" -c fake-wallet get keytab -f keytab -S srvtab service/fake-srvtab
if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
    printcount "ok"
    rm keytab
else
    printcount "not ok"
fi
if cmp keytab.bak data/fake-data >/dev/null 2>&1 ; then
    printcount "ok"
    rm keytab.bak
else
    printcount "not ok"
fi
if [ -f sync-kaserver ] ; then
    printcount "ok"
else
    printcount "not ok"
fi
runsuccess "" -c fake-wallet get keytab -f keytab -S srvtab service/fake-srvtab
if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
    printcount "ok"
    rm keytab
else
    printcount "not ok"
fi
if [ -f sync-kaserver ] ; then
    printcount "ok"
    rm sync-kaserver
else
    printcount "not ok"
fi
if [ -n "$krb5conf" ] ; then
    if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then
        printcount "ok"
        rm srvtab
    else
        printcount "not ok"
    fi
    if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then
        printcount "ok"
        rm srvtab.bak
    else
        printcount "not ok"
    fi
    KRB5_CONFIG=
    rm krb5.conf
else
    printcount "ok # skip cannot find krb5.conf"
fi
runsuccess "Some stuff about service/fake-test" \
    -c fake-wallet show keytab service/fake-test
runfailure 1 "wallet: Unknown object type srvtab" \
    -c fake-wallet get srvtab service/fake-test
runfailure 1 "wallet: Unknown keytab service/unknown" \
    -c fake-wallet show keytab service/unknown
runfailure 1 "wallet: Unknown keytab service/unknown" \
    -c fake-wallet get keytab service/unknown
runsuccess "Expiration date of service/fake-test" \
    -c fake-wallet expires keytab service/fake-test

# Clean up.
rm -f data/test.cache
if [ -f data/pid ] ; then
    kill `cat data/pid`
    rm -f data/pid
fi