#! /bin/sh # $Id$ # # Test suite for the wallet command-line client. # # Written by Russ Allbery # Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. # Load the test library. . "@abs_top_srcdir@/tests/libtest.sh" # Print the number of tests. total=31 count=1 echo "$total" # Find the client program. chdir_data '../client/wallet' if [ ! -f 'data/test.keytab' ] || [ -z '@REMCTLD@' ] ; then skip 1 "$total" 'no Kerberos configuration' exit 0 fi wallet='../client/wallet' # Start the remctld daemon and wait for it to start. principal=`cat data/test.principal` rm -f data/pid ( @REMCTLD@ -m -p 14373 -s "$principal" -P data/pid -f data/basic.conf \ -S -F -k data/test.keytab &) KRB5CCNAME=data/test.cache; export KRB5CCNAME kinit -k -t data/test.keytab "$principal" > /dev/null 2>&1 if [ $? != 0 ] ; then kinit -t data/test.keytab "$principal" > /dev/null 2>&1 fi if [ $? != 0 ] ; then kinit -k -K data/test.keytab "$principal" > /dev/null 2>&1 fi if [ $? != 0 ] ; then echo 'Unable to obtain Kerberos tickets' >&2 exit 1 fi [ -f data/pid ] || sleep 1 if [ ! -f data/pid ] ; then echo 'remctld did not start' >&2 exit 1 fi # We need a modified krb5.conf file for the srvtab test to work, since we need # to add a v4_realm setting for the test-k5.stanford.edu realm that the keytab # is for. Despite all the Stanford hard-coding, this test isn't # Stanford-specific. It just matches the data files shipped with the package. krb5conf= for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do if [ -r "$p" ] ; then krb5conf="$p" sed -e '/^[ ]*test-k5.stanford.edu =/,/}/d' \ -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \ -e 's/^[ ]*wallet_.*//' \ -e '/^[ ]*wallet[ ]*=[ ]*{/,/}/d' \ "$p" > ./krb5.conf cat >> krb5.conf <&2 exit 1 fi # Make sure everything's clean. rm -f output output.bak keytab keytab.bak srvtab srvtab.bak sync-kaserver \ autocreated # Now, we can finally run our tests. First, basic operations. runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \ -f output get file fake-test if cmp output data/fake-data >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi if [ -f output.bak ] || [ -f output.new ] ; then printcount "not ok" else printcount "ok" fi if [ -f autocreated ] ; then printcount "ok" else printcount "not ok" fi runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \ -f output get file fake-test if cmp output data/fake-data >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi if [ -f output.new ] || [ ! -f output.bak ] ; then printcount "not ok" else printcount "ok" fi # Now, append configuration to krb5.conf and test getting configuration from # there. cat >> krb5.conf </dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi rm -f output output.bak # Test keytab support. runsuccess "" "$wallet" -f keytab get keytab service/fake-srvtab if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then printcount "ok" rm keytab else printcount "not ok" fi if [ ! -f sync-kaserver ] ; then printcount "ok" else printcount "not ok" fi # Test srvtab support. runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi rm keytab if [ -f sync-kaserver ] ; then printcount "ok" else printcount "not ok" fi runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi if [ -f sync-kaserver ] ; then printcount "ok" rm sync-kaserver else printcount "not ok" fi if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi rm -f srvtab srvtab.bak # Test keytab merging. runsuccess "" "$wallet" -f keytab get keytab service/fake-keytab (klist -keK keytab 2>&1) | sed '/Keytab name:/d' > klist-seen (klist -keK data/fake-keytab-merge 2>&1) | sed '/Keytab name:/d' > klist-good if cmp klist-seen klist-good >/dev/null 2>&1 ; then printcount "ok" rm -f keytab klist-seen klist-good else printcount "not ok" fi # Test srvtab download into a merged keytab with an older version. cp data/fake-keytab-old keytab runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab if [ -f sync-kaserver ] ; then printcount "ok" rm sync-kaserver else printcount "not ok" fi if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi rm -f keytab srvtab # Test various other client functions and errors. runsuccess "This is a fake keytab." "$wallet" get keytab service/fake-output runsuccess "Some stuff about file fake-test" \ "$wallet" show file fake-test runfailure 1 "wallet: Unknown object type srvtab" \ "$wallet" get srvtab service/fake-test runfailure 1 "wallet: Unknown keytab service/unknown" \ "$wallet" show keytab service/unknown runfailure 1 "wallet: Unknown keytab service/unknown" \ "$wallet" get keytab service/unknown runsuccess "Expiration date of keytab service/fake-test" \ "$wallet" expires keytab service/fake-test # Clean up. KRB5_CONFIG= rm krb5.conf rm -f autocreated data/test.cache if [ -f data/pid ] ; then kill `cat data/pid` rm -f data/pid fi