#! /bin/sh
# $Id$
#
# Test suite for the wallet command-line client.
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University
#
# See LICENSE for licensing terms.

# Load the test library.
. "@abs_top_srcdir@/tests/libtest.sh"

# Print the number of tests.
total=27
count=1
echo "$total"

# Find the client program.
chdir_data '../client/wallet'
if [ ! -f 'data/test.keytab' ] || [ -z '@REMCTLD@' ] ; then
    skip 1 "$total" 'no Kerberos configuration'
    exit 0
fi
wallet='../client/wallet'

# Start the remctld daemon and wait for it to start.
principal=`cat data/test.principal`
rm -f data/pid
( @REMCTLD@ -m -p 14373 -s "$principal" -P data/pid -f data/wallet.conf \
  -S -F -k data/test.keytab &)
KRB5CCNAME=data/test.cache; export KRB5CCNAME
kinit -k -t data/test.keytab "$principal" > /dev/null 2>&1
if [ $? != 0 ] ; then
    kinit -t data/test.keytab "$principal" > /dev/null 2>&1
fi
if [ $? != 0 ] ; then
    kinit -k -K data/test.keytab "$principal" > /dev/null 2>&1
fi
if [ $? != 0 ] ; then
    echo 'Unable to obtain Kerberos tickets' >&2
    exit 1
fi
[ -f data/pid ] || sleep 1
if [ ! -f data/pid ] ; then
    echo 'remctld did not start' >&2
    exit 1
fi

# We need a modified krb5.conf file for the srvtab test to work, since we need
# to add a v4_realm setting for the test-k5.stanford.edu realm that the keytab
# is for.  Despite all the Stanford hard-coding, this test isn't
# Stanford-specific.  It just matches the data files shipped with the package.
krb5conf=
for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
    if [ -r "$p" ] ; then
        krb5conf="$p"
        sed -e '/^[ 	]*test-k5.stanford.edu =/,/}/d' \
            -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \
            -e 's/^[ 	]*wallet_.*//' \
            -e '/^[ 	]*wallet[ 	]*=[ 	]*{/,/}/d' \
            "$p" > ./krb5.conf
        cat >> krb5.conf <<EOF

[realms]
    test-k5.stanford.edu = {
        v4_realm = TEST.STANFORD.EDU
    }
EOF
        KRB5_CONFIG="./krb5.conf"
        export KRB5_CONFIG
        break
    fi
done
if [ -z "$krb5conf" ] ; then
    echo 'No krb5.conf found -- put one in tests/data/krb5.conf' >&2
    exit 1
fi

# Make sure everything's clean.
rm -f output output.bak keytab keytab.bak srvtab srvtab.bak sync-kaserver

# Now, we can finally run our tests.  First, basic operations.
runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \
    get file -f output fake-test
if cmp output data/fake-data >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
if [ -f output.bak ] || [ -f output.new ] ; then
    printcount "not ok"
else
    printcount "ok"
fi
runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \
    get file -f output fake-test
if cmp output data/fake-data >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
if [ -f output.new ] || [ ! -f output.bak ] ; then
    printcount "not ok"
else
    printcount "ok"
fi

# Now, append configuration to krb5.conf and test getting configuration from
# there.
cat >> krb5.conf <<EOF

[appdefaults]
    wallet_server = localhost
    wallet = {
        wallet_port = 14373
        wallet_type = fake-wallet
        wallet_principal = $principal
    }
EOF
runsuccess "" "$wallet" -f output get file fake-test
if cmp output data/fake-data >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
rm -f output output.bak

# Test keytab support.
runsuccess "" "$wallet" get -f keytab keytab service/fake-srvtab
if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
    printcount "ok"
    rm keytab
else
    printcount "not ok"
fi
if [ ! -f sync-kaserver ] ; then
    printcount "ok"
else
    printcount "not ok"
fi

# Test srvtab support.
runsuccess "" "$wallet" get keytab -f keytab -S srvtab service/fake-srvtab
if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
rm keytab
if [ -f sync-kaserver ] ; then
    printcount "ok"
else
    printcount "not ok"
fi
runsuccess "" "$wallet" get keytab -f keytab -S srvtab service/fake-srvtab
if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
if [ -f sync-kaserver ] ; then
    printcount "ok"
    rm sync-kaserver
else
    printcount "not ok"
fi
if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then
    printcount "ok"
else
    printcount "not ok"
fi
rm -f srvtab srvtab.bak

# Test keytab merging.
runsuccess "" "$wallet" -f keytab get keytab service/fake-keytab
(klist -keK keytab 2>&1) | sed '/Keytab name:/d' > klist-seen
(klist -keK data/fake-keytab-merge 2>&1) | sed '/Keytab name:/d' > klist-good
if cmp klist-seen klist-good >/dev/null 2>&1 ; then
    printcount "ok"
    rm -f keytab klist-seen klist-good
else
    printcount "not ok"
fi

# Test various other client functions and errors.
runsuccess "This is a fake keytab." "$wallet" get keytab service/fake-output
runsuccess "Some stuff about file fake-test" \
    "$wallet" show file fake-test
runfailure 1 "wallet: Unknown object type srvtab" \
    "$wallet" get srvtab service/fake-test
runfailure 1 "wallet: Unknown keytab service/unknown" \
    "$wallet" show keytab service/unknown
runfailure 1 "wallet: Unknown keytab service/unknown" \
    "$wallet" get keytab service/unknown
runsuccess "Expiration date of keytab service/fake-test" \
    "$wallet" expires keytab service/fake-test

# Clean up.
KRB5_CONFIG=
rm krb5.conf
rm -f data/test.cache
if [ -f data/pid ] ; then
    kill `cat data/pid`
    rm -f data/pid
fi