tests/client/basic-t.in


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183

#! /bin/sh
#
# Test suite for the wallet command-line client.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2018, 2020 Russ Allbery <eagle@eyrie.org>
# Copyright 2006-2008, 2010
#     The Board of Trustees of the Leland Stanford Junior University
#
# SPDX-License-Identifier: MIT

# Load the test library.
. "$C_TAP_SOURCE/tap/libtap.sh"
. "$C_TAP_SOURCE/tap/kerberos.sh"
. "$C_TAP_SOURCE/tap/remctl.sh"
cd "$C_TAP_SOURCE"

# We need a modified krb5.conf file to test wallet configuration settings in
# krb5.conf.  Despite the hard-coding of test-k5.stanford.edu, this test isn't
# Stanford-specific; it just matches the files that are distributed with the
# package.
krb5conf=
for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
    if [ -r "$p" ] ; then
        krb5conf="$p"
        sed -e '/^[ 	]*test-k5.stanford.edu =/,/}/d' \
            -e 's/\(default_realm.*=\) .*/\1 test-k5.stanford.edu/' \
            -e 's/^[ 	]*wallet_.*//' \
            -e '/^[ 	]*wallet[ 	]*=[ 	]*{/,/}/d' \
            "$p" > ./krb5.conf
        cat >> krb5.conf <<EOF

[realms]
    test-k5.stanford.edu = {
        v4_realm = test-k5.stanford.edu
    }
EOF
        KRB5_CONFIG="./krb5.conf"
        export KRB5_CONFIG
        break
    fi
done
if [ -z "$krb5conf" ] ; then
    skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
fi

# Test setup.
kerberos_setup
if [ $? != 0 ] ; then
    rm krb5.conf
    skip_all 'Kerberos tests not configured'
elif [ -z '@REMCTLD@' ] ; then
    rm krb5.conf
    skip_all 'No remctld found'
else
    plan 37
fi
remctld_start '@REMCTLD@' "$C_TAP_SOURCE/data/basic.conf"
wallet="$C_TAP_BUILD/../client/wallet"

# Make sure everything's clean.
rm -f output output.bak keytab keytab.bak srvtab srvtab.bak autocreated

# Now, we can finally run our tests.  First, basic operations.
ok_program 'get file' 0 '' \
    "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet -f output \
    get file fake-test
ok '...and file is correct' cmp output data/fake-data
ok '...and no backup files' [ ! -f output.bak ]
ok '...and no new files' [ ! -f output.new ]
ok '...and we tried autocreation' [ -f autocreated ]
ok_program 'get file again' 0 '' \
   "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet -f output \
    get file fake-test
ok '...and file is correct' cmp output data/fake-data
ok '...and now there is a backup file' [ -f output.bak ]
ok '...which has the right contents' cmp output.bak data/fake-data
ok '...but there is no new file' [ ! -f output.new ]

# Now, append configuration to krb5.conf and test getting configuration from
# there.
cat >> krb5.conf <<EOF

[appdefaults]
    wallet_server = localhost
    wallet = {
        wallet_port = 14373
        wallet_type = fake-wallet
        wallet_principal = $principal
    }
EOF
ok_program 'get file with configuration' 0 '' \
    "$wallet" -f output get file fake-test
ok '...and file is correct' cmp output data/fake-data
rm -f output output.bak

# Test keytab support.
ok_program 'get keytab' 0 '' \
    "$wallet" -f keytab get keytab service/fake-srvtab
ok '...and keytab is correct' cmp keytab data/fake-keytab
rm -f keytab

# Test srvtab support.
output=`"$wallet" -f keytab -S srvtab get keytab service/fake-srvtab 2>&1`
if [ x"$output" = x"wallet: Not built with Kerberos v4 support" ]; then
    skip_block 8 'Not built with Kerberos v4 support'
    rm -f keytab srvtab
else
    rm -f keytab srvtab
    ok_program 'get srvtab' 0 '' \
        "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
    ok '...and keytab is correct' cmp keytab data/fake-keytab
    rm -f keytab
    ok_program 'get srvtab again' 0 '' \
        "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
    ok '...and keytab is correct' cmp keytab data/fake-keytab
    ok '...and srvtab is correct' cmp srvtab data/fake-srvtab
    ok '...and srvtab backup is correct' cmp srvtab.bak data/fake-srvtab
    rm -f srvtab srvtab.bak

    # Test srvtab download into a merged keytab with an older version.
    cp data/fake-keytab-old keytab
    ok_program 'keytab merging with srvtab creation' 0 '' \
        "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
    ok '...and the srvtab is correct' cmp srvtab data/fake-srvtab
    rm -f keytab srvtab
fi

# Test keytab merging.
ok_program 'get keytab' 0 '' \
    "$wallet" -f keytab get keytab service/fake-srvtab
ok_program 'keytab merging' 0 '' \
    "$wallet" -f keytab get keytab service/fake-keytab
ktutil_list keytab klist-seen
ktutil_list data/fake-keytab-merge klist-good
ok '...and the merged keytab is correct' cmp klist-seen klist-good
rm -f keytab klist-good klist-seen

# Test store from standard input.
echo "This is a test of store" > input
ok_program 'store from stdin' 0 '' "$wallet" store file fake-test < input
rm -f input
echo "file fake-test" > store-correct
echo "This is a test of store" >> store-correct
ok '...and the correct data was stored' diff store-output store-correct
rm -f store-output store-correct

# Test store with -f.
echo "This is more store input" > store-input
echo "file fake-test" > store-correct
cat store-input >> store-correct
ok_program 'store from a file' 0 '' \
    "$wallet" -f store-input store file fake-test
ok '...and the correct data was stored' cmp store-output store-correct
rm -f store-input store-output store-correct
printf 'This is store input\000with a nul character' > store-input
echo 'file fake-nul' > store-correct
cat store-input >> store-correct
ok_program 'store from a file with a nul' 0 '' \
    "$wallet" -f store-input store file fake-nul
ok '...and the correct data was stored' cmp store-output store-correct
rm -f store-input store-output store-correct

# Test various other client functions and errors.
ok_program 'get output to stdout' 0 'This is a fake keytab.' \
    "$wallet" get keytab service/fake-output
ok_program 'show output' 0 'Some stuff about file fake-test' \
    "$wallet" show file fake-test
ok_program 'unknown object type' 1 'wallet: Unknown object type srvtab' \
    "$wallet" get srvtab service/fake-test
ok_program 'unknown keytab name in show' 1 \
    'wallet: Unknown keytab service/unknown' \
    "$wallet" show keytab service/unknown
ok_program 'unknown keytab name in get' 1 \
    'wallet: Unknown keytab service/unknown' \
    "$wallet" get keytab service/unknown
ok_program 'expiration date' 0 'Expiration date of keytab service/fake-test' \
    "$wallet" expires keytab service/fake-test

# Clean up.
rm -f autocreated krb5.conf
remctld_stop
kerberos_cleanup