Set krb4 and priocntl flags via site.exp instead of command line

Update set of files to clean out at test suite startup, or when
deleting the database.

Improve support for setting up slave test environment.  Don't set
KRB5_KDC_PROFILE except in KDC master and slave environments.  Create
distinct env.sh and env.csh files for different configurations.  Move
kpropd setup proc into common initialization.

Add incremental propagation test: Create new kiprop/$host principal,
update kproplog test for the new data.  "Propagate" the master
database to the slave, add a new principal, start up kpropd, watch for
the "OK" message, and check to see if the new principal exists on the
slave.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21134 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 116 insertions, 35 deletions

diff --git a/src/tests/dejagnu/krb-standalone/iprop.exp b/src/tests/dejagnu/krb-standalone/iprop.exp
index 9f3940800e..91c8b7da46 100644
--- a/src/tests/dejagnu/krb-standalone/iprop.exp
+++ b/src/tests/dejagnu/krb-standalone/iprop.exp
@@ -1,25 +1,44 @@
 # Password-changing Kerberos test.
 # This is a DejaGnu test script.
 
+proc setup_slave {} {
+    global tmppwd hostname REALMNAME KDB5_UTIL
+    file delete $tmppwd/slave-stash $tmppwd/slave-acl
+    file copy -force $tmppwd/acl $tmppwd/slave-acl
+    if ![file exists $tmppwd/kpropdacl] {
+	set aclfile [open $tmppwd/kpropd-acl w]
+	puts $aclfile "host/$hostname@$REALMNAME"
+	close $aclfile
+    }
+    setup_slave_db
+    # copy database - must be used after master db set up
+    envstack_push
+    setup_kerberos_env kdc
+    set dumpfile $tmppwd/dump-file
+    file delete $dumpfile $dumpfile.dump_ok
+    if [catch {exec $KDB5_UTIL dump -i $dumpfile} msg] {
+	error "master dump failed: $msg"
+    }
+    setup_kerberos_env slave
+    foreach suffix { .kadm5.lock .ok } {
+	file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix
+    }
+    if [catch {exec $KDB5_UTIL load -i $dumpfile} msg] {
+	send_user "slave load failed: $msg"
+	spawn_shell
+	error "slave load failed: $msg"
+    }
+}
+
 # We are about to start up a couple of daemon processes.  We do all
 # the rest of the tests inside a proc, so that we can easily kill the
 # processes when the procedure ends.
 
 proc doit { } {
-    global REALMNAME
-    global KLIST
-    global KDESTROY
-    global KEY
-    global KADMIN_LOCAL
-    global KTUTIL
-    global hostname
-    global tmppwd
-    global spawn_id
-    global supported_enctypes
-    global KRBIV
-    global portbase
-    global mode
-    global KPROPLOG
+    global REALMNAME KEY
+    global KLIST KDESTROY KADMIN_LOCAL KTUTIL KPROPLOG KPROPD KDB5_UTIL
+    global hostname tmppwd spawn_id kpropd_spawn_id kpropd_pid
+    global supported_enctypes KRBIV portbase mode
     global ulog des3_krbtgt
 
     # Delete any db, ulog files
@@ -45,12 +64,15 @@ proc doit { } {
 	fail "create update log"
     }
 
+    setup_slave
+
     # Use kadmin to add a key.
     if ![add_kerberos_key wakawaka 0] {
 	return
     }
 
     # Run kproplog, look at output.
+    setup_kerberos_env kdc
     spawn $KPROPLOG
     expect_after {
 	timeout {
@@ -67,7 +89,7 @@ proc doit { } {
 	expect -re "Update log dump"
 	expect -re "First serial \# : 1"
 	if $des3_krbtgt {
-	    expect -re "Last serial \# : 3"
+	    expect -re "Last serial \# : 4"
 	    expect -re "Update Entry"
 	    expect -re "Update serial \# : 1"
 	    expect -re "Attributes changed : 15"
@@ -76,13 +98,19 @@ proc doit { } {
 	    expect -re "Attributes changed : 6"
 	    expect -re "Update Entry"
 	    expect -re "Update serial \# : 3"
+	    expect -re "Attributes changed : 15"
+	    expect -re "Update Entry"
+	    expect -re "Update serial \# : 4"
 	} else {
-	    expect -re "Last serial \# : 2"
+	    expect -re "Last serial \# : 3"
 	    expect -re "Update Entry"
 	    expect -re "Update serial \# : 1"
 	    expect -re "Attributes changed : 15"
 	    expect -re "Update Entry"
 	    expect -re "Update serial \# : 2"
+	    expect -re "Attributes changed : 15"
+	    expect -re "Update Entry"
+	    expect -re "Update serial \# : 3"
 	}
 	expect -re "Update operation : Add"
 	expect -re "Update principal : wakawaka@KRBTEST.COM"
@@ -94,17 +122,74 @@ proc doit { } {
 	}
 	expect -re "Attributes changed : 15"
 	expect eof
+	pass "kproplog output"
     } foo
-    pass "kproplog output"
     catch expect_after
     if [check_exit_status kproplog] {
-	pass "kproplog exit status"
-    } else {
-	fail "kproplog exit status"
+	pass "kproplog"
+    }
+    add_random_key host/$hostname 0
+    add_random_key kiprop/$hostname 0
+
+    # Already have kadmind running.
+
+    # Get a keytab file.
+    setup_srvtab 0
+
+    # Sleep 11s for built-in delay.
+    verbose "Delaying to bypass contention-avoidance code in kadmind/iprop"
+    sleep 11
+
+    # Launch slave kpropd.
+    start_kpropd
+#    send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
+#    spawn_shell
+    expect {
+	-i $kpropd_spawn_id
+	"Update transfer from master was OK" {
+	    exec kill $kpropd_pid
+	    wait -i $kpropd_spawn_id
+	    unset kpropd_spawn_id kpropd_pid
+	}
+	-re ..* { exp_continue }
+	timeout {
+	    catch { exec kill $kpropd_pid }
+	    exp_continue
+	}
+	eof {
+	    wait -i $kpropd_spawn_id
+	    unset kpropd_spawn_id kpropd_pid
+	}
     }
+
+    # Wait briefly?
+    # Check slave db for new principal.
+    setup_kerberos_env slave
+    spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs
+    expect {
+	wakawaka@ {
+	    expect eof
+	}
+	eof {
+	    fail "kprop (updated slave data)"
+	    return
+	}
+	timeout {
+	    fail "kprop (examining new db)"
+	    return
+	}
+    }
+    pass "iprop"
+
+    # What about testing for full propagation?  (Small number of
+    # entries in update log, change one principal's record a lot of
+    # times, then fire up incremental kpropd...)  Do later.
 }
 
 run_once iprop {
+    catch "unset kpropd_pid"
+    catch "unset kpropd_spawn_id"
+
     # Set up the Kerberos files and environment.
     if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
 	return
@@ -114,9 +199,19 @@ run_once iprop {
 
     stop_kerberos_daemons
 
+    # if kpropd is running, kill it
+    if [info exists kpropd_pid] {
+	catch {
+	    exec kill $kpropd_pid
+	    expect -i $kpropd_spawn_id eof
+	    wait -i $kpropd_spawn_id
+	    unset kpropd_pid kpropd_spawn_id
+	}
+    }
+
     set ulog 0
     reset_kerberos_files
-    file delete $tmppwd/adb $tmppwd/adb.ok $tmppwd/db.ulog
+    delete_db
 
     if { $status != 0 } {
 	send_error "ERROR: error in iprop.exp\n"
diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp
index cb0c161336..ed7ed684f9 100644
--- a/src/tests/dejagnu/krb-standalone/kprop.exp
+++ b/src/tests/dejagnu/krb-standalone/kprop.exp
@@ -21,20 +21,6 @@ proc setup_slave {} {
     }
 }
 
-proc start_kpropd {} {
-    global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd
-    global spawn_id
-
-    envstack_push
-    setup_kerberos_env slave
-#    spawn $T_INETD [expr 10 + $portbase] $KPROPD -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL
-    spawn $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
-#    spawn strace -o /tmp/3 -f $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
-    set kpropd_pid [exp_pid]
-    set kpropd_spawn_id $spawn_id
-    envstack_pop
-}
-
 proc scan_kpropd_output {} {
     global kpropd_spawn_id kpropd_pid