diff options
| author | Tom Yu <tlyu@mit.edu> | 2003-03-26 05:42:56 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2003-03-26 05:42:56 +0000 |
| commit | 5116aa0418bb0d3f072a8cca5361503ebde44963 (patch) | |
| tree | 3794cd26957b6cd49386a993c29e5e2e152ffa9c /src | |
| parent | 50eb900a37822d86dfa6b55f21c96190c45fbe2d (diff) | |
| download | krb5-5116aa0418bb0d3f072a8cca5361503ebde44963.tar.gz krb5-5116aa0418bb0d3f072a8cca5361503ebde44963.tar.xz krb5-5116aa0418bb0d3f072a8cca5361503ebde44963.zip | |
fix test suite to reflect loss of des3-krb4
Fix a few things broken by fix for MITKRB5-SA-2003-004, since kiniting
to a des3 TGT intentionally no longer works.
Remove code to set up kadmind srvtab, as it's not needed anymore.
ticket: new
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15303 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/tests/dejagnu/config/ChangeLog | 6 | ||||
| -rw-r--r-- | src/tests/dejagnu/config/default.exp | 100 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/ChangeLog | 9 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/v4gssftp.exp | 4 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/v4krb524d.exp | 4 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/v4standalone.exp | 5 |
6 files changed, 42 insertions, 86 deletions
diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog index 8fd69dd2f3..980203378c 100644 --- a/src/tests/dejagnu/config/ChangeLog +++ b/src/tests/dejagnu/config/ChangeLog @@ -1,3 +1,9 @@ +2003-03-26 Tom Yu <tlyu@mit.edu> + + * default.exp (v4kinit): Expect failure when kiniting to a des3 + TGT, due to fix for MITKRB5-SA-2003-004. + (setup_kadmind_srvtab): Remove. It's not needed anymore. + 2003-03-14 Ken Raeburn <raeburn@mit.edu> * default.exp (setup_root_shell): If we get connection refused diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index ececbf7d7c..33a7515386 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -692,7 +692,6 @@ proc setup_kerberos_files { } { puts $conffile " database_name = $tmppwd/db" puts $conffile " admin_database_name = $tmppwd/adb" puts $conffile " admin_database_lockfile = $tmppwd/adb.lock" - puts $conffile " admin_keytab = $tmppwd/admin-keytab" puts $conffile " key_stash_file = $tmppwd/stash" puts $conffile " acl_file = $tmppwd/acl" puts $conffile " kadmind_port = 3750" @@ -938,83 +937,6 @@ proc restore_kerberos_env { } { } -# setup_kadmind_srvtab -# A procedure to build the srvtab for kadmind5 so that kadmin5 and it -# may successfully communicate. -# Returns 1 on success, 0 on failure. -proc setup_kadmind_srvtab { } { - global REALMNAME - global KADMIN_LOCAL - global KEY - global tmppwd - - catch "exec rm -f $tmppwd/admin-keytab" - envstack_push - setup_kerberos_env kdc - spawn $KADMIN_LOCAL -r $REALMNAME - envstack_pop - catch expect_after - expect_after { - -re "(.*)\r\nkadmin.local: " { - fail "kadmin.local admin-keytab (unmatched output: $expect_out(1,string)" - catch "exec rm -f $tmppwd/admin-keytab" - catch "expect_after" - return 0 - } - timeout { - fail "kadmin.local admin-keytab (timeout)" - catch "exec rm -f $tmppwd/admin-keytab" - catch "expect_after" - return 0 - } - eof { - fail "kadmin.local admin-keytab (eof)" - catch "exec rm -f $tmppwd/admin-keytab" - catch "expect_after" - return 0 - } - } - expect "kadmin.local: " - send "xst -k admin-new-srvtab kadmin/admin\r" - expect "xst -k admin-new-srvtab kadmin/admin\r\n" - expect -re ".*Entry for principal kadmin/admin.* added to keytab WRFILE:admin-new-srvtab." - expect "kadmin.local: " - - catch "exec mv -f admin-new-srvtab changepw-new-srvtab" exec_output - if ![string match "" $exec_output] { - verbose -log "$exec_output" - perror "can't mv admin-new-srvtab" - catch expect_after - return 0 - } - - send "xst -k changepw-new-srvtab kadmin/changepw\r" - expect "xst -k changepw-new-srvtab kadmin/changepw\r\n" - expect -re ".*Entry for principal kadmin/changepw.* added to keytab WRFILE:changepw-new-srvtab." - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status "kadmin.local admin-keytab"] { - catch "exec rm -f $tmppwd/admin-keytab" - perror "kadmin.local admin-keytab exited abnormally" - return 0 - } - - catch "exec mv -f changepw-new-srvtab $tmppwd/admin-keytab" exec_output - if ![string match "" $exec_output] { - verbose -log "$exec_output" - perror "can't mv new admin-keytab" - return 0 - } - - # Make the srvtab file globally readable in case we are using a - # root shell and the srvtab is NFS mounted. - catch "exec chmod a+r $tmppwd/admin-keytab" - - return 1 -} - # setup_kerberos_db # Initialize the Kerberos database. If the argument is non-zero, call # pass at relevant points. Returns 1 on success, 0 on failure. @@ -1270,12 +1192,7 @@ proc setup_kerberos_db { standalone } { } } } - # XXX should deal with envstack inside setup_kadmind_srvtab too - set ret [setup_kadmind_srvtab] envstack_pop - if !$ret { - return 0 - } # create the admin database lock file catch "exec touch $tmppwd/adb.lock" @@ -2029,6 +1946,7 @@ proc v4kinit { name pass standalone } { global REALMNAME global KINIT global spawn_id + global des3_krbtgt # Use kinit to get a ticket. # @@ -2052,10 +1970,20 @@ proc v4kinit { name pass standalone } { } send "$pass\r" expect eof - if ![check_exit_status kinit] { - return 0 + if {$des3_krbtgt == 0} { + if ![check_exit_status v4kinit] { + return 0 + } + } else { + # Fail if kinit is successful with a des3 TGT. + set status_list [wait -i $spawn_id] + set testname v4kinit + verbose "wait -i $spawn_id returned $status_list ($testname)" + if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { + verbose -log "exit status: $status_list" + fail "$testname (exit status)" + } } - if {$standalone} { pass "v4kinit" } diff --git a/src/tests/dejagnu/krb-standalone/ChangeLog b/src/tests/dejagnu/krb-standalone/ChangeLog index fe3f185a6b..01f490230f 100644 --- a/src/tests/dejagnu/krb-standalone/ChangeLog +++ b/src/tests/dejagnu/krb-standalone/ChangeLog @@ -1,3 +1,12 @@ +2003-03-26 Tom Yu <tlyu@mit.edu> + + * v4gssftp.exp (v4ftp_test): Return early if $des3_krbtgt set. + + * v4krb524d.exp (doit): Return early if $des3_krbtgt set. + + * v4standalone.exp (check_and_destroy_v4_tix): Return early if + $des3_krbtgt set. + 2003-01-01 Ezra Peisach <epeisach@bu.edu> * standalone.exp: Only run the keytab to srvtab tests if kerberos 4 diff --git a/src/tests/dejagnu/krb-standalone/v4gssftp.exp b/src/tests/dejagnu/krb-standalone/v4gssftp.exp index c0b95d0ae0..c4d5fd35c4 100644 --- a/src/tests/dejagnu/krb-standalone/v4gssftp.exp +++ b/src/tests/dejagnu/krb-standalone/v4gssftp.exp @@ -179,7 +179,11 @@ proc v4ftp_test { } { global tmppwd global ftp_save_ktname global ftp_save_ccname + global des3_krbtgt + if {$des3_krbtgt} { + return + } # Start up the kerberos and kadmind daemons and get a srvtab and a # ticket file. if {![start_kerberos_daemons 0] \ diff --git a/src/tests/dejagnu/krb-standalone/v4krb524d.exp b/src/tests/dejagnu/krb-standalone/v4krb524d.exp index 5506a06b7d..6e922c7e15 100644 --- a/src/tests/dejagnu/krb-standalone/v4krb524d.exp +++ b/src/tests/dejagnu/krb-standalone/v4krb524d.exp @@ -78,7 +78,11 @@ proc doit { } { global KDESTROY global tmppwd global REALMNAME + global des3_krbtgt + if {$des3_krbtgt} { + return + } # Start up the kerberos and kadmind daemons. if ![start_kerberos_daemons 1] { return diff --git a/src/tests/dejagnu/krb-standalone/v4standalone.exp b/src/tests/dejagnu/krb-standalone/v4standalone.exp index 62db0a794b..cc42e8daba 100644 --- a/src/tests/dejagnu/krb-standalone/v4standalone.exp +++ b/src/tests/dejagnu/krb-standalone/v4standalone.exp @@ -26,7 +26,12 @@ if ![setup_kerberos_db 1] { proc check_and_destroy_v4_tix { client server } { global REALMNAME + global des3_krbtgt + # Skip this if we're using a des3 TGT, since that's supposed to fail. + if {$des3_krbtgt} { + return + } # Make sure that klist can see the ticket. if ![v4klist "$client" "$server" "v4klist"] { return |