diff options
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/dejagnu/krb-root/rlogin.exp | 322 | ||||
-rw-r--r-- | src/tests/dejagnu/krb-root/telnet.exp | 451 | ||||
-rw-r--r-- | src/tests/dejagnu/krb-standalone/gssftp.exp | 507 | ||||
-rw-r--r-- | src/tests/dejagnu/krb-standalone/rcp.exp | 231 | ||||
-rw-r--r-- | src/tests/dejagnu/krb-standalone/rsh.exp | 294 |
5 files changed, 0 insertions, 1805 deletions
diff --git a/src/tests/dejagnu/krb-root/rlogin.exp b/src/tests/dejagnu/krb-root/rlogin.exp deleted file mode 100644 index a0e8e4ff54..0000000000 --- a/src/tests/dejagnu/krb-root/rlogin.exp +++ /dev/null @@ -1,322 +0,0 @@ -# Kerberos rlogin test. -# This is a DejaGnu test script. -# This script tests Kerberos rlogin. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists KRLOGIN] { - set KRLOGIN [findfile $objdir/../../appl/bsd/rlogin] -} - -if ![info exists KRLOGIND] { - set KRLOGIND [findfile $objdir/../../appl/bsd/klogind] -} - -if ![info exists LOGINKRB5] { - set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] -} - -# Start up a root shell. -if ![setup_root_shell rlogin] { - return -} - -# Make sure .k5login is reasonable. -if ![check_k5login rlogin] { - stop_root_shell - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return -} - -# A procedure to start up the rlogin daemon. - -proc start_rlogin_daemon { option } { - global REALMNAME - global KRLOGIND - global LOGINKRB5 - global ROOT_PROMPT - global tmppwd - global hostname - global rlogin_spawn_id - global krlogind_pid - global portbase - - # The -p argument tells it to accept a single connection, so we - # don't need to use inetd. The 3543 is the port to listen at. - # Note that tmppwd here is a shell variable, which is set in - # setup_root_shell, not a TCL variable. The sh -c is to workaround - # the broken controlling tty handling in hpux, and shouldn't hurt - # anything else. - send -i $rlogin_spawn_id "sh -c \"$KRLOGIND -k -c -D [expr 8 + $portbase] -S \$tmppwd/srvtab -M $REALMNAME -L $LOGINKRB5 $option\" &\r" - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - send -i $rlogin_spawn_id "echo \$!\r" - expect { - -i $rlogin_spawn_id - -re "\[0-9\]+" { - set krlogind_pid $expect_out(0,string) - verbose "krlogind process ID is $krlogind_pid" - } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - - # Give the rlogin daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the rlogin daemon. - -proc stop_rlogin_daemon { } { - global krlogind_pid - - if [info exists krlogind_pid] { - catch "exec kill $krlogind_pid" - unset krlogind_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rlogin_test { } { - global REALMNAME - global KRLOGIN - global BINSH - global SHELL_PROMPT - global KEY - global hostname - global hostname - global env - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the rlogin daemon. - start_rlogin_daemon -k - - # Make an rlogin connection. - spawn $KRLOGIN $hostname -k $REALMNAME -D [expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "onnection closed." { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "rlogin" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect "$BINSH" - expect -re "$SHELL_PROMPT" - - set testname "date" - send "date\r" - expect "date" - expect { - -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { - if [check_date $expect_out(0,string)] { - pass "date" - } else { - fail "date" - } - } - } - expect -re "$SHELL_PROMPT" - - set testname "exit" - send "exit\r" - expect -re "$SHELL_PROMPT" - send "exit\r" - expect { - "onnection closed." { - pass $testname - } - } - # This last expect seems useless, but without it the rlogin process - # sometimes hangs on HP-UX, in a tcsetattr call with TCSADRAIN. - expect { - "\r" { } - } - - expect_after - - if [check_exit_status "exit status"] { - pass "exit status" - } - - # The rlogin daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rlogin_daemon - - # Try an encrypted connection. - start_rlogin_daemon -e - spawn $KRLOGIN $hostname -x -k $REALMNAME -D [expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "onnection closed" { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "encrypted rlogin" - expect -re "encrypting .* transmissions" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect "$BINSH" - expect -re "$SHELL_PROMPT" - - # Make sure the encryption is not destroying the text. - set testname "echo" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Send some characters which might cause an interrupt, and then - # make sure we can still talk to the shell. - set testname "interrupt characters" - send "\003\177\034\r" - expect -re "$SHELL_PROMPT" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - set testname "~." - send "~." - expect { - "Closed connection.\r" { - pass $testname - } - "onnection closed" { - pass $testname - } - } - - expect_after - - if [check_exit_status "exit status"] { - pass "exit status" - } - - # The rlogin daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rlogin_daemon -} - -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch rlogin_test msg] -set timeout $oldtimeout - -# Shut down the kerberos daemons, the rlogin daemon, and the root -# process. -stop_kerberos_daemons - -stop_rlogin_daemon - -stop_root_shell - -if { $status != 0 } { - send_error "ERROR: error in rlogin.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp deleted file mode 100644 index 17095b3361..0000000000 --- a/src/tests/dejagnu/krb-root/telnet.exp +++ /dev/null @@ -1,451 +0,0 @@ -# Kerberos telnet test. -# This is a DejaGnu test script. -# This script tests Kerberos telnet. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists TELNET] { - set TELNET [findfile $objdir/../../appl/telnet/telnet/telnet] -} - -if ![info exists TELNETD] { - set TELNETD [findfile $objdir/../../appl/telnet/telnetd/telnetd] -} - -if ![info exists LOGINKRB5] { - set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] -} - -if ![regexp des- $supported_enctypes] { - # Telnet needs a DES enctype. - verbose "Skipping telnet tests for lack of DES support." - return -} - -# A procedure to start up the telnet daemon. - -proc start_telnet_daemon { args } { - global REALMNAME - global TELNETD - global LOGINKRB5 - global ROOT_PROMPT - global tmppwd - global hostname - global rlogin_spawn_id - global telnetd_pid - global portbase - - # Setup the shared library wrapper for login.krb5 - if ![file exists $tmppwd/login.wrap] { - setup_wrapper $tmppwd/login.wrap "$LOGINKRB5 $*" - } - - # The -debug argument tells it to accept a single connection, so - # we don't need to use inetd. The portbase+8 is the port to listen at. - # Note that tmppwd here is a shell variable, which is set in - # setup_root_shell, not a TCL variable. - send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r" - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - send -i $rlogin_spawn_id "echo \$!\r" - expect { - -i $rlogin_spawn_id - -re "\[0-9\]+" { - set telnetd_pid $expect_out(0,string) - verbose "telnetd process ID is $telnetd_pid" - } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - - # Give the telnet daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the telnet daemon. - -proc stop_telnet_daemon { } { - global telnetd_pid - - if [info exists telnetd_pid] { - catch "exec kill $telnetd_pid" - unset telnetd_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc telnet_test { } { - global REALMNAME - global TELNET - global BINSH - global SHELL_PROMPT - global KEY - global hostname - global localhostname - global env - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the telnet daemon. - start_telnet_daemon - - # Start up our telnet connection. We first try it without - # authentication, so the daemon should prompt for a login. - spawn $TELNET -- $hostname -[expr 8 + $portbase] - set telnet_pid [exp_pid] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "simple telnet" - expect { - "ogin: " { - pass $testname - } - } - - # Move back to telnet command mode and make sure it seems - # reasonable. - set testname "telnet command mode" - send "\035" - expect { - "telnet> " { - pass $testname - } - } - - set testname "telnet status" - send "status\r" - # use -nocase because telnet may output the fqdn in upper-case; - # however, -nocase requires the whole pattern to be in lower case - expect { - -nocase -re "connected to $localhostname.*operating in single character mode.*catching signals locally.*remote character echo.*flow control.*escape character is '.\]'" { - pass $testname - } - } - - set testname "back to command mode" - - # For some reason, the telnet client doesn't necessarily reset the - # terminal mode back to raw after exiting command mode. - # Kick it somewhat by sending a CR. - send "\r" - expect "ogin: " - - send "\035" - expect { - "telnet> " { - pass $testname - } - } - - set testname "quit" - send "quit\r" - expect { - "Connection closed.\r" { - pass $testname - } - } - - expect_after - -# on hpux 10.x, the child telnet will hang in an ioctl(). This will -# wait a while for an EOF, and kill the process if it doesn't exit by -# itself. The hang doesn't happen when telnet is run at the shell. - - expect { - eof { } - timeout { - stop_telnet_daemon - } - } - - if ![check_exit_status "exit status"] { - return - } - - pass "exit status" - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - # Try an authenticated connection. - start_telnet_daemon - spawn $TELNET -a -k $REALMNAME -- $hostname -[expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "Connection closed by foreign host.\r" { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "authenticated telnet" - expect "Kerberos V5 accepts you" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect -re "$SHELL_PROMPT" - - set testname "date" - send "date\r" - expect "date" - expect { - -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { - if [check_date $expect_out(0,string)] { - pass "date" - } else { - fail "date" - } - } - } - expect -re "$SHELL_PROMPT" - - set testname "exit" - send "exit\r" - expect -re "$SHELL_PROMPT" - send "exit\r" - expect { - "Connection closed by foreign host.\r" { - pass $testname - } - } - - expect_after - catch "expect eof" - - # We can't use check_exit_status, because we expect an exit status - # of 1. - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list (klist)" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail "exit status" - } else { - pass "exit status" - } - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - # Try an authenticated encrypted connection. - start_telnet_daemon - spawn $TELNET -a -x -k $REALMNAME -- $hostname -[expr 8 + $portbase] - - expect_after { - timeout { - fail $testname - catch "expect_after" - return - } - eof { - fail $testname - catch "expect_after" - return - } - } - - set testname "encrypted telnet" - expect "Kerberos V5 accepts you" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Make sure the encryption is not destroying the text. - set testname "echo" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Move back to telnet command mode and check the encryption status. - set testname "encryption status" - send "\035" - expect "telnet> " - send "status\r" - expect { - -re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" { - pass $testname - } - } - - set testname "exit status" - send "exit\r" - expect "Connection closed by foreign host.\r" - - expect_after - catch "expect eof" - - # We can't use check_exit_status, because we expect an exit status - # of 1. - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list (klist)" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail "exit status" - } else { - pass "exit status" - } - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - set testname "reject unencrypted telnet" - # Check rejection of unencrypted client when encryption is required - start_telnet_daemon -e - - # unencrypted, unauthenticated - spawn $TELNET -- $hostname -[expr 8 + $portbase] - expect_after { - timeout { - fail $testname - catch "expect_after" - return - } - eof { - fail $testname - catch "expect_after" - return - } - } - - expect { - -re "Unencrypted connection refused.*\n" { - pass $testname - } - } - catch "expect_after" - catch "expect eof" - catch wait - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon -} - -run_once telnet { - # Remove old wrapper script - catch "exec rm -f $tmppwd/login.wrap" - - # Start up a root shell. - if ![setup_root_shell telnet] { - return - } - - # Make sure .k5login is reasonable. - if ![check_k5login rlogin] { - stop_root_shell - return - } - - # Set up the kerberos database. - if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return - } - - # Run the test. Logging in sometimes takes a while, so increase the - # timeout. - set oldtimeout $timeout - set timeout 60 - set status [catch telnet_test msg] - set timeout $oldtimeout - - # Shut down the kerberos daemons, the telnet daemon, and the rlogin - # process. - stop_kerberos_daemons - - stop_telnet_daemon - - stop_root_shell - - if { $status != 0 } { - send_error "ERROR: error in telnet.exp\n" - send_error "$msg\n" - exit 1 - } -} diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp deleted file mode 100644 index 42dc94c753..0000000000 --- a/src/tests/dejagnu/krb-standalone/gssftp.exp +++ /dev/null @@ -1,507 +0,0 @@ -# Kerberos ftp test. -# This is a DejaGnu test script. -# This script tests Kerberos ftp. -# Originally written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. -# Modified bye Ezra Peisach for GSSAPI support. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/build/tests/dejagnu - -if ![info exists FTP] { - set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp] -} - -if ![info exists FTPD] { - set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd] -} - -# A procedure to start up the ftp daemon. - -proc start_ftp_daemon { } { - global FTPD - global tmppwd - global ftpd_spawn_id - global ftpd_pid - global portbase - - # The -p argument tells it to accept a single connection, so we - # don't need to use inetd. Portbase+8 is the port to listen at. - # We rely on KRB5_KTNAME being set to the proper keyfile as there is - # no way to cleanly set it with the gssapi API. - # The -U argument tells it to use an alternate ftpusers file (using - # /dev/null will allow root to login regardless of /etc/ftpusers). - # The -a argument requires authorization, to mitigate any - # vulnerability introduced by circumventing ftpusers. - spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb5.conf - set ftpd_spawn_id $spawn_id - set ftpd_pid [exp_pid] - - # Give the ftp daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the ftp daemon. - -proc stop_ftp_daemon { } { - global ftpd_spawn_id - global ftpd_pid - - if [info exists ftpd_pid] { - catch "close -i $ftpd_spawn_id" - catch "exec kill $ftpd_pid" - catch "wait -i $ftpd_spawn_id" - unset ftpd_pid - } -} - -# Test that a file was copied correctly. -proc check_file { filename {bigfile 0}} { - if ![file exists $filename] { - verbose "$filename does not exist" - send_log "$filename does not exist\n" - return 0 - } - - set file [open $filename r] - if { [gets $file line] == -1 } { - verbose "$filename is empty" - send_log "$filename is empty\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - - if {$bigfile} { - # + 1 for the newline - seek $file 1048577 current - if { [gets $file line] == -1 } { - verbose "$filename is truncated" - send_log "$filename is truncated\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - } - - if { [gets $file line] != -1} { - verbose "$filename is too long ($line)" - send_log "$filename is too long ($line)\n" - close $file - return 0 - } - - close $file - - return 1 -} - -# -# Restore environment variables possibly set. -# -proc ftp_restore_env { } { - global env - global ftp_save_ktname - - catch "unset env(KRB5_KTNAME)" - if [info exists ftp_save_ktname] { - set env(KRB5_KTNAME) $ftp_save_ktname - unset ftp_save_ktname - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc ftp_test { } { - global FTP - global KEY - global REALMNAME - global hostname - global localhostname - global env - global ftpd_spawn_id - global ftpd_pid - global spawn_id - global tmppwd - global ftp_save_ktname - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_random_key ftp/$hostname 0] \ - || ![modify_principal ftp/$hostname -kvno 254] \ - || ![setup_srvtab 0 ftp] \ - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![do_klist_kt $tmppwd/srvtab "gssftp keytab list"] - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - # Force the host key to exist, so we get consistent errors below. - catch "add_random_key host/$hostname 0" - - # - # Save settings of KRB5_KTNAME - # - if [info exists env(KRB5_KTNAME)] { - set ftp_save_ktname $env(KRB5_KTNAME) - } - - # - # set KRB5_KTNAME *incorrectly* - # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtabxx - verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - - # Force some auth errors. - set testname "ftp auth errors" - - # Start the ftp daemon. - start_ftp_daemon - - # Try connecting. - spawn $FTP -d -v $hostname [expr 8 + $portbase] - expect_after { - -re "--->\[^\r\n\]*\r\n" { exp_continue } - -re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue } - -re "sealed \[A-Z()\]*" { exp_continue } - -re "secure_command\[A-Z()\]*" { exp_continue } - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - expect -nocase "connected to $hostname" - expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready." - expect -re "Using authentication type GSSAPI; ADAT must follow" - expect "GSSAPI accepted as authentication type" - expect -re "Trying to authenticate to <ftp@.*>" - # The ftp client doesn't print the gssapi error except on the last attempt. -# expect "GSSAPI error major: Unspecified GSS failure." -# expect -re "GSSAPI error minor: Key table file '.*' not found" - expect -re "Trying to authenticate to <host@.*>" - expect "GSSAPI error major: Unspecified GSS failure." - expect -re "GSSAPI error minor: Key table file '.*' not found" - expect -re "Name (.*): " - close -i $spawn_id - wait -i $spawn_id - wait -i $ftpd_spawn_id - catch "close -i $ftpd_spawn_id" - - # - # set KRB5_KTNAME correctly now - # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtab - verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - - # Start the ftp daemon. - start_ftp_daemon - - # Make an ftp client connection to it. - spawn $FTP -d -v $hostname [expr 8 + $portbase] - - expect_after { - "GSSAPI authentication failed" { - fail "$testname (auth failed)" - catch "expect_after" - return - } - -re "--->\[^\r\n\]*\r\n" { exp_continue } - -re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue } - -re "sealed \[A-Z()\]*" { exp_continue } - -re "secure_command\[A-Z()\]*" { exp_continue } - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "ftp connection" - expect -nocase "connected to $hostname" - expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready." - expect -re "Using authentication type GSSAPI; ADAT must follow" - expect "GSSAPI accepted as authentication type" - expect { - "GSSAPI authentication succeeded" { pass "ftp authentication" } - eof { fail "ftp authentication" ; catch "expect_after" ; return } - } - expect -nocase "name ($hostname:$env(USER)): " - send "$env(USER)\r" - expect "GSSAPI user $env(USER)@$REALMNAME is authorized as $env(USER)" - expect "Remote system type is UNIX." - expect "Using binary mode to transfer files." - expect "ftp> " { - pass $testname - } - - set testname "binary" - send "binary\r" - expect "ftp> " { - pass $testname - } - - set testname "status" - send "status\r" - expect -nocase "connected to $hostname." - expect "Authentication type: GSSAPI" - expect "ftp> " { - pass $testname - } - - set testname "ls" - send "ls $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect -re ".* $tmppwd/ftp-test" - expect "ftp> " { - pass $testname - } - - set testname "nlist" - send "nlist $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for file list." - expect -re "$tmppwd/ftp-test" - expect -re ".* Transfer complete." - expect "ftp> " { - pass $testname - } - - set testname "ls missing" - send "ls $tmppwd/ftp-testmiss\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect { - -re "$tmppwd/ftp-testmiss not found" {} - -re "$tmppwd/ftp-testmiss: No such file or directory" - } - expect "ftp> " { - pass $testname - } - - - set testname "get" - catch "exec rm -f $tmppwd/copy" - send "get $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "put" - catch "exec rm -f $tmppwd/copy" - send "put $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/copy" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "cd" - send "cd $tmppwd\r" - expect "CWD command successful." - expect "ftp> " { - pass $testname - } - - set testname "lcd" - send "lcd $tmppwd\r" - expect "Local directory now $tmppwd" - expect "ftp> " { - pass $testname - } - - set testname "local get" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "big local get" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "start encryption" - send "private\r" - expect "Data channel protection level set to private" - expect "ftp> " { - pass $testname - } - - set testname "status" - send "status\r" - expect "Protection Level: private" - expect "ftp> " { - pass $testname - } - - set testname "encrypted get" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "big encrypted get" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect { - -timeout 300 - "Transfer complete" {} - -re "Length .* of PROT buffer > PBSZ" { - fail "$testname (PBSZ)" - return 0 - } - } - expect -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "close" - send "close\r" - expect "Goodbye." - expect "ftp> " - set status_list [wait -i $ftpd_spawn_id] - verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)" - catch "close -i $ftpd_spawn_id" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail $testname - } else { - pass $testname - unset ftpd_pid - } - - set testname "quit" - send "quit\r" - expect_after - expect eof - if [check_exit_status $testname] { - pass $testname - } -} - -run_once gssftp { - # Make sure .klogin is reasonable. - if ![check_k5login ftp] { - return - } - - # Set up the kerberos database. - if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return - } - - # Create a file to use for ftp testing. - set file [open $tmppwd/ftp-test w] - puts $file "This file is used for ftp testing." - close $file - - # Create a large file to use for ftp testing. File needs to be - # larger that 2^20 or 1MB for PBSZ testing. - set file [open $tmppwd/bigftp-test w] - puts $file "This file is used for ftp testing.\n" - seek $file 1048576 current - puts $file "This file is used for ftp testing." - close $file - - # The ftp client will look in $HOME/.netrc for the user name to use. - # To avoid confusing the testsuite, point $HOME at a directory where - # we know there is no .netrc file. - if [info exists env(HOME)] { - set home $env(HOME) - } elseif [info exists home] { - unset home - } - set env(HOME) $tmppwd - - # Run the test. Logging in sometimes takes a while, so increase the - # timeout. - set oldtimeout $timeout - set timeout 60 - set status [catch ftp_test msg] - set timeout $oldtimeout - - # Shut down the kerberos daemons and the ftp daemon. - stop_kerberos_daemons - - stop_ftp_daemon - - ftp_restore_env - - # Reset $HOME, for safety in case we are going to run more tests. - if [info exists home] { - set env(HOME) $home - } else { - unset env(HOME) - } - - if { $status != 0 } { - perror "error in gssftp.exp: $msg" - } -} diff --git a/src/tests/dejagnu/krb-standalone/rcp.exp b/src/tests/dejagnu/krb-standalone/rcp.exp deleted file mode 100644 index ab6a2c993b..0000000000 --- a/src/tests/dejagnu/krb-standalone/rcp.exp +++ /dev/null @@ -1,231 +0,0 @@ -# Kerberos rcp test. -# This is a DejaGnu test script. -# This script tests Kerberos rcp. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists RCP] { - set RCP [findfile $objdir/../../appl/bsd/rcp] -} - -if ![info exists KRSHD] { - set KRSHD [findfile $objdir/../../appl/bsd/kshd] -} - -# Remove old wrapper script - catch "exec rm -f $tmppwd/rcp" - -# Make sure .k5login is reasonable. -if ![check_k5login rcp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -# A procedure to start up the rsh daemon (rcp talks to the rsh -# daemon). - -proc start_rsh_daemon { } { - global REALMNAME - global KRSHD T_INETD - global RCP - global tmppwd - global krshd_spawn_id - global krshd_pid - global portbase - - # Setup the shared library wrapper for login.krb5 - if ![file exists $tmppwd/rcp] { - setup_wrapper $tmppwd/rcp "$RCP $*" - } - - - # The -L ENV_SET is for the I/S Athena brokeness in dot files where - # LD_LIBRARY_PATH will be overridden causing the "exec csh -c rcp ..." - # to fail as the .cshrc is read in. We do not use the -f option as - # a users shell might be sh... - # Later a proper fix would be to have kshd exec rcp directly - # shell indirection... - spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET - set krshd_spawn_id $spawn_id - set krshd_pid [exp_pid] - - expect { - -ex "Ready!" { } - eof { error "couldn't start t_inetd helper" } - } -} - -# A procedure to stop the rsh daemon. - -proc stop_rsh_daemon { } { - global krshd_spawn_id - global krshd_pid - - if [info exists krshd_pid] { - catch "exec kill $krshd_pid" - catch { - expect { - -i $krshd_spawn_id - -re ..* { exp_continue } - eof {} - } - } - catch "close -i $krshd_spawn_id" - catch "wait -i $krshd_spawn_id" - unset krshd_pid - } -} - -# Create a file to use for rcp testing. -set file [open $tmppwd/rcp-test w] -puts $file "This file is used for rcp testing." -close $file - -# Test that a file was copied correctly. -proc check_file { filename } { - if ![file exists $filename] { - verbose "$filename does not exist" - send_log "$filename does not exist\n" - return 0 - } - - set file [open $filename r] - if { [gets $file line] == -1 } { - verbose "$filename is empty" - send_log "$filename is empty\n" - close $file - return 0 - } - - if ![string match "This file is used for rcp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - - if { [gets $file line] != -1} { - verbose "$filename is too long ($line)" - send_log "$filename is too long ($line)\n" - close $file - return 0 - } - - close $file - - return 1 -} - -# Test copying one file to another. -proc rcp_one_test { testname options frompref topref } { - global REALMNAME - global RCP - global tmppwd - global portbase - - send_log "rm -f $tmppwd/copy\n" - verbose "exec rm -f $tmppwd/copy" - catch "exec rm -f $tmppwd/copy" - - set from [format "%s%s" $frompref $tmppwd/rcp-test] - set to [format "%s%s" $topref $tmppwd/copy] - - send_log "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to\n" - verbose "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" - catch "exec $RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" exec_output - - if ![string match "" $exec_output] { - send_log "$exec_output\n" - verbose "$exec_output" - fail $testname - return 0 - } - - if ![check_file $tmppwd/copy] { - fail $testname - return 0 - } - - pass $testname - - return 1 -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rcp_test { } { - global RCP - global KEY - global hostname - global hostname - global env - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - rcp_one_test "local rcp" "" "" "" - - start_rsh_daemon - rcp_one_test "rcp from" "" "$hostname:" "" - stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "rcp to" "" "" "$hostname:" - stop_rsh_daemon - - # Doing rcp between two hosts actually just executes rsh rcp on - # the source. We could test this, but we're not set up for it - # right now. Also, it's pretty much covered by the other rcp - # tests and by the rsh tests. - # start_rsh_daemon - # rcp_one_test "rcp between" "" "$hostname:" "$hostname:" - # stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "encrypted rcp from" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "$hostname:" "" - stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "encrypted rcp to" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "" "$hostname:" - stop_rsh_daemon - - # Doing rcp between two hosts actually just executes rsh rcp on - # the source. We could test this, but we're not set up for it - # right now. Also, it's pretty much covered by the other rcp - # tests and by the rsh tests. - # start_rsh_daemon - # rcp_one_test "encrypted rcp between" "-x" "$hostname:" "$hostname:" - # stop_rsh_daemon -} - -# Run the test. -set status [catch rcp_test msg] - -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons - -stop_rsh_daemon - -if { $status != 0 } { - send_error "ERROR: error in rcp.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/dejagnu/krb-standalone/rsh.exp b/src/tests/dejagnu/krb-standalone/rsh.exp deleted file mode 100644 index 050a71c914..0000000000 --- a/src/tests/dejagnu/krb-standalone/rsh.exp +++ /dev/null @@ -1,294 +0,0 @@ -# Kerberos rsh test. -# This is a DejaGnu test script. -# This script tests Kerberos rsh. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists RSH] { - set RSH [findfile $objdir/../../appl/bsd/rsh] -} - -if ![info exists KRSHD] { - set KRSHD [findfile $objdir/../../appl/bsd/kshd] -} - -if ![info exists KLIST] { - set KLIST [findfile $objdir/../../clients/klist/klist] -} - -# Make sure .k5login is reasonable. -if ![check_k5login rsh] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_db 0]} { - return -} - -# A procedure to start up the rsh daemon. - -proc start_rsh_daemon { option } { - global REALMNAME - global KRSHD T_INETD - global tmppwd - global krshd_spawn_id - global krshd_pid - global portbase - - spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -S $tmppwd/srvtab -M $REALMNAME -A $option - set krshd_spawn_id $spawn_id - set krshd_pid [exp_pid] - - expect { - -ex "Ready!" { } - eof { error "couldn't start t_inetd helper" } - } -} - -# A procedure to stop the rsh daemon. - -proc stop_rsh_daemon { } { - global krshd_spawn_id - global krshd_pid - - if [info exists krshd_pid] { - catch "exec kill $krshd_pid" - catch { - expect { - -i $krshd_spawn_id - -re ..* { exp_continue } - eof {} - } - } - catch "close -i $krshd_spawn_id" - catch "wait -i $krshd_spawn_id" - unset krshd_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rsh_test { } { - global REALMNAME - global KLIST - global RSH - global KEY - global BINSH - global hostname - global env - global spawn_id - global tmppwd - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![setup_kerberos_env client] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the rsh daemon. - start_rsh_daemon -k - - # Run rsh date. - set testname "date" - spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A date - expect { - -re "\[A-Za-z0-9\]+ \[A-Za-z0-9\]+ +\[0-9\]+ \[0-9\]+:\[0-9\]+:\[0-9\]+ \[A-Za-z0-9\]+ \[0-9\]+\r\n" { - set result $expect_out(0,string) - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - expect eof - if ![check_exit_status $testname] { - return - } - - if [check_date $result] { - pass $testname - } else { - fail $testname - } - - # The rsh daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rsh_daemon - - # Check encrypted rsh. - set failed no - start_rsh_daemon -ek - set testname "encrypted rsh" - spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A echo hello - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - set failed yes - } - eof { - fail "$testname (eof)" - set failed yes - } - } - - catch "expect eof" - if { $failed == "no" } { - if ![check_exit_status $testname] { - return - } - pass $testname - stop_rsh_daemon - } else { - catch "wait -i $spawn_id" - catch "close -i $spawn_id" - stop_rsh_daemon - } - - # Check ticket forwarding - set failed no - start_rsh_daemon -k - set testname "rsh forwarding tickets" - - # We need a wrapper for klist in order to setup for shared library - # runtime environment - setup_wrapper $tmppwd/klist.wrap $KLIST - - spawn $RSH $hostname -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap - expect { - "Ticket cache:*\r" { - expect eof - } - "klist: No credentials cache file found" { - fail "$testname (not forwarded)" - return - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - # Check encrypted ticket forwarding - set failed no - start_rsh_daemon -e - set testname "encrypted rsh forwarding tickets" - spawn $RSH $hostname -x -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap - expect { - "Ticket cache:*\r" { - expect eof - } - "klist: No credentials cache file found" { - fail "$testname (not forwarded)" - return - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - # Check stderr - start_rsh_daemon -k - set testname "rsh to stderr" - spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'" - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - start_rsh_daemon -e - set testname "encrypted rsh to stderr" - spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'" - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - # The rsh daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rsh_daemon -} - -# Run the test. -set status [catch rsh_test msg] - -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons - -stop_rsh_daemon - -if { $status != 0 } { - send_error "ERROR: error in rsh.exp\n" - send_error "$msg\n" - exit 1 -} |