# Password-changing Kerberos test.
# This is a DejaGnu test script.

# We are about to start up a couple of daemon processes.  We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.

proc kinit_expecting_pwchange { name pass newpass } {
    global REALMNAME
    global KINIT
    global spawn_id

    # Use kinit to get a ticket.
	#
	# For now always get forwardable tickets. Later when we need to make
	# tests that distiguish between forwardable tickets and otherwise
	# we should but another option to this proc. --proven
	#
    spawn $KINIT -5 -f $name@$REALMNAME
    expect {
	"Password for $name@$REALMNAME:" {
	    verbose "kinit started"
	}
	timeout {
	    fail "kinit"
	    return 0
	}
	eof {
	    fail "kinit"
	    return 0
	}
    }
    send "$pass\r"
    expect {
	"Enter new password: " { }
	timeout {
	    fail "kinit (new password prompt)"
	    return 0
	}
	eof {
	    fail "kinit (new password prompt)"
	    return 0
	}
    }
    send "$newpass\r"
    expect {
	" again: " { }
	timeout {
	    fail "kinit (new password prompt2)"
	    return 0
	}
	eof {
	    fail "kinit (new password prompt2)"
	    return 0
	}
    }
    send "$newpass\r"
    expect eof
    if ![check_exit_status kinit] {
	return 0
    }

    return 1
}

proc doit { } {
    global REALMNAME
    global KLIST
    global KDESTROY
    global KEY
    global KADMIN_LOCAL
    global KTUTIL
    global hostname
    global tmppwd
    global spawn_id
    global supported_enctypes
    global KRBIV
    global portbase
    global mode

    # Start up the kerberos and kadmind daemons.
    if ![start_kerberos_daemons 0] {
	return
    }

    # Use kadmin to add a key.
    if ![add_kerberos_key pwchanger 0] {
	return
    }

    setup_kerberos_env kdc
    spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger"
    catch expect_after
    expect {
	timeout {
	    fail "kadmin.local modprinc +needchange"
	}
	eof {
	    pass "kadmin.local modprinc +needchange"
	}
    }
    set k_stat [wait -i $spawn_id]
    verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)"
    catch "close -i $spawn_id"

    setup_kerberos_env client
    if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] {
	return
    }
    pass "kinit (password change)"
    if ![kinit pwchanger floople 0] {
	return
    }
    pass "kinit (new password)"

    # Destroy the ticket.
    spawn $KDESTROY -5
    if ![check_exit_status "kdestroy"] {
	return
    }
    pass "kdestroy"
}

run_once pwchange {
    # Set up the Kerberos files and environment.
    if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
	return
    }

    # Initialize the Kerberos database.  The argument tells
    # setup_kerberos_db that it is being called from here.
    if ![setup_kerberos_db 0] {
	return
    }

    set status [catch doit msg]

    stop_kerberos_daemons

    if { $status != 0 } {
	send_error "ERROR: error in pwchange.exp\n"
	send_error "$msg\n"
	exit 1
    }
}