src/tests/dejagnu/krb-standalone/princexpire.exp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

proc doit { } {
    global REALMNAME
    global KLIST
    global KINIT
    global KDESTROY
    global KEY
    global KADMIN_LOCAL
    global KTUTIL
    global hostname
    global tmppwd
    global spawn_id
    global supported_enctypes
    global KRBIV
    global portbase
    global mode

    set princ "expiredprinc"

    # Start up the kerberos and kadmind daemons.
    if ![start_kerberos_daemons 0] {
	return 1
    }

    # Use kadmin to add a key.
    if ![add_kerberos_key $princ 0] {
	return 1
    }

    setup_kerberos_env kdc

    set test "kadmin.local modprinc -expire"
    spawn $KADMIN_LOCAL -q "modprinc -expire \"2 days ago\" $princ"
    catch expect_after
    expect {
	timeout {
	    fail $test
	}
	eof {
	    pass $test
	}
    }
    set k_stat [wait -i $spawn_id]
    verbose "wait -i $spawn_id returned $k_stat ($test)"
    catch "close -i $spawn_id"

    set test "kadmin.local -pwexpire"
    spawn $KADMIN_LOCAL -q "modprinc -pwexpire \"2 days ago\" $princ"
    catch expect_after
    expect {
	timeout {
	    fail $test
	}
	eof {
	    pass $test
	}
    }
    set k_stat [wait -i $spawn_id]
    verbose "wait -i $spawn_id returned $k_stat ($test)"
    catch "close -i $spawn_id"

    setup_kerberos_env client
    spawn $KINIT -5 -k -t /dev/null $princ
    expect {
	"entry in database has expired" {
	    pass $test
	}
	"Password has expired" {
	    fail "$test (inappropriate password expiration message)"
	}
	timeout {
	    expect eof
	    fail "$test (timeout)"
	    return 0
	}
	eof {
	    fail "$test (eof)"
	    return 0
	}
    }
    expect eof
    return 0
}

run_once princexpire {
    # Set up the Kerberos files and environment.
    if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
	return
    }
    # Initialize the Kerberos database.  The argument tells
    # setup_kerberos_db that it is not being called from
    # standalone.exp.
    if ![setup_kerberos_db 0] {
	return
    }

    set status [catch doit msg]

    stop_kerberos_daemons

    if { $status != 0 } {
	send_error "ERROR: error in pwchange.exp\n"
	send_error "$msg\n"
	exit 1
    }
}