blob: 9792401c89e00f4d893d6f3347464b02a945c733 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# Password-changing Kerberos test.
# This is a DejaGnu test script.
# We are about to start up a couple of daemon processes. We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.
proc kinit_expecting_pwchange { name pass newpass } {
global REALMNAME
global KINIT
global spawn_id
# Use kinit to get a ticket.
#
# For now always get forwardable tickets. Later when we need to make
# tests that distiguish between forwardable tickets and otherwise
# we should but another option to this proc. --proven
#
spawn $KINIT -5 -f $name@$REALMNAME
expect {
"Password for $name@$REALMNAME:" {
verbose "kinit started"
}
timeout {
fail "kinit"
return 0
}
eof {
fail "kinit"
return 0
}
}
send "$pass\r"
expect {
"Enter new password: " { }
timeout {
fail "kinit (new password prompt)"
return 0
}
eof {
fail "kinit (new password prompt)"
return 0
}
}
send "$newpass\r"
expect {
" again: " { }
timeout {
fail "kinit (new password prompt2)"
return 0
}
eof {
fail "kinit (new password prompt2)"
return 0
}
}
send "$newpass\r"
expect eof
if ![check_exit_status kinit] {
return 0
}
return 1
}
proc doit { } {
global REALMNAME
global KLIST
global KDESTROY
global KEY
global KADMIN_LOCAL
global KTUTIL
global hostname
global tmppwd
global spawn_id
global supported_enctypes
global KRBIV
global portbase
global mode
# Start up the kerberos and kadmind daemons.
if ![start_kerberos_daemons 0] {
return
}
# Use kadmin to add a key.
if ![add_kerberos_key pwchanger 0] {
return
}
setup_kerberos_env kdc
spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger"
catch expect_after
expect {
timeout {
fail "kadmin.local modprinc +needchange"
}
eof {
pass "kadmin.local modprinc +needchange"
}
}
set k_stat [wait -i $spawn_id]
verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)"
catch "close -i $spawn_id"
setup_kerberos_env client
if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] {
return
}
pass "kinit (password change)"
if ![kinit pwchanger floople 0] {
return
}
pass "kinit (new password)"
# Destroy the ticket.
spawn $KDESTROY -5
if ![check_exit_status "kdestroy"] {
return
}
pass "kdestroy"
}
run_once pwchange {
# Set up the Kerberos files and environment.
if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
return
}
# Initialize the Kerberos database. The argument tells
# setup_kerberos_db that it is being called from here.
if ![setup_kerberos_db 0] {
return
}
set status [catch doit msg]
stop_kerberos_daemons
if { $status != 0 } {
send_error "ERROR: error in pwchange.exp\n"
send_error "$msg\n"
exit 1
}
}
|
