this commit includes all the changes on the OV_9510_INTEGRATION and

OV_MERGE branches.  This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964.  before committing, the
code was built and tested for netbsd and solaris.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 430 insertions, 0 deletions

diff --git a/src/lib/rpc/unit-test/testsuite/Makefile b/src/lib/rpc/unit-test/testsuite/Makefile
new file mode 100644
index 000000000..8a2cccdc2
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/Makefile
@@ -0,0 +1,24 @@
+#
+# $Id$
+#
+
+TOP = ../../..
+include $(TOP)/config.mk/template
+
+export RPC_TEST_SRVTAB := /tmp/rpc_test_v5srvtab
+
+unit-test:: unit-test-setup unit-test-body unit-test-cleanup
+
+unit-test-setup::
+	$(START_SERVERS)
+	./rpc_test_setup.sh
+
+unit-test-body::
+	$(RUNTEST) SERVER=../server CLIENT=../client --tool rpc_test
+
+unit-test-cleanup::
+	$(STOP_SERVERS)
+	-rm -f /tmp/rpc_test_v5srvtab /tmp/krb5cc_rpc_test_fullrun
+
+clean::
+	$(CLEAN) rpc_test.log rpc_test.plog rpc_test.sum rpc_test.psum
diff --git a/src/lib/rpc/unit-test/testsuite/config/unix.exp b/src/lib/rpc/unit-test/testsuite/config/unix.exp
new file mode 100644
index 000000000..030837d49
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/config/unix.exp
@@ -0,0 +1,79 @@
+#
+# $Id$
+#
+
+set kill /bin/kill
+set sleep /bin/sleep
+set kinit $env(TOP)/install/bin/kinit
+set kdestroy $env(TOP)/install/bin/kdestroy
+
+set hostname [exec hostname]
+
+proc rpc_test_version {} {
+	global CLIENT
+	global SERVER
+
+	clone_output "$CLIENT version <unknown>"
+	clone_output "$SERVER version <unknown>"
+}
+
+proc rpc_test_load {} {
+	#
+}
+
+# rpc_test_exit -- clean up and exit
+proc rpc_test_exit {} {
+	global server_id
+	global server_pid
+	global server_started
+	global kill
+
+ 	if {[catch {
+		expect {
+			-i $server_id
+			eof { 
+				fail "server exited!"
+				verbose $expect_out(buffer) 1
+			}
+			timeout { pass "server survived" }
+		}
+	} tmp]} {
+		fail "server exited! (expect failed)"
+	}
+}
+
+#
+# rpc_test_start -- start the rpc_test server running
+#
+proc rpc_test_start { } {
+ 	global SERVER
+	global server_id
+	global server_pid
+	global server_started
+	global env
+
+	set env(KRB5KTNAME) FILE:$env(RPC_TEST_SRVTAB)
+
+ 	verbose "% $SERVER" 1
+	set server_pid [spawn $SERVER]
+	set server_id $spawn_id
+
+	unset env(KRB5KTNAME)
+
+	set timeout 30
+
+	expect {
+		"running" { }
+		eof { 
+			fail "server exited!"
+			verbose $expect_out(buffer) 1
+		}
+		timeout { 
+			fail "server didn't start in $timeout seconds"
+			verbose $expect_out(buffer) 1
+		}
+	}
+
+}
+
+rpc_test_start
diff --git a/src/lib/rpc/unit-test/testsuite/helpers.exp b/src/lib/rpc/unit-test/testsuite/helpers.exp
new file mode 100644
index 000000000..1a37ad512
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/helpers.exp
@@ -0,0 +1,128 @@
+if {[info commands exp_version] != {}} {
+	set exp_version_4 [regexp {^4} [exp_version]]
+} else {
+	set exp_version_4 [regexp {^4} [expect_version]]
+}
+
+# Backward compatibility until we're using expect 5 everywhere
+if {$exp_version_4} {
+	global wait_error_index wait_errno_index wait_status_index
+	set wait_error_index 0
+	set wait_errno_index 1
+	set wait_status_index 1
+} else {
+	set wait_error_index 2
+	set wait_errno_index 3
+	set wait_status_index 3
+}
+				
+
+proc kinit {princ pass lifetime} {
+	global kinit
+	global wait_error_index wait_errno_index wait_status_index
+
+	spawn -noecho $kinit -l $lifetime $princ
+	expect {
+		-re "Password for $princ.*: " { send "$pass\n" }
+		timeout { error "Timeout waiting for kinit"; close }
+	}
+	expect { eof {} }
+
+	set ret [wait]
+	if {[lindex $ret $wait_error_index] == -1} {
+	 	error \
+	    "wait(kinit $princ) returned error [lindex $ret $wait_errno_index]"
+	} else {
+		if {[lindex $ret $wait_status_index] != 0} {
+			error \
+		    "kinit $princ failed with [lindex $ret $wait_status_index]"
+		}
+	}
+}
+
+proc flush_server {} {
+	global server_id
+	global expect_out
+
+	verbose "flushing server output" 1
+
+	while {1} {
+		set timeout 5
+
+		expect {
+			-i $server_id
+			-re "^.+$" {
+			    verbose "server output: $expect_out(buffer)"
+			}
+			timeout { break }
+		}
+	}
+}
+
+proc start_client {testname ccname user password lifetime count
+		  {target ""}} {
+	global env
+	global CLIENT
+	global hostname
+	global spawn_id
+	global verbose
+
+	if {$target == ""} {
+		set target "server@$hostname"
+	}
+
+	set env(KRB5CCNAME) FILE:/tmp/krb5cc_rpc_test_$ccname
+	kinit $user $password $lifetime
+
+	if {$verbose > 0} {
+		spawn $CLIENT -a 1 -s 1 -m 1 $hostname $target $count
+	} else {
+		spawn $CLIENT $hostname $target $count
+	}
+
+	verbose "$testname: client $ccname started"
+
+	unset env(KRB5CCNAME)
+}
+
+proc eof_client {testname ccname id status} {
+	verbose "$testname: eof'ing for client $ccname" 1
+
+	expect {
+		-i $id
+		eof { verbose $expect_out(buffer) 1 }
+		timeout { 
+			fail "$testname: timeout waiting for client $ccname to exit"
+		}
+	}
+	wait_client $testname $ccname $id $status
+}
+
+
+proc wait_client {testname ccname id status} {
+	global env
+	global kill
+	global kdestroy
+	global wait_error_index wait_errno_index wait_status_index
+
+	verbose "$testname: waiting for client $ccname" 1
+
+	set ret [wait -i $id]
+	if {[lindex $ret $wait_error_index] == -1} {
+		fail \
+       "$testname: wait $ccname returned error [lindex $ret $wait_errno_index]"
+	} else {
+		if {[lindex $ret $wait_status_index] == $status} {
+			pass "$testname: client $ccname"
+		} else {
+			fail "$testname: client $ccname: unexpected return status [lindex $ret $wait_status_index], should be $status."
+		}
+	}
+
+	set env(KRB5CCNAME) FILE:/tmp/krb5cc_rpc_test_$ccname
+ 	if {[catch "exec $kdestroy"] != 0} {
+ 		error "$testname: cannot destroy client $ccname ccache"
+ 	}
+
+	unset env(KRB5CCNAME)
+}
diff --git a/src/lib/rpc/unit-test/testsuite/rpc_test.0/expire.exp b/src/lib/rpc/unit-test/testsuite/rpc_test.0/expire.exp
new file mode 100644
index 000000000..d80bae6da
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/rpc_test.0/expire.exp
@@ -0,0 +1,21 @@
+set timeout 40
+
+load_lib "helpers.exp"
+
+global spawn_id
+
+start_client expire 1 testuser notathena 20m 100
+set client1_id $spawn_id
+flush_server
+
+start_client expire 2 testuser notathena 40m 300
+set client2_id $spawn_id
+flush_server
+
+start_client expire 3 testuser notathena 60m 500
+set client3_id $spawn_id
+flush_server
+
+eof_client expire 1 $client1_id 0
+eof_client expire 2 $client2_id 0
+eof_client expire 3 $client3_id 0
diff --git a/src/lib/rpc/unit-test/testsuite/rpc_test.0/fullrun.exp b/src/lib/rpc/unit-test/testsuite/rpc_test.0/fullrun.exp
new file mode 100644
index 000000000..6e8acf80e
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/rpc_test.0/fullrun.exp
@@ -0,0 +1,95 @@
+set timeout 120
+
+load_lib "helpers.exp"
+
+global spawn_id
+global server_id
+
+# Start the client and do a full run
+start_client "full run" fullrun testuser notathena 8 1026
+set client_id $spawn_id
+
+#
+# test: did we get 11 dots?
+#
+verbose "Starting RPC echo test.  This will take about 50 seconds.\n"
+
+set ver_line "rpc_test server: bad verifier\[^\r\n\]*\n"
+
+set dots 0
+set server_lines 0
+while {1} {
+	set oldtimeout $timeout
+	set timeout 5
+	while {1} {
+		expect {
+			-i $server_id
+			-re $ver_line {
+				verbose "Got line from server."
+				incr server_lines
+			}
+			default {
+				break
+			}
+		}
+	}
+	set timeout $oldtimeout
+	expect {
+		-i $client_id
+		. { 
+			incr dots
+			verbose "$expect_out(buffer)" 1
+			if ($dots==11) { break }
+		}
+		eof {
+			#
+			# test: was the exit status right?
+			#
+			wait_client "full run" fullrun $client_id 0
+			break
+		}
+
+		timeout { 
+			verbose "Timeout waiting for dot\n" 1
+			fail "full run: timeout waiting for dot"
+			break
+		}
+
+	}
+}
+if {$dots==11} {
+	pass "fullrun: echo test"
+} else {
+	fail "fullrun: echo test: expected 11 dots, got $dots"
+}
+
+#
+# test: server logged four bad verifiers?
+#
+verbose "full run: checking server output"
+
+# Small timeout, since the server should have already printed everything
+set timeout 5
+
+while {$server_lines < 4} {
+	expect {
+		-i $server_id
+		-re $ver_line {
+			incr server_lines
+		}
+		-re ".+\r\n" {
+			verbose "Unexpected server output: $expect_out(buffer)"
+		}
+		default {
+			break
+		}
+	}
+}
+
+if {$server_lines == 4} {
+	pass "fullrun: bad verifiers"
+} else {
+	fail "fullrun: expected four bad verifiers, got $server_lines"
+}
+
+flush_server
diff --git a/src/lib/rpc/unit-test/testsuite/rpc_test.0/gsserr.exp b/src/lib/rpc/unit-test/testsuite/rpc_test.0/gsserr.exp
new file mode 100644
index 000000000..f9d53052d
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/rpc_test.0/gsserr.exp
@@ -0,0 +1,27 @@
+set timeout 30
+
+load_lib "helpers.exp"
+
+global spawn_id
+global server_id
+global hostname
+
+start_client "gss err" gsserr testuser notathena 8 1026 notserver@$hostname
+
+eof_client "gss err" gsserr $spawn_id 2
+
+#
+# test: server logged an authentication attempted failed?
+#
+verbose "gss err: checking server output"
+
+expect {
+	-i $server_id
+	-re "rpc_test server: Authent.*failed: .* Wrong princ" {
+		pass "gss err: server logged auth error"
+	}
+	eof { fail "gss err: server exited" }
+	timeout { fail "gss err: timeout waiting for server output" }
+}
+
+flush_server
diff --git a/src/lib/rpc/unit-test/testsuite/rpc_test_setup.sh b/src/lib/rpc/unit-test/testsuite/rpc_test_setup.sh
new file mode 100644
index 000000000..2a97af4d3
--- /dev/null
+++ b/src/lib/rpc/unit-test/testsuite/rpc_test_setup.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# This script performs additional setup for the RPC unit test.  It
+# assumes that gmake has put TOP and RPC_TEST_SRVTAB into the
+# environment. 
+#
+# $Id$
+# $Source$
+
+DUMMY=${TESTDIR=$TOP/testing}
+DUMMY=${CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl}
+DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL
+DUMMY=${MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
+
+# If it's set, set it to true
+VERBOSE=${VERBOSE_TEST:+true}
+# Otherwise, set it to false
+DUMMY=${VERBOSE:=false}
+
+if $VERBOSE; then
+	REDIRECT=
+else
+	REDIRECT='>/dev/null'
+fi
+
+PATH=$TOP/install/admin:$PATH; export PATH
+
+CANON_HOST=`perl -e 'chop($_=\`hostname\`);($n,$a,$t,$l,@a)=gethostbyname($_);($_)=gethostbyaddr($a[0],$t); print;'`
+export CANON_HOST
+
+eval $CLNTTCL <<'EOF' $REDIRECT
+source $env(TCLUTIL)
+set h $env(CANON_HOST)
+puts stdout [ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
+puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin]
+puts stdout [ovsec_kadm_randkey_principal $server_handle server/$h key]
+puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin]
+puts stdout [ovsec_kadm_randkey_principal $server_handle notserver/$h key]
+puts stdout [ovsec_kadm_destroy $server_handle]
+EOF
+
+rm -f $RPC_TEST_SRVTAB
+
+eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_SRVTAB $REDIRECT
+
+grep -s "$CANON_HOST SECURE-TEST.OV.COM" /etc/krb.realms
+if [ $? != 0 ]; then
+	eval echo \"Adding \$CANON_HOST SECURE-TEST.OV.COM to /etc/krb.realms\" $REDIRECT
+	ed /etc/krb.realms <<EOF >/dev/null
+1i
+$CANON_HOST SECURE-TEST.OV.COM
+.
+w
+q
+EOF
+fi