diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-11-22 14:58:54 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-11-22 14:58:54 +0000 |
| commit | 14590b7c281e1fbf68afec2f3f4104b87e6010f4 (patch) | |
| tree | e3f6c44278d9a69c45fbabd4b93146a99aa29244 /src/tests/dejagnu | |
| parent | 829462f1ae36623021b57a03aa1e4e6bb2dfbb6d (diff) | |
| download | krb5-14590b7c281e1fbf68afec2f3f4104b87e6010f4.tar.gz krb5-14590b7c281e1fbf68afec2f3f4104b87e6010f4.tar.xz krb5-14590b7c281e1fbf68afec2f3f4104b87e6010f4.zip | |
Unbundle applications into separate repository
Remove libpty, gssftp, telnet, and the bsd applications from the
source tree, build system, and tests.
Docs still need to be updated to remove mentions of the applications.
The build system should be simplified now that we're down to one
configure script and don't need some of the functionality currently in
aclocal.m4.
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23305 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests/dejagnu')
| -rw-r--r-- | src/tests/dejagnu/krb-root/rlogin.exp | 322 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-root/telnet.exp | 451 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/gssftp.exp | 507 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/rcp.exp | 231 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/rsh.exp | 294 |
5 files changed, 0 insertions, 1805 deletions
diff --git a/src/tests/dejagnu/krb-root/rlogin.exp b/src/tests/dejagnu/krb-root/rlogin.exp deleted file mode 100644 index a0e8e4ff5..000000000 --- a/src/tests/dejagnu/krb-root/rlogin.exp +++ /dev/null @@ -1,322 +0,0 @@ -# Kerberos rlogin test. -# This is a DejaGnu test script. -# This script tests Kerberos rlogin. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists KRLOGIN] { - set KRLOGIN [findfile $objdir/../../appl/bsd/rlogin] -} - -if ![info exists KRLOGIND] { - set KRLOGIND [findfile $objdir/../../appl/bsd/klogind] -} - -if ![info exists LOGINKRB5] { - set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] -} - -# Start up a root shell. -if ![setup_root_shell rlogin] { - return -} - -# Make sure .k5login is reasonable. -if ![check_k5login rlogin] { - stop_root_shell - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return -} - -# A procedure to start up the rlogin daemon. - -proc start_rlogin_daemon { option } { - global REALMNAME - global KRLOGIND - global LOGINKRB5 - global ROOT_PROMPT - global tmppwd - global hostname - global rlogin_spawn_id - global krlogind_pid - global portbase - - # The -p argument tells it to accept a single connection, so we - # don't need to use inetd. The 3543 is the port to listen at. - # Note that tmppwd here is a shell variable, which is set in - # setup_root_shell, not a TCL variable. The sh -c is to workaround - # the broken controlling tty handling in hpux, and shouldn't hurt - # anything else. - send -i $rlogin_spawn_id "sh -c \"$KRLOGIND -k -c -D [expr 8 + $portbase] -S \$tmppwd/srvtab -M $REALMNAME -L $LOGINKRB5 $option\" &\r" - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - send -i $rlogin_spawn_id "echo \$!\r" - expect { - -i $rlogin_spawn_id - -re "\[0-9\]+" { - set krlogind_pid $expect_out(0,string) - verbose "krlogind process ID is $krlogind_pid" - } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - - # Give the rlogin daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the rlogin daemon. - -proc stop_rlogin_daemon { } { - global krlogind_pid - - if [info exists krlogind_pid] { - catch "exec kill $krlogind_pid" - unset krlogind_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rlogin_test { } { - global REALMNAME - global KRLOGIN - global BINSH - global SHELL_PROMPT - global KEY - global hostname - global hostname - global env - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the rlogin daemon. - start_rlogin_daemon -k - - # Make an rlogin connection. - spawn $KRLOGIN $hostname -k $REALMNAME -D [expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "onnection closed." { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "rlogin" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect "$BINSH" - expect -re "$SHELL_PROMPT" - - set testname "date" - send "date\r" - expect "date" - expect { - -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { - if [check_date $expect_out(0,string)] { - pass "date" - } else { - fail "date" - } - } - } - expect -re "$SHELL_PROMPT" - - set testname "exit" - send "exit\r" - expect -re "$SHELL_PROMPT" - send "exit\r" - expect { - "onnection closed." { - pass $testname - } - } - # This last expect seems useless, but without it the rlogin process - # sometimes hangs on HP-UX, in a tcsetattr call with TCSADRAIN. - expect { - "\r" { } - } - - expect_after - - if [check_exit_status "exit status"] { - pass "exit status" - } - - # The rlogin daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rlogin_daemon - - # Try an encrypted connection. - start_rlogin_daemon -e - spawn $KRLOGIN $hostname -x -k $REALMNAME -D [expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "onnection closed" { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "encrypted rlogin" - expect -re "encrypting .* transmissions" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect "$BINSH" - expect -re "$SHELL_PROMPT" - - # Make sure the encryption is not destroying the text. - set testname "echo" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Send some characters which might cause an interrupt, and then - # make sure we can still talk to the shell. - set testname "interrupt characters" - send "\003\177\034\r" - expect -re "$SHELL_PROMPT" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - set testname "~." - send "~." - expect { - "Closed connection.\r" { - pass $testname - } - "onnection closed" { - pass $testname - } - } - - expect_after - - if [check_exit_status "exit status"] { - pass "exit status" - } - - # The rlogin daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rlogin_daemon -} - -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch rlogin_test msg] -set timeout $oldtimeout - -# Shut down the kerberos daemons, the rlogin daemon, and the root -# process. -stop_kerberos_daemons - -stop_rlogin_daemon - -stop_root_shell - -if { $status != 0 } { - send_error "ERROR: error in rlogin.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp deleted file mode 100644 index 17095b336..000000000 --- a/src/tests/dejagnu/krb-root/telnet.exp +++ /dev/null @@ -1,451 +0,0 @@ -# Kerberos telnet test. -# This is a DejaGnu test script. -# This script tests Kerberos telnet. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists TELNET] { - set TELNET [findfile $objdir/../../appl/telnet/telnet/telnet] -} - -if ![info exists TELNETD] { - set TELNETD [findfile $objdir/../../appl/telnet/telnetd/telnetd] -} - -if ![info exists LOGINKRB5] { - set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5] -} - -if ![regexp des- $supported_enctypes] { - # Telnet needs a DES enctype. - verbose "Skipping telnet tests for lack of DES support." - return -} - -# A procedure to start up the telnet daemon. - -proc start_telnet_daemon { args } { - global REALMNAME - global TELNETD - global LOGINKRB5 - global ROOT_PROMPT - global tmppwd - global hostname - global rlogin_spawn_id - global telnetd_pid - global portbase - - # Setup the shared library wrapper for login.krb5 - if ![file exists $tmppwd/login.wrap] { - setup_wrapper $tmppwd/login.wrap "$LOGINKRB5 $*" - } - - # The -debug argument tells it to accept a single connection, so - # we don't need to use inetd. The portbase+8 is the port to listen at. - # Note that tmppwd here is a shell variable, which is set in - # setup_root_shell, not a TCL variable. - send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r" - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - send -i $rlogin_spawn_id "echo \$!\r" - expect { - -i $rlogin_spawn_id - -re "\[0-9\]+" { - set telnetd_pid $expect_out(0,string) - verbose "telnetd process ID is $telnetd_pid" - } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - expect { - -i $rlogin_spawn_id - -re "$ROOT_PROMPT" { } - timeout { - send_error "ERROR: timeout from rlogin $hostname -l root\n" - return - } - eof { - send_error "ERROR: eof from rlogin $hostname -l root\n" - return - } - } - - # Give the telnet daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the telnet daemon. - -proc stop_telnet_daemon { } { - global telnetd_pid - - if [info exists telnetd_pid] { - catch "exec kill $telnetd_pid" - unset telnetd_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc telnet_test { } { - global REALMNAME - global TELNET - global BINSH - global SHELL_PROMPT - global KEY - global hostname - global localhostname - global env - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the telnet daemon. - start_telnet_daemon - - # Start up our telnet connection. We first try it without - # authentication, so the daemon should prompt for a login. - spawn $TELNET -- $hostname -[expr 8 + $portbase] - set telnet_pid [exp_pid] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "simple telnet" - expect { - "ogin: " { - pass $testname - } - } - - # Move back to telnet command mode and make sure it seems - # reasonable. - set testname "telnet command mode" - send "\035" - expect { - "telnet> " { - pass $testname - } - } - - set testname "telnet status" - send "status\r" - # use -nocase because telnet may output the fqdn in upper-case; - # however, -nocase requires the whole pattern to be in lower case - expect { - -nocase -re "connected to $localhostname.*operating in single character mode.*catching signals locally.*remote character echo.*flow control.*escape character is '.\]'" { - pass $testname - } - } - - set testname "back to command mode" - - # For some reason, the telnet client doesn't necessarily reset the - # terminal mode back to raw after exiting command mode. - # Kick it somewhat by sending a CR. - send "\r" - expect "ogin: " - - send "\035" - expect { - "telnet> " { - pass $testname - } - } - - set testname "quit" - send "quit\r" - expect { - "Connection closed.\r" { - pass $testname - } - } - - expect_after - -# on hpux 10.x, the child telnet will hang in an ioctl(). This will -# wait a while for an EOF, and kill the process if it doesn't exit by -# itself. The hang doesn't happen when telnet is run at the shell. - - expect { - eof { } - timeout { - stop_telnet_daemon - } - } - - if ![check_exit_status "exit status"] { - return - } - - pass "exit status" - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - # Try an authenticated connection. - start_telnet_daemon - spawn $TELNET -a -k $REALMNAME -- $hostname -[expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - "Connection closed by foreign host.\r" { - fail "$testname (connection closed)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "authenticated telnet" - expect "Kerberos V5 accepts you" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Switch to /bin/sh to try to avoid confusion from the shell - # prompt. - set testname "shell" - send "$BINSH\r" - expect -re "$SHELL_PROMPT" - - set testname "date" - send "date\r" - expect "date" - expect { - -re "\[A-Za-z0-9 :\]+\[\r\n\]+" { - if [check_date $expect_out(0,string)] { - pass "date" - } else { - fail "date" - } - } - } - expect -re "$SHELL_PROMPT" - - set testname "exit" - send "exit\r" - expect -re "$SHELL_PROMPT" - send "exit\r" - expect { - "Connection closed by foreign host.\r" { - pass $testname - } - } - - expect_after - catch "expect eof" - - # We can't use check_exit_status, because we expect an exit status - # of 1. - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list (klist)" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail "exit status" - } else { - pass "exit status" - } - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - # Try an authenticated encrypted connection. - start_telnet_daemon - spawn $TELNET -a -x -k $REALMNAME -- $hostname -[expr 8 + $portbase] - - expect_after { - timeout { - fail $testname - catch "expect_after" - return - } - eof { - fail $testname - catch "expect_after" - return - } - } - - set testname "encrypted telnet" - expect "Kerberos V5 accepts you" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Make sure the encryption is not destroying the text. - set testname "echo" - send "echo hello\r" - expect "echo hello" - expect "hello" - expect { - -re "$SHELL_PROMPT" { - pass $testname - } - } - - # Move back to telnet command mode and check the encryption status. - set testname "encryption status" - send "\035" - expect "telnet> " - send "status\r" - expect { - -re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" { - pass $testname - } - } - - set testname "exit status" - send "exit\r" - expect "Connection closed by foreign host.\r" - - expect_after - catch "expect eof" - - # We can't use check_exit_status, because we expect an exit status - # of 1. - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list (klist)" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail "exit status" - } else { - pass "exit status" - } - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon - - set testname "reject unencrypted telnet" - # Check rejection of unencrypted client when encryption is required - start_telnet_daemon -e - - # unencrypted, unauthenticated - spawn $TELNET -- $hostname -[expr 8 + $portbase] - expect_after { - timeout { - fail $testname - catch "expect_after" - return - } - eof { - fail $testname - catch "expect_after" - return - } - } - - expect { - -re "Unencrypted connection refused.*\n" { - pass $testname - } - } - catch "expect_after" - catch "expect eof" - catch wait - - # The telnet daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_telnet_daemon -} - -run_once telnet { - # Remove old wrapper script - catch "exec rm -f $tmppwd/login.wrap" - - # Start up a root shell. - if ![setup_root_shell telnet] { - return - } - - # Make sure .k5login is reasonable. - if ![check_k5login rlogin] { - stop_root_shell - return - } - - # Set up the kerberos database. - if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return - } - - # Run the test. Logging in sometimes takes a while, so increase the - # timeout. - set oldtimeout $timeout - set timeout 60 - set status [catch telnet_test msg] - set timeout $oldtimeout - - # Shut down the kerberos daemons, the telnet daemon, and the rlogin - # process. - stop_kerberos_daemons - - stop_telnet_daemon - - stop_root_shell - - if { $status != 0 } { - send_error "ERROR: error in telnet.exp\n" - send_error "$msg\n" - exit 1 - } -} diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp deleted file mode 100644 index 42dc94c75..000000000 --- a/src/tests/dejagnu/krb-standalone/gssftp.exp +++ /dev/null @@ -1,507 +0,0 @@ -# Kerberos ftp test. -# This is a DejaGnu test script. -# This script tests Kerberos ftp. -# Originally written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. -# Modified bye Ezra Peisach for GSSAPI support. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/build/tests/dejagnu - -if ![info exists FTP] { - set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp] -} - -if ![info exists FTPD] { - set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd] -} - -# A procedure to start up the ftp daemon. - -proc start_ftp_daemon { } { - global FTPD - global tmppwd - global ftpd_spawn_id - global ftpd_pid - global portbase - - # The -p argument tells it to accept a single connection, so we - # don't need to use inetd. Portbase+8 is the port to listen at. - # We rely on KRB5_KTNAME being set to the proper keyfile as there is - # no way to cleanly set it with the gssapi API. - # The -U argument tells it to use an alternate ftpusers file (using - # /dev/null will allow root to login regardless of /etc/ftpusers). - # The -a argument requires authorization, to mitigate any - # vulnerability introduced by circumventing ftpusers. - spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb5.conf - set ftpd_spawn_id $spawn_id - set ftpd_pid [exp_pid] - - # Give the ftp daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the ftp daemon. - -proc stop_ftp_daemon { } { - global ftpd_spawn_id - global ftpd_pid - - if [info exists ftpd_pid] { - catch "close -i $ftpd_spawn_id" - catch "exec kill $ftpd_pid" - catch "wait -i $ftpd_spawn_id" - unset ftpd_pid - } -} - -# Test that a file was copied correctly. -proc check_file { filename {bigfile 0}} { - if ![file exists $filename] { - verbose "$filename does not exist" - send_log "$filename does not exist\n" - return 0 - } - - set file [open $filename r] - if { [gets $file line] == -1 } { - verbose "$filename is empty" - send_log "$filename is empty\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - - if {$bigfile} { - # + 1 for the newline - seek $file 1048577 current - if { [gets $file line] == -1 } { - verbose "$filename is truncated" - send_log "$filename is truncated\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - } - - if { [gets $file line] != -1} { - verbose "$filename is too long ($line)" - send_log "$filename is too long ($line)\n" - close $file - return 0 - } - - close $file - - return 1 -} - -# -# Restore environment variables possibly set. -# -proc ftp_restore_env { } { - global env - global ftp_save_ktname - - catch "unset env(KRB5_KTNAME)" - if [info exists ftp_save_ktname] { - set env(KRB5_KTNAME) $ftp_save_ktname - unset ftp_save_ktname - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc ftp_test { } { - global FTP - global KEY - global REALMNAME - global hostname - global localhostname - global env - global ftpd_spawn_id - global ftpd_pid - global spawn_id - global tmppwd - global ftp_save_ktname - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_random_key ftp/$hostname 0] \ - || ![modify_principal ftp/$hostname -kvno 254] \ - || ![setup_srvtab 0 ftp] \ - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![xst $tmppwd/srvtab ftp/$hostname] - || ![do_klist_kt $tmppwd/srvtab "gssftp keytab list"] - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - # Force the host key to exist, so we get consistent errors below. - catch "add_random_key host/$hostname 0" - - # - # Save settings of KRB5_KTNAME - # - if [info exists env(KRB5_KTNAME)] { - set ftp_save_ktname $env(KRB5_KTNAME) - } - - # - # set KRB5_KTNAME *incorrectly* - # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtabxx - verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - - # Force some auth errors. - set testname "ftp auth errors" - - # Start the ftp daemon. - start_ftp_daemon - - # Try connecting. - spawn $FTP -d -v $hostname [expr 8 + $portbase] - expect_after { - -re "--->\[^\r\n\]*\r\n" { exp_continue } - -re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue } - -re "sealed \[A-Z()\]*" { exp_continue } - -re "secure_command\[A-Z()\]*" { exp_continue } - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - expect -nocase "connected to $hostname" - expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready." - expect -re "Using authentication type GSSAPI; ADAT must follow" - expect "GSSAPI accepted as authentication type" - expect -re "Trying to authenticate to <ftp@.*>" - # The ftp client doesn't print the gssapi error except on the last attempt. -# expect "GSSAPI error major: Unspecified GSS failure." -# expect -re "GSSAPI error minor: Key table file '.*' not found" - expect -re "Trying to authenticate to <host@.*>" - expect "GSSAPI error major: Unspecified GSS failure." - expect -re "GSSAPI error minor: Key table file '.*' not found" - expect -re "Name (.*): " - close -i $spawn_id - wait -i $spawn_id - wait -i $ftpd_spawn_id - catch "close -i $ftpd_spawn_id" - - # - # set KRB5_KTNAME correctly now - # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtab - verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - - # Start the ftp daemon. - start_ftp_daemon - - # Make an ftp client connection to it. - spawn $FTP -d -v $hostname [expr 8 + $portbase] - - expect_after { - "GSSAPI authentication failed" { - fail "$testname (auth failed)" - catch "expect_after" - return - } - -re "--->\[^\r\n\]*\r\n" { exp_continue } - -re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue } - -re "sealed \[A-Z()\]*" { exp_continue } - -re "secure_command\[A-Z()\]*" { exp_continue } - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "ftp connection" - expect -nocase "connected to $hostname" - expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready." - expect -re "Using authentication type GSSAPI; ADAT must follow" - expect "GSSAPI accepted as authentication type" - expect { - "GSSAPI authentication succeeded" { pass "ftp authentication" } - eof { fail "ftp authentication" ; catch "expect_after" ; return } - } - expect -nocase "name ($hostname:$env(USER)): " - send "$env(USER)\r" - expect "GSSAPI user $env(USER)@$REALMNAME is authorized as $env(USER)" - expect "Remote system type is UNIX." - expect "Using binary mode to transfer files." - expect "ftp> " { - pass $testname - } - - set testname "binary" - send "binary\r" - expect "ftp> " { - pass $testname - } - - set testname "status" - send "status\r" - expect -nocase "connected to $hostname." - expect "Authentication type: GSSAPI" - expect "ftp> " { - pass $testname - } - - set testname "ls" - send "ls $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect -re ".* $tmppwd/ftp-test" - expect "ftp> " { - pass $testname - } - - set testname "nlist" - send "nlist $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for file list." - expect -re "$tmppwd/ftp-test" - expect -re ".* Transfer complete." - expect "ftp> " { - pass $testname - } - - set testname "ls missing" - send "ls $tmppwd/ftp-testmiss\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect { - -re "$tmppwd/ftp-testmiss not found" {} - -re "$tmppwd/ftp-testmiss: No such file or directory" - } - expect "ftp> " { - pass $testname - } - - - set testname "get" - catch "exec rm -f $tmppwd/copy" - send "get $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "put" - catch "exec rm -f $tmppwd/copy" - send "put $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/copy" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "cd" - send "cd $tmppwd\r" - expect "CWD command successful." - expect "ftp> " { - pass $testname - } - - set testname "lcd" - send "lcd $tmppwd\r" - expect "Local directory now $tmppwd" - expect "ftp> " { - pass $testname - } - - set testname "local get" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "big local get" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "start encryption" - send "private\r" - expect "Data channel protection level set to private" - expect "ftp> " { - pass $testname - } - - set testname "status" - send "status\r" - expect "Protection Level: private" - expect "ftp> " { - pass $testname - } - - set testname "encrypted get" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "big encrypted get" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect { - -timeout 300 - "Transfer complete" {} - -re "Length .* of PROT buffer > PBSZ" { - fail "$testname (PBSZ)" - return 0 - } - } - expect -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "close" - send "close\r" - expect "Goodbye." - expect "ftp> " - set status_list [wait -i $ftpd_spawn_id] - verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)" - catch "close -i $ftpd_spawn_id" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail $testname - } else { - pass $testname - unset ftpd_pid - } - - set testname "quit" - send "quit\r" - expect_after - expect eof - if [check_exit_status $testname] { - pass $testname - } -} - -run_once gssftp { - # Make sure .klogin is reasonable. - if ![check_k5login ftp] { - return - } - - # Set up the kerberos database. - if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return - } - - # Create a file to use for ftp testing. - set file [open $tmppwd/ftp-test w] - puts $file "This file is used for ftp testing." - close $file - - # Create a large file to use for ftp testing. File needs to be - # larger that 2^20 or 1MB for PBSZ testing. - set file [open $tmppwd/bigftp-test w] - puts $file "This file is used for ftp testing.\n" - seek $file 1048576 current - puts $file "This file is used for ftp testing." - close $file - - # The ftp client will look in $HOME/.netrc for the user name to use. - # To avoid confusing the testsuite, point $HOME at a directory where - # we know there is no .netrc file. - if [info exists env(HOME)] { - set home $env(HOME) - } elseif [info exists home] { - unset home - } - set env(HOME) $tmppwd - - # Run the test. Logging in sometimes takes a while, so increase the - # timeout. - set oldtimeout $timeout - set timeout 60 - set status [catch ftp_test msg] - set timeout $oldtimeout - - # Shut down the kerberos daemons and the ftp daemon. - stop_kerberos_daemons - - stop_ftp_daemon - - ftp_restore_env - - # Reset $HOME, for safety in case we are going to run more tests. - if [info exists home] { - set env(HOME) $home - } else { - unset env(HOME) - } - - if { $status != 0 } { - perror "error in gssftp.exp: $msg" - } -} diff --git a/src/tests/dejagnu/krb-standalone/rcp.exp b/src/tests/dejagnu/krb-standalone/rcp.exp deleted file mode 100644 index ab6a2c993..000000000 --- a/src/tests/dejagnu/krb-standalone/rcp.exp +++ /dev/null @@ -1,231 +0,0 @@ -# Kerberos rcp test. -# This is a DejaGnu test script. -# This script tests Kerberos rcp. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists RCP] { - set RCP [findfile $objdir/../../appl/bsd/rcp] -} - -if ![info exists KRSHD] { - set KRSHD [findfile $objdir/../../appl/bsd/kshd] -} - -# Remove old wrapper script - catch "exec rm -f $tmppwd/rcp" - -# Make sure .k5login is reasonable. -if ![check_k5login rcp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -# A procedure to start up the rsh daemon (rcp talks to the rsh -# daemon). - -proc start_rsh_daemon { } { - global REALMNAME - global KRSHD T_INETD - global RCP - global tmppwd - global krshd_spawn_id - global krshd_pid - global portbase - - # Setup the shared library wrapper for login.krb5 - if ![file exists $tmppwd/rcp] { - setup_wrapper $tmppwd/rcp "$RCP $*" - } - - - # The -L ENV_SET is for the I/S Athena brokeness in dot files where - # LD_LIBRARY_PATH will be overridden causing the "exec csh -c rcp ..." - # to fail as the .cshrc is read in. We do not use the -f option as - # a users shell might be sh... - # Later a proper fix would be to have kshd exec rcp directly - # shell indirection... - spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET - set krshd_spawn_id $spawn_id - set krshd_pid [exp_pid] - - expect { - -ex "Ready!" { } - eof { error "couldn't start t_inetd helper" } - } -} - -# A procedure to stop the rsh daemon. - -proc stop_rsh_daemon { } { - global krshd_spawn_id - global krshd_pid - - if [info exists krshd_pid] { - catch "exec kill $krshd_pid" - catch { - expect { - -i $krshd_spawn_id - -re ..* { exp_continue } - eof {} - } - } - catch "close -i $krshd_spawn_id" - catch "wait -i $krshd_spawn_id" - unset krshd_pid - } -} - -# Create a file to use for rcp testing. -set file [open $tmppwd/rcp-test w] -puts $file "This file is used for rcp testing." -close $file - -# Test that a file was copied correctly. -proc check_file { filename } { - if ![file exists $filename] { - verbose "$filename does not exist" - send_log "$filename does not exist\n" - return 0 - } - - set file [open $filename r] - if { [gets $file line] == -1 } { - verbose "$filename is empty" - send_log "$filename is empty\n" - close $file - return 0 - } - - if ![string match "This file is used for rcp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - - if { [gets $file line] != -1} { - verbose "$filename is too long ($line)" - send_log "$filename is too long ($line)\n" - close $file - return 0 - } - - close $file - - return 1 -} - -# Test copying one file to another. -proc rcp_one_test { testname options frompref topref } { - global REALMNAME - global RCP - global tmppwd - global portbase - - send_log "rm -f $tmppwd/copy\n" - verbose "exec rm -f $tmppwd/copy" - catch "exec rm -f $tmppwd/copy" - - set from [format "%s%s" $frompref $tmppwd/rcp-test] - set to [format "%s%s" $topref $tmppwd/copy] - - send_log "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to\n" - verbose "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" - catch "exec $RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" exec_output - - if ![string match "" $exec_output] { - send_log "$exec_output\n" - verbose "$exec_output" - fail $testname - return 0 - } - - if ![check_file $tmppwd/copy] { - fail $testname - return 0 - } - - pass $testname - - return 1 -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rcp_test { } { - global RCP - global KEY - global hostname - global hostname - global env - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - rcp_one_test "local rcp" "" "" "" - - start_rsh_daemon - rcp_one_test "rcp from" "" "$hostname:" "" - stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "rcp to" "" "" "$hostname:" - stop_rsh_daemon - - # Doing rcp between two hosts actually just executes rsh rcp on - # the source. We could test this, but we're not set up for it - # right now. Also, it's pretty much covered by the other rcp - # tests and by the rsh tests. - # start_rsh_daemon - # rcp_one_test "rcp between" "" "$hostname:" "$hostname:" - # stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "encrypted rcp from" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "$hostname:" "" - stop_rsh_daemon - - start_rsh_daemon - rcp_one_test "encrypted rcp to" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "" "$hostname:" - stop_rsh_daemon - - # Doing rcp between two hosts actually just executes rsh rcp on - # the source. We could test this, but we're not set up for it - # right now. Also, it's pretty much covered by the other rcp - # tests and by the rsh tests. - # start_rsh_daemon - # rcp_one_test "encrypted rcp between" "-x" "$hostname:" "$hostname:" - # stop_rsh_daemon -} - -# Run the test. -set status [catch rcp_test msg] - -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons - -stop_rsh_daemon - -if { $status != 0 } { - send_error "ERROR: error in rcp.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/dejagnu/krb-standalone/rsh.exp b/src/tests/dejagnu/krb-standalone/rsh.exp deleted file mode 100644 index 050a71c91..000000000 --- a/src/tests/dejagnu/krb-standalone/rsh.exp +++ /dev/null @@ -1,294 +0,0 @@ -# Kerberos rsh test. -# This is a DejaGnu test script. -# This script tests Kerberos rsh. -# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/src. - -if ![info exists RSH] { - set RSH [findfile $objdir/../../appl/bsd/rsh] -} - -if ![info exists KRSHD] { - set KRSHD [findfile $objdir/../../appl/bsd/kshd] -} - -if ![info exists KLIST] { - set KLIST [findfile $objdir/../../clients/klist/klist] -} - -# Make sure .k5login is reasonable. -if ![check_k5login rsh] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_db 0]} { - return -} - -# A procedure to start up the rsh daemon. - -proc start_rsh_daemon { option } { - global REALMNAME - global KRSHD T_INETD - global tmppwd - global krshd_spawn_id - global krshd_pid - global portbase - - spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -S $tmppwd/srvtab -M $REALMNAME -A $option - set krshd_spawn_id $spawn_id - set krshd_pid [exp_pid] - - expect { - -ex "Ready!" { } - eof { error "couldn't start t_inetd helper" } - } -} - -# A procedure to stop the rsh daemon. - -proc stop_rsh_daemon { } { - global krshd_spawn_id - global krshd_pid - - if [info exists krshd_pid] { - catch "exec kill $krshd_pid" - catch { - expect { - -i $krshd_spawn_id - -re ..* { exp_continue } - eof {} - } - } - catch "close -i $krshd_spawn_id" - catch "wait -i $krshd_spawn_id" - unset krshd_pid - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc rsh_test { } { - global REALMNAME - global KLIST - global RSH - global KEY - global BINSH - global hostname - global env - global spawn_id - global tmppwd - global portbase - - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_kerberos_key host/$hostname 0] \ - || ![setup_srvtab 0] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![setup_kerberos_env client] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start up the rsh daemon. - start_rsh_daemon -k - - # Run rsh date. - set testname "date" - spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A date - expect { - -re "\[A-Za-z0-9\]+ \[A-Za-z0-9\]+ +\[0-9\]+ \[0-9\]+:\[0-9\]+:\[0-9\]+ \[A-Za-z0-9\]+ \[0-9\]+\r\n" { - set result $expect_out(0,string) - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - expect eof - if ![check_exit_status $testname] { - return - } - - if [check_date $result] { - pass $testname - } else { - fail $testname - } - - # The rsh daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rsh_daemon - - # Check encrypted rsh. - set failed no - start_rsh_daemon -ek - set testname "encrypted rsh" - spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A echo hello - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - set failed yes - } - eof { - fail "$testname (eof)" - set failed yes - } - } - - catch "expect eof" - if { $failed == "no" } { - if ![check_exit_status $testname] { - return - } - pass $testname - stop_rsh_daemon - } else { - catch "wait -i $spawn_id" - catch "close -i $spawn_id" - stop_rsh_daemon - } - - # Check ticket forwarding - set failed no - start_rsh_daemon -k - set testname "rsh forwarding tickets" - - # We need a wrapper for klist in order to setup for shared library - # runtime environment - setup_wrapper $tmppwd/klist.wrap $KLIST - - spawn $RSH $hostname -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap - expect { - "Ticket cache:*\r" { - expect eof - } - "klist: No credentials cache file found" { - fail "$testname (not forwarded)" - return - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - # Check encrypted ticket forwarding - set failed no - start_rsh_daemon -e - set testname "encrypted rsh forwarding tickets" - spawn $RSH $hostname -x -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap - expect { - "Ticket cache:*\r" { - expect eof - } - "klist: No credentials cache file found" { - fail "$testname (not forwarded)" - return - } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - # Check stderr - start_rsh_daemon -k - set testname "rsh to stderr" - spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'" - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - stop_rsh_daemon - - start_rsh_daemon -e - set testname "encrypted rsh to stderr" - spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'" - expect { - "hello" { expect eof } - timeout { - fail "$testname (timeout)" - return - } - eof { - fail "$testname (eof)" - return - } - } - - if ![check_exit_status $testname] { - return - } - - pass $testname - - # The rsh daemon should have stopped, but we have no easy way - # of checking whether it actually did. Kill it just in case. - stop_rsh_daemon -} - -# Run the test. -set status [catch rsh_test msg] - -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons - -stop_rsh_daemon - -if { $status != 0 } { - send_error "ERROR: error in rsh.exp\n" - send_error "$msg\n" - exit 1 -} |