Check in Nalin's patch, and a test case for changing passwords via kinit

when +needchange is set.  Update dependencies.

ticket: 5867

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20966 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 141 insertions, 0 deletions

diff --git a/src/tests/dejagnu/krb-standalone/pwchange.exp b/src/tests/dejagnu/krb-standalone/pwchange.exp
new file mode 100644
index 000000000..486ec058c
--- /dev/null
+++ b/src/tests/dejagnu/krb-standalone/pwchange.exp
@@ -0,0 +1,141 @@
+# Password-changing Kerberos test.
+# This is a DejaGnu test script.
+
+# Set up the Kerberos files and environment.
+if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+    return
+}
+
+# Initialize the Kerberos database.  The argument tells
+# setup_kerberos_db that it is being called from here.
+if ![setup_kerberos_db 0] {
+    return
+}
+
+# We are about to start up a couple of daemon processes.  We do all
+# the rest of the tests inside a proc, so that we can easily kill the
+# processes when the procedure ends.
+
+proc kinit_expecting_pwchange { name pass newpass } {
+    global REALMNAME
+    global KINIT
+    global spawn_id
+
+    # Use kinit to get a ticket.
+	#
+	# For now always get forwardable tickets. Later when we need to make
+	# tests that distiguish between forwardable tickets and otherwise
+	# we should but another option to this proc. --proven
+	#
+    spawn $KINIT -5 -f $name@$REALMNAME
+    expect {
+	"Password for $name@$REALMNAME:" {
+	    verbose "kinit started"
+	}
+	timeout {
+	    fail "kinit"
+	    return 0
+	}
+	eof {
+	    fail "kinit"
+	    return 0
+	}
+    }
+    send "$pass\r"
+    expect {
+	"Enter new password: " { }
+	timeout {
+	    fail "kinit (new password prompt)"
+	    return 0
+	}
+	eof {
+	    fail "kinit (new password prompt)"
+	    return 0
+	}
+    }
+    send "$newpass\r"
+    expect {
+	" again: " { }
+	timeout {
+	    fail "kinit (new password prompt2)"
+	    return 0
+	}
+	eof {
+	    fail "kinit (new password prompt2)"
+	    return 0
+	}
+    }
+    send "$newpass\r"
+    expect eof
+    if ![check_exit_status kinit] {
+	return 0
+    }
+
+    return 1
+}
+
+proc doit { } {
+    global REALMNAME
+    global KLIST
+    global KDESTROY
+    global KEY
+    global KADMIN_LOCAL
+    global KTUTIL
+    global hostname
+    global tmppwd
+    global spawn_id
+    global supported_enctypes
+    global KRBIV
+    global portbase
+    global mode
+
+    # Start up the kerberos and kadmind daemons.
+    if ![start_kerberos_daemons 0] {
+	return
+    }
+
+    # Use kadmin to add a key.
+    if ![add_kerberos_key pwchanger 0] {
+	return
+    }
+
+    spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger"
+    catch expect_after
+    expect {
+	timeout {
+	    fail "kadmin.local modprinc +needchange"
+	}
+	eof {
+	    pass "kadmin.local modprinc +needchange"
+	}
+    }
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)"
+    catch "close -i $spawn_id"
+
+    if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] {
+	return
+    }
+    pass "kinit (password change)"
+    if ![kinit pwchanger floople 0] {
+	return
+    }
+    pass "kinit (new password)"
+
+    # Destroy the ticket.
+    spawn $KDESTROY -5
+    if ![check_exit_status "kdestroy"] {
+	return
+    }
+    pass "kdestroy"
+}
+
+set status [catch doit msg]
+
+stop_kerberos_daemons
+
+if { $status != 0 } {
+    send_error "ERROR: error in pwchange.exp\n"
+    send_error "$msg\n"
+    exit 1
+}