diff options
Diffstat (limited to 'src/kadmin/testing/scripts')
| -rw-r--r-- | src/kadmin/testing/scripts/Makefile.in | 31 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/compare_dump.plin | 242 | ||||
| -rw-r--r-- | src/kadmin/testing/scripts/deps | 1 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/env-setup.shin | 111 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/find-make.sh | 18 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/init_db | 232 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/make-host-keytab.plin | 144 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/qualname.plin | 19 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/simple_dump.plin | 88 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/start_servers | 71 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/start_servers_local | 161 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/stop_servers | 60 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/stop_servers_local | 44 | ||||
| -rwxr-xr-x | src/kadmin/testing/scripts/verify_xrunner_report.plin | 38 |
14 files changed, 1260 insertions, 0 deletions
diff --git a/src/kadmin/testing/scripts/Makefile.in b/src/kadmin/testing/scripts/Makefile.in new file mode 100644 index 000000000000..8c0d2362a12d --- /dev/null +++ b/src/kadmin/testing/scripts/Makefile.in @@ -0,0 +1,31 @@ +mydir=kadmin$(S)testing$(S)scripts +BUILDTOP=$(REL)..$(S)..$(S).. +PERL_PATH=@PERL_PATH@ + +.SUFFIXES: .plin .pl + +GEN_SCRIPTS = compare_dump.pl make-host-keytab.pl \ + simple_dump.pl verify_xrunner_report.pl qualname.pl + +all: env-setup.sh $(GEN_SCRIPTS) + +# Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5 +# makefile post-processing is unconditional and would trash the makefile. +env-setup.sh: env-setup.stamp +env-setup.stamp: $(srcdir)/env-setup.shin $(BUILDTOP)/config.status \ + Makefile + (cd $(BUILDTOP) && \ + CONFIG_FILES=$(mydir)/env-setup.sh:$(mydir)/env-setup.shin $(SHELL) \ + config.status) + chmod +x env-setup.sh + touch env-setup.stamp + +.plin.pl: + -rm -f $@.tmp + echo "#!$(PERL_PATH)" > $@.tmp + sed 1d $< >> $@.tmp + chmod +x $@.tmp + mv $@.tmp $@ + +clean: + -rm -f $(GEN_SCRIPTS) *.tmp env-setup.sh env-setup.stamp diff --git a/src/kadmin/testing/scripts/compare_dump.plin b/src/kadmin/testing/scripts/compare_dump.plin new file mode 100755 index 000000000000..df93df4a0014 --- /dev/null +++ b/src/kadmin/testing/scripts/compare_dump.plin @@ -0,0 +1,242 @@ +#!/usr/local/bin/perl + +# +# $Id$ +# + +# $debug = 1; + +sub usage { die "usage: $0 before after changes\n";} + +sub unique { + local(@list) = @_; + local(%ary); + + print "unique? ",join(" ",@list),"\n" if $debug; + + foreach (@list) { + return(0) if $ary{$_}++; + } + + 1; +} + +$before = shift(@ARGV) || &usage; +$debug++ if $before =~ /^-d/; +$before = shift(@ARGV) || &usage if $debug; +$after = shift(@ARGV) || &usage; +$changes = shift(@ARGV) || &usage; +@ARGV && &usage; + +%policy = + ( + "FIRST",2, + "pw_min_life",2, + "pw_max_life",3, + "pw_min_length",4, + "pw_min_classes",5, + "pw_history_num",6, + "policy_refcnt",7, + "LAST",7, + ); + +%princ = + ( + "FIRST",2, + "kvno",2, + "mod_name",3, + "max_life",4, + "princ_expire_time",5, + "expiration",5, + "pw_expiration",6, + "attributes",7, + "policy",8, + "aux_attributes",9, + "LAST",9, + ); + +%keytab = + ( + "LAST",-1, + ); + +sub re { # @_ = ($cnt, $line) + local($cnt, $line) = @_; + local(@fields) = split(' ',$line); + + @list = ('\S+') x $cnt; + for $f (@fields[3..$#fields]) { + ($f =~ /=/) || die "Bad field: $f in $_"; + if (!defined($this{$`})) { die "Bad parameter $` in $_"; } + + if (($list[$this{$`}] = $') eq '\S+') { + $list[$this{$`}] = '[^\s]+'; + } + } + + join('\s+',@list)."\$"; +} + +open(CHANGES, $changes) || die "Couldn't open $changes: $!\n"; + +while(<CHANGES>) { + next if s/^\s*\#\#\!\s*\#//; + next if !s/^\s*\#\#\!\s*//; + + split; + + if ($_[1] =~ /princ/) { + %this = %princ; + $this = "princ"; + } elsif ($_[1] =~ /policy/) { + %this = %policy; + $this = "policy"; + } elsif ($_[1] =~ /keytab/) { + %this = %keytab; + $this = $_[1]; + } else { + die "Bad line: $_"; + } + + $cnt = $this{"LAST"}+1; + + if ($_[0] =~ /add/) { + $diff{"+$this\t$_[2]"} = &re($cnt,$_); + } elsif ($_[0] =~ /delete/) { + $diff{"-$this\t$_[2]"} = &re($cnt,$_); + } elsif ($_[0] =~ /changefrom/) { + $diff{"-$this\t$_[2]"} = &re($cnt,$_); + } elsif ($_[0] =~ /changeto/) { + $ndiff{"-$this\t$_[2]"} = &re($cnt,$_); + } else { + die "Bad line: $_"; + } +} + +close(CHANGES); + +if ($debug) { + for (keys %diff) { + print " %diff: \"$_\" /$diff{$_}/\n"; + } + + for (keys %ndiff) { + print "%ndiff: \"$_\" /$ndiff{$_}/\n"; + } + + print "\n"; +} + +open(DIFF,"gdiff -u0 $before $after|") || die "Couldn't diff: $!\n"; + +$warnings = 0; + +while(<DIFF>) { + next if /^\+{3}/; + next if /^\-{3}/; + next if /^@@/; + + print "LINE: $_" if $debug; + + split; + + $key = "$_[0]\t$_[1]"; + $re = $diff{$key}; + + delete $diff{$key}; + + print "%diff: \"$key\" /$re/\n" if $debug; + + if (!$re) { + warn "Unexpected: \"$key\"\n"; + $warnings++; + next; + } + + if (!/$re/) { + warn "Failed: $key\n"; + $warnings++; + next; + } + + if ($new = $ndiff{$key}) { + delete $ndiff{$key}; + + @new = split(/\\s\+/, $new); + for ($i=1;$i<@new;$i++) { + print "NEW: $new[$i]\n" if $debug; + + if ($new[$i] ne '\S+') { + $_[$i] = $new[$i]; + } + } + $_[0] =~ s/^\-//; + $key =~ s/^\-/\+/; + + $diff{$key} = join("\t",@_); + } +} + +close(DIFF); + +open(BEFORE, $before) || die "Couldn't open $before: $!\n"; + +while(<BEFORE>) { + next if !/^keytab/; + + split; + + if (!$seen{$key = $_[0]." ".$_[1]}++) { + $key =~ s/-\d+$//; + $ktkeys{$key} .= " ".$_[2]; + $kttimes{$key} .= " ".$_[3]; + } +} + +close(BEFORE); + +open(AFTER, $after) || die "Couldn't open $after: $!\n"; + +while(<AFTER>) { + next if !/^keytab/; + + split; + + if (!$seen{$key = $_[0]." ".$_[1]}++) { + $key =~ s/-\d+$//; + $ktkeys{$key} .= " ".$_[2]; + $kttimes{$key} .= " ".$_[3]; + } +} + +close(AFTER); + +for (keys %diff) { + warn "Unseen: \"$_\" /$diff{$_}/\n"; + $warnings++; +} + +for (keys %ndiff) { + warn "Unseen changes: \"$_\" /$ndiff{$_}/\n"; + $warnings++; +} + +for (keys %ktkeys) { + if (!&unique(split(' ',$ktkeys{$_}))) { + warn "Some keys not unique for $_\n"; + $warnings++; + } +} + +for (keys %kttimes) { + if (!&unique(split(' ',$kttimes{$_}))) { + warn "Some timestamps not unique for $_\n"; + $warnings++; + } +} + +if ($warnings) { + warn "$warnings warnings.\n"; +} + +exit($warnings); diff --git a/src/kadmin/testing/scripts/deps b/src/kadmin/testing/scripts/deps new file mode 100644 index 000000000000..2feac3c9d388 --- /dev/null +++ b/src/kadmin/testing/scripts/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin new file mode 100755 index 000000000000..c8d866f153f0 --- /dev/null +++ b/src/kadmin/testing/scripts/env-setup.shin @@ -0,0 +1,111 @@ +#!/bin/sh +# +# The KADM5 unit tests were developed to work under gmake. As a +# result, they expect to inherit a number of environment variables. +# Rather than rewrite the tests, we simply use this script as an +# execution wrapper that sets all the necessary environment variables +# before running the program specified on its command line. +# +# The variable settings all came from OV's config.mk. +# +# Usage: env-setup.sh <command line> +# + +TOP=@RBUILD@/kadmin +STOP=@S_TOP@/kadmin +export TOP +export STOP +# These two may be needed in case $libdir references them. +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ ; eval "libdir=$libdir"; export libdir + +# The shared library run time setup +TOPLIBD=@RBUILD@/lib +PROG_LIBPATH=-L@RBUILD@/lib +BUILDTOP=@RBUILD@ +# XXX kludge! +PROG_RPATH=@RBUILD@/lib +# This converts $(TOPLIBD) to $TOPLIBD +cat > /tmp/env_setup$$ <<\EOF +@KRB5_RUN_ENV@ +EOF + +foo=`sed -e 's/(//g' -e 's/)//g' -e 's/\\\$\\\$/\$/g' /tmp/env_setup$$` +eval $foo +export @KRB5_RUN_VARS@ + +# This will get put in setup.csh for convenience +KRB5_RUN_ENV_CSH=`eval echo "$foo" | \ + sed -e 's/\([^=]*\)=\(.*\)/setenv \1 \2/g'` +export KRB5_RUN_ENV_CSH +rm /tmp/env_setup$$ + +TESTDIR=$TOP/testing; export TESTDIR +STESTDIR=$STOP/testing; export STESTDIR +if [ "$K5ROOT" = "" ]; then + K5ROOT="`cd $TESTDIR; pwd`/krb5-test-root" + export K5ROOT +fi + +# If $VERBOSE_TEST is non-null, enter verbose mode. Set $VERBOSE to +# true or false so its exit status identifies the mode. +if test x$VERBOSE_TEST = x; then + VERBOSE=false +else + VERBOSE=true +fi +export VERBOSE + +REALM=SECURE-TEST.OV.COM; export REALM + +if test x$EXPECT = x; then + EXPECT=@EXPECT@; export EXPECT +fi + +COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP +INITDB=$STESTDIR/scripts/init_db; export INITDB +MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl; export MAKE_KEYTAB +LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl +export LOCAL_MAKE_KEYTAB +SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP +QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME +TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL +BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP +CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL +SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL + +KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG +KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE +KRB5_KTNAME=$K5ROOT/ovsec_adm.srvtab; export KRB5_KTNAME +KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME +KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME + +# Make sure we don't get confused by translated messages +# or localized times. +LC_ALL=C; export LC_ALL + +if [ "$TEST_SERVER" != "" ]; then + MAKE_KEYTAB="$MAKE_KEYTAB -server $TEST_SERVER" +fi +if [ "$TEST_PATH" != "" ]; then + MAKE_KEYTAB="$MAKE_KEYTAB -top $TEST_PATH" +fi + +if [ "x$PS_ALL" = "x" ]; then + if ps auxww >/dev/null 2>&1; then + PS_ALL="ps auxww" + PS_PID="ps uwwp" + elif ps -ef >/dev/null 2>&1; then + PS_ALL="ps -ef" + PS_PID="ps -fp" + else + PS_ALL="ps auxww" + PS_PID="ps uwwp" + echo "WARNING! Cannot auto-detect ps type, assuming BSD." + fi + + export PS_ALL PS_PID +fi + +exec ${1+"$@"} diff --git a/src/kadmin/testing/scripts/find-make.sh b/src/kadmin/testing/scripts/find-make.sh new file mode 100755 index 000000000000..904730dfa0da --- /dev/null +++ b/src/kadmin/testing/scripts/find-make.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +POSSIBILITIES=' +/usr/local/bin/gmake +/usr/local/bin/make +' + +for file in $POSSIBILITIES; do + if [ -f $file ]; then + echo $file + exit 0 + fi +done + +echo gmake +echo '$0 could not find make!' 1>&2 +exit 1 + diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db new file mode 100755 index 000000000000..cd71656288cb --- /dev/null +++ b/src/kadmin/testing/scripts/init_db @@ -0,0 +1,232 @@ +#!/bin/sh + +if $VERBOSE; then + REDIRECT= +else + REDIRECT='>/dev/null' +fi + +# Requires that $K5ROOT, /etc/krb.conf, and .k5.$REALM be world-writeable. + +if [ "$TOP" = "" ]; then + echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2 + exit 1 +fi + +if [ "$STOP" = "" ]; then + echo "init_db: Environment variable \$STOP must point to top of source tree" 1>&2 + exit 1 +fi + +if [ "$libdir" = "" ]; then + echo "init_db: Environment variable \$libdir must point to library install directory" 1>&2 + exit 1 +fi + +IROOT=$TOP/.. +ADMIN=$TOP/dbutil +BIN=$IROOT/bin +ETC=$IROOT/etc +MODDIR=$TOP/../plugins/kdb +SBIN=$TOP/keytab:$TOP/server +DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM + +if [ ! -d $MODDIR ]; then + echo "+++" 1>&2 + echo "+++ Error! $MODDIR does not exist!" 1>&2 + echo "+++ The MODDIR variable should point to the directory in which" 1>&2 + echo "+++ database modules have been installed for testing." 1>&2 + echo "+++" 1>&2 + exit 1 +fi + +DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR +DUMMY=${STESTDIR=$STOP/testing} +DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL +DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL +DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} + +PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH + +if [ ! -x $SRVTCL ]; then + echo "+++" 1>&2 + echo "+++ Error! $SRVTCL does not exist!" 1>&2 + echo "+++ It was probably not compiled because TCL was not available. If you" 1>&2 + echo "+++ now have TCL installed, cd into that directory, re-run configure" 1>&2 + echo "+++ with the --with-tcl option, and then re-run make." 1>&2 + echo "+++" 1>&2 + + exit 1 +fi + +rm -rf $K5ROOT/* +if [ -d $K5ROOT ]; then + true +else + mkdir $K5ROOT +fi + +# touch $K5ROOT/syslog +# for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do +# case "$pid" in +# xxx) ;; +# *) +# if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi +# kill -1 $pid +# ;; +# esac +# done + +qualname=`$QUALNAME` + +sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ + -e "s/__KDCHOST__/$qualname/g" \ + -e "s/__LOCALHOST__/$qualname/g" \ + -e "s#__MODDIR__#$MODDIR#g" \ + < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf +sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ + < $STESTDIR/proto/kdc.conf.proto > $K5ROOT/kdc.conf + +eval kdb5_util -r $REALM create -W -P mrroot -s $REDIRECT || exit 1 + +cp $STESTDIR/proto/ovsec_adm.dict $K5ROOT/ovsec_adm.dict + +cat - > /tmp/init_db$$ <<\EOF +source $env(TCLUTIL) +set r $env(REALM) +if {[info exists env(USER)]} { + set whoami $env(USER) +} else { + set whoami [exec whoami] +} + +set cmds { + {kadm5_init $env(SRVTCL) mrroot null \ + [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle} + + {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0 2 90 180" \ + {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM KADM5_PW_MAX_FAILURE KADM5_PW_FAILURE_COUNT_INTERVAL KADM5_PW_LOCKOUT_DURATION}} + {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0 0 0 0" \ + {KADM5_POLICY KADM5_PW_MIN_LIFE}} + {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0 0 0 0" \ + {KADM5_POLICY}} + {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \ + {KADM5_POLICY}} + + {kadm5_create_principal $server_handle \ + [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena} + {kadm5_create_principal $server_handle \ + [simple_principal test1@$r] {KADM5_PRINCIPAL} test1} + {kadm5_create_principal $server_handle \ + [simple_principal test2@$r] {KADM5_PRINCIPAL} test2} + {kadm5_create_principal $server_handle \ + [simple_principal test3@$r] {KADM5_PRINCIPAL} test3} + {kadm5_create_principal $server_handle \ + [simple_principal admin@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \ + admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \ + admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol111111} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol222222} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol333333} + {kadm5_create_principal $server_handle \ + [princ_w_pol admin/get-pol@$r test-pol-nopw] \ + {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin} + {kadm5_create_principal $server_handle \ + [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \ + KADM5_POLICY} StupidAdmin} + + {kadm5_create_principal $server_handle \ + [simple_principal changepw/kerberos] \ + {KADM5_PRINCIPAL} {XXX THIS IS WRONG}} + + {kadm5_create_principal $server_handle \ + [simple_principal $whoami] \ + {KADM5_PRINCIPAL} $whoami} + + {kadm5_create_principal $server_handle \ + [simple_principal testkeys@$r] {KADM5_PRINCIPAL} testkeys} + + {kadm5_destroy $server_handle} +} + +foreach cmd $cmds { + if {[catch $cmd output]} { + puts stderr "Error! Command: $cmd\nError: $output" + exit 1 + } else { + puts stdout $output + } +} +EOF +eval "$SRVTCL < /tmp/init_db$$ $REDIRECT" +rm /tmp/init_db$$ + +if [ $? -ne 0 ]; then + echo "Error in $SRVTCL!" 1>&2 + exit 1 +fi + +cat > $K5ROOT/ovsec_adm.acl <<EOF +admin@$REALM admcilse +admin/get@$REALM il +admin/modify@$REALM mc +admin/delete@$REALM d +admin/add@$REALM a +admin/get-pol@$REALM il +admin/rename@$REALM adil +admin/mod-add@$REALM amc +admin/mod-delete@$REALM mcd +admin/get-add@$REALM ail +admin/get-delete@$REALM ild +admin/get-mod@$REALM ilmc +admin/no-add@$REALM mcdil +admin/no-delete@$REALM amcil +changepw/kerberos@$REALM cil + +EOF + +eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT + +# Create $K5ROOT/setup.csh to make it easy to run other programs against +# the test db +cat > $K5ROOT/setup.csh <<EOF +setenv KRB5_CONFIG $KRB5_CONFIG +setenv KRB5_KDC_PROFILE $KRB5_KDC_PROFILE +setenv KRB5_KTNAME $KRB5_KTNAME +setenv KRB5_CLIENT_KTNAME $KRB5_CLIENT_KTNAME +$KRB5_RUN_ENV_CSH +EOF + diff --git a/src/kadmin/testing/scripts/make-host-keytab.plin b/src/kadmin/testing/scripts/make-host-keytab.plin new file mode 100755 index 000000000000..dfe0b3a01380 --- /dev/null +++ b/src/kadmin/testing/scripts/make-host-keytab.plin @@ -0,0 +1,144 @@ +#!/usr/local/bin/perl + +$server = undef; +@princs = (); +$top = undef; + +($whoami = $0) =~ s,.*/,,; +$usage = "Usage: $whoami [ -server server ] [ -princ principal ] + [ -top dirname ] [ -verbose ] filename + Server defaults to the local host. + Default principals are host/hostname\@SECURE-TEST.OV.COM and + test/hostname\@SECURE-TEST.OV.COM. + If any principals are specified, the default principals are + not added to the srvtab. + The string \"xCANONHOSTx\" in a principal specification will be + replaced by the canonical host name of the local host."; + +@ORIG_ARGV = @ARGV; + +while (($_ = $ARGV[0]) && /^-/) { + shift; + if (/^-server$/) { + ($server = shift) || die "Missing argument to $_ option.\n$usage\n"; + } + elsif (/^-princ$/) { + ($princ = shift) || die "Missing argument to $_ option.\n$usage\n"; + push(@princs, $princ); + } + elsif (/^-top$/) { + ($top = shift) || die "Missing argument to $_ option.\n$usage\n"; + } + elsif (/^-verbose$/) { + $verbose++; + } + elsif (/^--$/) { + last; + } + else { + die "Unknown option $_.\n$usage\n"; + } +} + +@princs = ("host/xCANONHOSTx\@SECURE-TEST.OV.COM", + "test/xCANONHOSTx\@SECURE-TEST.OV.COM") + if (! @princs); + +$ktfile = shift(@ARGV) || die "need a keytab file\n"; + +$verbose++ if ($ENV{'VERBOSE_TEST'}); + +print "In $0 @ORIG_ARGV...\n" if ($verbose); + +chop ($canonhost = `hostname`); + +($canonhost,$aliases,$addrtype,$length,@addrs) = gethostbyname($canonhost); +die "couldn't get canonical hostname\n" if !($canonhost && @addrs); +($canonhost2) = gethostbyaddr($addrs[0],$addrtype); +if ($canonhost2) { $canonhost = $canonhost2; } + +for (@princs) { + s/xCANONHOSTx/$canonhost/g; +} + +die "Neither \$TOP nor \$TESTDIR is set, and -top not specified.\n" + if (! ($top || $ENV{'TOP'} || $ENV{'TESTDIR'})); + +$top = $ENV{'TOP'} if (! $top); +$TESTDIR = ($ENV{'TESTDIR'} || "$top/testing"); +$MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} || "$TESTDIR/scripts/$whoami"); +$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/kadm5_srv_tcl"); +$TCLUTIL = ($ENV{'TCLUTIL'} || "$TESTDIR/tcl/util.t"); +# This'll be wrong sometimes +$RSH_CMD = ($ENV{'RSH_CMD'} || '/usr/ucb/rsh'); +$KADMIN = ($ENV{'KADMIN'} || "$top/cli/kadmin.local"); + +if ($server) { +# XXX Using /usr/ucb/rsh for now. + +# Strip command line options because we're adding our own. + + $MAKE_KEYTAB =~ s/ .*//; + + if ($ENV{'TOP'} && ($top ne $ENV{'TOP'})) { +# Replace the old TOP with the new one where necessary + for ('TESTDIR', 'SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') { + eval "\$$_ =~ s/^\$ENV{'TOP'}/\$top/;"; + } + +# Make the paths as short as possible so our command line isn't too long. +# for ('SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') { +# eval "\$$_ =~ s/^\$TESTDIR/\\\\\\\$TESTDIR/;"; +# } +# for ('TESTDIR', 'SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') { +# eval "\$$_ =~ s/^\$top/\\\\\\\$TOP/;"; +# } + } + + $cmd = "cd $top; \\`testing/scripts/find-make.sh\\` execute TOP=$top "; + $cmd .= "VERBOSE_TEST=$verbose " if ($verbose); + $cmd .= "TESTDIR=$TESTDIR "; + $cmd .= "SRVTCL=$SRVTCL "; + $cmd .= "TCLUTIL=$TCLUTIL "; + + $cmd .= "CMD='$MAKE_KEYTAB "; + for (@princs) { + $cmd .= "-princ $_ "; + } + $cmd .= " /tmp/make-keytab.$canonhost.$$'";#'; + + $cmd = "$RSH_CMD $server -l root -n \"$cmd\""; + + $cmd2 = "$RSH_CMD $server -l root -n \"cat /tmp/make-keytab.$canonhost.$$\" > $ktfile"; + + $cmd3 = "$RSH_CMD $server -l root -n \"rm /tmp/make-keytab.$canonhost.$$\""; + + for ($cmd, $cmd2, $cmd3) { + print "$_\n" if ($verbose); + + system($_) && die "Couldn't run $_: $!.\n"; + } +} +else { + $redirect = "> /dev/null" if (! $verbose); + + # We can ignore errors here, because the ktadd below will fail if + # this fails for any reason other than "principal exists" + for (@princs) { + next if (/^kadmin/); + $cmd = "$KADMIN -q 'ank -randkey $_' $redirect 2>&1"; + system($cmd); + } + + $cmd = "$KADMIN -q 'ktadd -k $ktfile "; + $cmd .= " -q " if (! $verbose); + $cmd .= "@princs' $redirect"; + if (system "$cmd") { + sleep(1); + die "Error in system($cmd)\n"; + } +} + +if (! -f $ktfile) { + die "$ktfile not created.\n"; +} diff --git a/src/kadmin/testing/scripts/qualname.plin b/src/kadmin/testing/scripts/qualname.plin new file mode 100755 index 000000000000..b712d89738eb --- /dev/null +++ b/src/kadmin/testing/scripts/qualname.plin @@ -0,0 +1,19 @@ +#!/afs/athena/contrib/perl/p + +if ($#ARGV == -1) { + chop($hostname = `hostname`); +} else { + $hostname = $ARGV[0]; +} + +if (! (($name,$type,$addr) = (gethostbyname($hostname))[0,2,4])) { + print STDERR "No such host: $hostname\n"; + exit(1); +} +if (! ($qualname = (gethostbyaddr($addr,$type))[0])) { + $qualname = $name; +} + +$qualname =~ tr/A-Z/a-z/; # lowercase our name for keytab use. +print "$qualname\n"; + diff --git a/src/kadmin/testing/scripts/simple_dump.plin b/src/kadmin/testing/scripts/simple_dump.plin new file mode 100755 index 000000000000..ea94ab2d1dde --- /dev/null +++ b/src/kadmin/testing/scripts/simple_dump.plin @@ -0,0 +1,88 @@ +#!/usr/local/bin/perl + +# +# $Id$ +# + +## ovsec_adm_export format +## [0]"policy" [1]name [2]pw_min_life [3]pw_max_life [4]pw_min_length [5]pw_min_classes [6]pw_history_num [7]policy_refcnt +## [0]"princ" [1]name [2]policy [3]aux_attributes [4]old_key_len [5]admin_history_kvno [6..]old_keys +$oaevers = "1.0"; + +open(SORT, "|sort") || die "Couldn't open pipe to sort for output: $!\n"; + +open(OAE, "$ENV{'TOP'}/install/admin/ovsec_adm_export|") || + die "Couldn't get oae: $!\n"; + +$header = <OAE>; + +die "Not ovsec_adm_export output\n" + if ($header !~ /^OpenV\*Secure V(\d+\.\d+)/); + +$stdinvers = $1; + +die "Expected oae version $oaevers, got $stdinvers instead.\n" + if $stdinvers ne $oaevers; + +while(<OAE>) { + if (/^End of Database/) { + last; + } elsif (/^policy/) { + print SORT; + } elsif (/^princ/) { + split(/\t/); + + $_[2] = "\"\"" if !$_[2]; + + $_[3] = hex("0x".$_[3]); + + $princ{$_[1]} = sprintf("%s\t0x%04x",@_[2,3]); + } +} + +## kdb_edit ddb format +## [0]strlen(principal) [1]strlen(mod_name) [2]key.length [3]alt_key.length [4]salt_length [5]alt_salt_length [6]principal [7]key.key_type [8]key.contents [9]kvno [10]max_life [11]max_renewable_life [12]mkvno [13]expiration [14]pw_expiration [15]last_pwd_change [16]last_success [17]last_failed [18]fail_auth_count [19]mod_name [20]mod_date [21]attributes [22]salt_type [23]salt [24]alt_key.contents [25]alt_salt [26..33]expansion*8; +$ddbvers = "2.0"; + +open(DDB, "$ENV{'TOP'}/install/admin/kdb5_edit -r SECURE-TEST.OV.COM -R ddb|") || + die "Couldn't get ddb: $!\n"; + +$header = <DDB>; + +die "Not a kdb5_edit ddb\n" + if ($header !~ /^kdb5_edit load_dump version (\d+\.\d+)/); + +$stdinvers = $1; + +die "Expected ddb version $ddbvers, got $stdinvers instead.\n" + if $stdinvers ne $ddbvers; + +## [6]principal [9]kvno [19]mod_name [10]max_life [13]expiration [14]pw_expiration [21]attributes // [2]policy [3]aux_attributes + +while(<DDB>) { + split; + + print SORT join("\t","princ",(@_)[6,9,19,10,13,14], + sprintf("0x%04x",$_[21]), + $princ{$_[6]}),"\n"; +} + +close(DDB); + +for $keytab (@ARGV) { + open(KLIST, "$ENV{'TOP'}/install/bin/klist -k -t -K FILE:$keytab|") || + die "Couldn't list $keytab: $!\n"; + + $dummy = <KLIST>; + $dummy = <KLIST>; + $dummy = <KLIST>; + + while(<KLIST>) { + s/^\s+//; + split; + printf(SORT "keytab:FILE:%s\t%s-%s\t%s\t%s,%s\n",$keytab, + @_[3,0,4,1,2]); + } +} + +close(SORT); diff --git a/src/kadmin/testing/scripts/start_servers b/src/kadmin/testing/scripts/start_servers new file mode 100755 index 000000000000..87bd52fc0ba6 --- /dev/null +++ b/src/kadmin/testing/scripts/start_servers @@ -0,0 +1,71 @@ +#!/bin/sh +# +# Usage: start_servers [hostname [path]] +# +# This script turns a host into a OpenV*Secure primary server for the +# realm SECURE-TEST.OV.COM. If no arguments are specified, +# the local host is affected. Otherwise, the host hostname is +# affected; the path argument is the top of the Secure install tree on +# that host, and if it is not specified the current canonical value of +# TOP is used. + +DUMMY=${TESTDIR=$TOP/testing} +DUMMY=${STESTDIR=$STOP/testing} +DUMMY=${START_SERVERS_LOCAL=$STESTDIR/scripts/start_servers_local} +# This'll be wrong sometimes +DUMMY=${RSH_CMD=rsh} + +local=1 + +if [ $# -gt 0 ]; then + if [ $# != 1 -a $# != 2 ]; then + echo "Usage: $0 [hostname [path]]" 1>&2 + exit 1 + fi + + local=0 + hostname=$1 + if [ $# = 1 ]; then + rempath=`sh -c "cd $TOP && pwd"` + else + rempath=$2 + fi +fi + +if [ $local = 0 ]; then + + # Fix up the local krb5.conf to point to the remote + localname=`$QUALNAME` + sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ + -e "s/__KDCHOST__/$hostname/g" \ + -e "s/__LOCALHOST__/$localname/g" \ + -e "s#__MODDIR__#$TOP/../plugins/kdb#g"\ + -e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\ + < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf + +# Using /usr/ucb/rsh and getting rid of "-k $REALM" until we get +# around to fixing the fact that Kerberos rsh doesn't strip out "-k +# REALM" when falling back. + + START_SERVERS_LOCAL=`echo $START_SERVERS_LOCAL|sed "s%$TOP%$rempath%"` + CMD="$RSH_CMD $hostname -n \ + \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \ + $rempath/testing/scripts/env-setup.sh \ + $START_SERVERS_LOCAL $rempath'\"" + + if $VERBOSE; then + echo "+++" + echo "+++ Begin execution of start_servers_local on $hostname" + echo "+++" + echo $CMD + fi + eval $CMD + if $VERBOSE; then + echo "+++" + echo "+++ End execution of start_servers_local on $hostname" + echo "+++" + fi +else + $START_SERVERS_LOCAL +fi + diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local new file mode 100755 index 000000000000..0cbed462d1ad --- /dev/null +++ b/src/kadmin/testing/scripts/start_servers_local @@ -0,0 +1,161 @@ +#!/bin/sh + +DUMMY=${TESTDIR=$TOP/testing} +DUMMY=${STESTDIR=$STOP/testing} +DUMMY=${INITDB=$STESTDIR/scripts/init_db} +DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL +DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} +DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} +DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR + +if [ -d /usr/tmp ]; then + usrtmp=/usr/tmp +else + usrtmp=/var/tmp +fi + +$STOP_SERVERS_LOCAL -start_servers + +if $VERBOSE; then + REDIRECT= +else + REDIRECT='>/dev/null' +fi + +while :; do + case $1 in + -keysalt) + shift + if [ $# -gt 0 ]; then + keysalts="$keysalts $1" + else + break + fi + ;; + -kdcport) + shift + if [ $# -gt 0 ]; then + kdcport=$1 + else + break + fi + ;; + *) + break + ;; + esac + shift +done + +if [ $# -gt 1 ]; then + echo "Usage: $0 [-kdcport port] [-keysalts tuple] ... [top]" 1>&2 + exit 1 +elif [ $# = 1 ]; then + TOP=$1 + export TOP +fi + +# create a fresh db + +$INITDB "$keysalts" || exit 1 + +# Post-process the config files based on our arguments +if [ "$keysalts" != "" ]; then + sedcmd="s/\([ ]*supported_enctypes =\).*/\1 $keysalts/" + sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new + mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf +fi +if [ "$kdcport" != "" ] ; then + sedcmd="s/\(kdc_ports = .*\)[ ]*/\1, $kdcport/" + sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new + mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf +fi + +# allow admin to krlogin as root (for cleanup) +DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM +hostname=`hostname` +QUALNAME=`$TOP/testing/scripts/qualname.pl $hostname`; export QUALNAME + +cat - > /tmp/start_servers_local$$ <<\EOF +if { [catch { + source $env(STOP)/testing/tcl/util.t + set r $env(REALM) + set q $env(QUALNAME) + puts stdout [kadm5_init $env(SRVTCL) mrroot null \ + [config_params {KADM5_CONFIG_REALM} $r] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle] + puts stdout [kadm5_create_principal $server_handle \ + [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena] + puts stdout [kadm5_destroy $server_handle] +} err]} { + puts stderr "initialization error: $err" + exit 1 +} +exit 0 +EOF +eval "$SRVTCL < /tmp/start_servers_local$$ $REDIRECT" +x=$? +rm /tmp/start_servers_local$$ +if test $x != 0 ; then exit 1 ; fi + +# rm -f /etc/v5srvtab +# eval $LOCAL_MAKE_KEYTAB -princ host/xCANONHOSTx /etc/v5srvtab $REDIRECT + +# run the servers (from the build tree) + +adm_start_file=/tmp/adm_server_start.$$ +kdc_start_file=/tmp/kdc_server_start.$$ + +rm -f $kdc_start_file + +if test "x$USER" = x ; then + USER=$LOGNAME ; export USER +fi + +kdc_args="-R dfl:kdc_rcache.$USER" + +(trap "" 2; cd $TOP/../kdc; ./krb5kdc $kdc_args; touch $kdc_start_file) \ + < /dev/null > $usrtmp/kdc-log.$USER 2>&1 & + +s=1 +max_s=60 +sofar_s=0 +timewait_s=300 + +ovadm_args=-W + +rm -f $adm_start_file + +(sleep 1; cd $TOP/server; ./kadmind $ovadm_args; \ + touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 & + +# wait until they start + +while [ $sofar_s -le $max_s ]; do + if $VERBOSE; then + echo "Sleeping for $s seconds to allow servers" \ + "to start..." + fi + + sofar_s=`expr $sofar_s + $s` + + sleep $s + + if [ -f $adm_start_file -a -f $kdc_start_file ]; then + break + fi +done + +if [ $sofar_s -gt $max_s ]; then + echo "Admin server or KDC failed to start after $sofar_s" \ + "seconds." 1>&2 + if [ ! -f $adm_start_file ]; then + echo " No admin server start file $adm_start_file." 1>&2 + fi + if [ ! -f $kdc_start_file ]; then + echo " No KDC start file $adm_start_file." 1>&2 + fi + exit 1 +fi + +rm -f $kdc_start_file $adm_start_file diff --git a/src/kadmin/testing/scripts/stop_servers b/src/kadmin/testing/scripts/stop_servers new file mode 100755 index 000000000000..b7f8384caccc --- /dev/null +++ b/src/kadmin/testing/scripts/stop_servers @@ -0,0 +1,60 @@ +#!/bin/sh +# +# Usage: stop_servers [hostname [path]] +# +# This script turns a host into a OpenV*Secure primary server for the +# realm SECURE-TEST.OV.COM. If no arguments are specified, +# the local host is affected. Otherwise, the host hostname is +# affected; the path argument is the top of the Secure install tree on +# that host, and if it is not specified the current canonical value of +# TOP is used. + +DUMMY=${TESTDIR=$TOP/testing} +DUMMY=${STESTDIR=$STOP/testing} +DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} +# This'll be wrong sometimes +DUMMY=${RSH_CMD=rsh} + +local=1 + +if [ $# -gt 0 ]; then + if [ $# != 1 -a $# != 2 ]; then + echo "Usage: $0 [hostname [path]]" 1>&2 + exit 1 + fi + + local=0 + hostname=$1 + if [ $# = 1 ]; then + rempath=`sh -c "cd $TOP && pwd"` + else + rempath=$2 + fi +fi + +if [ $local = 0 ]; then + if $VERBOSE; then + echo "+++ Stopping servers on remote host $hostname..." + fi + + STOP_SERVERS_LOCAL=`echo $STOP_SERVERS_LOCAL | sed "s%$TOP%$rempath%"` + CMD="$RSH_CMD $hostname -n \ + \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \ + $rempath/testing/scripts/env-setup.sh \ + $STOP_SERVERS_LOCAL $rempath'\"" + + if $VERBOSE; then + echo "+++" + echo "+++ Begin execution of stop_servers_local on $hostname" + echo "+++" + echo $CMD + fi + eval $CMD + if $VERBOSE; then + echo "+++" + echo "+++ End execution of stop_servers_local on $hostname" + echo "+++" + fi +else + $STOP_SERVERS_LOCAL +fi diff --git a/src/kadmin/testing/scripts/stop_servers_local b/src/kadmin/testing/scripts/stop_servers_local new file mode 100755 index 000000000000..24a9de7b39da --- /dev/null +++ b/src/kadmin/testing/scripts/stop_servers_local @@ -0,0 +1,44 @@ +#!/bin/sh + +DUMMY=${TESTDIR=$TOP/testing} +DUMMY=${KRB5RCACHEDIR=$TESTDIR} + +while [ $# -gt 0 ] ; do + case $1 in + -start_servers) + start_servers=$1 + ;; + *) + TOP=$1 + export TOP + ;; + esac + shift +done + +# kill any running servers. + +if $VERBOSE; then echo "Killing servers:"; fi + +for pid in xxx \ + `$PS_ALL | grep krb5kdc | grep -v grep | awk '{print $2}'` \ + `$PS_ALL | grep kadmind | grep -v grep | awk '{print $2}'` \ + ; do + case "$pid" in + xxx) + ;; + *) + if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi + kill $pid + ;; + esac +done + +# Destroy the kdc replay cache so we don't lose if we try to run the +# KDC as another unix user. +if test "x$USER" = x ; then + USER=$LOGNAME +fi +rm -f $KRB5RCACHEDIR/krb5kdc_rcache.$USER + +exit 0 diff --git a/src/kadmin/testing/scripts/verify_xrunner_report.plin b/src/kadmin/testing/scripts/verify_xrunner_report.plin new file mode 100755 index 000000000000..9d83c3ea247d --- /dev/null +++ b/src/kadmin/testing/scripts/verify_xrunner_report.plin @@ -0,0 +1,38 @@ +#!/usr/local/bin/perl + +sub usage { die "usage: $0 reportfile\n"; } + +$report = shift(@ARGV) || die &usage; + +open(REPORT, $report) || die "Couldn't open $report: $!\n"; + +while(<REPORT>) { + if (/Process termination:/ && !/\bOK\b/) { + warn "Process termination not OK\n"; + $warnings++; + } elsif (/Number of detected mismatches:\s*(\d+)/ && ($1 ne "0")) { + warn "Number of detected mismatches = $1\n"; + $warnings++; + } elsif (/Detailed Results Description/) { + break; + } +} + +while(<REPORT>) { + next if !/^\d+\s+/; + + split; + + if (($_[2] ne "run") && + ($_[2] ne "OK") && + ($_[2] ne "end-of-test")) { + warn "Unexpected result code $_[2] from test $_[4]\n"; + $warnings++; + } +} + +if ($warnings) { + warn "$warnings warnings.\n"; +} + +exit($warnings); |