2
# $Id: basic-t.in 4151 2008-04-23 22:00:55Z rra $
4
# Tests for basic k5start functionality.
6
# Written by Russ Allbery <rra@stanford.edu>
7
# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
9
# See LICENSE for licensing terms.
11
BEGIN { our $total = 80 }
12
use Test::More tests => $total;
14
# Load our test utility programs.
15
require '@abs_top_builddir@/tests/libtest.pl';
17
# The full path to the newly-built k5start client.
18
our $K5START = '@abs_top_builddir@/k5start';
20
# The path to our data directory, which contains the keytab to use to test.
21
our $DATA = '@abs_top_builddir@/tests/data';
24
skip 'no keytab configuration', $total unless -f "$DATA/test.keytab";
25
my $principal = contents ("$DATA/test.principal");
27
# Don't overwrite the user's ticket cache.
28
$ENV{KRB5CCNAME} = 'krb5cc_test';
30
# Basic authentication test.
32
my ($out, $err, $status)
33
= command ($K5START, '-f', "$DATA/test.keytab", $principal);
34
is ($status, 0, 'Basic k5start command succeeds');
35
is ($err, '', ' with no errors');
36
like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
37
' and the right output');
38
my ($default, $service) = klist ();
39
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
40
' for the right principal');
41
like ($service, qr%^krbtgt/%, ' and the right service');
43
# Specify the full principal with -u.
46
= command ($K5START, '-u', $principal, '-f', "$DATA/test.keytab");
47
is ($status, 0, 'k5start -u succeeds');
48
is ($err, '', ' with no errors');
49
like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
50
' and the right output');
51
($default, $service) = klist ();
52
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
53
' for the right principal');
54
like ($service, qr%^krbtgt/%, ' and the right service');
56
# If we have a principal with an instance, try -u and -i.
57
my ($name, $inst) = ($principal =~ m%^([^/\@]+)(?:/([^\@]+))%);
59
skip 'test principal has no instance', 5 unless $inst;
62
= command ($K5START, '-u', $name, '-i', $inst, '-f',
64
is ($status, 0, 'k5start -u -i succeeds');
65
is ($err, '', ' with no errors');
67
qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
68
' and the right output');
69
($default, $service) = klist ();
70
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
71
' for the right principal');
72
like ($service, qr%^krbtgt/%, ' and the right service');
75
# Now with -U it should figure out the principal itself.
77
($out, $err, $status) = command ($K5START, '-Uf', "$DATA/test.keytab");
78
is ($status, 0, 'k5start -U succeeds');
79
is ($err, '', ' with no errors');
80
like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
81
' and the right output');
82
($default, $service) = klist ();
83
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
84
' for the right principal');
85
like ($service, qr%^krbtgt/%, ' and the right service');
87
# Test quiet and an explicit ticket cache.
90
= command ($K5START, '-k', 'krb5cc_test2', '-qUf',
92
is ($status, 0, 'k5start -k -q succeeds');
93
is ($err, '', ' with no errors');
94
is ($out, '', ' and no output');
95
($default, $service) = klist ();
96
is ($default, undef, ' and the normal ticket cache is untouched');
97
$ENV{KRB5CCNAME} = 'krb5cc_test2';
98
($default, $service) = klist ();
99
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
100
' but the other has the right principal');
101
like ($service, qr%^krbtgt/%, ' and the right service');
102
unlink 'krb5cc_test2';
103
$ENV{KRB5CCNAME} = 'krb5cc_test';
105
# Test lifetime. Hopefully even a test principal can get a five minute
106
# ticket lifetime. We don't bother to try to parse klist output to figure
107
# out the lifetime, but instead check it using the -H option.
108
unlink 'krb5cc_test';
109
($out, $err, $status)
110
= command ($K5START, '-l', '5m', '-qUf', "$DATA/test.keytab");
111
is ($status, 0, 'k5start -l 5m succeeds');
112
is ($err, '', ' with no errors');
113
is ($out, '', ' and no output');
114
($default, $service) = klist ();
115
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
116
' and the right principal');
117
like ($service, qr%^krbtgt/%, ' and the right service');
118
($out, $err, $status)
119
= command ($K5START, '-H', '4', '-f', '/nonexistent', $principal);
120
is ($status, 0, ' and k5start -H succeeds without reauthenticating');
121
is ($err, '', ' with no errors');
122
is ($out, '', ' and no output');
123
($out, $err, $status)
124
= command ($K5START, '-H', '10', '-f', '/nonexistent', $principal);
125
is ($status, 1, ' but fails if we need a 10 minute ticket');
126
like ($err, qr/^k5start: error getting credentials: /,
127
' with the right error');
128
is ($out, '', ' and no output');
130
# Test obtaining new tickets with -H.
131
($out, $err, $status)
132
= command ($K5START, '-qH', '10', '-Uf', "$DATA/test.keytab");
133
is ($status, 0, 'k5start -H succeeds with new tickets');
134
is ($err, '', ' with no errors');
135
is ($out, '', ' and no output');
136
($default, $service) = klist ();
137
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
138
' and the right principal');
139
like ($service, qr%^krbtgt/%, ' and the right service');
140
($out, $err, $status)
141
= command ($K5START, '-H', '10', '-f', '/nonexistent', $principal);
142
is ($status, 0, ' and k5start -H 10 succeeds without reauthenticating');
143
is ($err, '', ' with no errors');
144
is ($out, '', ' and no output');
146
# Get a ticket for ourselves rather than a krbtgt and test verbose. We
147
# need an instance here or we get weird results due to the defaults if -I
150
skip 'test principal has no instance', 5 unless $inst;
151
unlink 'krb5cc_test';
152
($out, $err, $status)
153
= command ($K5START, '-S', $name, '-I', $inst, '-vUf',
154
"$DATA/test.keytab");
155
is ($status, 0, 'k5start -S -I succeeds');
156
is ($err, '', ' with no errors');
157
my $short = $principal;
158
$short =~ s/\@stanford\.edu$//;
160
qr/^Kerberos\ initialization\ for\ \Q$principal\E(\@\S+)?
161
\ for\ service\ \Q$short\E(\@\S+)?\n
162
Principal:\ \Q$principal\E(\@\S+)?\n
163
Service\ principal:\ \Q$principal\E(\@\S+)?\n\z/x,
164
' and the right output');
165
($default, $service) = klist ();
166
like ($default, qr/^\Q$principal\E(\@\S+)?\z/,
167
' for the right principal');
168
like ($service, qr/^\Q$principal\E(\@\S+)?\z/,
169
' and the right service');
172
# Test running a command without the principal. klist may fail if we have
173
# no K4 tickets since we're not giving the -5 option; allow for that
174
# (we'll catch real failures in the regex match on the output).
175
unlink 'krb5cc_test';
176
($out, $err, $status)
177
= command ($K5START, '-qUf', "$DATA/test.keytab", 'klist');
178
ok ($status == 0 || $status == 1, 'k5start with command succeeds');
179
ok ($err eq '' || $err eq "klist: You have no tickets cached\n",
180
' with no or expected errors');
181
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
182
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
183
' and the right output');
184
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
185
my ($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
186
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
188
# Test running a command without the principal prefixed by --.
189
unlink 'krb5cc_test';
190
($out, $err, $status)
191
= command ($K5START, '-qUf', "$DATA/test.keytab", '--', 'klist', '-5');
192
is ($status, 0, 'k5start with command and -- succeeds');
193
is ($err, '', ' with no errors');
194
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
195
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
196
' and the right output');
197
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
198
($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
199
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
201
# Test running a command with the principal.
202
unlink 'krb5cc_test';
203
($out, $err, $status)
204
= command ($K5START, '-qf', "$DATA/test.keytab", $principal, 'klist');
205
ok ($status == 0 || $status == 1,
206
'k5start with command and principal succeeds');
207
ok ($err eq '' || $err eq "klist: You have no tickets cached\n",
208
' with no or expected errors');
209
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
210
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
211
' and the right output');
212
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
213
($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
214
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
216
# Test running a command with the principal and a command prefixed by --.
217
unlink 'krb5cc_test';
218
($out, $err, $status)
219
= command ($K5START, '-qf', "$DATA/test.keytab", $principal, '--',
221
is ($status, 0, 'k5start with command, principal, and -- succeeds');
222
is ($err, '', ' with no errors');
223
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
224
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
225
' and the right output');
226
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
227
($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
228
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
230
# Test running a command with the principal specified with -u.
231
unlink 'krb5cc_test';
232
($out, $err, $status)
233
= command ($K5START, '-u', $principal, '-qf', "$DATA/test.keytab",
235
ok ($status == 0 || $status == 1, 'k5start with command and -u succeeds');
236
ok ($err eq '' || $err eq "klist: You have no tickets cached\n",
237
' with no or expected errors');
238
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
239
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
240
' and the right output');
241
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
242
($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
243
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
245
# Test running a command with the principal specified with -u and --
246
# before the command.
247
unlink 'krb5cc_test';
248
($out, $err, $status)
249
= command ($K5START, '-u', $principal, '-qf', "$DATA/test.keytab",
250
'--', 'klist', '-5');
251
is ($status, 0, 'k5start with command, -u, and -- succeeds');
252
is ($err, '', ' with no errors');
253
like ($out, qr,^Ticket\ cache:\ (FILE:)?/tmp/krb5cc_\d+_\S{6}\n
254
Default\ principal:\ \Q$principal\E(\@\S+)?\n,xm,
255
' and the right output');
256
ok (!-f 'krb5cc_test', ' and the default cache file was not created');
257
($cache) = ($out =~ /cache: (?:FILE:)?(\S+)/);
258
ok (!$cache || !-f $cache, ' and the new cache file was deleted');
261
unlink 'krb5cc_test';