xref: /netbsd-src/crypto/external/bsd/heimdal/dist/tests/gss/check-basic.in (revision 929c70cba110089af68ff46da658d45500ef61a1) 
1ca1c9b0cSelric#!/bin/sh
2ca1c9b0cSelric#
3ca1c9b0cSelric# Copyright (c) 2007 Kungliga Tekniska Högskolan
4ca1c9b0cSelric# (Royal Institute of Technology, Stockholm, Sweden).
5ca1c9b0cSelric# All rights reserved.
6ca1c9b0cSelric#
7ca1c9b0cSelric# Redistribution and use in source and binary forms, with or without
8ca1c9b0cSelric# modification, are permitted provided that the following conditions
9ca1c9b0cSelric# are met:
10ca1c9b0cSelric#
11ca1c9b0cSelric# 1. Redistributions of source code must retain the above copyright
12ca1c9b0cSelric#    notice, this list of conditions and the following disclaimer.
13ca1c9b0cSelric#
14ca1c9b0cSelric# 2. Redistributions in binary form must reproduce the above copyright
15ca1c9b0cSelric#    notice, this list of conditions and the following disclaimer in the
16ca1c9b0cSelric#    documentation and/or other materials provided with the distribution.
17ca1c9b0cSelric#
18ca1c9b0cSelric# 3. Neither the name of the Institute nor the names of its contributors
19ca1c9b0cSelric#    may be used to endorse or promote products derived from this software
20ca1c9b0cSelric#    without specific prior written permission.
21ca1c9b0cSelric#
22ca1c9b0cSelric# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23ca1c9b0cSelric# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24ca1c9b0cSelric# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25ca1c9b0cSelric# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26ca1c9b0cSelric# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27ca1c9b0cSelric# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28ca1c9b0cSelric# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29ca1c9b0cSelric# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30ca1c9b0cSelric# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31ca1c9b0cSelric# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32ca1c9b0cSelric# SUCH DAMAGE.
33ca1c9b0cSelric#
34b40995a4Selric# Id
35ca1c9b0cSelric#
36ca1c9b0cSelric
37b9d004c6Schristosenv_setup="@env_setup@"
38ca1c9b0cSelricsrcdir="@srcdir@"
39ca1c9b0cSelricobjdir="@objdir@"
40ca1c9b0cSelric
41b9d004c6Schristos. ${env_setup}
42b9d004c6Schristos
43*929c70cbSchristos# If there is no useful db support compiled in, disable test
44ca1c9b0cSelric../db/have-db || exit 77
45ca1c9b0cSelric
46ca1c9b0cSelricR=TEST.H5L.SE
47ca1c9b0cSelric
48ca1c9b0cSelricport=@port@
49ca1c9b0cSelric
50ca1c9b0cSelrickeytabfile=${objdir}/server.keytab
51ca1c9b0cSelrickeytab="FILE:${keytabfile}"
52ca1c9b0cSelricnokeytab="FILE:no-such-keytab"
53ca1c9b0cSelriccache="FILE:krb5ccfile"
54ca1c9b0cSelriccache2="FILE:krb5ccfile2"
55ca1c9b0cSelricnocache="FILE:no-such-cache"
56ca1c9b0cSelric
57b9d004c6Schristoskadmin="${kadmin} -l -r $R"
58b9d004c6Schristoskdc="${kdc} --addresses=localhost -P $port"
59ca1c9b0cSelric
60ca1c9b0cSelricacquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred"
61ca1c9b0cSelrictest_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
62b9d004c6Schristostest_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred"
63ca1c9b0cSelric
64ca1c9b0cSelricKRB5_CONFIG="${objdir}/krb5.conf"
65ca1c9b0cSelricexport KRB5_CONFIG
66ca1c9b0cSelric
67ca1c9b0cSelricKRB5_KTNAME="${keytab}"
68ca1c9b0cSelricexport KRB5_KTNAME
69ca1c9b0cSelricKRB5CCNAME="${cache}"
70ca1c9b0cSelricexport KRB5CCNAME
71ca1c9b0cSelric
72ca1c9b0cSelricrm -f ${keytabfile}
73ca1c9b0cSelricrm -f current-db*
74ca1c9b0cSelricrm -f out-*
75ca1c9b0cSelricrm -f mkey.file*
76ca1c9b0cSelric
77ca1c9b0cSelric> messages.log
78ca1c9b0cSelric
79ca1c9b0cSelricecho Creating database
80ca1c9b0cSelric${kadmin} \
81ca1c9b0cSelric    init \
82ca1c9b0cSelric    --realm-max-ticket-life=1day \
83ca1c9b0cSelric    --realm-max-renewable-life=1month \
84ca1c9b0cSelric    ${R} || exit 1
85ca1c9b0cSelric
86ca1c9b0cSelricecho upw > ${objdir}/foopassword
87ca1c9b0cSelric
88ca1c9b0cSelric${kadmin} add -p upw --use-defaults user@${R} || exit 1
89ca1c9b0cSelric${kadmin} add -p upw --use-defaults another@${R} || exit 1
90ca1c9b0cSelric${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
91ca1c9b0cSelric${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
92ca1c9b0cSelric
93ca1c9b0cSelricecho "Doing database check"
94ca1c9b0cSelric${kadmin} check ${R} || exit 1
95ca1c9b0cSelric
96ca1c9b0cSelricecho Starting kdc
97b9d004c6Schristos${kdc} --testing --detach || { echo "kdc failed to start"; exit 1; }
98b9d004c6Schristoskdcpid=`getpid kdc`
99ca1c9b0cSelric
100ca1c9b0cSelrictrap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
101ca1c9b0cSelric
102ca1c9b0cSelricexitcode=0
103ca1c9b0cSelric
104ca1c9b0cSelricecho "initial ticket"
105b9d004c6Schristos${kinit} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1
106b9d004c6Schristos
107b9d004c6Schristosecho "copy ccache with gss_store_cred"
108b9d004c6Schristos${test_add_store_cred} ${cache} ${cache2} || exit 1
109b9d004c6Schristos${klist} -c ${cache2} || exit 1
110ca1c9b0cSelric
111ca1c9b0cSelricecho "keytab"
112ca1c9b0cSelric${acquire_cred} \
113ca1c9b0cSelric    --acquire-type=accept \
114ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se || exit 1
115ca1c9b0cSelric
116b9d004c6Schristosecho "keytab w/ short-form name and name canon rules"
117b9d004c6Schristos${acquire_cred} \
118b9d004c6Schristos    --acquire-type=accept \
119b9d004c6Schristos    --acquire-name=host@host || exit 1
120b9d004c6Schristos
121ca1c9b0cSelricecho "keytab w/o name"
122ca1c9b0cSelric${acquire_cred} \
123ca1c9b0cSelric    --acquire-type=accept || exit 1
124ca1c9b0cSelric
125ca1c9b0cSelricecho "keytab w/ wrong name"
126ca1c9b0cSelric${acquire_cred} \
127ca1c9b0cSelric    --acquire-type=accept \
128ca1c9b0cSelric    --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
129ca1c9b0cSelric
130ca1c9b0cSelricecho "init using keytab"
131ca1c9b0cSelric${acquire_cred} \
132ca1c9b0cSelric    --acquire-type=initiate \
133ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
134ca1c9b0cSelric
135ca1c9b0cSelricecho "init using keytab (loop 10)"
136ca1c9b0cSelric${acquire_cred} \
137ca1c9b0cSelric    --acquire-type=initiate \
138ca1c9b0cSelric    --loops=10 \
139ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
140ca1c9b0cSelric
141ca1c9b0cSelricecho "init using keytab (loop 10, target)"
142ca1c9b0cSelric${acquire_cred} \
143ca1c9b0cSelric    --acquire-type=initiate \
144ca1c9b0cSelric    --loops=10 \
145ca1c9b0cSelric    --target=host@host.test.h5l.se \
146ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
147ca1c9b0cSelric
148ca1c9b0cSelricecho "init using keytab (loop 10, kerberos)"
149ca1c9b0cSelric${acquire_cred} \
150ca1c9b0cSelric    --acquire-type=initiate \
151ca1c9b0cSelric    --loops=10 \
152ca1c9b0cSelric    --kerberos \
153ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
154ca1c9b0cSelric
155ca1c9b0cSelricecho "init using keytab (loop 10, target, kerberos)"
156ca1c9b0cSelric${acquire_cred} \
157ca1c9b0cSelric    --acquire-type=initiate \
158ca1c9b0cSelric    --loops=10 \
159ca1c9b0cSelric    --kerberos \
160ca1c9b0cSelric    --target=host@host.test.h5l.se \
161ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
162ca1c9b0cSelric
163ca1c9b0cSelricecho "init using existing cc"
164ca1c9b0cSelric${acquire_cred} \
165ca1c9b0cSelric    --name-type=user-name \
166ca1c9b0cSelric    --acquire-type=initiate \
167ca1c9b0cSelric    --acquire-name=user || exit 1
168ca1c9b0cSelric
169ca1c9b0cSelricKRB5CCNAME=${nocache}
170ca1c9b0cSelric
171ca1c9b0cSelricecho "fail init using existing cc"
172ca1c9b0cSelric${acquire_cred} \
173ca1c9b0cSelric    --name-type=user-name \
174ca1c9b0cSelric    --acquire-type=initiate \
175ca1c9b0cSelric    --acquire-name=user 2>/dev/null && exit 1
176ca1c9b0cSelric
177ca1c9b0cSelricecho "use gss_krb5_ccache_name for user"
178ca1c9b0cSelric${acquire_cred} \
179ca1c9b0cSelric    --name-type=user-name \
180ca1c9b0cSelric    --ccache=${cache} \
181ca1c9b0cSelric    --acquire-type=initiate \
182ca1c9b0cSelric    --acquire-name=user >/dev/null || exit 1
183ca1c9b0cSelric
184ca1c9b0cSelricKRB5CCNAME=${cache}
185ca1c9b0cSelricKRB5_KTNAME=${nokeytab}
186ca1c9b0cSelric
187ca1c9b0cSelricecho "kcred"
188ca1c9b0cSelric${test_kcred} || exit 1
189ca1c9b0cSelric
190b9d004c6Schristos${kdestroy} -c ${cache}
191ca1c9b0cSelric
192ca1c9b0cSelricKRB5_KTNAME="${keytab}"
193ca1c9b0cSelric
194ca1c9b0cSelricecho "init using keytab"
195ca1c9b0cSelric${acquire_cred} \
196ca1c9b0cSelric    --acquire-type=initiate \
197ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
198ca1c9b0cSelric
199ca1c9b0cSelricecho "init using keytab (ccache)"
200ca1c9b0cSelric${acquire_cred} \
201ca1c9b0cSelric    --acquire-type=initiate \
202ca1c9b0cSelric    --ccache=${cache} \
203ca1c9b0cSelric    --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
204ca1c9b0cSelric
205ca1c9b0cSelrictrap "" EXIT
206ca1c9b0cSelric
207ca1c9b0cSelricecho "killing kdc (${kdcpid})"
208ca1c9b0cSelrickill ${kdcpid} 2> /dev/null
209ca1c9b0cSelric
210ca1c9b0cSelricexit $exitcode
211