1#!/bin/sh 2# 3# Copyright (c) 2007 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33# 34# Id 35# 36 37env_setup="@env_setup@" 38srcdir="@srcdir@" 39objdir="@objdir@" 40 41. ${env_setup} 42 43# If there is no useful db support compiled in, disable test 44../db/have-db || exit 77 45 46R=TEST.H5L.SE 47 48port=@port@ 49 50keytabfile=${objdir}/server.keytab 51keytab="FILE:${keytabfile}" 52nokeytab="FILE:no-such-keytab" 53cache="FILE:krb5ccfile" 54cache2="FILE:krb5ccfile2" 55nocache="FILE:no-such-cache" 56 57kadmin="${kadmin} -l -r $R" 58kdc="${kdc} --addresses=localhost -P $port" 59 60acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred" 61test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred" 62test_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred" 63 64KRB5_CONFIG="${objdir}/krb5.conf" 65export KRB5_CONFIG 66 67KRB5_KTNAME="${keytab}" 68export KRB5_KTNAME 69KRB5CCNAME="${cache}" 70export KRB5CCNAME 71 72rm -f ${keytabfile} 73rm -f current-db* 74rm -f out-* 75rm -f mkey.file* 76 77> messages.log 78 79echo Creating database 80${kadmin} \ 81 init \ 82 --realm-max-ticket-life=1day \ 83 --realm-max-renewable-life=1month \ 84 ${R} || exit 1 85 86echo upw > ${objdir}/foopassword 87 88${kadmin} add -p upw --use-defaults user@${R} || exit 1 89${kadmin} add -p upw --use-defaults another@${R} || exit 1 90${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1 91${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1 92 93echo "Doing database check" 94${kadmin} check ${R} || exit 1 95 96echo Starting kdc 97${kdc} --testing --detach || { echo "kdc failed to start"; exit 1; } 98kdcpid=`getpid kdc` 99 100trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 101 102exitcode=0 103 104echo "initial ticket" 105${kinit} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1 106 107echo "copy ccache with gss_store_cred" 108${test_add_store_cred} ${cache} ${cache2} || exit 1 109${klist} -c ${cache2} || exit 1 110 111echo "keytab" 112${acquire_cred} \ 113 --acquire-type=accept \ 114 --acquire-name=host@host.test.h5l.se || exit 1 115 116echo "keytab w/ short-form name and name canon rules" 117${acquire_cred} \ 118 --acquire-type=accept \ 119 --acquire-name=host@host || exit 1 120 121echo "keytab w/o name" 122${acquire_cred} \ 123 --acquire-type=accept || exit 1 124 125echo "keytab w/ wrong name" 126${acquire_cred} \ 127 --acquire-type=accept \ 128 --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1 129 130echo "init using keytab" 131${acquire_cred} \ 132 --acquire-type=initiate \ 133 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 134 135echo "init using keytab (loop 10)" 136${acquire_cred} \ 137 --acquire-type=initiate \ 138 --loops=10 \ 139 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 140 141echo "init using keytab (loop 10, target)" 142${acquire_cred} \ 143 --acquire-type=initiate \ 144 --loops=10 \ 145 --target=host@host.test.h5l.se \ 146 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 147 148echo "init using keytab (loop 10, kerberos)" 149${acquire_cred} \ 150 --acquire-type=initiate \ 151 --loops=10 \ 152 --kerberos \ 153 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 154 155echo "init using keytab (loop 10, target, kerberos)" 156${acquire_cred} \ 157 --acquire-type=initiate \ 158 --loops=10 \ 159 --kerberos \ 160 --target=host@host.test.h5l.se \ 161 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 162 163echo "init using existing cc" 164${acquire_cred} \ 165 --name-type=user-name \ 166 --acquire-type=initiate \ 167 --acquire-name=user || exit 1 168 169KRB5CCNAME=${nocache} 170 171echo "fail init using existing cc" 172${acquire_cred} \ 173 --name-type=user-name \ 174 --acquire-type=initiate \ 175 --acquire-name=user 2>/dev/null && exit 1 176 177echo "use gss_krb5_ccache_name for user" 178${acquire_cred} \ 179 --name-type=user-name \ 180 --ccache=${cache} \ 181 --acquire-type=initiate \ 182 --acquire-name=user >/dev/null || exit 1 183 184KRB5CCNAME=${cache} 185KRB5_KTNAME=${nokeytab} 186 187echo "kcred" 188${test_kcred} || exit 1 189 190${kdestroy} -c ${cache} 191 192KRB5_KTNAME="${keytab}" 193 194echo "init using keytab" 195${acquire_cred} \ 196 --acquire-type=initiate \ 197 --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1 198 199echo "init using keytab (ccache)" 200${acquire_cred} \ 201 --acquire-type=initiate \ 202 --ccache=${cache} \ 203 --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1 204 205trap "" EXIT 206 207echo "killing kdc (${kdcpid})" 208kill ${kdcpid} 2> /dev/null 209 210exit $exitcode 211