xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/setup_kdc.sh (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1*e670fd5cSchristos#! /bin/sh
2*e670fd5cSchristos# $OpenLDAP$
3*e670fd5cSchristos## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4*e670fd5cSchristos##
5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation.
6*e670fd5cSchristos## All rights reserved.
7*e670fd5cSchristos##
8*e670fd5cSchristos## Redistribution and use in source and binary forms, with or without
9*e670fd5cSchristos## modification, are permitted only as authorized by the OpenLDAP
10*e670fd5cSchristos## Public License.
11*e670fd5cSchristos##
12*e670fd5cSchristos## A copy of this license is available in the file LICENSE in the
13*e670fd5cSchristos## top-level directory of the distribution or, alternatively, at
14*e670fd5cSchristos## <http://www.OpenLDAP.org/license.html>.
15*e670fd5cSchristos
16*e670fd5cSchristosKRB5_TRACE=$TESTDIR/k5_trace
17*e670fd5cSchristosKRB5_CONFIG=$TESTDIR/krb5.conf
18*e670fd5cSchristosKRB5_KDC_PROFILE=$KRB5_CONFIG
19*e670fd5cSchristosKRB5_KTNAME=$TESTDIR/server.kt
20*e670fd5cSchristosKRB5_CLIENT_KTNAME=$TESTDIR/client.kt
21*e670fd5cSchristosKRB5CCNAME=$TESTDIR/client.ccache
22*e670fd5cSchristos
23*e670fd5cSchristosexport KRB5_TRACE KRB5_CONFIG KRB5_KDC_PROFILE KRB5_KTNAME KRB5_CLIENT_KTNAME KRB5CCNAME
24*e670fd5cSchristos
25*e670fd5cSchristosKDCLOG=$TESTDIR/setup_kdc.log
26*e670fd5cSchristosKSERVICE=ldap/$LOCALHOST
27*e670fd5cSchristosKUSER=kuser
28*e670fd5cSchristos
29*e670fd5cSchristos. $CONFFILTER < $DATADIR/krb5.conf > $KRB5_CONFIG
30*e670fd5cSchristos
31*e670fd5cSchristosPATH=${PATH}:/usr/lib/heimdal-servers:/usr/sbin:/usr/local/sbin
32*e670fd5cSchristos
33*e670fd5cSchristosecho "Trying Heimdal KDC..."
34*e670fd5cSchristos
35*e670fd5cSchristoscommand -v kdc >/dev/null 2>&1
36*e670fd5cSchristosif test $? = 0 ; then
37*e670fd5cSchristos	kstash --random-key > $KDCLOG 2>&1
38*e670fd5cSchristos	RC=$?
39*e670fd5cSchristos	if test $RC != 0 ; then
40*e670fd5cSchristos		echo "Heimdal: kstash failed, skipping GSSAPI tests"
41*e670fd5cSchristos		exit 0
42*e670fd5cSchristos	fi
43*e670fd5cSchristos
44*e670fd5cSchristos	flags="--realm-max-ticket-life=1h --realm-max-renewable-life=1h"
45*e670fd5cSchristos	kadmin -l init $flags $KRB5REALM > $KDCLOG 2>&1
46*e670fd5cSchristos	RC=$?
47*e670fd5cSchristos	if test $RC != 0 ; then
48*e670fd5cSchristos		echo "Heimdal: kadmin init failed, skipping GSSAPI tests"
49*e670fd5cSchristos		exit 0
50*e670fd5cSchristos	fi
51*e670fd5cSchristos
52*e670fd5cSchristos	kadmin -l add --random-key --use-defaults $KSERVICE > $KDCLOG 2>&1
53*e670fd5cSchristos	RC=$?
54*e670fd5cSchristos	if test $RC != 0 ; then
55*e670fd5cSchristos		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
56*e670fd5cSchristos		exit 0
57*e670fd5cSchristos	fi
58*e670fd5cSchristos
59*e670fd5cSchristos	kadmin -l ext -k $KRB5_KTNAME $KSERVICE > $KDCLOG 2>&1
60*e670fd5cSchristos	RC=$?
61*e670fd5cSchristos	if test $RC != 0 ; then
62*e670fd5cSchristos		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
63*e670fd5cSchristos		exit 0
64*e670fd5cSchristos	fi
65*e670fd5cSchristos
66*e670fd5cSchristos	kadmin -l add --random-key --use-defaults $KUSER > $KDCLOG 2>&1
67*e670fd5cSchristos	RC=$?
68*e670fd5cSchristos	if test $RC != 0 ; then
69*e670fd5cSchristos		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
70*e670fd5cSchristos		exit 0
71*e670fd5cSchristos	fi
72*e670fd5cSchristos
73*e670fd5cSchristos	kadmin -l ext -k $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
74*e670fd5cSchristos	RC=$?
75*e670fd5cSchristos	if test $RC != 0 ; then
76*e670fd5cSchristos		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
77*e670fd5cSchristos		exit 0
78*e670fd5cSchristos	fi
79*e670fd5cSchristos
80*e670fd5cSchristos	kdc --addresses=$LOCALIP --ports="$KDCPORT/udp" > $KDCLOG 2>&1 &
81*e670fd5cSchristoselse
82*e670fd5cSchristos	echo "Trying MIT KDC..."
83*e670fd5cSchristos
84*e670fd5cSchristos	command -v krb5kdc >/dev/null 2>&1
85*e670fd5cSchristos	if test $? != 0; then
86*e670fd5cSchristos		echo "No KDC available, skipping GSSAPI tests"
87*e670fd5cSchristos		exit 0
88*e670fd5cSchristos	fi
89*e670fd5cSchristos
90*e670fd5cSchristos	kdb5_util create -r $KRB5REALM -s -P password > $KDCLOG 2>&1
91*e670fd5cSchristos	RC=$?
92*e670fd5cSchristos	if test $RC != 0 ; then
93*e670fd5cSchristos		echo "MIT: kdb5_util create failed, skipping GSSAPI tests"
94*e670fd5cSchristos		exit 0
95*e670fd5cSchristos	fi
96*e670fd5cSchristos
97*e670fd5cSchristos	kadmin.local -q "addprinc -randkey $KSERVICE" > $KDCLOG 2>&1
98*e670fd5cSchristos	RC=$?
99*e670fd5cSchristos	if test $RC != 0 ; then
100*e670fd5cSchristos		echo "MIT: admin addprinc failed, skipping GSSAPI tests"
101*e670fd5cSchristos		exit 0
102*e670fd5cSchristos	fi
103*e670fd5cSchristos
104*e670fd5cSchristos	kadmin.local -q "ktadd -k $KRB5_KTNAME $KSERVICE" > $KDCLOG 2>&1
105*e670fd5cSchristos	RC=$?
106*e670fd5cSchristos	if test $RC != 0 ; then
107*e670fd5cSchristos		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
108*e670fd5cSchristos		exit 0
109*e670fd5cSchristos	fi
110*e670fd5cSchristos
111*e670fd5cSchristos	kadmin.local -q "addprinc -randkey $KUSER" > $KDCLOG 2>&1
112*e670fd5cSchristos	RC=$?
113*e670fd5cSchristos	if test $RC != 0 ; then
114*e670fd5cSchristos		echo "MIT: kadmin addprinc failed, skipping GSSAPI tests"
115*e670fd5cSchristos		exit 0
116*e670fd5cSchristos	fi
117*e670fd5cSchristos
118*e670fd5cSchristos	kadmin.local -q "ktadd -k $KRB5_CLIENT_KTNAME $KUSER" > $KDCLOG 2>&1
119*e670fd5cSchristos	RC=$?
120*e670fd5cSchristos	if test $RC != 0 ; then
121*e670fd5cSchristos		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
122*e670fd5cSchristos		exit 0
123*e670fd5cSchristos	fi
124*e670fd5cSchristos
125*e670fd5cSchristos	krb5kdc -n > $KDCLOG 2>&1 &
126*e670fd5cSchristosfi
127*e670fd5cSchristos
128*e670fd5cSchristosKDCPROC=$!
129*e670fd5cSchristossleep 1
130*e670fd5cSchristos
131*e670fd5cSchristoskinit -kt $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
132*e670fd5cSchristosRC=$?
133*e670fd5cSchristosif test $RC != 0 ; then
134*e670fd5cSchristos	kill $KDCPROC
135*e670fd5cSchristos	echo "SASL/GSSAPI: kinit failed, skipping GSSAPI tests"
136*e670fd5cSchristos	exit 0
137*e670fd5cSchristosfi
138*e670fd5cSchristos
139*e670fd5cSchristospluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
140*e670fd5cSchristosRC=$?
141*e670fd5cSchristosif test $RC != 0 ; then
142*e670fd5cSchristos
143*e670fd5cSchristos	saslpluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
144*e670fd5cSchristos	RC=$?
145*e670fd5cSchristos	if test $RC != 0 ; then
146*e670fd5cSchristos		kill $KDCPROC
147*e670fd5cSchristos		echo "cyrus-sasl has no GSSAPI support, test skipped"
148*e670fd5cSchristos		exit 0
149*e670fd5cSchristos	fi
150*e670fd5cSchristosfi
151*e670fd5cSchristos
152*e670fd5cSchristosHAVE_SASL_GSS_CBIND=no
153*e670fd5cSchristos
154*e670fd5cSchristosgrep CHANNEL_BINDING $TESTDIR/plugin_out > /dev/null 2>&1
155*e670fd5cSchristosRC=$?
156*e670fd5cSchristosif test $RC = 0 ; then
157*e670fd5cSchristos	HAVE_SASL_GSS_CBIND=yes
158*e670fd5cSchristosfi
159