check-referral.in | searchcode

/crypto/heimdal/tests/kdc/check-referral.in

https://bitbucket.org/freebsd/freebsd-head/
Autoconf | 200 lines | 102 code | 39 blank | 59 comment | 25 complexity | 00b69276713ad7d246ac4d4e1e35717e MD5 | raw file
  1#!/bin/sh
  2#
  3# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
  4# (Royal Institute of Technology, Stockholm, Sweden). 
  5# All rights reserved. 
  6#
  7# Redistribution and use in source and binary forms, with or without 
  8# modification, are permitted provided that the following conditions 
  9# are met: 
 10#
 11# 1. Redistributions of source code must retain the above copyright 
 12#    notice, this list of conditions and the following disclaimer. 
 13#
 14# 2. Redistributions in binary form must reproduce the above copyright 
 15#    notice, this list of conditions and the following disclaimer in the 
 16#    documentation and/or other materials provided with the distribution. 
 17#
 18# 3. Neither the name of the Institute nor the names of its contributors 
 19#    may be used to endorse or promote products derived from this software 
 20#    without specific prior written permission. 
 21#
 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 25# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 32# SUCH DAMAGE. 
 33#
 34# $Id: check-referral.in 21854 2007-08-08 06:58:49Z lha $
 35#
 36
 37srcdir="@srcdir@"
 38objdir="@objdir@"
 39EGREP="@EGREP@"
 40
 41testfailed="echo test failed; cat messages.log; exit 1"
 42
 43# If there is no useful db support compile in, disable test
 44../db/have-db || exit 77
 45
 46R=TEST.H5L.SE
 47R2=SUB.TEST.H5L.SE
 48
 49service=ldap/host.sub.test.h5l.se
 50
 51port=@port@
 52
 53kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
 54kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
 55
 56cache="FILE:${objdir}/cache.krb5"
 57
 58kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
 59klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
 60kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
 61kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
 62
 63
 64KRB5_CONFIG="${objdir}/krb5.conf"
 65export KRB5_CONFIG
 66
 67rm -f ${keytabfile}
 68rm -f current-db*
 69rm -f out-*
 70rm -f mkey.file*
 71
 72> messages.log
 73
 74echo Creating database
 75${kadmin} \
 76    init \
 77    --realm-max-ticket-life=1day \
 78    --realm-max-renewable-life=1month \
 79    ${R} || exit 1
 80
 81${kadmin} \
 82    init \
 83    --realm-max-ticket-life=1day \
 84    --realm-max-renewable-life=1month \
 85    ${R2} || exit 1
 86
 87${kadmin} add -p foo --use-defaults foo@${R} || exit 1
 88${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
 89
 90${kadmin} add -p foo --use-defaults  ${service}@${R2} || exit 1
 91
 92${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
 93${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
 94
 95echo "Doing database check"
 96${kadmin} check ${R} || exit 1
 97${kadmin} check ${R2} || exit 1
 98
 99echo foo > ${objdir}/foopassword
100
101echo Starting kdc
102${kdc} &
103kdcpid=$!
104
105sh ${srcdir}/wait-kdc.sh
106if [ "$?" != 0 ] ; then
107    kill ${kdcpid}
108    exit 1
109fi
110
111trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
112
113ec=0
114
115echo "Test AS-REQ"
116
117echo "Getting client (no canon)"; > messages.log
118${kinit} --password-file=${objdir}/foopassword foo@${R} || \
119	{ ec=1 ; eval "${testfailed}"; }
120echo "checking that we got back right principal"
121${klist} | grep "Principal: foo@${R}" > /dev/null || \
122	{ ec=1 ; eval "${testfailed}"; }
123${kdestroy}
124
125echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
126${kinit} --canonicalize \
127	--password-file=${objdir}/foopassword foo@${R} || \
128	{ ec=1 ; eval "${testfailed}"; }
129echo "checking that we got back right principal"
130${klist} | grep "Principal: foo@${R}" > /dev/null || \
131	{ ec=1 ; eval "${testfailed}"; }
132${kdestroy}
133
134echo "Getting client alias1 tickets"; > messages.log
135${kinit} --canonicalize \
136	--password-file=${objdir}/foopassword foo@${R} || \
137	{ ec=1 ; eval "${testfailed}"; }
138echo "checking that we got back right principal"
139${klist} | grep "Principal: foo@${R}" > /dev/null || \
140	{ ec=1 ; eval "${testfailed}"; }
141${kdestroy}
142
143
144echo "Getting client alias2 tickets"; > messages.log
145${kinit} --canonicalize \
146	--password-file=${objdir}/foopassword alias2@${R}@${R} || \
147	{ ec=1 ; eval "${testfailed}"; }
148echo "checking that we got back right principal"
149${klist} | grep "Principal: foo@${R}" > /dev/null || \
150	{ ec=1 ; eval "${testfailed}"; }
151${kdestroy}
152
153echo "Getting client alias1 tickets (non canon case)"; > messages.log
154${kinit} --password-file=${objdir}/foopassword \
155	alias1@${R}@${R} > /dev/null 2>/dev/null && \
156	{ ec=1 ; eval "${testfailed}"; }
157
158echo "Getting client alias2 tickets (removed)"; > messages.log
159${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
160${kinit} --canonicalize \
161	--password-file=${objdir}/foopassword \
162	alias2@${R}@${R} > /dev/null 2>/dev/null && \
163	{ ec=1 ; eval "${testfailed}"; }
164
165echo "Remove alias"
166${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
167
168echo "Test TGS-REQ"
169
170#echo "Getting client for ${service}@${R} (kdc referral)"
171#> messages.log
172#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
173#	{ ec=1 ; eval "${testfailed}"; }
174#${kgetcred} --server ${service}@${R} ||
175#	{ ec=1 ; eval "${testfailed}"; }
176#${klist}
177#echo "checking that we got back right principal"
178#${klist} | grep "${service}@${R2}" > /dev/null || \
179#	{ ec=1 ; eval "${testfailed}"; }
180#${kdestroy}
181#
182#echo "Getting client for ${service}@${R2} (client side guessing)"
183#> messages.log
184#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
185#	{ ec=1 ; eval "${testfailed}"; }
186#${kgetcred} --server ${service}@${R2} ||
187#	{ ec=1 ; eval "${testfailed}"; }
188#${klist}
189#echo "checking that we got back right principal"
190#${klist} | grep "${service}@${R2}" > /dev/null || \
191#	{ ec=1 ; eval "${testfailed}"; }
192#${kdestroy}
193
194
195echo "killing kdc (${kdcpid})"
196kill $kdcpid || exit 1
197
198trap "" EXIT
199
200exit $ec