/crypto/heimdal/tests/kdc/check-referral.in

https://bitbucket.org/freebsd/freebsd-head/ · Autoconf · 200 lines · 102 code · 39 blank · 59 comment · 25 complexity · 00b69276713ad7d246ac4d4e1e35717e MD5 · raw file

  1. #!/bin/sh
  2. #
  3. # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
  4. # (Royal Institute of Technology, Stockholm, Sweden).
  5. # All rights reserved.
  6. #
  7. # Redistribution and use in source and binary forms, with or without
  8. # modification, are permitted provided that the following conditions
  9. # are met:
  10. #
  11. # 1. Redistributions of source code must retain the above copyright
  12. # notice, this list of conditions and the following disclaimer.
  13. #
  14. # 2. Redistributions in binary form must reproduce the above copyright
  15. # notice, this list of conditions and the following disclaimer in the
  16. # documentation and/or other materials provided with the distribution.
  17. #
  18. # 3. Neither the name of the Institute nor the names of its contributors
  19. # may be used to endorse or promote products derived from this software
  20. # without specific prior written permission.
  21. #
  22. # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  23. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25. # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  26. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32. # SUCH DAMAGE.
  33. #
  34. # $Id: check-referral.in 21854 2007-08-08 06:58:49Z lha $
  35. #
  36. srcdir="@srcdir@"
  37. objdir="@objdir@"
  38. EGREP="@EGREP@"
  39. testfailed="echo test failed; cat messages.log; exit 1"
  40. # If there is no useful db support compile in, disable test
  41. ../db/have-db || exit 77
  42. R=TEST.H5L.SE
  43. R2=SUB.TEST.H5L.SE
  44. service=ldap/host.sub.test.h5l.se
  45. port=@port@
  46. kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
  47. kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
  48. cache="FILE:${objdir}/cache.krb5"
  49. kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
  50. klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
  51. kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
  52. kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
  53. KRB5_CONFIG="${objdir}/krb5.conf"
  54. export KRB5_CONFIG
  55. rm -f ${keytabfile}
  56. rm -f current-db*
  57. rm -f out-*
  58. rm -f mkey.file*
  59. > messages.log
  60. echo Creating database
  61. ${kadmin} \
  62. init \
  63. --realm-max-ticket-life=1day \
  64. --realm-max-renewable-life=1month \
  65. ${R} || exit 1
  66. ${kadmin} \
  67. init \
  68. --realm-max-ticket-life=1day \
  69. --realm-max-renewable-life=1month \
  70. ${R2} || exit 1
  71. ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
  72. ${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
  73. ${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1
  74. ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
  75. ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
  76. echo "Doing database check"
  77. ${kadmin} check ${R} || exit 1
  78. ${kadmin} check ${R2} || exit 1
  79. echo foo > ${objdir}/foopassword
  80. echo Starting kdc
  81. ${kdc} &
  82. kdcpid=$!
  83. sh ${srcdir}/wait-kdc.sh
  84. if [ "$?" != 0 ] ; then
  85. kill ${kdcpid}
  86. exit 1
  87. fi
  88. trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
  89. ec=0
  90. echo "Test AS-REQ"
  91. echo "Getting client (no canon)"; > messages.log
  92. ${kinit} --password-file=${objdir}/foopassword foo@${R} || \
  93. { ec=1 ; eval "${testfailed}"; }
  94. echo "checking that we got back right principal"
  95. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
  96. { ec=1 ; eval "${testfailed}"; }
  97. ${kdestroy}
  98. echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
  99. ${kinit} --canonicalize \
  100. --password-file=${objdir}/foopassword foo@${R} || \
  101. { ec=1 ; eval "${testfailed}"; }
  102. echo "checking that we got back right principal"
  103. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
  104. { ec=1 ; eval "${testfailed}"; }
  105. ${kdestroy}
  106. echo "Getting client alias1 tickets"; > messages.log
  107. ${kinit} --canonicalize \
  108. --password-file=${objdir}/foopassword foo@${R} || \
  109. { ec=1 ; eval "${testfailed}"; }
  110. echo "checking that we got back right principal"
  111. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
  112. { ec=1 ; eval "${testfailed}"; }
  113. ${kdestroy}
  114. echo "Getting client alias2 tickets"; > messages.log
  115. ${kinit} --canonicalize \
  116. --password-file=${objdir}/foopassword alias2@${R}@${R} || \
  117. { ec=1 ; eval "${testfailed}"; }
  118. echo "checking that we got back right principal"
  119. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
  120. { ec=1 ; eval "${testfailed}"; }
  121. ${kdestroy}
  122. echo "Getting client alias1 tickets (non canon case)"; > messages.log
  123. ${kinit} --password-file=${objdir}/foopassword \
  124. alias1@${R}@${R} > /dev/null 2>/dev/null && \
  125. { ec=1 ; eval "${testfailed}"; }
  126. echo "Getting client alias2 tickets (removed)"; > messages.log
  127. ${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
  128. ${kinit} --canonicalize \
  129. --password-file=${objdir}/foopassword \
  130. alias2@${R}@${R} > /dev/null 2>/dev/null && \
  131. { ec=1 ; eval "${testfailed}"; }
  132. echo "Remove alias"
  133. ${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
  134. echo "Test TGS-REQ"
  135. #echo "Getting client for ${service}@${R} (kdc referral)"
  136. #> messages.log
  137. #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
  138. # { ec=1 ; eval "${testfailed}"; }
  139. #${kgetcred} --server ${service}@${R} ||
  140. # { ec=1 ; eval "${testfailed}"; }
  141. #${klist}
  142. #echo "checking that we got back right principal"
  143. #${klist} | grep "${service}@${R2}" > /dev/null || \
  144. # { ec=1 ; eval "${testfailed}"; }
  145. #${kdestroy}
  146. #
  147. #echo "Getting client for ${service}@${R2} (client side guessing)"
  148. #> messages.log
  149. #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
  150. # { ec=1 ; eval "${testfailed}"; }
  151. #${kgetcred} --server ${service}@${R2} ||
  152. # { ec=1 ; eval "${testfailed}"; }
  153. #${klist}
  154. #echo "checking that we got back right principal"
  155. #${klist} | grep "${service}@${R2}" > /dev/null || \
  156. # { ec=1 ; eval "${testfailed}"; }
  157. #${kdestroy}
  158. echo "killing kdc (${kdcpid})"
  159. kill $kdcpid || exit 1
  160. trap "" EXIT
  161. exit $ec