/crypto/heimdal/tests/kdc/check-referral.in

https://bitbucket.org/freebsd/freebsd-head/ · Autoconf · 200 lines · 102 code · 39 blank · 59 comment · 25 complexity · 00b69276713ad7d246ac4d4e1e35717e MD5 · raw file 

    

  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
    4. 

  4. # (Royal Institute of Technology, Stockholm, Sweden). 
    5. 

  5. # All rights reserved. 
    6. 

  6. #
    7. 

  7. # Redistribution and use in source and binary forms, with or without 
    8. 

  8. # modification, are permitted provided that the following conditions 
    9. 

  9. # are met: 
    10. 

  10. #
    11. 

  11. # 1. Redistributions of source code must retain the above copyright 
    12. 

  12. #    notice, this list of conditions and the following disclaimer. 
    13. 

  13. #
    14. 

  14. # 2. Redistributions in binary form must reproduce the above copyright 
    15. 

  15. #    notice, this list of conditions and the following disclaimer in the 
    16. 

  16. #    documentation and/or other materials provided with the distribution. 
    17. 

  17. #
    18. 

  18. # 3. Neither the name of the Institute nor the names of its contributors 
    19. 

  19. #    may be used to endorse or promote products derived from this software 
    20. 

  20. #    without specific prior written permission. 
    21. 

  21. #
    22. 

  22. # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
    23. 

  23. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
    24. 

  24. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
    25. 

  25. # ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
    26. 

  26. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
    27. 

  27. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
    28. 

  28. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
    29. 

  29. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
    30. 

  30. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
    31. 

  31. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
    32. 

  32. # SUCH DAMAGE. 
    33. 

  33. #
    34. 

  34. # $Id: check-referral.in 21854 2007-08-08 06:58:49Z lha $
    35. 

  35. #
    36. 

  36. 

  37. srcdir="@srcdir@"
    38. 

  38. objdir="@objdir@"
    39. 

  39. EGREP="@EGREP@"
    40. 

  40. 

  41. testfailed="echo test failed; cat messages.log; exit 1"
    42. 

  42. 

  43. # If there is no useful db support compile in, disable test
    44. 

  44. ../db/have-db || exit 77
    45. 

  45. 

  46. R=TEST.H5L.SE
    47. 

  47. R2=SUB.TEST.H5L.SE
    48. 

  48. 

  49. service=ldap/host.sub.test.h5l.se
    50. 

  50. 

  51. port=@port@
    52. 

  52. 

  53. kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
    54. 

  54. kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
    55. 

  55. 

  56. cache="FILE:${objdir}/cache.krb5"
    57. 

  57. 

  58. kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
    59. 

  59. klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
    60. 

  60. kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
    61. 

  61. kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
    62. 

  62. 

  63. 

  64. KRB5_CONFIG="${objdir}/krb5.conf"
    65. 

  65. export KRB5_CONFIG
    66. 

  66. 

  67. rm -f ${keytabfile}
    68. 

  68. rm -f current-db*
    69. 

  69. rm -f out-*
    70. 

  70. rm -f mkey.file*
    71. 

  71. 

  72. > messages.log
    73. 

  73. 

  74. echo Creating database
    75. 

  75. ${kadmin} \
    76. 

  76.     init \
    77. 

  77.     --realm-max-ticket-life=1day \
    78. 

  78.     --realm-max-renewable-life=1month \
    79. 

  79.     ${R} || exit 1
    80. 

  80. 

  81. ${kadmin} \
    82. 

  82.     init \
    83. 

  83.     --realm-max-ticket-life=1day \
    84. 

  84.     --realm-max-renewable-life=1month \
    85. 

  85.     ${R2} || exit 1
    86. 

  86. 

  87. ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
    88. 

  88. ${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
    89. 

  89. 

  90. ${kadmin} add -p foo --use-defaults  ${service}@${R2} || exit 1
    91. 

  91. 

  92. ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
    93. 

  93. ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
    94. 

  94. 

  95. echo "Doing database check"
    96. 

  96. ${kadmin} check ${R} || exit 1
    97. 

  97. ${kadmin} check ${R2} || exit 1
    98. 

  98. 

  99. echo foo > ${objdir}/foopassword
    100. 

  100. 

  101. echo Starting kdc
    102. 

  102. ${kdc} &
    103. 

  103. kdcpid=$!
    104. 

  104. 

  105. sh ${srcdir}/wait-kdc.sh
    106. 

  106. if [ "$?" != 0 ] ; then
    107. 

  107.     kill ${kdcpid}
    108. 

  108.     exit 1
    109. 

  109. fi
    110. 

  110. 

  111. trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
    112. 

  112. 

  113. ec=0
    114. 

  114. 

  115. echo "Test AS-REQ"
    116. 

  116. 

  117. echo "Getting client (no canon)"; > messages.log
    118. 

  118. ${kinit} --password-file=${objdir}/foopassword foo@${R} || \
    119. 

  119. 	{ ec=1 ; eval "${testfailed}"; }
    120. 

  120. echo "checking that we got back right principal"
    121. 

  121. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
    122. 

  122. 	{ ec=1 ; eval "${testfailed}"; }
    123. 

  123. ${kdestroy}
    124. 

  124. 

  125. echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
    126. 

  126. ${kinit} --canonicalize \
    127. 

  127. 	--password-file=${objdir}/foopassword foo@${R} || \
    128. 

  128. 	{ ec=1 ; eval "${testfailed}"; }
    129. 

  129. echo "checking that we got back right principal"
    130. 

  130. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
    131. 

  131. 	{ ec=1 ; eval "${testfailed}"; }
    132. 

  132. ${kdestroy}
    133. 

  133. 

  134. echo "Getting client alias1 tickets"; > messages.log
    135. 

  135. ${kinit} --canonicalize \
    136. 

  136. 	--password-file=${objdir}/foopassword foo@${R} || \
    137. 

  137. 	{ ec=1 ; eval "${testfailed}"; }
    138. 

  138. echo "checking that we got back right principal"
    139. 

  139. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
    140. 

  140. 	{ ec=1 ; eval "${testfailed}"; }
    141. 

  141. ${kdestroy}
    142. 

  142. 

  143. 

  144. echo "Getting client alias2 tickets"; > messages.log
    145. 

  145. ${kinit} --canonicalize \
    146. 

  146. 	--password-file=${objdir}/foopassword alias2@${R}@${R} || \
    147. 

  147. 	{ ec=1 ; eval "${testfailed}"; }
    148. 

  148. echo "checking that we got back right principal"
    149. 

  149. ${klist} | grep "Principal: foo@${R}" > /dev/null || \
    150. 

  150. 	{ ec=1 ; eval "${testfailed}"; }
    151. 

  151. ${kdestroy}
    152. 

  152. 

  153. echo "Getting client alias1 tickets (non canon case)"; > messages.log
    154. 

  154. ${kinit} --password-file=${objdir}/foopassword \
    155. 

  155. 	alias1@${R}@${R} > /dev/null 2>/dev/null && \
    156. 

  156. 	{ ec=1 ; eval "${testfailed}"; }
    157. 

  157. 

  158. echo "Getting client alias2 tickets (removed)"; > messages.log
    159. 

  159. ${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
    160. 

  160. ${kinit} --canonicalize \
    161. 

  161. 	--password-file=${objdir}/foopassword \
    162. 

  162. 	alias2@${R}@${R} > /dev/null 2>/dev/null && \
    163. 

  163. 	{ ec=1 ; eval "${testfailed}"; }
    164. 

  164. 

  165. echo "Remove alias"
    166. 

  166. ${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
    167. 

  167. 

  168. echo "Test TGS-REQ"
    169. 

  169. 

  170. #echo "Getting client for ${service}@${R} (kdc referral)"
    171. 

  171. #> messages.log
    172. 

  172. #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
    173. 

  173. #	{ ec=1 ; eval "${testfailed}"; }
    174. 

  174. #${kgetcred} --server ${service}@${R} ||
    175. 

  175. #	{ ec=1 ; eval "${testfailed}"; }
    176. 

  176. #${klist}
    177. 

  177. #echo "checking that we got back right principal"
    178. 

  178. #${klist} | grep "${service}@${R2}" > /dev/null || \
    179. 

  179. #	{ ec=1 ; eval "${testfailed}"; }
    180. 

  180. #${kdestroy}
    181. 

  181. #
    182. 

  182. #echo "Getting client for ${service}@${R2} (client side guessing)"
    183. 

  183. #> messages.log
    184. 

  184. #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
    185. 

  185. #	{ ec=1 ; eval "${testfailed}"; }
    186. 

  186. #${kgetcred} --server ${service}@${R2} ||
    187. 

  187. #	{ ec=1 ; eval "${testfailed}"; }
    188. 

  188. #${klist}
    189. 

  189. #echo "checking that we got back right principal"
    190. 

  190. #${klist} | grep "${service}@${R2}" > /dev/null || \
    191. 

  191. #	{ ec=1 ; eval "${testfailed}"; }
    192. 

  192. #${kdestroy}
    193. 

  193. 

  194. 

  195. echo "killing kdc (${kdcpid})"
    196. 

  196. kill $kdcpid || exit 1
    197. 

  197. 

  198. trap "" EXIT
    199. 

  199. 

  200. exit $ec
    201.