/crypto/heimdal/tests/kdc/check-referral.in
https://bitbucket.org/freebsd/freebsd-head/ · Autoconf · 200 lines · 102 code · 39 blank · 59 comment · 25 complexity · 00b69276713ad7d246ac4d4e1e35717e MD5 · raw file
- #!/bin/sh
- #
- # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
- # (Royal Institute of Technology, Stockholm, Sweden).
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- #
- # 1. Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- #
- # 2. Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in the
- # documentation and/or other materials provided with the distribution.
- #
- # 3. Neither the name of the Institute nor the names of its contributors
- # may be used to endorse or promote products derived from this software
- # without specific prior written permission.
- #
- # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- # SUCH DAMAGE.
- #
- # $Id: check-referral.in 21854 2007-08-08 06:58:49Z lha $
- #
- srcdir="@srcdir@"
- objdir="@objdir@"
- EGREP="@EGREP@"
- testfailed="echo test failed; cat messages.log; exit 1"
- # If there is no useful db support compile in, disable test
- ../db/have-db || exit 77
- R=TEST.H5L.SE
- R2=SUB.TEST.H5L.SE
- service=ldap/host.sub.test.h5l.se
- port=@port@
- kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
- kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
- cache="FILE:${objdir}/cache.krb5"
- kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
- klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
- kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
- kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
- KRB5_CONFIG="${objdir}/krb5.conf"
- export KRB5_CONFIG
- rm -f ${keytabfile}
- rm -f current-db*
- rm -f out-*
- rm -f mkey.file*
- > messages.log
- echo Creating database
- ${kadmin} \
- init \
- --realm-max-ticket-life=1day \
- --realm-max-renewable-life=1month \
- ${R} || exit 1
- ${kadmin} \
- init \
- --realm-max-ticket-life=1day \
- --realm-max-renewable-life=1month \
- ${R2} || exit 1
- ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
- ${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
- ${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1
- ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
- ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
- echo "Doing database check"
- ${kadmin} check ${R} || exit 1
- ${kadmin} check ${R2} || exit 1
- echo foo > ${objdir}/foopassword
- echo Starting kdc
- ${kdc} &
- kdcpid=$!
- sh ${srcdir}/wait-kdc.sh
- if [ "$?" != 0 ] ; then
- kill ${kdcpid}
- exit 1
- fi
- trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
- ec=0
- echo "Test AS-REQ"
- echo "Getting client (no canon)"; > messages.log
- ${kinit} --password-file=${objdir}/foopassword foo@${R} || \
- { ec=1 ; eval "${testfailed}"; }
- echo "checking that we got back right principal"
- ${klist} | grep "Principal: foo@${R}" > /dev/null || \
- { ec=1 ; eval "${testfailed}"; }
- ${kdestroy}
- echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
- ${kinit} --canonicalize \
- --password-file=${objdir}/foopassword foo@${R} || \
- { ec=1 ; eval "${testfailed}"; }
- echo "checking that we got back right principal"
- ${klist} | grep "Principal: foo@${R}" > /dev/null || \
- { ec=1 ; eval "${testfailed}"; }
- ${kdestroy}
- echo "Getting client alias1 tickets"; > messages.log
- ${kinit} --canonicalize \
- --password-file=${objdir}/foopassword foo@${R} || \
- { ec=1 ; eval "${testfailed}"; }
- echo "checking that we got back right principal"
- ${klist} | grep "Principal: foo@${R}" > /dev/null || \
- { ec=1 ; eval "${testfailed}"; }
- ${kdestroy}
- echo "Getting client alias2 tickets"; > messages.log
- ${kinit} --canonicalize \
- --password-file=${objdir}/foopassword alias2@${R}@${R} || \
- { ec=1 ; eval "${testfailed}"; }
- echo "checking that we got back right principal"
- ${klist} | grep "Principal: foo@${R}" > /dev/null || \
- { ec=1 ; eval "${testfailed}"; }
- ${kdestroy}
- echo "Getting client alias1 tickets (non canon case)"; > messages.log
- ${kinit} --password-file=${objdir}/foopassword \
- alias1@${R}@${R} > /dev/null 2>/dev/null && \
- { ec=1 ; eval "${testfailed}"; }
- echo "Getting client alias2 tickets (removed)"; > messages.log
- ${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
- ${kinit} --canonicalize \
- --password-file=${objdir}/foopassword \
- alias2@${R}@${R} > /dev/null 2>/dev/null && \
- { ec=1 ; eval "${testfailed}"; }
- echo "Remove alias"
- ${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
- echo "Test TGS-REQ"
- #echo "Getting client for ${service}@${R} (kdc referral)"
- #> messages.log
- #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
- # { ec=1 ; eval "${testfailed}"; }
- #${kgetcred} --server ${service}@${R} ||
- # { ec=1 ; eval "${testfailed}"; }
- #${klist}
- #echo "checking that we got back right principal"
- #${klist} | grep "${service}@${R2}" > /dev/null || \
- # { ec=1 ; eval "${testfailed}"; }
- #${kdestroy}
- #
- #echo "Getting client for ${service}@${R2} (client side guessing)"
- #> messages.log
- #${kinit} --password-file=${objdir}/foopassword foo@${R} || \
- # { ec=1 ; eval "${testfailed}"; }
- #${kgetcred} --server ${service}@${R2} ||
- # { ec=1 ; eval "${testfailed}"; }
- #${klist}
- #echo "checking that we got back right principal"
- #${klist} | grep "${service}@${R2}" > /dev/null || \
- # { ec=1 ; eval "${testfailed}"; }
- #${kdestroy}
- echo "killing kdc (${kdcpid})"
- kill $kdcpid || exit 1
- trap "" EXIT
- exit $ec