PageRenderTime 35ms CodeModel.GetById 15ms app.highlight 15ms RepoModel.GetById 1ms app.codeStats 0ms

/crypto/heimdal/tests/kdc/check-digest.in

https://bitbucket.org/freebsd/freebsd-head/
Autoconf | 295 lines | 192 code | 63 blank | 40 comment | 36 complexity | c6d78c7cf5818133d57500dee1cef39f MD5 | raw file
  1#!/bin/sh
  2#
  3# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
  4# (Royal Institute of Technology, Stockholm, Sweden). 
  5# All rights reserved. 
  6#
  7# Redistribution and use in source and binary forms, with or without 
  8# modification, are permitted provided that the following conditions 
  9# are met: 
 10#
 11# 1. Redistributions of source code must retain the above copyright 
 12#    notice, this list of conditions and the following disclaimer. 
 13#
 14# 2. Redistributions in binary form must reproduce the above copyright 
 15#    notice, this list of conditions and the following disclaimer in the 
 16#    documentation and/or other materials provided with the distribution. 
 17#
 18# 3. Neither the name of the Institute nor the names of its contributors 
 19#    may be used to endorse or promote products derived from this software 
 20#    without specific prior written permission. 
 21#
 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 25# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 32# SUCH DAMAGE. 
 33#
 34# $Id: check-digest.in 21849 2007-08-08 06:56:41Z lha $
 35#
 36
 37srcdir="@srcdir@"
 38objdir="@objdir@"
 39
 40# If there is no useful db support compile in, disable test
 41../db/have-db || exit 77
 42
 43R=TEST.H5L.SE
 44
 45port=@port@
 46
 47kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
 48kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
 49
 50server=host/datan.test.h5l.se
 51cache="FILE:${objdir}/cache.krb5"
 52ocache="FILE:${objdir}/ocache.krb5"
 53keytabfile=${objdir}/server.keytab
 54keytab="FILE:${keytabfile}"
 55
 56kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
 57klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
 58kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest --ccache=$cache"
 59test_ntlm="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_ntlm"
 60context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
 61
 62username=foo
 63userpassword=digestpassword
 64
 65password=foobarbaz
 66
 67KRB5_CONFIG="${objdir}/krb5.conf"
 68export KRB5_CONFIG
 69
 70rm -f ${keytabfile}
 71rm -f current-db*
 72rm -f out-*
 73rm -f mkey.file*
 74
 75> messages.log
 76
 77echo Creating database
 78${kadmin} \
 79    init \
 80    --realm-max-ticket-life=1day \
 81    --realm-max-renewable-life=1month \
 82    ${R} || exit 1
 83
 84${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
 85${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
 86${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
 87${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
 88${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
 89
 90echo "Doing database check"
 91${kadmin} check ${R} || exit 1
 92
 93echo $password > ${objdir}/foopassword
 94
 95echo Starting kdc
 96${kdc} &
 97kdcpid=$!
 98
 99sh ${srcdir}/wait-kdc.sh
100if [ "$?" != 0 ] ; then
101    kill ${kdcpid}
102    exit 1
103fi
104
105trap "kill ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
106
107exitcode=0
108
109echo "Getting digest server tickets"
110${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1
111${kdigest} digest-server-init \
112    --kerberos-realm=${R} \
113    --type=CHAP > /dev/null || exitcode=1
114
115echo "Trying NTLM"
116
117NTLM_ACCEPTOR_CCACHE="$cache"
118export NTLM_ACCEPTOR_CCACHE
119
120echo "Trying server-init"
121echo ${kdigest} ntlm-server-init \
122    --kerberos-realm=${R} \
123    > sdigest-init || exitcode=1
124
125echo "test_ntlm"
126${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
127
128NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
129export NTLM_USER_FILE
130
131echo "test_context --mech-type=ntlm"
132${context} --mech-type=ntlm \
133	    --name-type=hostbased-service datan@TEST || \
134		{ echo "test_context 1 failed"; exit 1; }
135
136${context} --mech-type=ntlm \
137	    --name-type=hostbased-service datan@host.TEST || \
138		{ echo "test_context 2 failed"; exit 1; }
139
140${context} --mech-type=ntlm \
141	    --name-type=hostbased-service datan@host.test.domain2 || \
142		{ echo "test_context 3 failed"; exit 1; }
143
144${context} --mech-type=ntlm \
145	    --name-type=hostbased-service datan@host.foo 2>/dev/null && \
146		{ echo "test_context 4 failed"; exit 1; }
147
148echo "Trying SL in NTLM"
149
150
151for type in \
152    "" \
153    "--getverifymic" \
154    "--wrapunwrap" \
155    "--getverifymic --wrapunwrap" \
156    ; do
157
158	echo "Trying NTLM type: ${type}"
159	${context} --mech-type=ntlm ${type} \
160	    --name-type=hostbased-service datan@TEST || \
161	    { echo "test_context 1 failed"; exit 1; }
162
163done
164
165
166echo "Trying CHAP"
167
168${kdigest} digest-server-init \
169    --kerberos-realm=${R} \
170    --type=CHAP \
171    > sdigest-reply || exitcode=1
172
173snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
174identifier=`grep identifier= sdigest-reply | cut -f2- -d=`
175opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
176
177${kdigest} digest-client-request \
178    --type=CHAP \
179    --username="$username"  \
180    --password="$userpassword"  \
181    --opaque="$opaque"  \
182    --server-identifier="$identifier"  \
183    --server-nonce="$snonce" \
184    > cdigest-reply || exitcode=1
185
186cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
187
188#echo user: $username
189#echo server-nonce: $snonce
190#echo opaqeue: $opaque
191#echo identifier: $identifier
192
193${kdigest} digest-server-request \
194    --kerberos-realm=${R} \
195    --type=CHAP \
196    --username="$username"  \
197    --opaque="$opaque"  \
198    --client-response="$cresponseData"  \
199    --server-identifier="$identifier"  \
200    --server-nonce="$snonce"  \
201    > s2digest-reply || exitcode=1
202
203status=`grep status= s2digest-reply | cut -f2- -d=`
204
205if test "X$status" = "Xok" ; then
206    echo "CHAP response ok"
207else
208    echo "CHAP response failed"
209    exitcode=1
210fi
211
212cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'`
213
214${kdigest} digest-server-request \
215    --kerberos-realm=${R} \
216    --type=CHAP \
217    --username="$username"  \
218    --opaque="$opaque"  \
219    --client-response="$cresponseData" \
220    --server-identifier="$identifier"  \
221    --server-nonce="$snonce"  \
222    > s2digest-reply || exitcode=1
223
224status=`grep status= s2digest-reply | cut -f2- -d=`
225
226if test "X$status" = "Xfailed" ; then
227    echo "CHAP response fail as it should"
228else
229    echo "CHAP response succeeded errorously"
230    exitcode=1
231fi
232
233echo "Trying MS-CHAP-V2"
234
235${kdigest} digest-server-init \
236    --kerberos-realm=${R} \
237    --type=MS-CHAP-V2 \
238    > sdigest-reply || exitcode=1
239
240snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
241opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
242cnonce="21402324255E262A28295F2B3A337C7E"
243
244echo "MS-CHAP-V2 client request"
245${kdigest} digest-client-request \
246    --type=MS-CHAP-V2 \
247    --username="$username"  \
248    --password="$userpassword"  \
249    --opaque="$opaque"  \
250    --client-nonce="$cnonce"  \
251    --server-nonce="$snonce" \
252    > cdigest-reply || exitcode=1
253
254cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
255cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
256ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
257
258${kdigest} digest-server-request \
259    --kerberos-realm=${R} \
260    --type=MS-CHAP-V2 \
261    --username="$username"  \
262    --opaque="$opaque"  \
263    --client-response="$cresponseData"  \
264    --client-nonce="$cnonce"  \
265    --server-nonce="$snonce"  \
266    > s2digest-reply || exitcode=1
267
268status=`grep status= s2digest-reply | cut -f2- -d=`
269sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
270skey=`grep session-key= s2digest-reply | cut -f2- -d=`
271
272if test "X$sRsp" != "X$cRsp" ; then
273    echo "rsp wrong $sRsp != $cRsp"
274    exitcode=1
275fi
276
277if test "X$skey" != "X$ckey" ; then
278    echo "rsp wrong"
279    exitcode=1
280fi
281
282if test "X$status" = "Xok" ; then
283    echo "MS-CHAP-V2 response ok"
284else
285    echo "MS-CHAP-V2 response failed"
286    exitcode=1
287fi
288
289trap "" EXIT
290
291echo "killing kdc (${kdcpid})"
292kill $kdcpid || exit 1
293
294exit $exitcode
295