1 #!/bin/sh 2 # 3 # Copyright (c) 2006 Kungliga Tekniska Hgskolan 4 # (Royal Institute of Technology, Stockholm, Sweden). 5 # All rights reserved. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions 9 # are met: 10 # 11 # 1. Redistributions of source code must retain the above copyright 12 # notice, this list of conditions and the following disclaimer. 13 # 14 # 2. Redistributions in binary form must reproduce the above copyright 15 # notice, this list of conditions and the following disclaimer in the 16 # documentation and/or other materials provided with the distribution. 17 # 18 # 3. Neither the name of the Institute nor the names of its contributors 19 # may be used to endorse or promote products derived from this software 20 # without specific prior written permission. 21 # 22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 # SUCH DAMAGE. 33 # 34 # Id 35 # 36 37 env_setup="@env_setup@" 38 srcdir="@srcdir@" 39 objdir="@objdir@" 40 41 . ${env_setup} 42 43 # If there is no useful db support compiled in, disable test 44 ../db/have-db || exit 77 45 46 R=TEST.H5L.SE 47 48 port=@port@ 49 50 keytabfile=${objdir}/server.keytab 51 keytab="FILE:${keytabfile}" 52 cache="FILE:krb5ccfile" 53 cacheds="FILE:krb5ccfile-ds" 54 55 kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog} --forwardable" 56 kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}" 57 kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R" 58 kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port" 59 60 context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context" 61 62 KRB5_CONFIG="${objdir}/krb5.conf" 63 export KRB5_CONFIG 64 65 KRB5_KTNAME="${keytab}" 66 export KRB5_KTNAME 67 KRB5CCNAME="${cache}" 68 export KRB5CCNAME 69 NTLM_ACCEPTOR_CCACHE="${cacheds}" 70 export NTLM_ACCEPTOR_CCACHE 71 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt" 72 export NTLM_USER_FILE 73 74 GSSAPI_SPNEGO_NAME=host@host.test.h5l.se 75 export GSSAPI_SPNEGO_NAME 76 77 rm -f ${keytabfile} 78 rm -f current-db* 79 rm -f out-* 80 rm -f mkey.file* 81 82 > messages.log 83 84 echo Creating database 85 ${kadmin} \ 86 init \ 87 --realm-max-ticket-life=1day \ 88 --realm-max-renewable-life=1month \ 89 ${R} || exit 1 90 91 ${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1 92 ${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1 93 94 ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1 95 96 ${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1 97 ${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1 98 99 ${kadmin} add -p u1 --use-defaults user1@${R} || exit 1 100 101 echo "Doing database check" 102 ${kadmin} check ${R} || exit 1 103 104 echo u1 > ${objdir}/foopassword 105 echo ds > ${objdir}/barpassword 106 107 echo Starting kdc 108 ${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; } 109 kdcpid=`getpid kdc` 110 111 trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 112 113 exitcode=0 114 115 echo "Getting client initial tickets" 116 ${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 117 echo "Getting digestserver initial tickets" 118 ${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1 119 120 echo "======context building for each mech" 121 122 for mech in ntlm krb5 ; do 123 echo "${mech}" 124 ${context} --mech-type=${mech} --ret-mech-type=${mech} \ 125 --name-type=hostbased-service host@host.test.h5l.se || \ 126 { exitcode=1 ; echo test failed; } 127 done 128 129 echo "spnego" 130 ${context} \ 131 --mech-type=spnego \ 132 --ret-mech-type=krb5 \ 133 --name-type=hostbased-service \ 134 host@host.test.h5l.se || \ 135 { exitcode=1 ; echo test failed; } 136 137 echo "test failure cases" 138 ${context} --mech-type=ntlm --ret-mech-type=krb5 \ 139 --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ 140 { exitcode=1 ; echo test failed; } 141 142 ${context} --mech-type=krb5 --ret-mech-type=ntlm \ 143 --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ 144 { exitcode=1 ; echo test failed; } 145 146 echo "======spnego variants context building" 147 148 for arg in \ 149 "" \ 150 "--mutual" \ 151 "--delegate" \ 152 "--mutual --delegate" \ 153 "--getverifymic --wrapunwrap" \ 154 "--mutual --getverifymic --wrapunwrap" \ 155 ; do 156 157 echo "no NTLM acceptor cred ${arg}" 158 NTLM_ACCEPTOR_CCACHE="${cacheds}-no" 159 ${context} --mech-type=spnego \ 160 $arg \ 161 --name-type=hostbased-service \ 162 --ret-mech-type=krb5 \ 163 host@host.test.h5l.se || \ 164 { exitcode=1 ; echo test failed; } 165 NTLM_ACCEPTOR_CCACHE="${cacheds}" 166 167 echo "no NTLM initiator cred ${arg}" 168 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no" 169 ${context} --mech-type=spnego \ 170 $arg \ 171 --name-type=hostbased-service \ 172 --ret-mech-type=krb5 \ 173 host@host.test.h5l.se || \ 174 { exitcode=1 ; echo test failed; } 175 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt" 176 177 echo "no krb5 acceptor cred ${arg}" 178 KRB5_KTNAME="${keytab}-no" 179 ${context} --mech-type=spnego \ 180 $arg \ 181 --server-no-delegate \ 182 --name-type=hostbased-service \ 183 --ret-mech-type=ntlm \ 184 host@host.test.h5l.se || \ 185 { exitcode=1 ; echo test failed; } 186 KRB5_KTNAME="${keytab}" 187 188 echo "no krb5 initiator cred ${arg}" 189 KRB5CCNAME="${cache}-no" 190 ${context} --mech-type=spnego \ 191 $arg \ 192 --server-no-delegate \ 193 --name-type=hostbased-service \ 194 --ret-mech-type=ntlm \ 195 host@host.test.h5l.se || \ 196 { exitcode=1 ; echo test failed; } 197 KRB5CCNAME="${cache}" 198 199 done 200 201 trap "" EXIT 202 203 echo "killing kdc (${kdcpid})" 204 kill ${kdcpid} 2> /dev/null 205 206 exit $exitcode 207 208 209
Indexes created Sat Feb 28 05:31:39 UTC 2026