1 #!/bin/sh 2 # 3 # Copyright (c) 2006 - 2007 Kungliga Tekniska Hgskolan 4 # (Royal Institute of Technology, Stockholm, Sweden). 5 # All rights reserved. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions 9 # are met: 10 # 11 # 1. Redistributions of source code must retain the above copyright 12 # notice, this list of conditions and the following disclaimer. 13 # 14 # 2. Redistributions in binary form must reproduce the above copyright 15 # notice, this list of conditions and the following disclaimer in the 16 # documentation and/or other materials provided with the distribution. 17 # 18 # 3. Neither the name of the Institute nor the names of its contributors 19 # may be used to endorse or promote products derived from this software 20 # without specific prior written permission. 21 # 22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 # SUCH DAMAGE. 33 34 top_builddir="@top_builddir@" 35 env_setup="@env_setup@" 36 objdir="@objdir@" 37 38 . ${env_setup} 39 40 testfailed="echo test failed; cat messages.log; exit 1" 41 42 # If there is no useful db support compiled in, disable test 43 ${have_db} || exit 77 44 45 R=TEST.H5L.SE 46 R2=SUB.TEST.H5L.SE 47 48 service=ldap/host.sub.test.h5l.se:389 49 50 port=@port@ 51 52 kadmin="${kadmin} -l -r $R" 53 kdc="${kdc} --addresses=localhost -P $port" 54 55 cache="FILE:${objdir}/cache.krb5" 56 57 kinit="${kinit} -c $cache ${afs_no_afslog}" 58 klist="${klist} -c $cache" 59 kgetcred="${kgetcred} -c $cache" 60 kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 61 62 KRB5_CONFIG="${objdir}/krb5.conf" 63 export KRB5_CONFIG 64 65 rm -f current-db* 66 rm -f out-* 67 rm -f mkey.file* 68 69 > messages.log 70 71 echo Creating database 72 ${kadmin} \ 73 init \ 74 --realm-max-ticket-life=1day \ 75 --realm-max-renewable-life=1month \ 76 ${R} || exit 1 77 78 ${kadmin} \ 79 init \ 80 --realm-max-ticket-life=1day \ 81 --realm-max-renewable-life=1month \ 82 ${R2} || exit 1 83 84 ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 85 ${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1 86 ${kadmin} get foo@${R} | grep alias1@${R} >/dev/null || exit 1 87 88 ${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1 89 90 ${kadmin} add -p foo --use-defaults bar@${R} || exit 1 91 ${kadmin} add -p foo --use-defaults 'baz\@realm.foo@'${R} || exit 1 92 93 ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1 94 ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1 95 96 echo "Doing database check" 97 ${kadmin} check ${R} || exit 1 98 ${kadmin} check ${R2} || exit 1 99 100 echo foo > ${objdir}/foopassword 101 102 echo Starting kdc ; > messages.log 103 ${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; } 104 kdcpid=`getpid kdc` 105 106 trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 107 108 ec=0 109 110 111 echo "Getting client bar"; > messages.log 112 ${kinit} --password-file=${objdir}/foopassword bar@${R} || \ 113 { ec=1 ; eval "${testfailed}"; } 114 echo "checking that we got back right principal" 115 ${klist} | grep "Principal: bar@${R}" > /dev/null || \ 116 { ec=1 ; eval "${testfailed}"; } 117 ${kdestroy} 118 119 echo "Getting client baz"; > messages.log 120 ${kinit} --password-file=${objdir}/foopassword 'baz\@realm.foo@'${R} || \ 121 { ec=1 ; eval "${testfailed}"; } 122 echo "checking that we got back right principal" 123 ${klist} | grep 'Principal: baz' > /dev/null || \ 124 { ec=1 ; eval "${testfailed}"; } 125 ${kdestroy} 126 127 128 129 echo "Test AS-REQ" 130 131 echo "Getting client (no canon)"; > messages.log 132 ${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 133 { ec=1 ; eval "${testfailed}"; } 134 echo "checking that we got back right principal" 135 ${klist} | grep "Principal: foo@${R}" > /dev/null || \ 136 { ec=1 ; eval "${testfailed}"; } 137 ${kdestroy} 138 139 echo "Getting client client tickets (default realm, enterprisename)"; > messages.log 140 ${kinit} --canonicalize \ 141 --password-file=${objdir}/foopassword foo@${R} || \ 142 { ec=1 ; eval "${testfailed}"; } 143 echo "checking that we got back right principal" 144 ${klist} | grep "Principal: foo@${R}" > /dev/null || \ 145 { ec=1 ; eval "${testfailed}"; } 146 ${kdestroy} 147 148 echo "Getting client alias1 tickets"; > messages.log 149 ${kinit} --canonicalize \ 150 --password-file=${objdir}/foopassword foo@${R} || \ 151 { ec=1 ; eval "${testfailed}"; } 152 echo "checking that we got back right principal" 153 ${klist} | grep "Principal: foo@${R}" > /dev/null || \ 154 { ec=1 ; eval "${testfailed}"; } 155 ${kdestroy} 156 157 158 echo "Getting client alias2 tickets"; > messages.log 159 ${kinit} --canonicalize \ 160 --password-file=${objdir}/foopassword alias2@${R}@${R} || \ 161 { ec=1 ; eval "${testfailed}"; } 162 echo "checking that we got back right principal" 163 ${klist} | grep "Principal: foo@${R}" > /dev/null || \ 164 { ec=1 ; eval "${testfailed}"; } 165 ${kdestroy} 166 167 echo "Getting client alias1 tickets (non canon case)"; > messages.log 168 ${kinit} --password-file=${objdir}/foopassword \ 169 alias1@${R}@${R} > /dev/null 2>/dev/null && \ 170 { ec=1 ; eval "${testfailed}"; } 171 172 echo "Getting client alias2 tickets (removed)"; > messages.log 173 ${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; } 174 ${kinit} --canonicalize \ 175 --password-file=${objdir}/foopassword \ 176 alias2@${R}@${R} > /dev/null 2>/dev/null && \ 177 { ec=1 ; eval "${testfailed}"; } 178 179 echo "Remove alias" 180 ${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; } 181 182 echo "Test server referrals" 183 184 echo "Getting client for ${service}@${R} (tgs kdc referral)" 185 > messages.log 186 ${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 187 { ec=1 ; eval "${testfailed}"; } 188 ${kgetcred} --canonicalize ${service}@${R} || 189 { ec=1 ; eval "${testfailed}"; } 190 echo "checking that we got back right principal" 191 ${klist} | grep "${service}@${R2}" > /dev/null || \ 192 { ec=1 ; eval "${testfailed}"; } 193 ${kdestroy} 194 195 echo "Getting client for ${service}@${R2} (tgs client side guessing)" 196 > messages.log 197 ${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 198 { ec=1 ; eval "${testfailed}"; } 199 ${kgetcred} ${service}@${R2} || 200 { ec=1 ; eval "${testfailed}"; } 201 echo "checking that we got back right principal" 202 ${klist} | grep "${service}@${R2}" > /dev/null || \ 203 { ec=1 ; eval "${testfailed}"; } 204 ${kdestroy} 205 206 207 echo "killing kdc (${kdcpid})" 208 sh ${leaks_kill} kdc $kdcpid || exit 1 209 210 trap "" EXIT 211 212 exit $ec 213
Indexes created Sat Feb 28 05:31:39 UTC 2026