Home | History | Annotate | Line # | Download | only in scripts 
      1 #! /bin/sh
      2 # $OpenLDAP$
      3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
      4 ##
      5 ## Copyright 1998-2024 The OpenLDAP Foundation.
      6 ## All rights reserved.
      7 ##
      8 ## Redistribution and use in source and binary forms, with or without
      9 ## modification, are permitted only as authorized by the OpenLDAP
     10 ## Public License.
     11 ##
     12 ## A copy of this license is available in the file LICENSE in the
     13 ## top-level directory of the distribution or, alternatively, at
     14 ## <http://www.OpenLDAP.org/license.html>.
     15 
     16 KRB5_TRACE=$TESTDIR/k5_trace
     17 KRB5_CONFIG=$TESTDIR/krb5.conf
     18 KRB5_KDC_PROFILE=$KRB5_CONFIG
     19 KRB5_KTNAME=$TESTDIR/server.kt
     20 KRB5_CLIENT_KTNAME=$TESTDIR/client.kt
     21 KRB5CCNAME=$TESTDIR/client.ccache
     22 
     23 export KRB5_TRACE KRB5_CONFIG KRB5_KDC_PROFILE KRB5_KTNAME KRB5_CLIENT_KTNAME KRB5CCNAME
     24 
     25 KDCLOG=$TESTDIR/setup_kdc.log
     26 KSERVICE=ldap/$LOCALHOST
     27 KUSER=kuser
     28 
     29 . $CONFFILTER < $DATADIR/krb5.conf > $KRB5_CONFIG
     30 
     31 PATH=${PATH}:/usr/lib/heimdal-servers:/usr/sbin:/usr/local/sbin
     32 
     33 echo "Trying Heimdal KDC..."
     34 
     35 command -v kdc >/dev/null 2>&1
     36 if test $? = 0 ; then
     37 	kstash --random-key > $KDCLOG 2>&1
     38 	RC=$?
     39 	if test $RC != 0 ; then
     40 		echo "Heimdal: kstash failed, skipping GSSAPI tests"
     41 		exit 0
     42 	fi
     43 
     44 	flags="--realm-max-ticket-life=1h --realm-max-renewable-life=1h"
     45 	kadmin -l init $flags $KRB5REALM > $KDCLOG 2>&1
     46 	RC=$?
     47 	if test $RC != 0 ; then
     48 		echo "Heimdal: kadmin init failed, skipping GSSAPI tests"
     49 		exit 0
     50 	fi
     51 
     52 	kadmin -l add --random-key --use-defaults $KSERVICE > $KDCLOG 2>&1
     53 	RC=$?
     54 	if test $RC != 0 ; then
     55 		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
     56 		exit 0
     57 	fi
     58 
     59 	kadmin -l ext -k $KRB5_KTNAME $KSERVICE > $KDCLOG 2>&1
     60 	RC=$?
     61 	if test $RC != 0 ; then
     62 		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
     63 		exit 0
     64 	fi
     65 
     66 	kadmin -l add --random-key --use-defaults $KUSER > $KDCLOG 2>&1
     67 	RC=$?
     68 	if test $RC != 0 ; then
     69 		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
     70 		exit 0
     71 	fi
     72 
     73 	kadmin -l ext -k $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
     74 	RC=$?
     75 	if test $RC != 0 ; then
     76 		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
     77 		exit 0
     78 	fi
     79 
     80 	kdc --addresses=$LOCALIP --ports="$KDCPORT/udp" > $KDCLOG 2>&1 &
     81 else
     82 	echo "Trying MIT KDC..."
     83 
     84 	command -v krb5kdc >/dev/null 2>&1
     85 	if test $? != 0; then
     86 		echo "No KDC available, skipping GSSAPI tests"
     87 		exit 0
     88 	fi
     89 
     90 	kdb5_util create -r $KRB5REALM -s -P password > $KDCLOG 2>&1
     91 	RC=$?
     92 	if test $RC != 0 ; then
     93 		echo "MIT: kdb5_util create failed, skipping GSSAPI tests"
     94 		exit 0
     95 	fi
     96 
     97 	kadmin.local -q "addprinc -randkey $KSERVICE" > $KDCLOG 2>&1
     98 	RC=$?
     99 	if test $RC != 0 ; then
    100 		echo "MIT: admin addprinc failed, skipping GSSAPI tests"
    101 		exit 0
    102 	fi
    103 
    104 	kadmin.local -q "ktadd -k $KRB5_KTNAME $KSERVICE" > $KDCLOG 2>&1
    105 	RC=$?
    106 	if test $RC != 0 ; then
    107 		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
    108 		exit 0
    109 	fi
    110 
    111 	kadmin.local -q "addprinc -randkey $KUSER" > $KDCLOG 2>&1
    112 	RC=$?
    113 	if test $RC != 0 ; then
    114 		echo "MIT: kadmin addprinc failed, skipping GSSAPI tests"
    115 		exit 0
    116 	fi
    117 
    118 	kadmin.local -q "ktadd -k $KRB5_CLIENT_KTNAME $KUSER" > $KDCLOG 2>&1
    119 	RC=$?
    120 	if test $RC != 0 ; then
    121 		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
    122 		exit 0
    123 	fi
    124 
    125 	krb5kdc -n > $KDCLOG 2>&1 &
    126 fi
    127 
    128 KDCPROC=$!
    129 sleep 1
    130 
    131 kinit -kt $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
    132 RC=$?
    133 if test $RC != 0 ; then
    134 	kill $KDCPROC
    135 	echo "SASL/GSSAPI: kinit failed, skipping GSSAPI tests"
    136 	exit 0
    137 fi
    138 
    139 pluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
    140 RC=$?
    141 if test $RC != 0 ; then
    142 
    143 	saslpluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
    144 	RC=$?
    145 	if test $RC != 0 ; then
    146 		kill $KDCPROC
    147 		echo "cyrus-sasl has no GSSAPI support, test skipped"
    148 		exit 0
    149 	fi
    150 fi
    151 
    152 HAVE_SASL_GSS_CBIND=no
    153 
    154 grep CHANNEL_BINDING $TESTDIR/plugin_out > /dev/null 2>&1
    155 RC=$?
    156 if test $RC = 0 ; then
    157 	HAVE_SASL_GSS_CBIND=yes
    158 fi
    159