1#!/bin/sh 2# 3# Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33# 34# $Id: check-context.in 22425 2008-01-13 09:46:01Z lha $ 35# 36 37srcdir="@srcdir@" 38objdir="@objdir@" 39 40# If there is no useful db support compile in, disable test 41../db/have-db || exit 77 42 43R=TEST.H5L.SE 44 45port=@port@ 46 47keytabfile=${objdir}/server.keytab 48keytab="FILE:${keytabfile}" 49cache="FILE:krb5ccfile" 50 51kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog" 52kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R" 53kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port" 54 55context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context" 56 57KRB5_CONFIG="${objdir}/krb5.conf" 58export KRB5_CONFIG 59 60KRB5CCNAME=${cache} 61export KRB5CCNAME 62 63rm -f ${keytabfile} 64rm -f current-db* 65rm -f out-* 66rm -f mkey.file* 67 68> messages.log 69 70echo Creating database 71${kadmin} \ 72 init \ 73 --realm-max-ticket-life=1day \ 74 --realm-max-renewable-life=1month \ 75 ${R} || exit 1 76 77# add both lucid and lucid.test.h5l.se to simulate aliases 78${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1 79${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1 80${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1 81${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1 82${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1 83 84${kadmin} add -p u1 --use-defaults user1@${R} || exit 1 85 86echo "Doing database check" 87${kadmin} check ${R} || exit 1 88 89echo u1 > ${objdir}/foopassword 90 91echo Starting kdc 92${kdc} & 93kdcpid=$! 94 95sh ${srcdir}/../kdc/wait-kdc.sh 96if [ "$?" != 0 ] ; then 97 kill ${kdcpid} 98 exit 1 99fi 100 101trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 102 103exitcode=0 104 105echo "Getting client initial tickets" 106${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 107 108echo "======test naming combinations" 109echo "plain" 110${context} --name-type=hostbased-service host@lucid.test.h5l.se || \ 111 { exitcode=1 ; echo test failed; } 112echo "plain (krb5)" 113${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \ 114 { exitcode=1 ; echo test failed; } 115echo "plain (krb5 realmless)" 116${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \ 117 { exitcode=1 ; echo test failed; } 118echo "dns canon on (long name) OFF, need dns_wrapper" 119#${context} --dns-canon host@lucid.test.h5l.se || \ 120# { exitcode=1 ; echo test failed; } 121echo "dns canon off (long name)" 122${context} --no-dns-canon host@lucid.test.h5l.se || \ 123 { exitcode=1 ; echo test failed; } 124echo "dns canon off (short name)" 125${context} --no-dns-canon host@lucid || \ 126 { exitcode=1 ; echo test failed; } 127echo "dns canon off (short name, krb5)" 128${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \ 129 { exitcode=1 ; echo test failed; } 130echo "dns canon off (short name, krb5)" 131${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \ 132 { exitcode=1 ; echo test failed; } 133 134echo "======test context building" 135for mech in krb5 spnego ; do 136 echo "${mech} no-mutual" 137 ${context} --mech-type=${mech} \ 138 --name-type=hostbased-service host@lucid.test.h5l.se || \ 139 { exitcode=1 ; echo test failed; } 140 141 echo "${mech} mutual" 142 ${context} --mech-type=${mech} \ 143 --mutual \ 144 --name-type=hostbased-service host@lucid.test.h5l.se || \ 145 { exitcode=1 ; echo test failed; } 146 147 echo "${mech} delegate" 148 ${context} --mech-type=${mech} \ 149 --delegate \ 150 --name-type=hostbased-service host@lucid.test.h5l.se || \ 151 { exitcode=1 ; echo test failed; } 152 153 echo "${mech} mutual delegate" 154 ${context} --mech-type=${mech} \ 155 --mutual --delegate \ 156 --name-type=hostbased-service host@lucid.test.h5l.se || \ 157 { exitcode=1 ; echo test failed; } 158done 159 160#add spnego ! 161echo "======dce-style" 162for mech in krb5 ; do 163 164 echo "${mech}: dce-style" 165 ${context} \ 166 --mech-type=${mech} \ 167 --mutual \ 168 --dce-style \ 169 --name-type=hostbased-service host@lucid.test.h5l.se || \ 170 { exitcode=1 ; echo test failed; } 171 172done 173 174#echo "sasl-digest-md5" 175#${context} --mech-type=sasl-digest-md5 \ 176# --name-type=hostbased-service \ 177# host@lucid.test.h5l.se || \ 178# { exitcode=1 ; echo test failed; } 179 180 181trap "" EXIT 182 183echo "killing kdc (${kdcpid})" 184kill ${kdcpid} 2> /dev/null 185 186exit $exitcode 187 188 189