1#!/bin/sh 2# 3# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34top_builddir="@top_builddir@" 35env_setup="@env_setup@" 36objdir="@objdir@" 37srcdir="@srcdir@" 38 39. ${env_setup} 40 41# If there is no useful db support compile in, disable test 42${have_db} || exit 77 43 44R=TEST.H5L.SE 45R2=TEST2.H5L.SE 46 47port=@port@ 48admport=@admport@ 49 50cache="FILE:${objdir}/cache.krb5" 51 52kadmin="${kadmin} -r $R" 53kdc="${kdc} --addresses=localhost -P $port" 54kadmind="${kadmind} -p $admport" 55 56server=host/datan.test.h5l.se 57 58kinit="${kinit} -c $cache ${afs_no_afslog}" 59kgetcred="${kgetcred} -c $cache" 60kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 61 62KRB5_CONFIG="${objdir}/krb5.conf" 63export KRB5_CONFIG 64 65rm -f ${keytabfile} 66rm -f current-db* 67rm -f out-* 68rm -f mkey.file* 69rm -f messages.log 70 71> messages.log 72 73echo Creating database 74${kadmin} -l \ 75 init \ 76 --realm-max-ticket-life=1day \ 77 --realm-max-renewable-life=1month \ 78 ${R} || exit 1 79 80${kadmin} -l add -p foo --use-defaults foo/admin@${R} || exit 1 81${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1 82${kadmin} -l add -p foo --use-defaults baz@${R} || exit 1 83${kadmin} -l add -p foo --use-defaults bez@${R} || exit 1 84${kadmin} -l add -p foo --use-defaults fez@${R} || exit 1 85${kadmin} -l add -p foo --use-defaults pkinit@${R} || exit 1 86${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1 87 88echo foo > ${objdir}/foopassword 89 90echo Starting kdc 91${kdc} & 92kdcpid=$! 93 94sh ${wait_kdc} 95if [ "$?" != 0 ] ; then 96 kill -9 ${kdcpid} 97 kill -9 ${kadmpid} 98 exit 1 99fi 100 101trap "kill -9 ${kdcpid} ${kadmpid}" EXIT 102 103#---------------------------------- 104${kadmind} -d & 105kadmpid=$! 106sleep 1 107 108echo "kinit (no admin)" 109${kinit} --password-file=${objdir}/foopassword \ 110 -S kadmin/admin@${R} bar@${R} || exit 1 111echo "kadmin" 112env KRB5CCNAME=${cache} \ 113${kadmin} -p bar@${R} add -p foo --use-defaults kaka2@${R} || 114 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 115 116${kadmin} -l get kaka2@${R} > /dev/null || 117 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 118 119#---------------------------------- 120${kadmind} -d & 121kadmpid=$! 122sleep 1 123 124echo "kinit (no admin)" 125${kinit} --password-file=${objdir}/foopassword \ 126 -S kadmin/admin@${R} baz@${R} || exit 1 127echo "kadmin globacl" 128env KRB5CCNAME=${cache} \ 129${kadmin} -p baz@${R} get bar@${R} > /dev/null || 130 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 131 132#---------------------------------- 133${kadmind} -d & 134kadmpid=$! 135sleep 1 136 137echo "kinit (no admin)" 138${kinit} --password-file=${objdir}/foopassword \ 139 -S kadmin/admin@${R} baz@${R} || exit 1 140echo "kadmin globacl, negative" 141env KRB5CCNAME=${cache} \ 142${kadmin} -p baz@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 143 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 144 145#---------------------------------- 146${kadmind} -d & 147kadmpid=$! 148sleep 1 149 150echo "kinit (no admin)" 151${kinit} --password-file=${objdir}/foopassword \ 152 -S kadmin/admin@${R} baz@${R} || exit 1 153echo "kadmin globacl" 154env KRB5CCNAME=${cache} \ 155${kadmin} -p baz@${R} get bar@${R} > /dev/null || 156 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 157 158#---------------------------------- 159${kadmind} -d & 160kadmpid=$! 161sleep 1 162 163echo "kinit (no admin)" 164${kinit} --password-file=${objdir}/foopassword \ 165 -S kadmin/admin@${R} bez@${R} || exit 1 166echo "kadmin globacl, negative" 167env KRB5CCNAME=${cache} \ 168${kadmin} -p bez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 169 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 170 171#---------------------------------- 172${kadmind} -d & 173kadmpid=$! 174sleep 1 175 176echo "kinit (no admin)" 177${kinit} --password-file=${objdir}/foopassword \ 178 -S kadmin/admin@${R} fez@${R} || exit 1 179echo "kadmin globacl" 180env KRB5CCNAME=${cache} \ 181${kadmin} -p fez@${R} get bar@${R} > /dev/null || 182 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 183 184#---------------------------------- 185${kadmind} -d & 186kadmpid=$! 187sleep 1 188 189echo "kinit (no admin)" 190${kinit} --password-file=${objdir}/foopassword \ 191 -S kadmin/admin@${R} fez@${R} || exit 1 192echo "kadmin globacl, negative" 193env KRB5CCNAME=${cache} \ 194${kadmin} -p fez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 195 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 196 197#---------------------------------- 198${kadmind} -d & 199kadmpid=$! 200sleep 1 201 202echo "kinit (admin)" 203${kinit} --password-file=${objdir}/foopassword \ 204 -S kadmin/admin@${R} foo/admin@${R} || exit 1 205 206echo "kadmin" 207env KRB5CCNAME=${cache} \ 208${kadmin} -p foo/admin@${R} add -p foo --use-defaults kaka@${R} || 209 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 210 211#---------------------------------- 212${kadmind} -d & 213kadmpid=$! 214sleep 1 215 216echo "kadmin get doesnotexists" 217env KRB5CCNAME=${cache} \ 218${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \ 219 > /dev/null 2>kadmin.tmp && \ 220 { echo "kadmin passed"; cat messages.log ; exit 1; } 221 222# evil hack to support libtool 223sed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp 224mv kadmin2.tmp kadmin.tmp 225 226# If client tried IPv6, but service only listened on IPv4 227grep -v ': connect' kadmin.tmp > kadmin2.tmp 228mv kadmin2.tmp kadmin.tmp 229 230cmp kadmin.tmp ${srcdir}/donotexists.txt || \ 231 { echo "wrong response"; exit 1;} 232 233#---------------------------------- 234${kadmind} -d & 235kadmpid=$! 236sleep 1 237 238echo "kadmin get pkinit-acl" 239env KRB5CCNAME=${cache} \ 240${kadmin} -p foo/admin@${R} get -o pkinit-acl pkinit@${R} \ 241 > /dev/null || \ 242 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 243 244#---------------------------------- 245${kadmind} -d & 246kadmpid=$! 247sleep 1 248 249echo "kadmin get -o principal" 250env KRB5CCNAME=${cache} \ 251${kadmin} -p foo/admin@${R} get -o principal bar@${R} \ 252 > kadmin.tmp 2>&1 || \ 253 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 254if test "$(cat kadmin.tmp)" != "Principal: bar@TEST.H5L.SE" ; then 255 cat kadmin.tmp ; cat messages.log ; exit 1 ; 256fi 257 258 259#---------------------------------- 260${kadmind} -d & 261kadmpid=$! 262sleep 1 263 264echo "kadmin get -o kvno" 265env KRB5CCNAME=${cache} \ 266${kadmin} -p foo/admin@${R} get -o kvno bar@${R} \ 267 > kadmin.tmp 2>&1 || \ 268 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 269if test "$(cat kadmin.tmp)" != "Kvno: 1" ; then 270 cat kadmin.tmp ; cat messages.log ; exit 1 ; 271fi 272 273 274#---------------------------------- 275${kadmind} -d & 276kadmpid=$! 277sleep 1 278 279echo "kadmin get -o princ_expire_time" 280env KRB5CCNAME=${cache} \ 281${kadmin} -p foo/admin@${R} get -o princ_expire_time bar@${R} \ 282 > kadmin.tmp 2>&1 || \ 283 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 284if test "$(cat kadmin.tmp)" != "Principal expires: never" ; then 285 cat kadmin.tmp ; cat messages.log ; exit 1 ; 286fi 287 288#---------------------------------- 289${kadmind} -d & 290kadmpid=$! 291sleep 1 292 293echo "kadmin get -s -o attributes" 294env KRB5CCNAME=${cache} \ 295${kadmin} -p foo/admin@${R} get -s -o attributes bar@${R} \ 296 > kadmin.tmp 2>&1 || \ 297 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 298if test "$(cat kadmin.tmp)" != "Attributes" ; then 299 cat kadmin.tmp ; cat messages.log ; exit 1 ; 300fi 301 302#---------------------------------- 303 304 305echo "killing kdc (${kdcpid} ${kadmpid})" 306sh ${leaks_kill} kdc $kdcpid || exit 1 307 308trap "" EXIT 309 310exit $ec 311