1#!/usr/bin/perl
2
3use Socket;
4
5my $krb_create_session = "/usr/local/bin/KRBCreateSession";
6
7if (! -x $krb_create_session) {
8	die "You must build KerberosHelper '-target Everything' to get ". $krb_create_session;
9}
10
11(my $lkdc = qx{$krb_create_session}) =~ s/REALM=//;
12chomp ($lkdc);
13
14chomp (my $my_hostname = qx{/bin/hostname -s});
15
16my $l = '.local.';				# er, .local?
17my $d = '.apple.com';				# FQDN domain
18my $btmm_d = '.s\\\\.p\\\\.cooper.members.mac.com.'; 	# BTMM domain
19
20my $l_h = 'kura';		# Local hostname
21my $r_h = 'src';		# A routed host
22my $mr  = 'OD.APPLE.COM';	# Managed realm
23my $ml_h = 'homedepot';		# A local host in a managed realm
24my $mr_h = 'od'; 		# A routed host in a managed realm
25my $btmm_h = 'kura';		# A BTMM host (not this one)
26
27my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname ($l_h . $d);
28
29my $ip4_h = inet_ntoa ($addrs[0]);
30
31my $s_princ_l  = 'cifs/'. $lkdc .'@'. $lkdc;
32my $s_princ_ml = 'cifs/'. $ml_h. $d .'@'. $mr;
33my $s_princ_mr = 'cifs/'. $mr_h. $d .'@'. $mr;
34
35print <<__EOD__;
36
37My hostname:			      $my_hostname
38Another host reachable by bonjour:    $l_h
39Managed realm			      $mr
40A host in a managed realm:	      $mr_h
41A routed host:			      $r_h
42
43Derived names:
44
45Barename will be:                     $l_h
46.local host will be:		      $l_h$l
47FQDN host will be:		      $l_h$d
48FQDN (routed) host will be:	      $r_h$d
49IP4 addr will be:		      $ip4_h
50Barename local managed host will be:  $ml_h
51FQDN local managed host will be:      $ml_h$d
52Barename routed managed host will be: $mr_h
53FQDN routed managed host will be:     $mr_h$d
54BTMM host will be:		      $btmm_h$btmm_d
55
56LocalKDC service principal s_princ_lkdc:  $s_princ_l
57Managed realm service principal (local):  $s_princ_ml
58Managed realm service principal (routed): $s_princ_mr
59
60__EOD__
61
62if ($my_hostname eq $l_h or $my_hostname eq $btmm_h) {
63	die "The l_h host or btmm_h cannot be the same as this host";
64}
65
66my $s_princ_l  = 'cifs/'. $lkdc .'@'. $lkdc;
67my $s_princ_ml = 'cifs/'. $ml_h. $d .'@'. $mr;
68my $s_princ_mr = 'cifs/'. $mr_h. $d .'@'. $mr;
69
70my $r_lkdc = [0, 'REALM=LKDC:SHA1.'];		# A LocalKDC realm result
71my $r_mged = [0, 'REALM='. $mr];		# A managed realm result
72my $r_norlm= [1, 'ERROR.*'];	 		# No realm can be found
73
74my $no_krb_tests = [
75		[ undef, undef, $r_lkdc, "Getting our LocalKDC Realm"],
76		[ $l_h, undef, $r_lkdc, "barename host, no s_princ"],
77		[ $l_h . $l, undef, $r_lkdc, ".local host, no s_princ"],
78		[ $l_h . $d, undef, $r_norlm, "FQDN host, no s_princ (req unicast)"],
79		[ $r_h . $d, undef, $r_norlm, "FQDN (routed) host, no s_princ (req unicast)"],
80		[ $ip4_h, undef, $r_norlm, "IP4 addr, no s_princ (req unicast)"],
81		[ $ml_h, undef, $r_lkdc, "barename local managed host, no s_princ (req krb-conf)"],
82		[ $ml_h . $d, undef, $r_norlm, "FQDN local managed host, no s_princ (req krb-conf)"],
83		[ $mr_h, undef, $r_norlm, "barename routed managed host, no s_princ (req krb-conf)"],
84		[ $mr_h . $d, undef, $r_norlm, "FQDN routed managed host, no s_princ (req krb-conf)"],
85		[ $btmm_h . $btmm_d, undef, $r_lkdc, "Using BTMM host, no s_princ"],
86
87		[ $l_h, $s_princ_l, $r_lkdc, "barename host, s_princ_lkdc"],
88		[ $l_h . $l, $s_princ_l, $r_lkdc, ".local host, s_princ_lkdc"],
89		[ $l_h . $d, $s_princ_l, $r_norlm, "FQDN host, s_princ_lkdc (req unicast)"],
90		[ $r_h . $d, $s_princ_l, $r_norlm, "FQDN (routed) host, s_princ_lkdc (req unicast)"],
91		[ $ip4_h, $s_princ_l, $r_norlm, "IP4 addr, s_princ_lkdc (req unicast)"],
92		[ $ml_h, $s_princ_l, $r_lkdc, "barename local managed host, s_princ_lkdc (req krb-conf)"],
93		[ $ml_h . $d, $s_princ_l, $r_norlm, "FQDN local managed host, s_princ_lkdc (req krb-conf)"],
94		[ $mr_h, $s_princ_l, $r_norlm, "barename routed managed host, s_princ_lkdc (req krb-conf)"],
95		[ $mr_h . $d, $s_princ_l, $r_norlm, "FQDN routed managed host, s_princ_lkdc (req krb-conf)"],
96		[ $btmm_h . $btmm_d, $s_princ_l, $r_lkdc, "Using BTMM host, s_princ_lkdc"],
97
98		[ $ml_h, $s_princ_ml, $r_norlm, "barename local managed host, s_princ_managed (req krb-conf)"],
99		[ $ml_h . $d, $s_princ_ml, $r_norlm, "FQDN local managed host, s_princ_managed (req krb-conf)"],
100		[ $mr_h, $s_princ_mr, $r_norlm, "barename routed managed host, s_princ_managed (req krb-conf)"],
101		[ $mr_h . $d, $s_princ_mr, $r_norlm, "FQDN routed managed host, s_princ_managed (req krb-conf)"],
102	];
103
104my $krb_tests = [
105		[ undef, undef, $r_lkdc, "Getting our LocalKDC Realm"],
106		[ $l_h, undef, $r_lkdc, "barename host, no s_princ"],
107		[ $l_h . $l, undef, $r_lkdc, ".local host, no s_princ"],
108		[ $l_h . $d, undef, $r_mged, "FQDN host, no s_princ (req unicast)"],
109		[ $r_h . $d, undef, $r_mged, "FQDN (routed) host, no s_princ (req unicast)"],
110		[ $ip4_h, undef, $r_mged, "IP4 addr, no s_princ (req unicast)"],
111		[ $ml_h, undef, $r_lkdc, "barename local managed host, no s_princ"],
112		[ $ml_h . $d, undef, $r_mged, "FQDN local managed host, no s_princ"],
113		[ $mr_h, undef, $r_mged, "barename routed managed host, no s_princ"],
114		[ $mr_h . $d, undef, $r_mged, "FQDN routed managed host, no s_princ"],
115		[ $btmm_h . $btmm_d, undef, $r_lkdc, "Using BTMM host, no s_princ"],
116
117		[ $l_h, $s_princ_l, $r_lkdc, "barename host, s_princ_lkdc"],
118		[ $l_h . $l, $s_princ_l, $r_lkdc, ".local host, s_princ_lkdc"],
119		[ $l_h . $d, $s_princ_l, $r_mged, "FQDN host, s_princ_lkdc (req unicast)"],
120		[ $r_h . $d, $s_princ_l, $r_mged, "FQDN (routed) host, s_princ_lkdc (req unicast)"],
121		[ $ip4_h, $s_princ_l, $r_mged, "IP4 addr, s_princ_lkdc (req unicast)"],
122		[ $ml_h, $s_princ_l, $r_lkdc, "barename local managed host, s_princ_lkdc"],
123		[ $ml_h . $d, $s_princ_l, $r_mged, "FQDN local managed host, s_princ_lkdc (req unicast)"],
124		[ $mr_h, $s_princ_l, $r_mged, "barename routed managed host, s_princ_lkdc (req unicast)"],
125		[ $mr_h . $d, $s_princ_l, $r_mged, "FQDN routed managed host, s_princ_lkdc (req unicast)"],
126		[ $btmm_h . $btmm_d, $s_princ_l, $r_lkdc, "Using BTMM host, s_princ_lkdc"],
127
128		[ $ml_h, $s_princ_ml, $r_mged, "barename local managed host, s_princ_managed"],
129		[ $ml_h . $d, $s_princ_ml, $r_mged, "FQDN local managed host, s_princ_managed"],
130		[ $mr_h, $s_princ_mr, $r_mged, "barename routed managed host, s_princ_managed"],
131		[ $mr_h . $d, $s_princ_mr, $r_mged, "FQDN routed managed host, s_princ_managed"],
132	];
133
134
135my $passed = 0;
136my $failures = 0;
137
138my $krb_conf = '/Library/Preferences/edu.mit.Kerberos';
139my $krb_conf_off = $krb_conf .'.OFF';
140
141if (-s $krb_conf > 0) {
142	print $krb_conf. " should be empty to run these tests - moving aside!\n\n";
143	system ('sudo', 'mv', $krb_conf, $krb_conf_off) == 0 or die "Failed to move ". $krb_conf;
144	system ('sudo', 'touch', $krb_conf) == 0 or die "Failed to touch ". $krb_conf;
145}
146
147run_tests ($no_krb_tests);
148
149if (-s $krb_conf_off) {
150	print "\nrestoring ". $krb_conf. "\n\n";
151	system ('sudo', 'mv', $krb_conf_off, $krb_conf) == 0 or die "Failed to restore ". $krb_conf;
152}
153
154run_tests ($krb_tests);
155
156printf "\n\nTotal tests run = %d.  %d passes, %d failures\n", $passed+$failures, $passed, $failures;
157
158sub run_tests {
159	my $tests = shift;
160
161	foreach $t (@{$tests}) {
162		my $hostname = $t->[0];
163		my $s_princ  = $t->[1];
164		my ($exit_code, $pattern) = @{$t->[2]};
165		my $desc     = $t->[3];
166
167		my $return = qx{$krb_create_session $hostname $s_princ};
168		my $exit = $? >> 8;
169		chomp ($return);
170
171		if ($exit == $exit_code and $return =~ m{$pattern}) {
172			printf "%7s: %s -> %d: %s\n", 'PASSED', $desc, $exit, $return;
173			$passed++;
174		} else {
175			printf "%7s: %s -> %d (%d): %s (%s)\n", 'FAILED', $desc, $exit, $exit_code, $return, $pattern;
176			$failures++;
177		}
178	}
179}
180