1#!/bin/sh 2# tests for TSIG-GSS updates 3 4SYSTEMTESTTOP=.. 5. $SYSTEMTESTTOP/conf.sh 6 7status=0 8 9DIGOPTS="@10.53.0.1 -p 5300" 10 11# we don't want a KRB5_CONFIG setting breaking the tests 12KRB5_CONFIG=/dev/null 13export KRB5_CONFIG 14 15test_update() { 16 host="$1" 17 type="$2" 18 cmd="$3" 19 digout="$4" 20 21 cat <<EOF > ns1/update.txt 22server 10.53.0.1 5300 23update add $host $cmd 24send 25EOF 26 echo "I:testing update for $host $type $cmd" 27 $NSUPDATE -g ns1/update.txt > /dev/null 2>&1 || { 28 echo "I:update failed for $host $type $cmd" 29 return 1 30 } 31 32 out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"` 33 lines=`echo "$out" | grep "$digout" | wc -l` 34 [ $lines -eq 1 ] || { 35 echo "I:dig output incorrect for $host $type $cmd: $out" 36 return 1 37 } 38 return 0 39} 40 41echo "I:testing updates as administrator" 42KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache 43export KRB5CCNAME 44 45test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || status=1 46test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || status=1 47test_update denied.example.nil. TXT "86400 TXT helloworld" "helloworld" && status=1 48 49echo "I:testing updates as a user" 50KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache 51export KRB5CCNAME 52 53test_update testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" && status=1 54test_update testdenied.example.nil. TXT "86400 TXT helloworld" "helloworld" || status=1 55 56echo "I:testing external update policy" 57test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" && status=1 58perl ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 & 59sleep 1 60test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" || status=1 61test_update testcname.example.nil. TXT "86400 A 10.53.0.13" "10.53.0.13" && status=1 62 63echo "I:testing external policy with SIG(0) key" 64ret=0 65$NSUPDATE -R random.data -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1 66server 10.53.0.1 5300 67zone example.nil 68update add fred.example.nil 120 cname foo.bar. 69send 70END 71output=`$DIG $DIGOPTS +short cname fred.example.nil.` 72[ -n "$output" ] || ret=1 73[ $ret -eq 0 ] || echo "I:failed" 74status=`expr $status + $ret` 75 76[ $status -eq 0 ] && echo "I:tsiggss tests all OK" 77 78kill `cat authsock.pid` 79exit $status 80