1#!/bin/sh
2# tests for TSIG-GSS updates
3
4SYSTEMTESTTOP=..
5. $SYSTEMTESTTOP/conf.sh
6
7status=0
8
9DIGOPTS="@10.53.0.1 -p 5300"
10
11# we don't want a KRB5_CONFIG setting breaking the tests
12KRB5_CONFIG=/dev/null
13export KRB5_CONFIG
14
15test_update() {
16    host="$1"
17    type="$2"
18    cmd="$3"
19    digout="$4"
20
21    cat <<EOF > ns1/update.txt
22server 10.53.0.1 5300
23update add $host $cmd
24send
25EOF
26    echo "I:testing update for $host $type $cmd"
27    $NSUPDATE -g ns1/update.txt > /dev/null 2>&1 || {
28	echo "I:update failed for $host $type $cmd"
29	return 1
30    }
31
32    out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"`
33    lines=`echo "$out" | grep "$digout" | wc -l`
34    [ $lines -eq 1 ] || {
35	echo "I:dig output incorrect for $host $type $cmd: $out"
36	return 1
37    }
38    return 0
39}
40
41echo "I:testing updates as administrator"
42KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache
43export KRB5CCNAME
44
45test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || status=1
46test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || status=1
47test_update denied.example.nil. TXT "86400 TXT helloworld" "helloworld" && status=1
48
49echo "I:testing updates as a user"
50KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache
51export KRB5CCNAME
52
53test_update testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" && status=1
54test_update testdenied.example.nil. TXT "86400 TXT helloworld" "helloworld" || status=1
55
56echo "I:testing external update policy"
57test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" && status=1
58perl ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 &
59sleep 1
60test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" || status=1
61test_update testcname.example.nil. TXT "86400 A 10.53.0.13" "10.53.0.13" && status=1
62
63echo "I:testing external policy with SIG(0) key"
64ret=0
65$NSUPDATE -R random.data -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1
66server 10.53.0.1 5300
67zone example.nil
68update add fred.example.nil 120 cname foo.bar.
69send
70END
71output=`$DIG $DIGOPTS +short cname fred.example.nil.`
72[ -n "$output" ] || ret=1
73[ $ret -eq 0 ] || echo "I:failed"
74status=`expr $status + $ret`
75
76[ $status -eq 0 ] && echo "I:tsiggss tests all OK"
77
78kill `cat authsock.pid`
79exit $status
80