1#!/bin/sh
2#
3# Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
4# (Royal Institute of Technology, Stockholm, Sweden). 
5# All rights reserved. 
6#
7# Redistribution and use in source and binary forms, with or without 
8# modification, are permitted provided that the following conditions 
9# are met: 
10#
11# 1. Redistributions of source code must retain the above copyright 
12#    notice, this list of conditions and the following disclaimer. 
13#
14# 2. Redistributions in binary form must reproduce the above copyright 
15#    notice, this list of conditions and the following disclaimer in the 
16#    documentation and/or other materials provided with the distribution. 
17#
18# 3. Neither the name of the Institute nor the names of its contributors 
19#    may be used to endorse or promote products derived from this software 
20#    without specific prior written permission. 
21#
22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
25# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
32# SUCH DAMAGE. 
33
34top_builddir="@top_builddir@"
35env_setup="@env_setup@"
36objdir="@objdir@"
37
38testfailed="echo test failed; cat messages.log; exit 1"
39
40. ${env_setup}
41
42# If there is no useful db support compile in, disable test
43${have_db} || exit 77
44
45R=TEST.H5L.SE
46R2=TEST2.H5L.SE
47
48port=@port@
49
50kadmin="${kadmin} -l -r $R"
51kdc="${kdc} --addresses=localhost -P $port"
52
53afsserver=afs/test.h5l.se
54hostserver=host/server.test.h5l.se
55cache="FILE:${objdir}/cache.krb5"
56
57kinit="${kinit} -c $cache ${afs_no_afslog}"
58klist="${klist} -c $cache"
59kgetcred="${kgetcred} -c $cache"
60kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
61
62KRB5_CONFIG="${objdir}/krb5.conf"
63export KRB5_CONFIG
64
65rm -f ${keytabfile}
66rm -f current-db*
67rm -f out-*
68rm -f mkey.file*
69
70> messages.log
71
72echo Creating database
73${kadmin} \
74    init \
75    --realm-max-ticket-life=1day \
76    --realm-max-renewable-life=1month \
77    ${R} || exit 1
78
79${kadmin} \
80    init \
81    --realm-max-ticket-life=1day \
82    --realm-max-renewable-life=1month \
83    ${R2} || exit 1
84
85${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
86
87${kadmin} add -p foo --use-defaults foo@${R} || exit 1
88${kadmin} add -p kaka --use-defaults ${afsserver}@${R} || exit 1
89${kadmin} add -p kaka --use-defaults ${hostserver}@${R} || exit 1
90${kadmin} add_enctype -r ${afsserver}@${R} des-cbc-crc || exit 1
91${kadmin} add_enctype -r ${hostserver}@${R} des-cbc-crc || exit 1
92
93echo "Doing database check"
94${kadmin} check ${R} || exit 1
95
96echo foo > ${objdir}/foopassword
97
98echo Starting kdc
99${kdc} &
100kdcpid=$!
101
102sh ${wait_kdc}
103if [ "$?" != 0 ] ; then
104    kill -9 ${kdcpid}
105    exit 1
106fi
107
108trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
109
110ec=0
111
112echo "Getting client initial tickets"; > messages.log
113${kinit} --password-file=${objdir}/foopassword foo@$R || \
114	{ ec=1 ; eval "${testfailed}"; }
115echo "Getting non des tickets (afs)"; > messages.log
116${kgetcred} ${afsserver}@${R} || { ec=1 ; eval "${testfailed}"; }
117${klist} -v | grep des-cbc-crc > /dev/null && { ec=1 ; eval "${testfailed}"; }
118echo "Getting non des tickets (host/)"; > messages.log
119${kgetcred} ${hostserver}@${R} || { ec=1 ; eval "${testfailed}"; }
120${klist} -v | grep des-cbc-crc > /dev/null && { ec=1 ; eval "${testfailed}"; }
121${kdestroy}
122
123
124echo "Getting client initial tickets"; > messages.log
125${kinit} --password-file=${objdir}/foopassword foo@$R || \
126	{ ec=1 ; eval "${testfailed}"; }
127echo "Getting des tickets (fail test)"; > messages.log
128${kgetcred} -e des-cbc-crc ${hostserver}@${R} 2>/dev/null && \
129    { ec=1 ; eval "${testfailed}"; }
130echo "Getting non des tickets"; > messages.log
131${kgetcred} ${afsserver}@${R} || { ec=1 ; eval "${testfailed}"; }
132${klist} -v | grep des-cbc-crc > /dev/null && { ec=1 ; eval "${testfailed}"; }
133
134
135KRB5_CONFIG="${objdir}/krb5-weak.conf"
136
137echo "Getting client initial tickets"; > messages.log
138${kinit} --password-file=${objdir}/foopassword foo@$R || \
139	{ ec=1 ; eval "${testfailed}"; }
140
141echo "Getting non des tickets (host/), failure test"; > messages.log
142${kgetcred} -e des-cbc-crc ${hostserver}@${R} 2>/dev/null && \
143    { ec=1 ; eval "${testfailed}"; }
144${klist} -v | grep des-cbc-crc > /dev/null && { ec=1 ; eval "${testfailed}"; }
145
146echo "Getting des tickets (afs)"; > messages.log
147${kgetcred} -e des-cbc-crc ${afsserver}@${R} || { ec=1 ; eval "${testfailed}"; }
148${klist} -v | grep des-cbc-crc > /dev/null || { ec=1 ; eval "${testfailed}"; }
149
150${kdestroy}
151
152
153
154${kdestroy}
155
156echo "killing kdc (${kdcpid})"
157sh ${leaks_kill} kdc $kdcpid || exit 1
158
159trap "" EXIT
160
161exit $ec
162