1#!/usr/bin/perl 2# 3# How to run: 4# 5# Compile dnswrapper 6# 7# Configure Back To My Mac on this host and configure the 8# $btmm_member below 9# 10# Test this in an enviroment where you get a hostname from DHCP and 11# where you don't (ie use configured hostname.local name). 12# 13# Run this script like this: perl ./KRBCreateSession2.pl 14# 15 16use strict; 17use Socket; 18use Sys::Hostname; 19 20my $verbose = 1; 21 22my $btmm_member = "bitcollector"; 23 24my $KRBCreateSession = "../build/Debug/KRBCreateSession"; 25my $dnsRegister = "../build/Debug/dns-register"; 26my $dnswrapper = "$ENV{HOME}/src/cos/dnswrapper/dnswr.dylib"; 27 28######################################################################## 29# no configurable parts for users that want to keep their brain intact # 30######################################################################## 31 32my $btmm_host = "dnedtce16"; #do-not-exists-dont-create-me-16 33my $btmm_domain = "${btmm_member}.members.mac.com"; 34my $btmm_fqdn = "${btmm_host}.${btmm_domain}"; 35 36# counters 37my $testfailed = 0; 38my $numtests = 0; 39 40die "You must build KRBCreateSession" if (! -x $KRBCreateSession); 41die "You must build dnswrapper" if (! -f $dnswrapper); 42 43$ENV{'DYLD_INSERT_LIBRARIES'} = $dnswrapper; 44 45my $pwd = `pwd`; 46chomp($pwd); 47 48(my $lkdc = qx{$KRBCreateSession}) =~ s/REALM=(.*)\n.*/\1/; 49chomp ($lkdc); 50 51my $hostname = hostname(); 52(my $short_hostname = $hostname) =~ s/([^.]*).*/\1/; 53 54die "hostname is short hostname" if ($hostname eq $short_hostname); 55 56my $hostname_ip4 = "10.0.0.1"; 57 58print "my local lkdc realm: $lkdc\n" if ($verbose); 59print "my hostname: $hostname ($short_hostname)\n" if ($verbose); 60print "my addr: $hostname_ip4\n" if ($verbose); 61 62system "perl -p -e \"s/%name%/$short_hostname/\" < dns-local.txt.in > dns-local.txt"; 63system "perl -pi -e \"s/%addr%/$hostname_ip4/\" dns-local.txt"; 64 65system "sudo launchctl stop edu.mit.Kerberos.krb5kdc"; 66sleep 1; 67system "sudo launchctl start edu.mit.Kerberos.krb5kdc"; 68 69my $pid = run_in_background("$dnsRegister managedlocal.local local-only.local local-forward-only.local $btmm_fqdn"); 70sleep 1; 71 72section_print("Getting LocalKDC realm"); 73 74runtest({ name => "Getting LocalKDC realm", 75 dnsconf => "dns-t1.txt", 76 krb5conf => "krb5.conf", 77 inserver => "", 78 REALM => "$lkdc", 79 SERVER => "host/$lkdc\@$lkdc" 80 }); 81 82my $is_local_name = ($hostname =~ m/\.local$/); 83printf "localname: $is_local_name\n" if ($verbose); 84 85my $mrealm = "EXAMPLE.COM"; 86my $mservername = "host/${short_hostname}.example.com\@EXAMPLE.COM"; 87 88my $lrealm = "$lkdc"; 89my $lservername = "host/$lkdc\@$lkdc"; 90 91section_print("Test server selection using local machine"); 92 93runtest({ name => "bare hostname (own)", 94 dnsconf => "dns-local.txt", 95 krb5conf => "krb5.conf", 96 inserver => "$short_hostname", 97 REALM => $mrealm, 98 SERVER => $mservername, 99 }); 100 101runtest({ name => "hostname.local (own)", 102 dnsconf => "dns-local.txt", 103 krb5conf => "krb5.conf", 104 inserver => "${short_hostname}.local", 105 REALM => $mrealm, 106 SERVER => $mservername, 107 }); 108 109runtest({ name => "fqdn (own)", 110 dnsconf => "dns-local.txt", 111 krb5conf => "krb5.conf", 112 inserver => "$hostname", 113 REALM => $mrealm, 114 SERVER => $mservername, 115 }); 116 117runtest({ name => "ipv4 address (own)", 118 dnsconf => "dns-local.txt", 119 krb5conf => "krb5.conf", 120 inserver => "$hostname_ip4", 121 REALM => $mrealm, 122 SERVER => $mservername 123 }); 124 125section_print("Test same subnet managed hosts"); 126 127runtest({ name => "same subnet host: bare (other)", 128 dnsconf => "dns-t1.txt", 129 krb5conf => "krb5.conf", 130 inserver => "managedlocal", 131 REALM => "EXAMPLE.COM", 132 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 133 }); 134 135runtest({ name => "same subnet host: local", 136 dnsconf => "dns-t1.txt", 137 krb5conf => "krb5.conf", 138 inserver => "managedlocal.local", 139 REALM => "EXAMPLE.COM", 140 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 141 }); 142 143runtest({ name => "same subnet host: fqdn", 144 dnsconf => "dns-t1.txt", 145 krb5conf => "krb5.conf", 146 inserver => "managedlocal.example.com", 147 REALM => "EXAMPLE.COM", 148 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 149 }); 150 151 152runtest({ name => "same subnet host: local,should pass", 153 dnsconf => "dns-t1.txt", 154 krb5conf => "krb5.conf", 155 inserver => "local-forward-only.local", 156 REALM => "LKDC:SHA1.", 157 SERVER => "host/LKDC:SHA1." 158 }); 159 160section_print("Test managed hosts"); 161 162runtest({ name => "base name", 163 dnsconf => "dns-t1.txt", 164 krb5conf => "krb5.conf", 165 inserver => "server", 166 REALM => "EXAMPLE.COM", 167 SERVER => "host/server.example.com\@EXAMPLE.COM" 168 }); 169 170runtest({ name => "plain name", 171 dnsconf => "dns-t1.txt", 172 krb5conf => "krb5.conf", 173 inserver => "server.example.com", 174 REALM => "EXAMPLE.COM", 175 SERVER => "host/server.example.com\@EXAMPLE.COM" 176 }); 177 178runtest({ name => "plain name end in dot", 179 dnsconf => "dns-t1.txt", 180 krb5conf => "krb5.conf", 181 inserver => "server.example.com.", 182 REALM => "EXAMPLE.COM", 183 SERVER => "host/server.example.com\@EXAMPLE.COM" 184 }); 185 186runtest({ name => "plain local name", 187 dnsconf => "dns-t1.txt", 188 krb5conf => "krb5.conf", 189 inserver => "server.local", 190 REALM => "EXAMPLE.COM", 191 SERVER => "host/server.example.com\@EXAMPLE.COM" 192 }); 193 194runtest({ name => "local name end in dot", 195 dnsconf => "dns-t1.txt", 196 krb5conf => "krb5.conf", 197 inserver => "server.local.", 198 REALM => "EXAMPLE.COM", 199 SERVER => "host/server.example.com\@EXAMPLE.COM" 200 }); 201 202runtest({ name => "quoted name", 203 dnsconf => "dns-t1.txt", 204 krb5conf => "krb5.conf", 205 inserver => "s\\.c.example.com", 206 REALM => "EXAMPLE.COM", 207 SERVER => "host/s\\\\.c.example\\.com\@EXAMPLE\\.COM" 208 }); 209 210runtest({ name => "quoted name end in dot", 211 dnsconf => "dns-t1.txt", 212 krb5conf => "krb5.conf", 213 inserver => "s\\.c.example.com.", 214 REALM => "EXAMPLE.COM", 215 SERVER => "host/s\\\\.c.example\\.com\@EXAMPLE\\.COM" 216 }); 217 218section_print("ip address (server)"); 219 220runtest({ name => "ip address", 221 dnsconf => "dns-t1.txt", 222 krb5conf => "krb5.conf", 223 inserver => "10.0.0.1", 224 REALM => "EXAMPLE.COM", 225 SERVER => "host/server.example.com\@EXAMPLE.COM" 226 }); 227 228section_print("local only hostname"); 229 230runtest({ name => "hostname (localonly)", 231 dnsconf => "dns-t1.txt", 232 krb5conf => "krb5.conf", 233 inserver => "local-only.local", 234 REALM => lkdc_realm_name("local-only.local"), 235 SERVER => lkdc_server_name("local-only.local"), 236 }); 237 238runtest({ name => "bare hostname (localonly)", 239 dnsconf => "dns-t1.txt", 240 krb5conf => "krb5.conf", 241 inserver => "local-only", 242 REALM => lkdc_realm_name("local-only.local"), 243 SERVER => lkdc_server_name("local-only.local"), 244 }); 245 246 247section_print("BTMM host"); 248 249runtest({ name => "BTMM host", 250 dnsconf => "dns-t1.txt", 251 krb5conf => "krb5.conf", 252 inserver => $btmm_fqdn, 253 REALM => lkdc_realm_name($btmm_fqdn), 254 SERVER => lkdc_server_name($btmm_fqdn), 255 }); 256 257section_print("Annouced principal, local only hostname"); 258 259runtest({ name => "hostname (own) aprincipal=lkdc", 260 dnsconf => "dns-t1.txt", 261 krb5conf => "krb5.conf", 262 inserver => "local-only", 263 annoucedprincipal => lkdc_server_name("local-only.local"), 264 REALM => lkdc_realm_name("local-only.local"), 265 SERVER => lkdc_server_name("local-only.local"), 266 }); 267 268runtest({ name => "local hostname (own) aprincipal=lkdc", 269 dnsconf => "dns-t1.txt", 270 krb5conf => "krb5.conf", 271 inserver => "local-only.local", 272 annoucedprincipal => lkdc_server_name("local-only.local"), 273 REALM => lkdc_realm_name("local-only.local"), 274 SERVER => lkdc_server_name("local-only.local"), 275 }); 276 277section_print("Annouced principal, fqdn"); 278 279runtest({ name => "other hostname aprincipal=manged", 280 dnsconf => "dns-t1.txt", 281 krb5conf => "krb5.conf", 282 inserver => "server.example.com", 283 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 284 REALM => "EXAMPLE.COM", 285 SERVER => "host/server.example.com\@EXAMPLE.COM", 286 }); 287 288runtest({ name => "other bare hostname aprincipal=manged", 289 dnsconf => "dns-t1.txt", 290 krb5conf => "krb5.conf", 291 inserver => "server", 292 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 293 REALM => "EXAMPLE.COM", 294 SERVER => "host/server.example.com\@EXAMPLE.COM", 295 }); 296 297section_print("Annouced principal, ipv4 address"); 298 299runtest({ name => "ipv4 hostname aprincipal=manged", 300 dnsconf => "dns-t1.txt", 301 krb5conf => "krb5.conf", 302 inserver => "$hostname_ip4", 303 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 304 REALM => "EXAMPLE.COM", 305 SERVER => "host/server.example.com\@EXAMPLE.COM", 306 }); 307 308section_print("Annouced principal, fqdn, managed"); 309 310runtest({ name => "bare hostname aprincipal=manged", 311 dnsconf => "dns-t1.txt", 312 krb5conf => "krb5.conf", 313 inserver => "server", 314 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 315 REALM => "EXAMPLE.COM", 316 SERVER => "host/server.example.com\@EXAMPLE.COM", 317 }); 318 319runtest({ name => "bare hostname aprincipal=manged", 320 dnsconf => "dns-t1.txt", 321 krb5conf => "krb5.conf", 322 inserver => "server.local", 323 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 324 REALM => "EXAMPLE.COM", 325 SERVER => "host/server.example.com\@EXAMPLE.COM", 326 }); 327 328runtest({ name => "fqdn hostname aprincipal=manged", 329 dnsconf => "dns-t1.txt", 330 krb5conf => "krb5.conf", 331 inserver => "server.example.com", 332 annoucedprincipal => "host/server.example.com\@EXAMPLE.COM", 333 REALM => "EXAMPLE.COM", 334 SERVER => "host/server.example.com\@EXAMPLE.COM", 335 }); 336 337section_print("BTMM host, Local KDC"); 338 339runtest({ name => "BTMM host (aprincipal)", 340 dnsconf => "dns-t1.txt", 341 krb5conf => "krb5.conf", 342 inserver => $btmm_fqdn, 343 annoucedprincipal => lkdc_server_name($btmm_fqdn), 344 REALM => lkdc_realm_name($btmm_fqdn), 345 SERVER => lkdc_server_name($btmm_fqdn), 346 }); 347 348section_print("Local subnet manged host"); 349 350runtest({ name => "barenamne local subnet manged host", 351 dnsconf => "dns-t1.txt", 352 krb5conf => "krb5.conf", 353 inserver => "managedlocal", 354 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 355 REALM => "EXAMPLE.COM", 356 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 357 }); 358 359runtest({ name => "fqdn local subnet manged host", 360 dnsconf => "dns-t1.txt", 361 krb5conf => "krb5.conf", 362 inserver => "managedlocal.example.com", 363 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 364 REALM => "EXAMPLE.COM", 365 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 366 }); 367 368runtest({ name => "fqdn local subnet manged host (end with dot)", 369 dnsconf => "dns-t1.txt", 370 krb5conf => "krb5.conf", 371 inserver => "managedlocal.example.com.", 372 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 373 REALM => "EXAMPLE.COM", 374 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 375 }); 376 377runtest({ name => "local subnet local manged host", 378 dnsconf => "dns-t1.txt", 379 krb5conf => "krb5.conf", 380 inserver => "managedlocal.local", 381 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 382 REALM => "EXAMPLE.COM", 383 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 384 }); 385 386runtest({ name => "local subnet local manged host (end with dot)", 387 dnsconf => "dns-t1.txt", 388 krb5conf => "krb5.conf", 389 inserver => "managedlocal.local.", 390 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 391 REALM => "EXAMPLE.COM", 392 SERVER => "host/managedlocal.example.com\@EXAMPLE.COM" 393 }); 394 395section_print("Routed manged host"); 396 397runtest({ name => "barenamne routed subnet manged host", 398 dnsconf => "dns-t1.txt", 399 krb5conf => "krb5.conf", 400 inserver => "managedrouted", 401 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 402 REALM => "EXAMPLE.COM", 403 SERVER => "host/managedrouted.example.com\@EXAMPLE.COM" 404 }); 405 406runtest({ name => "fqdn routed subnet manged host", 407 dnsconf => "dns-t1.txt", 408 krb5conf => "krb5.conf", 409 inserver => "managedrouted.example.com", 410 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 411 REALM => "EXAMPLE.COM", 412 SERVER => "host/managedrouted.example.com\@EXAMPLE.COM" 413 }); 414 415runtest({ name => "fqdn routed subnet manged host (end with dot)", 416 dnsconf => "dns-t1.txt", 417 krb5conf => "krb5.conf", 418 inserver => "managedrouted.example.com.", 419 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 420 REALM => "EXAMPLE.COM", 421 SERVER => "host/managedrouted.example.com\@EXAMPLE.COM" 422 }); 423 424runtest({ name => "alias to fqdn routed subnet manged host (end with dot)", 425 dnsconf => "dns-t1.txt", 426 krb5conf => "krb5.conf", 427 inserver => "alias-mr.example.com", 428 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 429 REALM => "EXAMPLE.COM", 430 SERVER => "host/managedrouted.example.com\@EXAMPLE.COM" 431 }); 432 433 434runtest({ name => "using local name for routed host (failed test)", 435 dnsconf => "dns-t1.txt", 436 krb5conf => "krb5.conf", 437 inserver => "managedrouted.local", 438 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 439 ERROR => "KRBCreateSession", 440 }); 441 442 443section_print("Without kerberos tests"); 444 445section_print("Getting LocalKDC realm"); 446 447runtest({ name => "Getting LocalKDC realm", 448 dnsconf => "dns-t1.txt", 449 krb5conf => "no-krb5-file", 450 inserver => "", 451 REALM => "$lkdc", 452 SERVER => "host/$lkdc\@$lkdc" 453 }); 454 455section_print("Test server selection using local machine"); 456 457runtest({ name => "bare hostname (own)", 458 dnsconf => "dns-local.txt", 459 krb5conf => "no-krb5-file", 460 inserver => $short_hostname, 461 REALM => $lrealm, 462 SERVER => $lservername, 463 }); 464 465runtest({ name => "bare hostname (own)", 466 dnsconf => "dns-local.txt", 467 krb5conf => "no-krb5-file", 468 inserver => "${short_hostname}.local", 469 REALM => $lrealm, 470 SERVER => $lservername, 471 }); 472 473runtest({ name => "fqdn (own)", 474 dnsconf => "dns-local.txt", 475 krb5conf => "no-krb5-file", 476 inserver => $hostname, 477 REALM => $lrealm, 478 SERVER => $lservername, 479 }); 480 481section_print("Test ipv4 address"); 482 483# XXX should this return LKDC realm for LKDC case ? 484runtest({ name => "ipv4 address (own)", 485 dnsconf => "dns-local.txt", 486 krb5conf => "no-krb5-file", 487 inserver => "$hostname_ip4", 488 ERROR => "KRBCreateSession", 489 }); 490 491section_print("Test managed realm, local subnet (no krb5)"); 492 493runtest({ name => "barenamne local subnet manged host", 494 dnsconf => "dns-t1.txt", 495 krb5conf => "no-krb5-file", 496 inserver => "managedlocal", 497 REALM => lkdc_realm_name("managedlocal.local"), 498 SERVER => lkdc_server_name("managedlocal.local"), 499 }); 500 501runtest({ name => "local local subnet manged host", 502 dnsconf => "dns-t1.txt", 503 krb5conf => "no-krb5-file", 504 inserver => "managedlocal.local", 505 REALM => lkdc_realm_name("managedlocal.local"), 506 SERVER => lkdc_server_name("managedlocal.local"), 507 }); 508 509runtest({ name => "fqdn local subnet manged host", 510 dnsconf => "dns-t1.txt", 511 krb5conf => "no-krb5-file", 512 inserver => "managedlocal.example.com", 513 ERROR => "KRBCreateSession", 514 }); 515 516section_print("Test managed realm, routed subnet"); 517 518runtest({ name => "barenamne routed subnet manged host", 519 dnsconf => "dns-t1.txt", 520 krb5conf => "no-krb5-file", 521 inserver => "managedrouted", 522 ERROR => "KRBCreateSession", 523 }); 524 525runtest({ name => "fqdn routed subnet manged host", 526 dnsconf => "dns-t1.txt", 527 krb5conf => "no-krb5-file", 528 inserver => "managedrouted.example.com", 529 ERROR => "KRBCreateSession", 530 }); 531 532runtest({ name => "fqdn routed subnet manged host (end with dot)", 533 dnsconf => "dns-t1.txt", 534 krb5conf => "no-krb5-file", 535 inserver => "managedrouted.example.com.", 536 ERROR => "KRBCreateSession", 537 }); 538 539section_print("Test BTMM host"); 540 541runtest({ name => "BTMM host", 542 dnsconf => "dns-t1.txt", 543 krb5conf => "no-krb5-file", 544 inserver => $btmm_fqdn, 545 REALM => lkdc_realm_name($btmm_fqdn), 546 SERVER => lkdc_server_name($btmm_fqdn), 547 }); 548 549section_print("Local subnet manged host"); 550 551runtest({ name => "barenamne local subnet manged host", 552 dnsconf => "dns-t1.txt", 553 krb5conf => "no-krb5-file", 554 inserver => "managedlocal", 555 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 556 ERROR => "KRBCreateSession", 557 }); 558 559runtest({ name => "fqdn local subnet manged host", 560 dnsconf => "dns-t1.txt", 561 krb5conf => "no-krb5-file", 562 inserver => "managedlocal.example.com", 563 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 564 ERROR => "KRBCreateSession", 565 }); 566 567runtest({ name => "fqdn local subnet manged host (end with dot)", 568 dnsconf => "dns-t1.txt", 569 krb5conf => "no-krb5-file", 570 inserver => "managedlocal.example.com.", 571 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 572 ERROR => "KRBCreateSession", 573 }); 574 575runtest({ name => "local subnet local manged host", 576 dnsconf => "dns-t1.txt", 577 krb5conf => "no-krb5-file", 578 inserver => "managedlocal.local", 579 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 580 ERROR => "KRBCreateSession", 581 }); 582 583runtest({ name => "local subnet local manged host (end with dot)", 584 dnsconf => "dns-t1.txt", 585 krb5conf => "no-krb5-file", 586 inserver => "managedlocal.local.", 587 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 588 ERROR => "KRBCreateSession", 589 }); 590 591section_print("Routed manged host"); 592 593runtest({ name => "barenamne routed subnet manged host", 594 dnsconf => "dns-t1.txt", 595 krb5conf => "no-krb5-file", 596 inserver => "managedrouted", 597 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 598 ERROR => "KRBCreateSession", 599 }); 600 601runtest({ name => "fqdn routed subnet manged host", 602 dnsconf => "dns-t1.txt", 603 krb5conf => "no-krb5-file", 604 inserver => "managedrouted.example.com", 605 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 606 ERROR => "KRBCreateSession", 607 }); 608 609runtest({ name => "fqdn routed subnet manged host (end with dot)", 610 dnsconf => "dns-t1.txt", 611 krb5conf => "no-krb5-file", 612 inserver => "managedrouted.example.com.", 613 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 614 ERROR => "KRBCreateSession", 615 }); 616 617runtest({ name => "using local name for routed host (failed test)", 618 dnsconf => "dns-t1.txt", 619 krb5conf => "no-krb5-file", 620 inserver => "managedrouted.local", 621 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 622 ERROR => "KRBCreateSession", 623 }); 624 625section_print("Test BTMM host (aprincipal)"); 626 627runtest({ name => "BTMM host (aprincipal)", 628 dnsconf => "dns-t1.txt", 629 krb5conf => "no-krb5-file", 630 inserver => $btmm_fqdn, 631 annoucedprincipal => lkdc_server_name($btmm_fqdn), 632 REALM => lkdc_realm_name($btmm_fqdn), 633 SERVER => lkdc_server_name($btmm_fqdn), 634 }); 635 636section_print("Local subnet manged host"); 637 638runtest({ name => "barenamne local subnet manged host", 639 dnsconf => "dns-t1.txt", 640 krb5conf => "no-krb5-file", 641 inserver => "managedlocal", 642 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 643 ERROR => "KRBCreateSession", 644 }); 645 646runtest({ name => "fqdn local subnet manged host", 647 dnsconf => "dns-t1.txt", 648 krb5conf => "no-krb5-file", 649 inserver => "managedlocal.example.com", 650 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 651 ERROR => "KRBCreateSession", 652 }); 653 654runtest({ name => "fqdn local subnet manged host (end with dot)", 655 dnsconf => "dns-t1.txt", 656 krb5conf => "no-krb5-file", 657 inserver => "managedlocal.example.com.", 658 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 659 ERROR => "KRBCreateSession", 660 }); 661 662runtest({ name => "local subnet local manged host", 663 dnsconf => "dns-t1.txt", 664 krb5conf => "no-krb5-file", 665 inserver => "managedlocal.local", 666 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 667 ERROR => "KRBCreateSession", 668 }); 669 670runtest({ name => "local subnet local manged host (end with dot)", 671 dnsconf => "dns-t1.txt", 672 krb5conf => "no-krb5-file", 673 inserver => "managedlocal.local.", 674 annoucedprincipal => "host/managedlocal.example.com\@EXAMPLE.COM", 675 ERROR => "KRBCreateSession", 676 }); 677 678section_print("Routed manged host"); 679 680runtest({ name => "barenamne routed subnet manged host", 681 dnsconf => "dns-t1.txt", 682 krb5conf => "no-krb5-file", 683 inserver => "managedrouted", 684 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 685 ERROR => "KRBCreateSession", 686 }); 687 688runtest({ name => "fqdn routed subnet manged host", 689 dnsconf => "dns-t1.txt", 690 krb5conf => "no-krb5-file", 691 inserver => "managedrouted.example.com", 692 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 693 ERROR => "KRBCreateSession", 694 }); 695 696runtest({ name => "fqdn routed subnet manged host (end with dot)", 697 dnsconf => "dns-t1.txt", 698 krb5conf => "no-krb5-file", 699 inserver => "managedrouted.example.com.", 700 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 701 ERROR => "KRBCreateSession", 702 }); 703 704runtest({ name => "using local name for routed host (failed test)", 705 dnsconf => "dns-t1.txt", 706 krb5conf => "no-krb5-file", 707 inserver => "managedrouted.local", 708 annoucedprincipal => "host/managedrouted.example.com\@EXAMPLE.COM", 709 ERROR => "KRBCreateSession", 710 }); 711 712 713kill $pid; 714 715die "FAIL: $testfailed test(s) failed" if ($testfailed); 716print "PASS: all $numtests tests passed\n" if (not $testfailed); 717 718exit 0; 719 720sub runtest { 721 my $params = shift; 722 my %res; 723 my $IN; 724 my $failed = 0; 725 726 $numtests++; 727 728 $ENV{'KRB5_CONFIG'} = "$pwd/$$params{krb5conf}"; 729 $ENV{'DNSWRAPPER_FILE'} = "$pwd/$$params{dnsconf}"; 730 731 # quote for shell 732 my $host = $$params{inserver}; 733 $host =~ s/\\/\\\\/; 734 735 my $aprincipal = $$params{annoucedprincipal} or ""; 736 737 #system("echo $KRBCreateSession $host $aprincipal"); 738 739 open IN, "$KRBCreateSession $host $aprincipal|" or 740 die "$KRBCreateSession $!"; 741 while (<IN>) { 742 if (m/^([^=]*)=(.*)/) { 743 $res{$1} = $2; 744 } 745 } 746 close IN; 747 748 foreach my $k ("REALM", "SERVER", "ERROR") { 749 next if (not defined $$params{$k}); 750 unless ($res{$k} =~ m%^$$params{$k}%) { 751 print "$$params{name}: $k $res{$k} =~ $$params{$k} failed\n"; 752 $failed++; 753 } 754 } 755 $testfailed++ if ($failed); 756 print "ERROR: $res{'ERROR'}\n" if ($failed and defined $res{'ERROR'}); 757 print "$$params{name}: passed\n" if ($failed == 0); 758} 759 760sub section_print 761{ 762 my $msg = "# " . shift(). " #"; 763 (my $pad = $msg) =~ s/./\#/g; 764 print "$pad\n"; 765 print "$msg\n"; 766 print "$pad\n"; 767} 768 769sub run_in_background 770{ 771 my $program = shift(); 772 773 my $pid = fork(); 774 die if ($pid < 0); 775 776 if ($pid == 0) { 777 exec $program; 778 print "exit: $!\n"; 779 exit 1; 780 } 781 return $pid; 782} 783 784sub lkdc_realm_name 785{ 786 my $base = shift; 787 return "LKDC:SHA1.fake${base}"; 788} 789 790sub lkdc_server_name 791{ 792 my $realm = lkdc_realm_name(shift()); 793 return "host/${realm}\@${realm}"; 794} 795