1#!/bin/sh 2# 3# Copyright (c) 2006 - 2011 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34env_setup="@env_setup@" 35confdir="@confdir@" 36testdir="@testdir@" 37 38. ${env_setup} 39 40KRB5_CONFIG="${1-${confdir}/krb5.conf}" 41export KRB5_CONFIG 42 43logfile=${testdir}/messages.log 44 45testfailed="echo test failed; cat ${logfile}; exit 1" 46 47# If there is no useful db support compile in, disable test 48${have_db} || exit 77 49 50mkdir -p "${testdir}" 51rm -rf "${testdir}/"* 52 53R=TEST.H5L.SE 54 55port=@port@ 56 57kadmin="${kadmin} -l -r $R" 58kdc="${kdc} --addresses=localhost -P $port" 59 60server=host/datan.test.h5l.se 61cache="FILE:${testdir}/cache.krb5" 62acache="FILE:${testdir}/acache.krb5" 63 64kinit="${kinit} -c $cache ${afs_no_afslog}" 65akinit="${kinit} -c $acache ${afs_no_afslog}" 66klist="${klist} -c $cache" 67aklist="${klist} -c $acache" 68kgetcred="${kgetcred} -c $cache" 69kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 70 71rm -f ${testdir}/${keytabfile} 72rm -f ${testdir}/current-db* 73rm -f ${testdir}/out-* 74rm -f ${testdir}/mkey.file* 75 76> ${logfile} 77 78echo Creating database 79${kadmin} \ 80 init \ 81 --realm-max-ticket-life=1day \ 82 --realm-max-renewable-life=1month \ 83 ${R} || exit 1 84 85${kadmin} add -p foo --use-defaults foo@${R} || exit 1 86${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1 87 88echo "Doing database check" 89${kadmin} check ${R} || exit 1 90 91echo foo > ${testdir}/foopassword 92 93echo Starting kdc 94env MallocStackLogging=1 MallocStackLoggingNoCompact=1 MallocErrorAbort=1 MallocLogFile=${testdir}/malloc-log \ 95${kdc} & 96kdcpid=$! 97 98sh ${wait_kdc} KDC ${logfile} 99if [ "$?" != 0 ] ; then 100 kill -9 ${kdcpid} 101 exit 1 102fi 103 104trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 105 106ec=0 107 108# 109# Check armor ticket 110# 111 112echo "Getting client initial tickets"; > ${logfile} 113${kinit} --password-file=${testdir}/foopassword foo@$R || \ 114 { ec=1 ; eval "${testfailed}"; } 115echo "Checking for FAST avail" 116${klist} --hidden | grep fast_avail > /dev/null || { exit 1; } 117echo "Getting tickets"; > ${logfile} 118${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } 119echo "Listing tickets"; > ${logfile} 120${klist} > /dev/null || { ec=1 ; eval "${testfailed}"; } 121${kdestroy} 122 123echo "Acquire host ticket to be used as an ARMOR ticket" 124${akinit} --password-file=${testdir}/foopassword ${server}@${R} >/dev/null|| { exit 1; } 125echo "Checking for FAST avail (in the FAST armor cache)" 126${aklist} --hidden | grep fast_avail > /dev/null || { exit 1; } 127 128# 129# Client tests 130# 131 132echo "Getting client initial tickets with FAST armor ticket" 133${kinit} --fast-armor-cache=${acache} \ 134 --password-file=${testdir}/foopassword foo@$R || \ 135 { ec=1 ; eval "${testfailed}"; } 136 137echo "Checking for FAST avail (in the FAST acquired cache)" 138${klist} --hidden | grep fast_avail > /dev/null || { exit 1; } 139 140echo "Getting service ticket" 141${kgetcred} ${server}@${R} || { exit 1; } 142${kdestroy} 143 144# 145# Use MIT client tools 146# 147 148mit=/usr/local/mitkerberos/bin 149 150if [ -f ${mit}/kinit ] ; then 151 echo "Running MIT FAST tests" 152 153 kinitpty=${testdir}/foopassword.rkpty 154cat > ${kinitpty} <<EOF 155expect Password 156password foo\n 157EOF 158 159 echo "Acquire host ticket" 160 ${rkpty} ${kinitpty} ${mit}/kinit -c ${acache} ${server}@${R} >/dev/null|| { exit 1; } 161 (${aklist} | grep ${server} > /dev/null ) || { exit 1; } 162 163 echo "Checking for FAST avail" 164 ${aklist} --hidden | grep fast_avail > /dev/null || { exit 1; } 165 166 echo "Using plain to get a initial ticket" 167 ${rkpty} ${kinitpty} ${mit}/kinit -c ${cache} foo@${R} >/dev/null|| { exit 1; } 168 (${klist} | grep foo > /dev/null ) || { exit 1; } 169 170 echo "Using FAST to get a initial ticket" 171 ${rkpty} ${kinitpty} ${mit}/kinit -c ${cache} -T ${acache} foo@${R} >/dev/null || { exit 1; } 172 (${klist} | grep foo > /dev/null ) || { exit 1; } 173 174 echo "Checking for FAST avail" 175 ${klist} --hidden | grep fast_avail > /dev/null || { exit 1; } 176 177 echo "Getting service ticket" 178 ${mit}/kvno -c ${cache} ${server}@${R} || { exit 1; } 179 180fi 181 182 183echo "killing kdc (${kdcpid})" 184sh ${leaks_kill} kdc $kdcpid || exit 1 185 186trap "" EXIT 187 188exit $ec 189