1#!/bin/sh 2# 3# Copyright (c) 2006 Kungliga Tekniska H��gskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33# 34# Id 35# 36 37env_setup="@env_setup@" 38srcdir="@srcdir@" 39objdir="@objdir@" 40 41. ${env_setup} 42 43# If there is no useful db support compiled in, disable test 44../db/have-db || exit 77 45 46R=TEST.H5L.SE 47 48port=@port@ 49 50keytabfile=${objdir}/server.keytab 51keytab="FILE:${keytabfile}" 52cache="FILE:krb5ccfile" 53cacheds="FILE:krb5ccfile-ds" 54 55kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog} --forwardable" 56kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}" 57kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R" 58kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port" 59 60context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context" 61 62KRB5_CONFIG="${objdir}/krb5.conf" 63export KRB5_CONFIG 64 65KRB5_KTNAME="${keytab}" 66export KRB5_KTNAME 67KRB5CCNAME="${cache}" 68export KRB5CCNAME 69NTLM_ACCEPTOR_CCACHE="${cacheds}" 70export NTLM_ACCEPTOR_CCACHE 71NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt" 72export NTLM_USER_FILE 73 74GSSAPI_SPNEGO_NAME=host@host.test.h5l.se 75export GSSAPI_SPNEGO_NAME 76 77rm -f ${keytabfile} 78rm -f current-db* 79rm -f out-* 80rm -f mkey.file* 81 82> messages.log 83 84echo Creating database 85${kadmin} \ 86 init \ 87 --realm-max-ticket-life=1day \ 88 --realm-max-renewable-life=1month \ 89 ${R} || exit 1 90 91${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1 92${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1 93 94${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1 95 96${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1 97${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1 98 99${kadmin} add -p u1 --use-defaults user1@${R} || exit 1 100 101echo "Doing database check" 102${kadmin} check ${R} || exit 1 103 104echo u1 > ${objdir}/foopassword 105echo ds > ${objdir}/barpassword 106 107echo Starting kdc 108${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; } 109kdcpid=`getpid kdc` 110 111trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 112 113exitcode=0 114 115echo "Getting client initial tickets" 116${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 117echo "Getting digestserver initial tickets" 118${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1 119 120echo "======context building for each mech" 121 122for mech in ntlm krb5 ; do 123 echo "${mech}" 124 ${context} --mech-type=${mech} --ret-mech-type=${mech} \ 125 --name-type=hostbased-service host@host.test.h5l.se || \ 126 { exitcode=1 ; echo test failed; } 127done 128 129echo "spnego" 130${context} \ 131 --mech-type=spnego \ 132 --ret-mech-type=krb5 \ 133 --name-type=hostbased-service \ 134 host@host.test.h5l.se || \ 135 { exitcode=1 ; echo test failed; } 136 137echo "test failure cases" 138${context} --mech-type=ntlm --ret-mech-type=krb5 \ 139 --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ 140 { exitcode=1 ; echo test failed; } 141 142${context} --mech-type=krb5 --ret-mech-type=ntlm \ 143 --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \ 144 { exitcode=1 ; echo test failed; } 145 146echo "======spnego variants context building" 147 148for arg in \ 149 "" \ 150 "--mutual" \ 151 "--delegate" \ 152 "--mutual --delegate" \ 153 "--getverifymic --wrapunwrap" \ 154 "--mutual --getverifymic --wrapunwrap" \ 155 ; do 156 157 echo "no NTLM acceptor cred ${arg}" 158 NTLM_ACCEPTOR_CCACHE="${cacheds}-no" 159 ${context} --mech-type=spnego \ 160 $arg \ 161 --name-type=hostbased-service \ 162 --ret-mech-type=krb5 \ 163 host@host.test.h5l.se || \ 164 { exitcode=1 ; echo test failed; } 165 NTLM_ACCEPTOR_CCACHE="${cacheds}" 166 167 echo "no NTLM initiator cred ${arg}" 168 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no" 169 ${context} --mech-type=spnego \ 170 $arg \ 171 --name-type=hostbased-service \ 172 --ret-mech-type=krb5 \ 173 host@host.test.h5l.se || \ 174 { exitcode=1 ; echo test failed; } 175 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt" 176 177 echo "no krb5 acceptor cred ${arg}" 178 KRB5_KTNAME="${keytab}-no" 179 ${context} --mech-type=spnego \ 180 $arg \ 181 --server-no-delegate \ 182 --name-type=hostbased-service \ 183 --ret-mech-type=ntlm \ 184 host@host.test.h5l.se || \ 185 { exitcode=1 ; echo test failed; } 186 KRB5_KTNAME="${keytab}" 187 188 echo "no krb5 initiator cred ${arg}" 189 KRB5CCNAME="${cache}-no" 190 ${context} --mech-type=spnego \ 191 $arg \ 192 --server-no-delegate \ 193 --name-type=hostbased-service \ 194 --ret-mech-type=ntlm \ 195 host@host.test.h5l.se || \ 196 { exitcode=1 ; echo test failed; } 197 KRB5CCNAME="${cache}" 198 199done 200 201trap "" EXIT 202 203echo "killing kdc (${kdcpid})" 204kill ${kdcpid} 2> /dev/null 205 206exit $exitcode 207 208 209