check-referral.in revision 1.1.1.1
1#!/bin/sh 2# 3# Copyright (c) 2006 - 2007 Kungliga Tekniska H��gskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34top_builddir="@top_builddir@" 35env_setup="@env_setup@" 36objdir="@objdir@" 37 38. ${env_setup} 39 40testfailed="echo test failed; cat messages.log; exit 1" 41 42# If there is no useful db support compile in, disable test 43${have_db} || exit 77 44 45R=TEST.H5L.SE 46R2=SUB.TEST.H5L.SE 47 48service=ldap/host.sub.test.h5l.se 49 50port=@port@ 51 52kadmin="${kadmin} -l -r $R" 53kdc="${kdc} --addresses=localhost -P $port" 54 55cache="FILE:${objdir}/cache.krb5" 56 57kinit="${kinit} -c $cache ${afs_no_afslog}" 58klist="${klist} -c $cache" 59kgetcred="${kgetcred} -c $cache" 60kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 61 62 63KRB5_CONFIG="${objdir}/krb5.conf" 64export KRB5_CONFIG 65 66rm -f current-db* 67rm -f out-* 68rm -f mkey.file* 69 70> messages.log 71 72echo Creating database 73${kadmin} \ 74 init \ 75 --realm-max-ticket-life=1day \ 76 --realm-max-renewable-life=1month \ 77 ${R} || exit 1 78 79${kadmin} \ 80 init \ 81 --realm-max-ticket-life=1day \ 82 --realm-max-renewable-life=1month \ 83 ${R2} || exit 1 84 85${kadmin} add -p foo --use-defaults foo@${R} || exit 1 86${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1 87${kadmin} get foo@${R} | grep alias1@${R} >/dev/null || exit 1 88 89${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1 90 91${kadmin} add -p foo --use-defaults bar@${R} || exit 1 92${kadmin} add -p foo --use-defaults 'baz\@realm.foo@'${R} || exit 1 93 94${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1 95${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1 96 97echo "Doing database check" 98${kadmin} check ${R} || exit 1 99${kadmin} check ${R2} || exit 1 100 101echo foo > ${objdir}/foopassword 102 103echo Starting kdc 104${kdc} & 105kdcpid=$! 106 107sh ${wait_kdc} 108if [ "$?" != 0 ] ; then 109 kill -9 ${kdcpid} 110 exit 1 111fi 112 113trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 114 115ec=0 116 117 118echo "Getting client bar"; > messages.log 119${kinit} --password-file=${objdir}/foopassword bar@${R} || \ 120 { ec=1 ; eval "${testfailed}"; } 121echo "checking that we got back right principal" 122${klist} | grep "Principal: bar@${R}" > /dev/null || \ 123 { ec=1 ; eval "${testfailed}"; } 124${kdestroy} 125 126echo "Getting client baz"; > messages.log 127${kinit} --password-file=${objdir}/foopassword 'baz\@realm.foo@'${R} || \ 128 { ec=1 ; eval "${testfailed}"; } 129echo "checking that we got back right principal" 130${klist} 131${klist} | grep 'Principal: baz' > /dev/null || \ 132 { ec=1 ; eval "${testfailed}"; } 133${kdestroy} 134 135 136 137echo "Test AS-REQ" 138 139echo "Getting client (no canon)"; > messages.log 140${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 141 { ec=1 ; eval "${testfailed}"; } 142echo "checking that we got back right principal" 143${klist} | grep "Principal: foo@${R}" > /dev/null || \ 144 { ec=1 ; eval "${testfailed}"; } 145${kdestroy} 146 147echo "Getting client client tickets (default realm, enterprisename)"; > messages.log 148${kinit} --canonicalize \ 149 --password-file=${objdir}/foopassword foo@${R} || \ 150 { ec=1 ; eval "${testfailed}"; } 151echo "checking that we got back right principal" 152${klist} | grep "Principal: foo@${R}" > /dev/null || \ 153 { ec=1 ; eval "${testfailed}"; } 154${kdestroy} 155 156echo "Getting client alias1 tickets"; > messages.log 157${kinit} --canonicalize \ 158 --password-file=${objdir}/foopassword foo@${R} || \ 159 { ec=1 ; eval "${testfailed}"; } 160echo "checking that we got back right principal" 161${klist} | grep "Principal: foo@${R}" > /dev/null || \ 162 { ec=1 ; eval "${testfailed}"; } 163${kdestroy} 164 165 166echo "Getting client alias2 tickets"; > messages.log 167${kinit} --canonicalize \ 168 --password-file=${objdir}/foopassword alias2@${R}@${R} || \ 169 { ec=1 ; eval "${testfailed}"; } 170echo "checking that we got back right principal" 171${klist} | grep "Principal: foo@${R}" > /dev/null || \ 172 { ec=1 ; eval "${testfailed}"; } 173${kdestroy} 174 175echo "Getting client alias1 tickets (non canon case)"; > messages.log 176${kinit} --password-file=${objdir}/foopassword \ 177 alias1@${R}@${R} > /dev/null 2>/dev/null && \ 178 { ec=1 ; eval "${testfailed}"; } 179 180echo "Getting client alias2 tickets (removed)"; > messages.log 181${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; } 182${kinit} --canonicalize \ 183 --password-file=${objdir}/foopassword \ 184 alias2@${R}@${R} > /dev/null 2>/dev/null && \ 185 { ec=1 ; eval "${testfailed}"; } 186 187echo "Remove alias" 188${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; } 189 190echo "Test server referrals" 191 192echo "Getting client for ${service}@${R} (tgs kdc referral)" 193> messages.log 194${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 195 { ec=1 ; eval "${testfailed}"; } 196${kgetcred} --canonicalize ${service}@${R} || 197 { ec=1 ; eval "${testfailed}"; } 198echo "checking that we got back right principal" 199${klist} | grep "${service}@${R2}" > /dev/null || \ 200 { ec=1 ; eval "${testfailed}"; } 201${kdestroy} 202 203echo "Getting client for ${service}@${R2} (tgs client side guessing)" 204> messages.log 205${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 206 { ec=1 ; eval "${testfailed}"; } 207${kgetcred} ${service}@${R2} || 208 { ec=1 ; eval "${testfailed}"; } 209echo "checking that we got back right principal" 210${klist} | grep "${service}@${R2}" > /dev/null || \ 211 { ec=1 ; eval "${testfailed}"; } 212${kdestroy} 213 214 215echo "killing kdc (${kdcpid})" 216sh ${leaks_kill} kdc $kdcpid || exit 1 217 218trap "" EXIT 219 220exit $ec 221