1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16KRB5_TRACE=$TESTDIR/k5_trace 17KRB5_CONFIG=$TESTDIR/krb5.conf 18KRB5_KDC_PROFILE=$KRB5_CONFIG 19KRB5_KTNAME=$TESTDIR/server.kt 20KRB5_CLIENT_KTNAME=$TESTDIR/client.kt 21KRB5CCNAME=$TESTDIR/client.ccache 22 23export KRB5_TRACE KRB5_CONFIG KRB5_KDC_PROFILE KRB5_KTNAME KRB5_CLIENT_KTNAME KRB5CCNAME 24 25KDCLOG=$TESTDIR/setup_kdc.log 26KSERVICE=ldap/$LOCALHOST 27KUSER=kuser 28 29. $CONFFILTER < $DATADIR/krb5.conf > $KRB5_CONFIG 30 31PATH=${PATH}:/usr/lib/heimdal-servers:/usr/sbin:/usr/local/sbin 32 33echo "Trying Heimdal KDC..." 34 35command -v kdc >/dev/null 2>&1 36if test $? = 0 ; then 37 kstash --random-key > $KDCLOG 2>&1 38 RC=$? 39 if test $RC != 0 ; then 40 echo "Heimdal: kstash failed, skipping GSSAPI tests" 41 exit 0 42 fi 43 44 flags="--realm-max-ticket-life=1h --realm-max-renewable-life=1h" 45 kadmin -l init $flags $KRB5REALM > $KDCLOG 2>&1 46 RC=$? 47 if test $RC != 0 ; then 48 echo "Heimdal: kadmin init failed, skipping GSSAPI tests" 49 exit 0 50 fi 51 52 kadmin -l add --random-key --use-defaults $KSERVICE > $KDCLOG 2>&1 53 RC=$? 54 if test $RC != 0 ; then 55 echo "Heimdal: kadmin add failed, skipping GSSAPI tests" 56 exit 0 57 fi 58 59 kadmin -l ext -k $KRB5_KTNAME $KSERVICE > $KDCLOG 2>&1 60 RC=$? 61 if test $RC != 0 ; then 62 echo "Heimdal: kadmin ext failed, skipping GSSAPI tests" 63 exit 0 64 fi 65 66 kadmin -l add --random-key --use-defaults $KUSER > $KDCLOG 2>&1 67 RC=$? 68 if test $RC != 0 ; then 69 echo "Heimdal: kadmin add failed, skipping GSSAPI tests" 70 exit 0 71 fi 72 73 kadmin -l ext -k $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1 74 RC=$? 75 if test $RC != 0 ; then 76 echo "Heimdal: kadmin ext failed, skipping GSSAPI tests" 77 exit 0 78 fi 79 80 kdc --addresses=$LOCALIP --ports="$KDCPORT/udp" > $KDCLOG 2>&1 & 81else 82 echo "Trying MIT KDC..." 83 84 command -v krb5kdc >/dev/null 2>&1 85 if test $? != 0; then 86 echo "No KDC available, skipping GSSAPI tests" 87 exit 0 88 fi 89 90 kdb5_util create -r $KRB5REALM -s -P password > $KDCLOG 2>&1 91 RC=$? 92 if test $RC != 0 ; then 93 echo "MIT: kdb5_util create failed, skipping GSSAPI tests" 94 exit 0 95 fi 96 97 kadmin.local -q "addprinc -randkey $KSERVICE" > $KDCLOG 2>&1 98 RC=$? 99 if test $RC != 0 ; then 100 echo "MIT: admin addprinc failed, skipping GSSAPI tests" 101 exit 0 102 fi 103 104 kadmin.local -q "ktadd -k $KRB5_KTNAME $KSERVICE" > $KDCLOG 2>&1 105 RC=$? 106 if test $RC != 0 ; then 107 echo "MIT: kadmin ktadd failed, skipping GSSAPI tests" 108 exit 0 109 fi 110 111 kadmin.local -q "addprinc -randkey $KUSER" > $KDCLOG 2>&1 112 RC=$? 113 if test $RC != 0 ; then 114 echo "MIT: kadmin addprinc failed, skipping GSSAPI tests" 115 exit 0 116 fi 117 118 kadmin.local -q "ktadd -k $KRB5_CLIENT_KTNAME $KUSER" > $KDCLOG 2>&1 119 RC=$? 120 if test $RC != 0 ; then 121 echo "MIT: kadmin ktadd failed, skipping GSSAPI tests" 122 exit 0 123 fi 124 125 krb5kdc -n > $KDCLOG 2>&1 & 126fi 127 128KDCPROC=$! 129sleep 1 130 131kinit -kt $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1 132RC=$? 133if test $RC != 0 ; then 134 kill $KDCPROC 135 echo "SASL/GSSAPI: kinit failed, skipping GSSAPI tests" 136 exit 0 137fi 138 139pluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null 140RC=$? 141if test $RC != 0 ; then 142 143 saslpluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null 144 RC=$? 145 if test $RC != 0 ; then 146 kill $KDCPROC 147 echo "cyrus-sasl has no GSSAPI support, test skipped" 148 exit 0 149 fi 150fi 151 152HAVE_SASL_GSS_CBIND=no 153 154grep CHANNEL_BINDING $TESTDIR/plugin_out > /dev/null 2>&1 155RC=$? 156if test $RC = 0 ; then 157 HAVE_SASL_GSS_CBIND=yes 158fi 159