From 47f60928bccfbda9cb70e7b441a9df8f6153eb0a Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 7 Feb 2012 14:02:24 -0600 Subject: [PATCH] Some more [capaths] testing --- tests/kdc/check-kdc.in | 110 +++++++++++++++++++++++++++++++++++++++-- tests/kdc/krb5.conf.in | 15 +++++- 2 files changed, 120 insertions(+), 5 deletions(-) diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in index a7150a4cd..09003c5cd 100644 --- a/tests/kdc/check-kdc.in +++ b/tests/kdc/check-kdc.in @@ -46,8 +46,13 @@ testfailed="echo test failed; cat messages.log; exit 1" ${have_db} || exit 77 R=TEST.H5L.SE +RH=TEST-HTTP.H5L.SE R2=TEST2.H5L.SE -R3=TEST-HTTP.H5L.SE +R3=TEST3.H5L.SE +R4=TEST4.H5L.SE +R5=SOME-REALM5.FR +R6=SOME-REALM6.US +R7=SOME-REALM7.UK port=@port@ @@ -105,12 +110,48 @@ ${kadmin} \ --realm-max-renewable-life=1month \ ${R3} || exit 1 +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R4} || exit 1 + +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R5} || exit 1 + +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R6} || exit 1 + +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R7} || exit 1 + +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${RH} || exit 1 + ${kadmin} cpw -r krbtgt/${R}@${R} || exit 1 ${kadmin} cpw -r krbtgt/${R}@${R} || exit 1 ${kadmin} cpw -r krbtgt/${R}@${R} || exit 1 ${kadmin} cpw -r krbtgt/${R}@${R} || exit 1 ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R2} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R3} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R4} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R5} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R6} || exit 1 +${kadmin} add -p foo --use-defaults foo@${R7} || exit 1 ${kadmin} add -p bar --use-defaults bar@${R} || exit 1 ${kadmin} add -p foo --use-defaults remove@${R} || exit 1 ${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1 @@ -138,10 +179,28 @@ ${kadmin} modify --alias=${alias2}@${R} ${alias1}@${R} ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1 ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1 +${kadmin} add -p cross1 --use-defaults krbtgt/${R3}@${R2} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R3} || exit 1 + +${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R2} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R4} || exit 1 + +${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R3} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R3}@${R4} || exit 1 + +${kadmin} add -p cross1 --use-defaults krbtgt/${R5}@${R} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R5} || exit 1 + +${kadmin} add -p cross1 --use-defaults krbtgt/${R6}@${R5} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R5}@${R6} || exit 1 + +${kadmin} add -p cross1 --use-defaults krbtgt/${R7}@${R6} || exit 1 +${kadmin} add -p cross2 --use-defaults krbtgt/${R6}@${R7} || exit 1 + ${kadmin} add -p foo --use-defaults pw-expire@${R} || exit 1 ${kadmin} modify --pw-expiration-time=+1day pw-expire@${R} || exit 1 -${kadmin} add -p foo --use-defaults foo@${R3} || exit 1 +${kadmin} add -p foo --use-defaults foo@${RH} || exit 1 echo "Check parser" ${kadmin} add -p foo --use-defaults -- -p || exit 1 @@ -150,6 +209,11 @@ ${kadmin} delete -- -p || exit 1 echo "Doing database check" ${kadmin} check ${R} || exit 1 ${kadmin} check ${R2} || exit 1 +${kadmin} check ${R3} || exit 1 +${kadmin} check ${R4} || exit 1 +${kadmin} check ${R5} || exit 1 +${kadmin} check ${R6} || exit 1 +${kadmin} check ${R7} || exit 1 echo "Extracting enctypes" ${ktutil} -k ${keytab} list > tempfile || exit 1 @@ -199,10 +263,50 @@ ${test_ap_req} ${server}@${R} ${keytab} ${cache} || \ ${kdestroy} echo "Getting client initial tickets (http transport)"; > messages.log -${kinit} --password-file=${objdir}/foopassword foo@${R3} || \ +${kinit} --password-file=${objdir}/foopassword foo@${RH} || \ { ec=1 ; eval "${testfailed}"; } ${kdestroy} +echo "Testing capaths logic" +${kinit} --password-file=${objdir}/foopassword \ + -e ${aesenctype} -e ${aesenctype} \ + foo@$R || \ + { ec=1 ; eval "${testfailed}"; } + +echo "Getting x-realm tickets with capaths for $R -> $R2" +${kgetcred} foo@${R2} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R3" +${kgetcred} foo@${R3} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R4" +${kgetcred} foo@${R4} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R5" +${kgetcred} foo@${R5} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R6" +${kgetcred} foo@${R6} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R7" +${kgetcred} foo@${R7} || { ec=1 ; eval "${testfailed}"; } +${kdestroy} + +echo "Testing capaths logic (reverse order)" +${kinit} --password-file=${objdir}/foopassword \ + -e ${aesenctype} -e ${aesenctype} \ + foo@$R || \ + { ec=1 ; eval "${testfailed}"; } + +echo "Getting x-realm tickets with capaths for $R -> $R4" +${kgetcred} foo@${R4} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R3" +${kgetcred} foo@${R3} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R2" +${kgetcred} foo@${R2} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R7" +${kgetcred} foo@${R7} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R6" +${kgetcred} foo@${R6} || { ec=1 ; eval "${testfailed}"; } +echo "Getting x-realm tickets with capaths for $R -> $R5" +${kgetcred} foo@${R5} || { ec=1 ; eval "${testfailed}"; } +${kdestroy} + echo "Specific enctype"; > messages.log ${kinit} --password-file=${objdir}/foopassword \ -e ${aesenctype} -e ${aesenctype} \ diff --git a/tests/kdc/krb5.conf.in b/tests/kdc/krb5.conf.in index db44fdb7a..596dc04a7 100644 --- a/tests/kdc/krb5.conf.in +++ b/tests/kdc/krb5.conf.in @@ -28,6 +28,15 @@ TEST4.H5L.SE = { kdc = localhost:@port@ } + SOME-REALM5.FR = { + kdc = localhost:@port@ + } + SOME-REALM6.US = { + kdc = localhost:@port@ + } + SOME-REALM7.UK = { + kdc = localhost:@port@ + } TEST-HTTP.H5L.SE = { kdc = http/localhost:@port@ } @@ -85,9 +94,11 @@ [capaths] TEST.H5L.SE = { + TEST2.H5L.SE = . + SOME-REALM5.FR = 1 TEST3.H5L.SE = TEST2.H5L.SE - } - TEST.H5L.SE = { TEST4.H5L.SE = TEST2.H5L.SE TEST4.H5L.SE = TEST3.H5L.SE + SOME-REALM6.US = SOME-REALM5.FR + SOME-REALM7.UK = SOME-REALM6.US }