oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

tell more what the kdc though about the failure.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18839 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-10-22 17:04:34 +00:00
parent 3e1216f1e8
commit 660c6f87cd
1 changed files with 82 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
tests/kdc/check-kdc.in
View File

@@ -37,6 +37,8 @@
srcdir="@srcdir@" srcdir="@srcdir@"
objdir="@objdir@" objdir="@objdir@"
testfailed="echo test failed; cat messages.log; exit 1"
# If there is no useful db support compile in, disable test # If there is no useful db support compile in, disable test
../db/have-db || exit 77 ../db/have-db || exit 77
@@ -139,91 +141,93 @@ if [ "$?" != 0 ] ; then
exit 1 exit 1
fi fi
exitcode=0 trap "kill ${kdcpid}; echo signal killing kdc" EXIT 1 2 3 15
echo "Getting client initial tickets" ec=0
echo "Getting client initial tickets"; > messages.log
${kinit} --password-file=${objdir}/foopassword foo@$R || \ ${kinit} --password-file=${objdir}/foopassword foo@$R || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
echo "Getting tickets" echo "Getting tickets"; > messages.log
${kgetcred} ${server}@${R} || { exitcode=1 ; echo test failed; } ${kgetcred} ${server}@${R} || { ec=1 ; ${testfailed}; }
echo "Listing tickets" echo "Listing tickets"; > messages.log
${klist} > /dev/null || { exitcode=1 ; echo test failed; } ${klist} > /dev/null || { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${cache} || \ ./ap-req ${server}@${R} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
for a in $enctypes; do for a in $enctypes; do
echo "Getting client initial tickets ($a)" echo "Getting client initial tickets ($a)"; > messages.log
${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || { exitcode=1 ; echo test failed; } ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || { ec=1 ; ${testfailed}; }
echo "Getting tickets" echo "Getting tickets"; > messages.log
${kgetcred} ${server}@${R} || { exitcode=1 ; echo test failed; } ${kgetcred} ${server}@${R} || { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${cache} || { exitcode=1 ; echo test failed; } ./ap-req ${server}@${R} ${keytab} ${cache} || { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
done done
echo "Getting client initial tickets" echo "Getting client initial tickets"; > messages.log
${kinit} --password-file=${objdir}/foopassword foo@$R || \ ${kinit} --password-file=${objdir}/foopassword foo@$R || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
for a in $enctypes; do for a in $enctypes; do
echo "Getting tickets ($a)" echo "Getting tickets ($a)"; > messages.log
${kgetcred} -e $a ${server}@${R} || { exitcode=1 ; echo test failed; } ${kgetcred} -e $a ${server}@${R} || { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${cache} || \ ./ap-req ${server}@${R} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} --credential=${server}@${R} ${kdestroy} --credential=${server}@${R}
done done
${kdestroy} ${kdestroy}
echo "Getting client initial tickets for cross realm case" echo "Getting client initial tickets for cross realm case"; > messages.log
${kinit} --password-file=${objdir}/foopassword foo@$R || { exitcode=1 ; echo test failed; } ${kinit} --password-file=${objdir}/foopassword foo@$R || { ec=1 ; ${testfailed}; }
for a in $enctypes; do for a in $enctypes; do
echo "Getting cross realm tickets ($a)" echo "Getting cross realm tickets ($a)"; > messages.log
${kgetcred} -e $a ${server2}@${R2} || { exitcode=1 ; echo test failed; } ${kgetcred} -e $a ${server2}@${R2} || { ec=1 ; ${testfailed}; }
./ap-req ${server2}@${R2} ${keytab} ${cache} || \ ./ap-req ${server2}@${R2} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} --credential=${server2}@${R2} ${kdestroy} --credential=${server2}@${R2}
done done
${kdestroy} ${kdestroy}
echo "try all permutations" echo "try all permutations"; > messages.log
for a in $enctypes; do for a in $enctypes; do
echo "Getting client initial tickets ($a)" echo "Getting client initial tickets ($a)"; > messages.log
${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || \ ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
for b in $enctypes; do for b in $enctypes; do
echo "Getting tickets ($a -> $b)" echo "Getting tickets ($a -> $b)"; > messages.log
${kgetcred} -e $b ${server}@${R} || \ ${kgetcred} -e $b ${server}@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${cache} || \ ./ap-req ${server}@${R} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} --credential=${server}@${R} ${kdestroy} --credential=${server}@${R}
done done
${kdestroy} ${kdestroy}
done done
echo "Getting server initial tickets" echo "Getting server initial tickets"; > messages.log
${kinit} --keytab=${keytab} ${server}@$R || { exitcode=1 ; echo test failed; } ${kinit} --keytab=${keytab} ${server}@$R || { ec=1 ; ${testfailed}; }
echo "Listing tickets" echo "Listing tickets"; > messages.log
${klist} | grep "Principal: ${server}" > /dev/null || \ ${klist} | grep "Principal: ${server}" > /dev/null || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo "initial tickets for deleted user test case" echo "initial tickets for deleted user test case"; > messages.log
${kinit} --password-file=${objdir}/foopassword remove@$R || \ ${kinit} --password-file=${objdir}/foopassword remove@$R || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kadmin} delete remove@${R} || { exitcode=1 ; echo test failed; } ${kadmin} delete remove@${R} || { ec=1 ; ${testfailed}; }
echo "try getting ticket with deleted user" echo "try getting ticket with deleted user"; > messages.log
${kgetcred} ${server}@${R} 2> /dev/null && { exitcode=1 ; echo test failed; } ${kgetcred} ${server}@${R} 2> /dev/null && { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo "cross realm case (removed user)" echo "cross realm case (removed user)"; > messages.log
${kinit} --password-file=${objdir}/foopassword remove2@$R2 || \ ${kinit} --password-file=${objdir}/foopassword remove2@$R2 || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} krbtgt/${R}@${R2} 2> /dev/null || \ ${kgetcred} krbtgt/${R}@${R2} 2> /dev/null || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kadmin} delete remove2@${R2} || exit 1 ${kadmin} delete remove2@${R2} || exit 1
${kgetcred} ${server}@${R} 2> /dev/null || \ ${kgetcred} ${server}@${R} 2> /dev/null || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo deleting all but aes enctypes on krbtgt echo deleting all but aes enctypes on krbtgt
@@ -233,23 +237,23 @@ echo deleting all but des enctypes on server-des3
${kadmin} del_enctype ${server}-des3@${R} ${enctype_sans_des3} || exit 1 ${kadmin} del_enctype ${server}-des3@${R} ${enctype_sans_des3} || exit 1
${kadmin} ext -k ${keytab} ${server}-des3@${R} || exit 1 ${kadmin} ext -k ${keytab} ${server}-des3@${R} || exit 1
echo "try all permutations (only aes)" echo "try all permutations (only aes)"; > messages.log
for a in $enctypes; do for a in $enctypes; do
echo "Getting client initial tickets ($a)" echo "Getting client initial tickets ($a)"; > messages.log
${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@${R} ||\ ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@${R} ||\
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
for b in $enctypes; do for b in $enctypes; do
echo "Getting tickets ($a -> $b)" echo "Getting tickets ($a -> $b)"; > messages.log
${kgetcred} -e $b ${server}@${R} || \ ${kgetcred} -e $b ${server}@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${cache} || \ ./ap-req ${server}@${R} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
echo "Getting tickets ($a -> $b) (server des3 only)" echo "Getting tickets ($a -> $b) (server des3 only)"; > messages.log
${kgetcred} ${server}-des3@${R} || \ ${kgetcred} ${server}-des3@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
./ap-req ${server}-des3@${R} ${keytab} ${cache} || \ ./ap-req ${server}-des3@${R} ${keytab} ${cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} --credential=${server}@${R} ${kdestroy} --credential=${server}@${R}
${kdestroy} --credential=${server}-des3@${R} ${kdestroy} --credential=${server}-des3@${R}
@@ -270,65 +274,66 @@ fi
if test "$pkinit" = yes -a "$rsa" = yes ; then if test "$pkinit" = yes -a "$rsa" = yes ; then
for type in "" "--pk-use-enckey"; do for type in "" "--pk-use-enckey"; do
echo "Trying pk-init (principal in certificate) $type" echo "Trying pk-init (principal in certificate) $type"; > messages.log
base="${srcdir}/../../lib/hx509/data" base="${srcdir}/../../lib/hx509/data"
${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key bar@${R} || \ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key bar@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} ${server}@${R} || { exitcode=1 ; echo test failed; } ${kgetcred} ${server}@${R} || { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo "Trying pk-init (principal in pki-mapping) $type" echo "Trying pk-init (principal in pki-mapping) $type"; > messages.log
${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key foo@${R} || \ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key foo@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} ${server}@${R} || { exitcode=1 ; echo test failed; } ${kgetcred} ${server}@${R} || { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo "Trying pk-init (password protected key) $type" echo "Trying pk-init (password protected key) $type"; > messages.log
${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit-pw.key --password-file=${objdir}/foopassword foo@${R} || \ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit-pw.key --password-file=${objdir}/foopassword foo@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} ${server}@${R} || \ ${kgetcred} ${server}@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
done done
else else
echo "no pkinit (pkinit: $pkinit, rsa: $rsa)" echo "no pkinit (pkinit: $pkinit, rsa: $rsa)"; > messages.log
fi fi
echo "tickets for impersonate test case" echo "tickets for impersonate test case"; > messages.log
${kinit} --forwardable --password-file=${objdir}/foopassword ${ps} || \ ${kinit} --forwardable --password-file=${objdir}/foopassword ${ps} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred_imp} --impersonate=bar@${R} ${ps} || \ ${kgetcred_imp} --impersonate=bar@${R} ${ps} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
./ap-req ${ps} ${keytab} ${ocache} || \ ./ap-req ${ps} ${keytab} ${ocache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && \ ${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
echo test constrained delegation echo test constrained delegation
${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || \ ${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} || \ ${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
./ap-req ${server}@${R} ${keytab} ${o2cache} || \ ./ap-req ${server}@${R} ${keytab} ${o2cache} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} bar@${R} 2>/dev/null && \ ${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} bar@${R} 2>/dev/null && \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
echo "test constrained delegation impersonation (non forward)" echo "test constrained delegation impersonation (non forward)"; > messages.log
rm -f ocache.krb5 rm -f ocache.krb5
${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \ ${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \ ${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
echo "test constrained delegation impersonation (missing KRB5SignedPath)" echo "test constrained delegation impersonation (missing KRB5SignedPath)"; > messages.log
rm -f ocache.krb5 rm -f ocache.krb5
${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} -f forwardable || \ ${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} -f forwardable || \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \ ${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
{ exitcode=1 ; echo test failed; } { ec=1 ; ${testfailed}; }
${kdestroy} ${kdestroy}
echo "killing kdc (${kdcpid})" echo "killing kdc (${kdcpid})"
kill $kdcpid || exit 1 kill $kdcpid || exit 1
exit $exitcode trap "" EXIT 1 2 3 15
exit $ec