From eb0a22235cadfe6941770eff5f9c29982141e523 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 6 Jun 2006 15:08:35 +0000 Subject: [PATCH] Add impersonation tests. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17623 ec53bebd-3082-4978-b11e-865c3cabbd6b --- tests/kdc/check-kdc.in | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in index 3c54bffed..e61c1f49d 100644 --- a/tests/kdc/check-kdc.in +++ b/tests/kdc/check-kdc.in @@ -48,12 +48,15 @@ kdc="../../kdc/kdc --addresses=localhost -P $port" server=host/datan.example.org server2=host/computer.example.com cache="FILE:${objdir}/cache.krb5" +ocache="FILE:${objdir}/ocache.krb5" keytabfile=${objdir}/server.keytab keytab="FILE:${keytabfile}" +ps="proxy-service@${R}" kinit="../../kuser/kinit -c $cache --no-afslog" klist="../../kuser/klist -c $cache" kgetcred="../../kuser/kgetcred -c $cache" +kgetcred_imp="../../kuser/kgetcred -c $cache --out-cache=${ocache}" kdestroy="../../kuser/kdestroy -c $cache" ktutil="../../admin/ktutil" hxtool="../../lib/hx509/hxtool" @@ -83,7 +86,9 @@ ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 ${kadmin} add -p bar --use-defaults bar@${R} || exit 1 ${kadmin} add -p foo --use-defaults remove@${R} || exit 1 ${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1 +${kadmin} add -p foo --use-defaults ${ps} || exit 1 ${kadmin} ext -k ${keytab} ${server}@${R} || exit 1 +${kadmin} ext -k ${keytab} ${ps} || exit 1 ${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1 ${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1 @@ -115,13 +120,6 @@ fi exitcode=0 -echo "initial tickets for deleted user test case" -${kinit} --password-file=${objdir}/foopassword remove@$R || exitcode=1 -${kadmin} delete remove@${R} || exit 1 -echo "try getting ticket with deleted user" -${kgetcred} ${server}@${R} 2> /dev/null && exitcode=1 -${kdestroy} - echo "Getting client initial tickets" ${kinit} --password-file=${objdir}/foopassword foo@$R || exitcode=1 echo "Getting tickets" @@ -180,6 +178,13 @@ echo "Listing tickets" ${klist} | grep "Principal: ${server}" > /dev/null || exitcode=1 ${kdestroy} +echo "initial tickets for deleted user test case" +${kinit} --password-file=${objdir}/foopassword remove@$R || exitcode=1 +${kadmin} delete remove@${R} || exit 1 +echo "try getting ticket with deleted user" +${kgetcred} ${server}@${R} 2> /dev/null && exitcode=1 +${kdestroy} + #echo deleting all but aes enctypes on krbtgt #${kadmin} del_enctype krbtgt/${R}@${R} ${enctype_sans_aes} || exit 1 # @@ -197,6 +202,7 @@ ${kdestroy} #done rsa=yes +pkinit=no if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then rsa=no fi @@ -224,6 +230,14 @@ else echo "no pkinit (pkinit: $pkinit, rsa: $rsa)" fi +echo "tickets for impersonate test case" +${kinit} --password-file=${objdir}/foopassword ${ps} || exitcode=1 +${kgetcred_imp} --impersonate=bar@${R} ${ps} || exitcode=1 +./ap-req ${ps} ${keytab} ${ocache} || exitcode=1 +${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && exitcode=1 +${kdestroy} + + echo "killing kdc (${kdcpid})" kill $kdcpid || exit 1