oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add impersonation tests.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17623 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-06-06 15:08:35 +00:00
parent a060a07f20
commit eb0a22235c
1 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/kdc/check-kdc.in
View File

@@ -48,12 +48,15 @@ kdc="../../kdc/kdc --addresses=localhost -P $port"
server=host/datan.example.org server=host/datan.example.org
server2=host/computer.example.com server2=host/computer.example.com
cache="FILE:${objdir}/cache.krb5" cache="FILE:${objdir}/cache.krb5"
ocache="FILE:${objdir}/ocache.krb5"
keytabfile=${objdir}/server.keytab keytabfile=${objdir}/server.keytab
keytab="FILE:${keytabfile}" keytab="FILE:${keytabfile}"
ps="proxy-service@${R}"
kinit="../../kuser/kinit -c $cache --no-afslog" kinit="../../kuser/kinit -c $cache --no-afslog"
klist="../../kuser/klist -c $cache" klist="../../kuser/klist -c $cache"
kgetcred="../../kuser/kgetcred -c $cache" kgetcred="../../kuser/kgetcred -c $cache"
kgetcred_imp="../../kuser/kgetcred -c $cache --out-cache=${ocache}"
kdestroy="../../kuser/kdestroy -c $cache" kdestroy="../../kuser/kdestroy -c $cache"
ktutil="../../admin/ktutil" ktutil="../../admin/ktutil"
hxtool="../../lib/hx509/hxtool" hxtool="../../lib/hx509/hxtool"
@@ -83,7 +86,9 @@ ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
${kadmin} add -p bar --use-defaults bar@${R} || exit 1 ${kadmin} add -p bar --use-defaults bar@${R} || exit 1
${kadmin} add -p foo --use-defaults remove@${R} || exit 1 ${kadmin} add -p foo --use-defaults remove@${R} || exit 1
${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1 ${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
${kadmin} add -p foo --use-defaults ${ps} || exit 1
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1 ${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
${kadmin} ext -k ${keytab} ${ps} || exit 1
${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1 ${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1
${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1 ${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1
@@ -115,13 +120,6 @@ fi
exitcode=0 exitcode=0
echo "initial tickets for deleted user test case"
${kinit} --password-file=${objdir}/foopassword remove@$R || exitcode=1
${kadmin} delete remove@${R} || exit 1
echo "try getting ticket with deleted user"
${kgetcred} ${server}@${R} 2> /dev/null && exitcode=1
${kdestroy}
echo "Getting client initial tickets" echo "Getting client initial tickets"
${kinit} --password-file=${objdir}/foopassword foo@$R || exitcode=1 ${kinit} --password-file=${objdir}/foopassword foo@$R || exitcode=1
echo "Getting tickets" echo "Getting tickets"
@@ -180,6 +178,13 @@ echo "Listing tickets"
${klist} | grep "Principal: ${server}" > /dev/null || exitcode=1 ${klist} | grep "Principal: ${server}" > /dev/null || exitcode=1
${kdestroy} ${kdestroy}
echo "initial tickets for deleted user test case"
${kinit} --password-file=${objdir}/foopassword remove@$R || exitcode=1
${kadmin} delete remove@${R} || exit 1
echo "try getting ticket with deleted user"
${kgetcred} ${server}@${R} 2> /dev/null && exitcode=1
${kdestroy}
#echo deleting all but aes enctypes on krbtgt #echo deleting all but aes enctypes on krbtgt
#${kadmin} del_enctype krbtgt/${R}@${R} ${enctype_sans_aes} || exit 1 #${kadmin} del_enctype krbtgt/${R}@${R} ${enctype_sans_aes} || exit 1
# #
@@ -197,6 +202,7 @@ ${kdestroy}
#done #done
rsa=yes rsa=yes
pkinit=no
if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
rsa=no rsa=no
fi fi
@@ -224,6 +230,14 @@ else
echo "no pkinit (pkinit: $pkinit, rsa: $rsa)" echo "no pkinit (pkinit: $pkinit, rsa: $rsa)"
fi fi
echo "tickets for impersonate test case"
${kinit} --password-file=${objdir}/foopassword ${ps} || exitcode=1
${kgetcred_imp} --impersonate=bar@${R} ${ps} || exitcode=1
./ap-req ${ps} ${keytab} ${ocache} || exitcode=1
${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && exitcode=1
${kdestroy}
echo "killing kdc (${kdcpid})" echo "killing kdc (${kdcpid})"
kill $kdcpid || exit 1 kill $kdcpid || exit 1