From f7aba5d5be19073879cd6075690862dab8d44d54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 3 Feb 2007 07:04:04 +0000
Subject: [PATCH] Test ms-chap-v2 (client response, server response, session
 key)

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20147 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 tests/kdc/check-digest.in | 71 +++++++++++++++++++++++++++++++++------
 1 file changed, 61 insertions(+), 10 deletions(-)

diff --git a/tests/kdc/check-digest.in b/tests/kdc/check-digest.in
index 9ee939d0b..e66669c71 100644
--- a/tests/kdc/check-digest.in
+++ b/tests/kdc/check-digest.in
@@ -115,11 +115,11 @@ echo "Trying NTLM"
 NTLM_ACCEPTOR_CCACHE="$cache"
 export NTLM_ACCEPTOR_CCACHE
 
-#echo "Trying server-init"
-#echo ${kdigest} ntlm-server-init \
-#    --kerberos-realm=${R} \
-#    > sdigest-init || exitcode=1
-#
+echo "Trying server-init"
+echo ${kdigest} ntlm-server-init \
+    --kerberos-realm=${R} \
+    > sdigest-init || exitcode=1
+
 echo "test_ntlm"
 ${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
 
@@ -163,11 +163,6 @@ done
 
 echo "Trying CHAP"
 
-${kdigest} digest-server-init \
-    --kerberos-realm=${R} \
-    --type=CHAP \
-    > /dev/null || exitcode=1
-
 ${kdigest} digest-server-init \
     --kerberos-realm=${R} \
     --type=CHAP \
@@ -233,6 +228,62 @@ else
     exitcode=1
 fi
 
+echo "Trying MS-CHAP-V2"
+
+${kdigest} digest-server-init \
+    --kerberos-realm=${R} \
+    --type=MS-CHAP-V2 \
+    > sdigest-reply || exitcode=1
+
+snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
+opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
+cnonce="21402324255E262A28295F2B3A337C7E"
+
+echo "MS-CHAP-V2 client request"
+${kdigest} digest-client-request \
+    --type=MS-CHAP-V2 \
+    --username="$username"  \
+    --password="$userpassword"  \
+    --opaque="$opaque"  \
+    --client-nonce="$cnonce"  \
+    --server-nonce="$snonce" \
+    > cdigest-reply || exitcode=1
+
+cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
+cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
+ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
+
+${kdigest} digest-server-request \
+    --kerberos-realm=${R} \
+    --type=MS-CHAP-V2 \
+    --username="$username"  \
+    --opaque="$opaque"  \
+    --client-response="$cresponseData"  \
+    --client-nonce="$cnonce"  \
+    --server-nonce="$snonce"  \
+    > s2digest-reply || exitcode=1
+
+status=`grep status= s2digest-reply | cut -f2- -d=`
+sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
+skey=`grep session-key= s2digest-reply | cut -f2- -d=`
+
+if test "X$sRsp" != "X$cRsp" ; then
+    echo "rsp wrong $sRsp != $cRsp"
+    exitcode=1
+fi
+
+if test "X$skey" != "X$ckey" ; then
+    echo "rsp wrong"
+    exitcode=1
+fi
+
+if test "X$status" = "Xok" ; then
+    echo "MS-CHAP-V2 response ok"
+else
+    echo "MS-CHAP-V2 response failed"
+    exitcode=1
+fi
+
 trap "" EXIT
 
 echo "killing kdc (${kdcpid})"