220 lines
6.0 KiB
Bash
220 lines
6.0 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (c) 2007 Kungliga Tekniska Högskolan
|
|
# (Royal Institute of Technology, Stockholm, Sweden).
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
#
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
#
|
|
# 3. Neither the name of the Institute nor the names of its contributors
|
|
# may be used to endorse or promote products derived from this software
|
|
# without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
# SUCH DAMAGE.
|
|
#
|
|
# $Id$
|
|
#
|
|
|
|
env_setup="@env_setup@"
|
|
srcdir="@srcdir@"
|
|
objdir="@objdir@"
|
|
|
|
. ${env_setup}
|
|
|
|
# If there is no useful db support compiled in, disable test
|
|
../db/have-db || exit 77
|
|
|
|
R=TEST.H5L.SE
|
|
|
|
port=@port@
|
|
|
|
keytabfile=${objdir}/server.keytab
|
|
keytab="FILE:${keytabfile}"
|
|
nokeytab="FILE:no-such-keytab"
|
|
cache="FILE:krb5ccfile"
|
|
cache2="FILE:krb5ccfile2"
|
|
nocache="FILE:no-such-cache"
|
|
|
|
kadmin="${kadmin} -l -r $R"
|
|
kdc="${kdc} --addresses=localhost -P $port"
|
|
|
|
acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred"
|
|
test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
|
|
test_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred"
|
|
|
|
KRB5_CONFIG="${objdir}/krb5.conf"
|
|
export KRB5_CONFIG
|
|
|
|
KRB5_KTNAME="${keytab}"
|
|
export KRB5_KTNAME
|
|
KRB5CCNAME="${cache}"
|
|
export KRB5CCNAME
|
|
|
|
rm -f ${keytabfile}
|
|
rm -f current-db*
|
|
rm -f out-*
|
|
rm -f mkey.file*
|
|
|
|
> messages.log
|
|
|
|
echo Creating database
|
|
${kadmin} \
|
|
init \
|
|
--realm-max-ticket-life=1day \
|
|
--realm-max-renewable-life=1month \
|
|
${R} || exit 1
|
|
|
|
echo upw > ${objdir}/foopassword
|
|
|
|
${kadmin} add -p upw --use-defaults user@${R} || exit 1
|
|
${kadmin} add -p upw --use-defaults another@${R} || exit 1
|
|
${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
|
|
${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
|
|
|
|
echo "Doing database check"
|
|
${kadmin} check ${R} || exit 1
|
|
|
|
echo Starting kdc
|
|
${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; }
|
|
kdcpid=`getpid kdc`
|
|
|
|
trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
|
|
|
|
exitcode=0
|
|
|
|
echo "initial ticket"
|
|
${kinit} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1
|
|
|
|
echo "copy ccache with gss_store_cred"
|
|
# Note we test that the ccache used for storing is token-expanded
|
|
${test_add_store_cred} --default --overwrite --env ${cache} "${cache2}%{null}" || exit 1
|
|
${klist} -c ${cache2} || exit 1
|
|
|
|
echo "keytab"
|
|
${acquire_cred} \
|
|
--acquire-type=accept \
|
|
--acquire-name=host@host.test.h5l.se || exit 1
|
|
|
|
echo "keytab w/ short-form name and name canon rules"
|
|
${acquire_cred} \
|
|
--acquire-type=accept \
|
|
--acquire-name=host@host || exit 1
|
|
|
|
echo "keytab w/o name"
|
|
${acquire_cred} \
|
|
--acquire-type=accept || exit 1
|
|
|
|
echo "keytab w/ wrong name"
|
|
${acquire_cred} \
|
|
--acquire-type=accept --kerberos \
|
|
--acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
|
|
|
|
echo "init using keytab"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--acquire-type=initiate \
|
|
--acquire-name=host@host.test.h5l.se > /dev/null || exit 1
|
|
|
|
echo "init using keytab (loop 10)"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--acquire-type=initiate \
|
|
--loops=10 \
|
|
--acquire-name=host@host.test.h5l.se > /dev/null || exit 1
|
|
|
|
echo "init using keytab (loop 10, target)"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--acquire-type=initiate \
|
|
--loops=10 \
|
|
--target=host@host.test.h5l.se \
|
|
--acquire-name=host@host.test.h5l.se > /dev/null || exit 1
|
|
|
|
echo "init using keytab (loop 10, kerberos)"
|
|
${acquire_cred} \
|
|
--acquire-type=initiate \
|
|
--loops=10 \
|
|
--kerberos \
|
|
--acquire-name=host@host.test.h5l.se > /dev/null || exit 1
|
|
|
|
echo "init using keytab (loop 10, target, kerberos)"
|
|
${acquire_cred} \
|
|
--acquire-type=initiate \
|
|
--loops=10 \
|
|
--kerberos \
|
|
--target=host@host.test.h5l.se \
|
|
--acquire-name=host@host.test.h5l.se > /dev/null || exit 1
|
|
|
|
echo "init using existing cc"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--name-type=user-name \
|
|
--acquire-type=initiate \
|
|
--acquire-name=user || exit 1
|
|
|
|
KRB5CCNAME=${nocache}
|
|
|
|
echo "fail init using existing cc"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--name-type=user-name \
|
|
--acquire-type=initiate \
|
|
--acquire-name=user 2>/dev/null && exit 1
|
|
|
|
echo "use gss_krb5_ccache_name for user"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--name-type=user-name \
|
|
--ccache=${cache} \
|
|
--acquire-type=initiate \
|
|
--acquire-name=user >/dev/null || exit 1
|
|
|
|
KRB5CCNAME=${cache}
|
|
KRB5_KTNAME=${nokeytab}
|
|
|
|
echo "kcred"
|
|
${test_kcred} || exit 1
|
|
|
|
${kdestroy} -c ${cache}
|
|
|
|
KRB5_KTNAME="${keytab}"
|
|
|
|
echo "init using keytab"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--acquire-type=initiate \
|
|
--acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
|
|
|
|
echo "init using keytab (ccache)"
|
|
${acquire_cred} \
|
|
--kerberos \
|
|
--acquire-type=initiate \
|
|
--ccache=${cache} \
|
|
--acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
|
|
|
|
trap "" EXIT
|
|
|
|
echo "killing kdc (${kdcpid})"
|
|
kill ${kdcpid} 2> /dev/null
|
|
|
|
exit $exitcode
|