oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
git2svn-syncpoint-master
heimdal/tests/kdc/check-digest.in

297 lines
7.9 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
#
# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# 3. Neither the name of the Institute nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
top_builddir="@top_builddir@"
env_setup="@env_setup@"
objdir="@objdir@"
srcdir="@srcdir@"
testfailed="echo test failed; cat messages.log; exit 1"
. ${env_setup}
# If there is no useful db support compile in, disable test
${have_db} || exit 77
R=TEST.H5L.SE
port=@port@
kadmin="${kadmin} -l -r $R"
kdc="${kdc} --addresses=localhost -P $port"
server=host/datan.test.h5l.se
cache="FILE:${objdir}/cache.krb5"
ocache="FILE:${objdir}/ocache.krb5"
keytabfile=${objdir}/server.keytab
keytab="FILE:${keytabfile}"
kinit="${kinit} -c $cache ${afs_no_afslog}"
klist="${klist} -c $cache"
kdigest="${kdigest} --ccache=$cache"
username=foo
userpassword=digestpassword
password=foobarbaz
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
rm -f ${keytabfile}
rm -f current-db*
rm -f out-*
rm -f mkey.file*
> messages.log
echo Creating database
${kadmin} \
init \
--realm-max-ticket-life=1day \
--realm-max-renewable-life=1month \
${R} || exit 1
${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
echo "Doing database check"
${kadmin} check ${R} || exit 1
echo $password > ${objdir}/foopassword
echo "Starting kdc"
env ${HEIM_MALLOC_DEBUG} ${kdc} &
kdcpid=$!
sh ${wait_kdc}
if [ "$?" != 0 ] ; then
kill -9 ${kdcpid}
exit 1
fi
trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
exitcode=0
echo "Getting digest server tickets"
${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1
${kdigest} digest-server-init \
--kerberos-realm=${R} \
--type=CHAP > /dev/null || exitcode=1
echo "Trying NTLM"
NTLM_ACCEPTOR_CCACHE="$cache"
export NTLM_ACCEPTOR_CCACHE
echo "Trying server-init"
${kdigest} ntlm-server-init \
--kerberos-realm=${R} \
> sdigest-init || exitcode=1
echo "test_ntlm"
${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
export NTLM_USER_FILE
echo "test_context --mech-type=ntlm"
${test_context} --mech-type=ntlm \
--client-name=foo@TEST \
--name-type=hostbased-service datan@TEST || \
{ echo "test_context 1 failed"; exit 1; }
${test_context} --mech-type=ntlm \
--client-name=foo@TEST \
--name-type=hostbased-service datan@host.TEST || \
{ echo "test_context 2 failed"; exit 1; }
${test_context} --mech-type=ntlm \
--client-name=foo@TEST \
--name-type=hostbased-service datan@host.test.domain2 || \
{ echo "test_context 3 failed"; exit 1; }
echo "Trying SL in NTLM"
for type in \
"" \
"--getverifymic" \
"--wrapunwrap" \
"--getverifymic --wrapunwrap" \
; do
echo "Trying NTLM type: ${type}"
${test_context} --mech-type=ntlm ${type} \
--client-name=foo@TEST \
--name-type=hostbased-service datan@TEST || \
{ echo "test_context 1 failed"; exit 1; }
done
echo "Trying CHAP"
${kdigest} digest-server-init \
--kerberos-realm=${R} \
--type=CHAP \
> sdigest-reply || exitcode=1
snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
identifier=`grep identifier= sdigest-reply | cut -f2- -d=`
opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
${kdigest} digest-client-request \
--type=CHAP \
--username="$username" \
--password="$userpassword" \
--opaque="$opaque" \
--server-identifier="$identifier" \
--server-nonce="$snonce" \
> cdigest-reply || exitcode=1
cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
#echo user: $username
#echo server-nonce: $snonce
#echo opaqeue: $opaque
#echo identifier: $identifier
${kdigest} digest-server-request \
--kerberos-realm=${R} \
--type=CHAP \
--username="$username" \
--opaque="$opaque" \
--client-response="$cresponseData" \
--server-identifier="$identifier" \
--server-nonce="$snonce" \
> s2digest-reply || exitcode=1
status=`grep status= s2digest-reply | cut -f2- -d=`
if test "X$status" = "Xok" ; then
echo "CHAP response ok"
else
echo "CHAP response failed"
exitcode=1
fi
cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'`
${kdigest} digest-server-request \
--kerberos-realm=${R} \
--type=CHAP \
--username="$username" \
--opaque="$opaque" \
--client-response="$cresponseData" \
--server-identifier="$identifier" \
--server-nonce="$snonce" \
> s2digest-reply || exitcode=1
status=`grep status= s2digest-reply | cut -f2- -d=`
if test "X$status" = "Xfailed" ; then
echo "CHAP response fail as it should"
else
echo "CHAP response succeeded errorously"
exitcode=1
fi
echo "Trying MS-CHAP-V2"
${kdigest} digest-server-init \
--kerberos-realm=${R} \
--type=MS-CHAP-V2 \
> sdigest-reply || exitcode=1
snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
cnonce="21402324255E262A28295F2B3A337C7E"
echo "MS-CHAP-V2 client request"
${kdigest} digest-client-request \
--type=MS-CHAP-V2 \
--username="$username" \
--password="$userpassword" \
--opaque="$opaque" \
--client-nonce="$cnonce" \
--server-nonce="$snonce" \
> cdigest-reply || exitcode=1
cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
${kdigest} digest-server-request \
--kerberos-realm=${R} \
--type=MS-CHAP-V2 \
--username="$username" \
--opaque="$opaque" \
--client-response="$cresponseData" \
--client-nonce="$cnonce" \
--server-nonce="$snonce" \
> s2digest-reply || exitcode=1
status=`grep status= s2digest-reply | cut -f2- -d=`
sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
skey=`grep session-key= s2digest-reply | cut -f2- -d=`
if test "X$sRsp" != "X$cRsp" ; then
echo "rsp wrong $sRsp != $cRsp"
exitcode=1
fi
if test "X$skey" != "X$ckey" ; then
echo "rsp wrong"
exitcode=1
fi
if test "X$status" = "Xok" ; then
echo "MS-CHAP-V2 response ok"
else
echo "MS-CHAP-V2 response failed"
exitcode=1
fi
trap "" EXIT
echo "killing kdc (${kdcpid})"
sh ${leaks_kill} kdc $kdcpid || exit 1
exit $exitcode
Reference in New Issue View Git Blame Copy Permalink