3 # Copyright (c) 2007 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 env_setup
="@env_setup@"
43 # If there is no useful db support compiled in, disable test
44 ..
/db
/have-db ||
exit 77
50 keytabfile
=${objdir}/server.keytab
51 keytab
="FILE:${keytabfile}"
52 nokeytab
="FILE:no-such-keytab"
53 cache
="FILE:krb5ccfile"
54 cache2
="FILE:krb5ccfile2"
55 nocache
="FILE:no-such-cache"
57 kadmin
="${kadmin} -l -r $R"
58 kdc
="${kdc} --addresses=127.0.0.1 -P $port"
60 acquire_cred
="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred_auditdns"
61 test_kcred
="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
62 test_add_store_cred
="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred"
64 KRB5_CONFIG
="${objdir}/krb5-nodns.conf"
67 KRB5_KTNAME
="${keytab}"
79 echo Creating database
80 echo upw
> ${objdir}/foopassword
81 ${kadmin} <<EOF || exit 1
82 init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
83 add -p upw --use-defaults user@${R}
84 add -p upw --use-defaults another@${R}
85 add -p p1 --use-defaults host/host.test.h5l.se@${R}
86 ext -k ${keytab} host/host.test.h5l.se@${R}
91 ${kdc} --detach --testing ||
{ echo "kdc failed to start"; cat messages.log
; exit 1; }
95 echo signal killing kdc
101 trap cleanup EXIT INT TERM
105 echo "initial ticket"
106 ${kinit_auditdns} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode
=1
108 echo "copy ccache with gss_store_cred"
109 # Note we test that the ccache used for storing is token-expanded
110 ${test_add_store_cred} --default --overwrite --env ${cache} "${cache2}%{null}" || exit 1
111 ${klist} -c ${cache2} || exit 1
115 --acquire-type=accept \
116 --acquire-name=host@host.test.h5l.se || exit 1
118 echo "keytab w
/ short-form name and name canon rules
"
120 --acquire-type=accept \
121 --acquire-name=host@host || exit 1
123 echo "keytab w
/o name
"
125 --acquire-type=accept || exit 1
127 echo "keytab w
/ wrong name
"
129 --acquire-type=accept --kerberos \
130 --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
132 echo "init using keytab
"
135 --acquire-type=initiate \
136 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
138 echo "init using keytab
(loop
10)"
141 --acquire-type=initiate \
143 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
145 echo "init using keytab
(loop
10, target
)"
148 --acquire-type=initiate \
150 --target=host@host.test.h5l.se \
151 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
153 echo "init using keytab
(loop
10, kerberos
)"
155 --acquire-type=initiate \
158 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
160 echo "init using keytab
(loop
10, target
, kerberos
)"
162 --acquire-type=initiate \
165 --target=host@host.test.h5l.se \
166 --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
168 echo "init using existing cc
"
171 --name-type=user-name \
172 --acquire-type=initiate \
173 --acquire-name=user || exit 1
175 KRB5CCNAME=${nocache}
177 echo "fail init using existing cc
"
180 --name-type=user-name \
181 --acquire-type=initiate \
182 --acquire-name=user 2>/dev/null && exit 1
184 echo "use gss_krb5_ccache_name
for user
"
187 --name-type=user-name \
189 --acquire-type=initiate \
190 --acquire-name=user >/dev/null || exit 1
193 KRB5_KTNAME=${nokeytab}
196 ${test_kcred} || exit 1
198 ${kdestroy} -c ${cache}
200 KRB5_KTNAME="${keytab}"
202 echo "init using keytab
"
205 --acquire-type=initiate \
206 --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
208 echo "init using keytab
(ccache
)"
211 --acquire-type=initiate \
213 --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
217 echo "killing kdc
(${kdcpid})"
218 kill ${kdcpid} 2> /dev/null