tests/gss/check-nodns.in

   1 #!/bin/sh
   2 #
   3 # Copyright (c) 2007 Kungliga Tekniska Högskolan
   4 # (Royal Institute of Technology, Stockholm, Sweden).
   5 # All rights reserved.
   6 #
   7 # Redistribution and use in source and binary forms, with or without
   8 # modification, are permitted provided that the following conditions
   9 # are met:
  10 #
  11 # 1. Redistributions of source code must retain the above copyright
  12 #    notice, this list of conditions and the following disclaimer.
  13 #
  14 # 2. Redistributions in binary form must reproduce the above copyright
  15 #    notice, this list of conditions and the following disclaimer in the
  16 #    documentation and/or other materials provided with the distribution.
  17 #
  18 # 3. Neither the name of the Institute nor the names of its contributors
  19 #    may be used to endorse or promote products derived from this software
  20 #    without specific prior written permission.
  21 #
  22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25 # ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32 # SUCH DAMAGE.
  33 #
  34 # $Id$
  35 #
  36
  37 env_setup="@env_setup@"
  38 srcdir="@srcdir@"
  39 objdir="@objdir@"
  40
  41 . ${env_setup}
  42
  43 # If there is no useful db support compiled in, disable test
  44 ../db/have-db || exit 77
  45
  46 R=TEST.H5L.SE
  47
  48 port=@port@
  49
  50 keytabfile=${objdir}/server.keytab
  51 keytab="FILE:${keytabfile}"
  52 nokeytab="FILE:no-such-keytab"
  53 cache="FILE:krb5ccfile"
  54 cache2="FILE:krb5ccfile2"
  55 nocache="FILE:no-such-cache"
  56
  57 kadmin="${kadmin} -l -r $R"
  58 kdc="${kdc} --addresses=127.0.0.1 -P $port"
  59
  60 acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred_auditdns"
  61 test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
  62 test_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred"
  63
  64 KRB5_CONFIG="${objdir}/krb5-nodns.conf"
  65 export KRB5_CONFIG
  66
  67 KRB5_KTNAME="${keytab}"
  68 export KRB5_KTNAME
  69 KRB5CCNAME="${cache}"
  70 export KRB5CCNAME
  71
  72 rm -f ${keytabfile}
  73 rm -f current-db*
  74 rm -f out-*
  75 rm -f mkey.file*
  76
  77 > messages.log
  78
  79 echo Creating database
  80 echo upw > ${objdir}/foopassword
  81 ${kadmin} <<EOF || exit 1
  82 init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
  83 add -p upw --use-defaults user@${R}
  84 add -p upw --use-defaults another@${R}
  85 add -p p1 --use-defaults host/host.test.h5l.se@${R}
  86 ext -k ${keytab} host/host.test.h5l.se@${R}
  87 check ${R}
  88 EOF
  89
  90 echo Starting kdc
  91 ${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; }
  92 kdcpid=`getpid kdc`
  93
  94 cleanup() {
  95     echo signal killing kdc
  96     kill -9 ${kdcpid}
  97     trap '' EXIT INT TERM
  98     cat messages.log
  99     exit 1
 100 }
 101 trap cleanup EXIT INT TERM
 102
 103 exitcode=0
 104
 105 echo "initial ticket"
 106 ${kinit_auditdns} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1
 107
 108 echo "copy ccache with gss_store_cred"
 109 # Note we test that the ccache used for storing is token-expanded
 110 ${test_add_store_cred} --default --overwrite --env ${cache} "${cache2}%{null}" || exit 1
 111 ${klist} -c ${cache2} || exit 1
 112
 113 echo "keytab"
 114 ${acquire_cred} \
 115     --acquire-type=accept \
 116     --acquire-name=host@host.test.h5l.se || exit 1
 117
 118 echo "keytab w/ short-form name and name canon rules"
 119 ${acquire_cred} \
 120     --acquire-type=accept \
 121     --acquire-name=host@host || exit 1
 122
 123 echo "keytab w/o name"
 124 ${acquire_cred} \
 125     --acquire-type=accept || exit 1
 126
 127 echo "keytab w/ wrong name"
 128 ${acquire_cred} \
 129     --acquire-type=accept --kerberos \
 130     --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
 131
 132 echo "init using keytab"
 133 ${acquire_cred} \
 134     --kerberos \
 135     --acquire-type=initiate \
 136     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 137
 138 echo "init using keytab (loop 10)"
 139 ${acquire_cred} \
 140     --kerberos \
 141     --acquire-type=initiate \
 142     --loops=10 \
 143     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 144
 145 echo "init using keytab (loop 10, target)"
 146 ${acquire_cred} \
 147     --kerberos \
 148     --acquire-type=initiate \
 149     --loops=10 \
 150     --target=host@host.test.h5l.se \
 151     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 152
 153 echo "init using keytab (loop 10, kerberos)"
 154 ${acquire_cred} \
 155     --acquire-type=initiate \
 156     --loops=10 \
 157     --kerberos \
 158     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 159
 160 echo "init using keytab (loop 10, target, kerberos)"
 161 ${acquire_cred} \
 162     --acquire-type=initiate \
 163     --loops=10 \
 164     --kerberos \
 165     --target=host@host.test.h5l.se \
 166     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 167
 168 echo "init using existing cc"
 169 ${acquire_cred} \
 170     --kerberos \
 171     --name-type=user-name \
 172     --acquire-type=initiate \
 173     --acquire-name=user || exit 1
 174
 175 KRB5CCNAME=${nocache}
 176
 177 echo "fail init using existing cc"
 178 ${acquire_cred} \
 179     --kerberos \
 180     --name-type=user-name \
 181     --acquire-type=initiate \
 182     --acquire-name=user 2>/dev/null && exit 1
 183
 184 echo "use gss_krb5_ccache_name for user"
 185 ${acquire_cred} \
 186     --kerberos \
 187     --name-type=user-name \
 188     --ccache=${cache} \
 189     --acquire-type=initiate \
 190     --acquire-name=user >/dev/null || exit 1
 191
 192 KRB5CCNAME=${cache}
 193 KRB5_KTNAME=${nokeytab}
 194
 195 echo "kcred"
 196 ${test_kcred} || exit 1
 197
 198 ${kdestroy} -c ${cache}
 199
 200 KRB5_KTNAME="${keytab}"
 201
 202 echo "init using keytab"
 203 ${acquire_cred} \
 204     --kerberos \
 205     --acquire-type=initiate \
 206     --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
 207
 208 echo "init using keytab (ccache)"
 209 ${acquire_cred} \
 210     --kerberos \
 211     --acquire-type=initiate \
 212     --ccache=${cache} \
 213     --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
 214
 215 trap "" EXIT
 216
 217 echo "killing kdc (${kdcpid})"
 218 kill ${kdcpid} 2> /dev/null
 219
 220 exit $exitcode