tests/gss/check-basic.in

   1 #!/bin/sh
   2 #
   3 # Copyright (c) 2007 Kungliga Tekniska Högskolan
   4 # (Royal Institute of Technology, Stockholm, Sweden).
   5 # All rights reserved.
   6 #
   7 # Redistribution and use in source and binary forms, with or without
   8 # modification, are permitted provided that the following conditions
   9 # are met:
  10 #
  11 # 1. Redistributions of source code must retain the above copyright
  12 #    notice, this list of conditions and the following disclaimer.
  13 #
  14 # 2. Redistributions in binary form must reproduce the above copyright
  15 #    notice, this list of conditions and the following disclaimer in the
  16 #    documentation and/or other materials provided with the distribution.
  17 #
  18 # 3. Neither the name of the Institute nor the names of its contributors
  19 #    may be used to endorse or promote products derived from this software
  20 #    without specific prior written permission.
  21 #
  22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25 # ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32 # SUCH DAMAGE.
  33 #
  34 # $Id$
  35 #
  36
  37 env_setup="@env_setup@"
  38 srcdir="@srcdir@"
  39 objdir="@objdir@"
  40
  41 . ${env_setup}
  42
  43 # If there is no useful db support compiled in, disable test
  44 ../db/have-db || exit 77
  45
  46 R=TEST.H5L.SE
  47
  48 port=@port@
  49
  50 keytabfile=${objdir}/server.keytab
  51 keytab="FILE:${keytabfile}"
  52 nokeytab="FILE:no-such-keytab"
  53 cache="FILE:krb5ccfile"
  54 cache2="FILE:krb5ccfile2"
  55 nocache="FILE:no-such-cache"
  56
  57 kadmin="${kadmin} -l -r $R"
  58 kdc="${kdc} --addresses=localhost -P $port"
  59
  60 acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred"
  61 test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
  62 test_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred"
  63
  64 KRB5_CONFIG="${objdir}/krb5.conf"
  65 export KRB5_CONFIG
  66
  67 KRB5_KTNAME="${keytab}"
  68 export KRB5_KTNAME
  69 KRB5CCNAME="${cache}"
  70 export KRB5CCNAME
  71
  72 rm -f ${keytabfile}
  73 rm -f current-db*
  74 rm -f out-*
  75 rm -f mkey.file*
  76
  77 > messages.log
  78
  79 echo Creating database
  80 ${kadmin} \
  81     init \
  82     --realm-max-ticket-life=1day \
  83     --realm-max-renewable-life=1month \
  84     ${R} || exit 1
  85
  86 echo upw > ${objdir}/foopassword
  87
  88 ${kadmin} add -p upw --use-defaults user@${R} || exit 1
  89 ${kadmin} add -p upw --use-defaults another@${R} || exit 1
  90 ${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
  91 ${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
  92
  93 echo "Doing database check"
  94 ${kadmin} check ${R} || exit 1
  95
  96 echo Starting kdc
  97 ${kdc} --testing --detach || { echo "kdc failed to start"; cat messages.log; exit 1; }
  98 kdcpid=`getpid kdc`
  99
 100 trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
 101
 102 exitcode=0
 103
 104 echo "initial ticket"
 105 ${kinit} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1
 106
 107 echo "copy ccache with gss_store_cred"
 108 # Note we test that the ccache used for storing is token-expanded
 109 ${test_add_store_cred} --default --overwrite --env ${cache} "${cache2}%{null}" || exit 1
 110 ${klist} -c ${cache2} || exit 1
 111
 112 echo "keytab"
 113 ${acquire_cred} \
 114     --acquire-type=accept \
 115     --acquire-name=host@host.test.h5l.se || exit 1
 116
 117 echo "keytab w/ short-form name and name canon rules"
 118 ${acquire_cred} \
 119     --acquire-type=accept \
 120     --acquire-name=host@host || exit 1
 121
 122 echo "keytab w/o name"
 123 ${acquire_cred} \
 124     --acquire-type=accept || exit 1
 125
 126 echo "keytab w/ wrong name"
 127 ${acquire_cred} \
 128     --acquire-type=accept --kerberos \
 129     --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
 130
 131 echo "init using keytab"
 132 ${acquire_cred} \
 133     --kerberos \
 134     --acquire-type=initiate \
 135     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 136
 137 echo "init using keytab (loop 10)"
 138 ${acquire_cred} \
 139     --kerberos \
 140     --acquire-type=initiate \
 141     --loops=10 \
 142     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 143
 144 echo "init using keytab (loop 10, target)"
 145 ${acquire_cred} \
 146     --kerberos \
 147     --acquire-type=initiate \
 148     --loops=10 \
 149     --target=host@host.test.h5l.se \
 150     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 151
 152 echo "init using keytab (loop 10, kerberos)"
 153 ${acquire_cred} \
 154     --acquire-type=initiate \
 155     --loops=10 \
 156     --kerberos \
 157     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 158
 159 echo "init using keytab (loop 10, target, kerberos)"
 160 ${acquire_cred} \
 161     --acquire-type=initiate \
 162     --loops=10 \
 163     --kerberos \
 164     --target=host@host.test.h5l.se \
 165     --acquire-name=host@host.test.h5l.se > /dev/null || exit 1
 166
 167 echo "init using existing cc"
 168 ${acquire_cred} \
 169     --kerberos \
 170     --name-type=user-name \
 171     --acquire-type=initiate \
 172     --acquire-name=user || exit 1
 173
 174 KRB5CCNAME=${nocache}
 175
 176 echo "fail init using existing cc"
 177 ${acquire_cred} \
 178     --kerberos \
 179     --name-type=user-name \
 180     --acquire-type=initiate \
 181     --acquire-name=user 2>/dev/null && exit 1
 182
 183 echo "use gss_krb5_ccache_name for user"
 184 ${acquire_cred} \
 185     --kerberos \
 186     --name-type=user-name \
 187     --ccache=${cache} \
 188     --acquire-type=initiate \
 189     --acquire-name=user >/dev/null || exit 1
 190
 191 KRB5CCNAME=${cache}
 192 KRB5_KTNAME=${nokeytab}
 193
 194 echo "kcred"
 195 ${test_kcred} || exit 1
 196
 197 ${kdestroy} -c ${cache}
 198
 199 KRB5_KTNAME="${keytab}"
 200
 201 echo "init using keytab"
 202 ${acquire_cred} \
 203     --kerberos \
 204     --acquire-type=initiate \
 205     --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
 206
 207 echo "init using keytab (ccache)"
 208 ${acquire_cred} \
 209     --kerberos \
 210     --acquire-type=initiate \
 211     --ccache=${cache} \
 212     --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1
 213
 214 trap "" EXIT
 215
 216 echo "killing kdc (${kdcpid})"
 217 kill ${kdcpid} 2> /dev/null
 218
 219 exit $exitcode