Remove building with NOCRYPTO option
[minix.git] / crypto / external / bsd / heimdal / dist / tests / kdc / check-digest.in
blob4ce5a7e17001c9311f01ea60b0562a8331530aa6
1 #!/bin/sh
3 # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
5 # All rights reserved.
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
9 # are met:
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 # SUCH DAMAGE.
34 top_builddir="@top_builddir@"
35 env_setup="@env_setup@"
36 objdir="@objdir@"
37 srcdir="@srcdir@"
39 testfailed="echo test failed; cat messages.log; exit 1"
41 . ${env_setup}
43 # If there is no useful db support compile in, disable test
44 ${have_db} || exit 77
46 R=TEST.H5L.SE
48 port=@port@
50 kadmin="${kadmin} -l -r $R"
51 kdc="${kdc} --addresses=localhost -P $port"
53 server=host/datan.test.h5l.se
54 cache="FILE:${objdir}/cache.krb5"
55 ocache="FILE:${objdir}/ocache.krb5"
56 keytabfile=${objdir}/server.keytab
57 keytab="FILE:${keytabfile}"
59 kinit="${kinit} -c $cache ${afs_no_afslog}"
60 klist="${klist} -c $cache"
61 kdigest="${kdigest} --ccache=$cache"
63 username=foo
64 userpassword=digestpassword
66 password=foobarbaz
68 KRB5_CONFIG="${objdir}/krb5.conf"
69 export KRB5_CONFIG
71 rm -f ${keytabfile}
72 rm -f current-db*
73 rm -f out-*
74 rm -f mkey.file*
76 > messages.log
78 echo Creating database
79 ${kadmin} \
80 init \
81 --realm-max-ticket-life=1day \
82 --realm-max-renewable-life=1month \
83 ${R} || exit 1
85 ${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
86 ${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
87 ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
88 ${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
89 ${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
91 echo "Doing database check"
92 ${kadmin} check ${R} || exit 1
94 echo $password > ${objdir}/foopassword
96 echo "Starting kdc"
97 env ${HEIM_MALLOC_DEBUG} ${kdc} &
98 kdcpid=$!
100 sh ${wait_kdc}
101 if [ "$?" != 0 ] ; then
102 kill -9 ${kdcpid}
103 exit 1
106 trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
108 exitcode=0
110 echo "Getting digest server tickets"
111 ${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1
112 ${kdigest} digest-server-init \
113 --kerberos-realm=${R} \
114 --type=CHAP > /dev/null || exitcode=1
116 echo "Trying NTLM"
118 NTLM_ACCEPTOR_CCACHE="$cache"
119 export NTLM_ACCEPTOR_CCACHE
121 echo "Trying server-init"
122 ${kdigest} ntlm-server-init \
123 --kerberos-realm=${R} \
124 > sdigest-init || exitcode=1
126 echo "test_ntlm"
127 ${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
129 NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
130 export NTLM_USER_FILE
132 echo "test_context --mech-type=ntlm"
133 ${test_context} --mech-type=ntlm \
134 --client-name=foo@TEST \
135 --name-type=hostbased-service datan@TEST || \
136 { echo "test_context 1 failed"; exit 1; }
138 ${test_context} --mech-type=ntlm \
139 --client-name=foo@TEST \
140 --name-type=hostbased-service datan@host.TEST || \
141 { echo "test_context 2 failed"; exit 1; }
143 ${test_context} --mech-type=ntlm \
144 --client-name=foo@TEST \
145 --name-type=hostbased-service datan@host.test.domain2 || \
146 { echo "test_context 3 failed"; exit 1; }
148 echo "Trying SL in NTLM"
151 for type in \
152 "" \
153 "--getverifymic" \
154 "--wrapunwrap" \
155 "--getverifymic --wrapunwrap" \
156 ; do
158 echo "Trying NTLM type: ${type}"
159 ${test_context} --mech-type=ntlm ${type} \
160 --client-name=foo@TEST \
161 --name-type=hostbased-service datan@TEST || \
162 { echo "test_context 1 failed"; exit 1; }
164 done
167 echo "Trying CHAP"
169 ${kdigest} digest-server-init \
170 --kerberos-realm=${R} \
171 --type=CHAP \
172 > sdigest-reply || exitcode=1
174 snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
175 identifier=`grep identifier= sdigest-reply | cut -f2- -d=`
176 opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
178 ${kdigest} digest-client-request \
179 --type=CHAP \
180 --username="$username" \
181 --password="$userpassword" \
182 --opaque="$opaque" \
183 --server-identifier="$identifier" \
184 --server-nonce="$snonce" \
185 > cdigest-reply || exitcode=1
187 cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
189 #echo user: $username
190 #echo server-nonce: $snonce
191 #echo opaqeue: $opaque
192 #echo identifier: $identifier
194 ${kdigest} digest-server-request \
195 --kerberos-realm=${R} \
196 --type=CHAP \
197 --username="$username" \
198 --opaque="$opaque" \
199 --client-response="$cresponseData" \
200 --server-identifier="$identifier" \
201 --server-nonce="$snonce" \
202 > s2digest-reply || exitcode=1
204 status=`grep status= s2digest-reply | cut -f2- -d=`
206 if test "X$status" = "Xok" ; then
207 echo "CHAP response ok"
208 else
209 echo "CHAP response failed"
210 exitcode=1
213 cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'`
215 ${kdigest} digest-server-request \
216 --kerberos-realm=${R} \
217 --type=CHAP \
218 --username="$username" \
219 --opaque="$opaque" \
220 --client-response="$cresponseData" \
221 --server-identifier="$identifier" \
222 --server-nonce="$snonce" \
223 > s2digest-reply || exitcode=1
225 status=`grep status= s2digest-reply | cut -f2- -d=`
227 if test "X$status" = "Xfailed" ; then
228 echo "CHAP response fail as it should"
229 else
230 echo "CHAP response succeeded errorously"
231 exitcode=1
234 echo "Trying MS-CHAP-V2"
236 ${kdigest} digest-server-init \
237 --kerberos-realm=${R} \
238 --type=MS-CHAP-V2 \
239 > sdigest-reply || exitcode=1
241 snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
242 opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
243 cnonce="21402324255E262A28295F2B3A337C7E"
245 echo "MS-CHAP-V2 client request"
246 ${kdigest} digest-client-request \
247 --type=MS-CHAP-V2 \
248 --username="$username" \
249 --password="$userpassword" \
250 --opaque="$opaque" \
251 --client-nonce="$cnonce" \
252 --server-nonce="$snonce" \
253 > cdigest-reply || exitcode=1
255 cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
256 cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
257 ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
259 ${kdigest} digest-server-request \
260 --kerberos-realm=${R} \
261 --type=MS-CHAP-V2 \
262 --username="$username" \
263 --opaque="$opaque" \
264 --client-response="$cresponseData" \
265 --client-nonce="$cnonce" \
266 --server-nonce="$snonce" \
267 > s2digest-reply || exitcode=1
269 status=`grep status= s2digest-reply | cut -f2- -d=`
270 sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
271 skey=`grep session-key= s2digest-reply | cut -f2- -d=`
273 if test "X$sRsp" != "X$cRsp" ; then
274 echo "rsp wrong $sRsp != $cRsp"
275 exitcode=1
278 if test "X$skey" != "X$ckey" ; then
279 echo "rsp wrong"
280 exitcode=1
283 if test "X$status" = "Xok" ; then
284 echo "MS-CHAP-V2 response ok"
285 else
286 echo "MS-CHAP-V2 response failed"
287 exitcode=1
290 trap "" EXIT
292 echo "killing kdc (${kdcpid})"
293 sh ${leaks_kill} kdc $kdcpid || exit 1
295 exit $exitcode