search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drsuapi.idl: fix source_dsa spelling
[samba4-gss.git] / third_party / heimdal / tests / gss / check-negoex.in
blobe44e26cbf416b5d9251c524dea487f7dc39da923
1 #!/bin/sh
2 #
3 # Copyright (c) 2006 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
5 # All rights reserved.
6 #
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
9 # are met:
10 #
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
13 #
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
17 #
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
21 #
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 # SUCH DAMAGE.
33 #
34 # $Id$
35 #
36
37 env_setup="@env_setup@"
38 srcdir="@srcdir@"
39 objdir="@objdir@"
40
41 . ${env_setup}
42
43 R=TEST.H5L.SE
44
45 port=@port@
46
47 keytabfile="${objdir}/server.keytab-no"
48 keytab="FILE:${keytabfile}-no"
49 cache="FILE:krb5ccfile-no"
50 cacheds="FILE:krb5ccfile-ds-no"
51
52 context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
53
54 KRB5_CONFIG="${objdir}/krb5.conf"
55 export KRB5_CONFIG
56
57 KRB5_KTNAME="${keytab}-no"
58 export KRB5_KTNAME
59 KRB5CCNAME="${cache}-no"
60 export KRB5CCNAME
61 unset NTLM_ACCEPTOR_CCACHE
62 unset NTLM_USER_FILE
63
64 GSSAPI_SPNEGO_NAME=host@host.test.h5l.se
65 export GSSAPI_SPNEGO_NAME
66
67 GSS_MECH_CONFIG="${objdir}/mech"
68 export GSS_MECH_CONFIG
69
70 > messages.log
71
72 exitcode=0
73
74 echo "======context building for negoex"
75
76 for HOPS in 1 2 3 4 5
77 do
78 echo "test_negoex_1 $HOPS hops"
79 ${context} \
80 --mech-type=spnego --ret-mech-type=test_negoex_1 \
81 --name-type=hostbased-service \
82 host@host.test.h5l.se || \
83 { exitcode=1 ; echo test failed; }
84 done
85
86 for HOPS in 1 2 3 4 5
87 do
88 echo "test_negoex_1 $HOPS hops early keys"
89 KEY=always ${context} \
90 --mech-type=spnego --ret-mech-type=test_negoex_1 \
91 --name-type=hostbased-service \
92 host@host.test.h5l.se || \
93 { exitcode=1 ; echo test failed; }
94 done
95
96 HOPS=1
97 echo "test_negoex_1 no keys"
98 KEY=never ${context} \
99 --mech-type=spnego --ret-mech-type=test_negoex_1 \
100 --name-type=hostbased-service \
101 host@host.test.h5l.se 2>/dev/null && \
102 { exitcode=1 ; echo test failed; }
103
104 echo "test_negoex_1 no optimistic token"
105 NEGOEX_NO_OPTIMISTIC_TOKEN=1 ${context} \
106 --mech-type=spnego --ret-mech-type=test_negoex_1 \
107 --name-type=hostbased-service \
108 host@host.test.h5l.se || \
109 { exitcode=1 ; echo test failed; }
110
111 echo "test_negoex_1 initiator query fail, test_negoex_2 pass"
112 INIT_QUERY_FAIL=102 ${context} \
113 --mech-type=spnego --ret-mech-type=test_negoex_2 \
114 --name-type=hostbased-service \
115 host@host.test.h5l.se 2>/dev/null || \
116 { exitcode=1 ; echo test failed; }
117
118 echo "test_negoex_1 acceptor query fail, test_negoex_2 pass"
119 ACCEPT_QUERY_FAIL=102 ${context} \
120 --mech-type=spnego --ret-mech-type=test_negoex_2 \
121 --name-type=hostbased-service \
122 host@host.test.h5l.se 2>/dev/null || \
123 { exitcode=1 ; echo test failed; }
124
125 echo "test_negoex_1 acceptor exchange fail, test_negoex_2 pass"
126 ACCEPT_EXCHANGE_FAIL=102 ${context} \
127 --mech-type=spnego --ret-mech-type=test_negoex_2 \
128 --name-type=hostbased-service \
129 host@host.test.h5l.se 2>/dev/null || \
130 { exitcode=1 ; echo test failed; }
131
132 echo "test_negoex_1 first mech initiator exchange fail"
133 INIT_EXCHANGE_FAIL=102 ${context} \
134 --mech-type=spnego --ret-mech-type=test_negoex_1 \
135 --name-type=hostbased-service \
136 host@host.test.h5l.se 2>/dev/null && \
137 { exitcode=1 ; echo test failed; }
138
139 echo "test_negoex_1 first mech initiator exchange fail, two hops"
140 HOPS=2 INIT_EXCHANGE_FAIL=102 ${context} \
141 --mech-type=spnego --ret-mech-type=test_negoex_1 \
142 --name-type=hostbased-service \
143 host@host.test.h5l.se 2>/dev/null && \
144 { exitcode=1 ; echo test failed; }
145
146 echo "test_negoex_1 first mech initiator exchange fail, two hops, early keys"
147 HOPS=2 KEY=always INIT_EXCHANGE_FAIL=102 ${context} \
148 --mech-type=spnego --ret-mech-type=test_negoex_1 \
149 --name-type=hostbased-service \
150 host@host.test.h5l.se 2>/dev/null && \
151 { exitcode=1 ; echo test failed; }
152
153 echo "test_negoex_1 first mech init_sec_context fail"
154 INIT_FAIL=102 ${context} \
155 --mech-type=spnego --ret-mech-type=test_negoex_1 \
156 --name-type=hostbased-service \
157 host@host.test.h5l.se 2>/dev/null && \
158 { exitcode=1 ; echo test failed; }
159
160 echo "test_negoex_1 first mech accept_sec_context fail"
161 HOPS=2 ACCEPT_FAIL=102 ${context} \
162 --mech-type=spnego --ret-mech-type=test_negoex_1 \
163 --name-type=hostbased-service \
164 host@host.test.h5l.se 2>/dev/null && \
165 { exitcode=1 ; echo test failed; }
166
167 echo "test_negoex_1 alert from acceptor to initiator"
168 HOPS=3 KEY=init-always ${context} \
169 --mech-type=spnego --ret-mech-type=test_negoex_1 \
170 --name-type=hostbased-service \
171 host@host.test.h5l.se || \
172 { exitcode=1 ; echo test failed; }
173
174 echo "test_negoex_1 alert from initiator to acceptor"
175 HOPS=4 KEY=accept-always ${context} \
176 --mech-type=spnego --ret-mech-type=test_negoex_1 \
177 --name-type=hostbased-service \
178 host@host.test.h5l.se || \
179 { exitcode=1 ; echo test failed; }
180
181 unset GSS_MECH_CONFIG
182
183 echo "======test context building for sanon-x25519"
184 for mech in sanon-x25519 sanon-x25519iov spnego spnegoiov; do
185 iov=""
186 if [ "$mech" = "sanon-x25519iov" ] ; then
187 mech="sanon-x25519"
188 iov="--iov"
189 fi
190 if [ "$mech" = "spnegoiov" ] ; then
191 mech="spnego"
192 iov="--iov"
193 fi
194
195 echo "${mech} anon-flag ${iov}" ; > messages.log
196 ${context} --mech-type=${mech} \
197 --anonymous \
198 --ret-mech-type=sanon-x25519 \
199 --i-channel-bindings=negoex_sanon_test_h5l_se \
200 --a-channel-bindings=negoex_sanon_test_h5l_se \
201 --wrapunwrap ${iov} \
202 host@lucid.test.h5l.se || \
203 { eval "$testfailed"; }
204
205 echo "${mech} anon-initiator ${iov}" ; > messages.log
206 ${context} --mech-type=${mech} \
207 --client-name=WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS \
208 --ret-mech-type=sanon-x25519 \
209 --i-channel-bindings=negoex_sanon_test_h5l_se \
210 --a-channel-bindings=negoex_sanon_test_h5l_se \
211 --wrapunwrap ${iov} \
212 host@lucid.test.h5l.se || \
213 { eval "$testfailed"; }
214
215 echo "${mech} anon-acceptor ${iov}" ; > messages.log
216 ${context} --mech-type=${mech} \
217 --ret-mech-type=sanon-x25519 \
218 --i-channel-bindings=negoex_sanon_test_h5l_se \
219 --a-channel-bindings=negoex_sanon_test_h5l_se \
220 --wrapunwrap ${iov} \
221 WELLKNOWN@ANONYMOUS || \
222 { eval "$testfailed"; }
223 done
224
225 echo "======export-import-context for sanon-x25519"
226 for mech in sanon-x25519 sanon-x25519iov spnego spnegoiov; do
227 iov=""
228 if [ "$mech" = "sanon-x25519iov" ] ; then
229 mech="sanon-x25519"
230 iov="--iov"
231 fi
232 if [ "$mech" = "spnegoiov" ] ; then
233 mech="spnego"
234 iov="--iov"
235 fi
236
237 echo "${mech}: export-import-context ${iov}" ; > messages.log
238 ${context} \
239 --mech-type=${mech} \
240 --anonymous \
241 --export-import-context \
242 --wrapunwrap ${iov} \
243 --name-type=hostbased-service host@lucid.test.h5l.se || \
244 { eval "$testfailed"; }
245
246 echo "${mech}: export-import-context ${iov} (split tokens)" ; > messages.log
247 ${context} \
248 --mech-type=${mech} \
249 --anonymous \
250 --export-import-context \
251 --wrapunwrap ${iov} \
252 --token-split=128 \
253 --name-type=hostbased-service host@lucid.test.h5l.se || \
254 { eval "$testfailed"; }
255
256 done
257
258 echo "======dce-style for sanon-x25519"
259 for mech in spnego spnegoiov; do
260 iov=""
261 if [ "$mech" = "spnegoiov" ] ; then
262 mech="spnego"
263 iov="--iov"
264 fi
265
266 echo "${mech}: dce-style ${iov}" ; > messages.log
267 ${context} \
268 --mech-type=${mech} \
269 --anonymous --dce-style \
270 --wrapunwrap ${iov} \
271 --name-type=hostbased-service host@lucid.test.h5l.se || \
272 { eval "$testfailed"; }
273
274 done
275
276 exit $exitcode
GSS-enabled samba4