1#!/bin/sh 2# 3# Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34env_setup="@env_setup@" 35objdir="@objdir@" 36 37. ${env_setup} 38 39# If there is no useful db support compile in, disable test 40${have_db} || exit 77 41 42R=TEST.H5L.SE 43R2=TEST2.H5L.SE 44R3=TEST3.H5L.SE 45R4=TEST4.H5L.SE 46 47port=@port@ 48 49kadmin="${kadmin} -l -r ${R}" 50kdc="${kdc} --addresses=localhost -P $port" 51 52server=host/datan.test4.h5l.se@TEST4.H5L.ORG 53cache="FILE:${objdir}/cache.krb5" 54 55kinit="${kinit} -c $cache ${afs_no_afslog}" 56klist="${klist} -c $cache" 57kgetcred="${kgetcred} -c $cache" 58kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 59 60KRB5_CONFIG="${objdir}/krb5.conf" 61export KRB5_CONFIG 62 63testfailed="echo test failed; ${klist} -v ; exit 1" 64 65rm -f ${keytabfile} 66rm -f current-db* 67rm -f out-* 68rm -f mkey.file* 69 70> messages.log 71 72echo Creating database 73initflags="init --realm-max-ticket-life=1day --realm-max-renewable-life=1month" 74 75${kadmin} ${initflags} ${R} || exit 1 76${kadmin} ${initflags} ${R2} || exit 1 77${kadmin} ${initflags} ${R3} || exit 1 78${kadmin} ${initflags} ${R4} || exit 1 79 80${kadmin} add -p foo --use-defaults foo@${R} || exit 1 81 82${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1 83${kadmin} add -p cross2 --use-defaults krbtgt/${R3}@${R2} || exit 1 84${kadmin} add -p cross3 --use-defaults krbtgt/${R4}@${R3} || exit 1 85 86${kadmin} modify --attributes=+ok-as-delegate krbtgt/${R2}@${R} || exit 1 87${kadmin} modify --attributes=+ok-as-delegate krbtgt/${R3}@${R2} || exit 1 88 89${kadmin} add -p foo --use-defaults host/server.test3.h5l.se@${R3} || exit 1 90${kadmin} modify --attributes=+ok-as-delegate host/server.test3.h5l.se@${R3} || exit 1 91${kadmin} add -p foo --use-defaults host/noserver.test3.h5l.se@${R3} || exit 1 92 93${kadmin} add -p foo --use-defaults host/server.test4.h5l.se@${R4} || exit 1 94${kadmin} modify --attributes=+ok-as-delegate host/server.test4.h5l.se@${R4} || exit 1 95 96echo "Doing database check" 97${kadmin} check ${R} || exit 1 98${kadmin} check ${R2} || exit 1 99${kadmin} check ${R3} || exit 1 100${kadmin} check ${R4} || exit 1 101 102echo foo > ${objdir}/foopassword 103 104echo Starting kdc 105${kdc} & 106kdcpid=$! 107 108sh ${wait_kdc} 109if [ "$?" != 0 ] ; then 110 kill -9 ${kdcpid} 111 exit 1 112fi 113 114trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT 115 116ec=0 117 118echo "Getting client initial tickets"; > messages.log 119${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 120 { ec=1 ; eval "${testfailed}"; } 121 122echo "get cross realm manually" 123${kgetcred} krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; } 124${kgetcred} krbtgt/${R3}@${R2} || { ec=1 ; eval "${testfailed}"; } 125${kgetcred} krbtgt/${R4}@${R3} || { ec=1 ; eval "${testfailed}"; } 126${kgetcred} host/server.test3.h5l.se@${R3} || { ec=1 ; eval "${testfailed}"; } 127${kgetcred} host/server.test4.h5l.se@${R4} || { ec=1 ; eval "${testfailed}"; } 128 129 130echo "check result" 131${klist} -v | awk '/Server:.*host.server.test3/{c=8}{if(c-->0){print}}' | grep 'Ticket flags:.*ok-as-delegate' > /dev/null || \ 132 { ec=1 ; echo "server.test3 failed"; eval "${testfailed}"; } 133${klist} -v | awk '/Server:.*host.noserver.test3/{c=8}{if(c-->0){print}}' | grep 'Ticket flags:.*ok-as-delegate' 2> /dev/null && \ 134 { ec=1 ; echo "noserver.test3 failed"; eval "${testfailed}"; } 135${klist} -v | awk '/Server:.*host.server.test4/{c=8}{if(c-->0){print}}' | grep 'Ticket flags:.*ok-as-delegate' 2> /dev/null && \ 136 { ec=1 ; echo "server.test4 failed" ; eval "${testfailed}"; } 137 138${kdestroy} 139 140#echo "Getting client initial tickets"; > messages.log 141#${kinit} --password-file=${objdir}/foopassword foo@${R} || \ 142# { ec=1 ; eval "${testfailed}"; } 143# 144#echo "get cross realm automagicly" 145#${kgetcred} host/server.test4.h5l.se@${R4} || { ec=1 ; eval "${testfailed}"; } 146# 147#echo "check result" 148#${klist} -v | grep -A8 -e 'Server:.*server.test4' | grep 'Ticket flags:.*ok-as-delegate' && { ec=1 ; eval "${testfailed}"; } 149# 150#${kdestroy} 151 152 153echo "killing kdc (${kdcpid})" 154sh ${leaks_kill} kdc $kdcpid || exit 1 155 156trap "" EXIT 157 158exit $ec 159