1#!/bin/sh 2# 3# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34top_builddir="@top_builddir@" 35env_setup="@env_setup@" 36objdir="@objdir@" 37srcdir="@srcdir@" 38 39. ${env_setup} 40 41# If there is no useful db support compiled in, disable test 42${have_db} || exit 77 43 44R=TEST.H5L.SE 45R2=TEST2.H5L.SE 46 47port=@port@ 48admport=@admport@ 49 50cache="FILE:${objdir}/cache.krb5" 51 52kadmin="${kadmin} -r $R" 53kdc="${kdc} --addresses=localhost -P $port" 54kadmind="${kadmind} -p $admport" 55 56server=host/datan.test.h5l.se 57 58kinit="${kinit} -c $cache ${afs_no_afslog}" 59kgetcred="${kgetcred} -c $cache" 60kdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 61 62KRB5_CONFIG="${objdir}/krb5.conf" 63export KRB5_CONFIG 64 65rm -f ${keytabfile} 66rm -f current-db* 67rm -f out-* 68rm -f mkey.file* 69rm -f messages.log 70 71> messages.log 72 73echo Creating database 74${kadmin} -l \ 75 init \ 76 --realm-max-ticket-life=1day \ 77 --realm-max-renewable-life=1month \ 78 ${R} || exit 1 79 80${kadmin} -l add -p foo --use-defaults foo/admin@${R} || exit 1 81${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1 82${kadmin} -l add -p foo --use-defaults baz@${R} || exit 1 83${kadmin} -l add -p foo --use-defaults bez@${R} || exit 1 84${kadmin} -l add -p foo --use-defaults fez@${R} || exit 1 85${kadmin} -l add -p foo --use-defaults hasalias@${R} || exit 1 86${kadmin} -l add -p foo --use-defaults pkinit@${R} || exit 1 87${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1 88 89echo foo > ${objdir}/foopassword 90 91echo Starting kdc ; > messages.log 92${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; } 93kdcpid=`getpid kdc` 94 95trap "kill -9 ${kdcpid} ${kadmpid}" EXIT 96 97#---------------------------------- 98echo "kinit (no admin); test mod --alias authorization" 99${kinit} --password-file=${objdir}/foopassword \ 100 -S kadmin/admin@${R} hasalias@${R} || exit 1 101 102${kadmind} -d & 103kadmpid=$! 104sleep 1 105 106# Check that one non-permitted alias -> failure 107env KRB5CCNAME=${cache} \ 108${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=badalias@${R} hasalias@${R} && 109 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 110wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; } 111 112${kadmind} -d & 113kadmpid=$! 114sleep 1 115 116# Check that all permitted aliases -> success 117env KRB5CCNAME=${cache} \ 118${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} hasalias@${R} || 119 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 120wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; } 121 122${kadmind} -d & 123kadmpid=$! 124sleep 1 125 126# Check that we can drop aliases 127env KRB5CCNAME=${cache} \ 128${kadmin} -p hasalias@${R} modify --alias=goodalias3@${R} hasalias@${R} || 129 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 130wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; } 131${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp 132read junk aliases < kadmin.tmp 133rm kadmin.tmp 134[ "$aliases" != "goodalias3@${R}" ] && { echo "kadmind failed $?"; cat messages.log ; exit 1; } 135 136${kadmind} -d & 137kadmpid=$! 138sleep 1 139 140env KRB5CCNAME=${cache} \ 141${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} --alias=goodalias3@${R} hasalias@${R} || 142 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 143wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; } 144${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp 145read junk aliases < kadmin.tmp 146rm kadmin.tmp 147[ "$aliases" != "goodalias1@${R} goodalias2@${R} goodalias3@${R}" ] && { echo "FOO failed $?"; cat messages.log ; exit 1; } 148 149#---------------------------------- 150${kadmind} -d & 151kadmpid=$! 152sleep 1 153 154echo "kinit (no admin)" 155${kinit} --password-file=${objdir}/foopassword \ 156 -S kadmin/admin@${R} bar@${R} || exit 1 157echo "kadmin" 158env KRB5CCNAME=${cache} \ 159${kadmin} -p bar@${R} add -p foo --use-defaults kaka2@${R} || 160 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 161 162${kadmin} -l get kaka2@${R} > /dev/null || 163 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 164 165#---------------------------------- 166${kadmind} -d & 167kadmpid=$! 168sleep 1 169 170echo "kinit (no admin)" 171${kinit} --password-file=${objdir}/foopassword \ 172 -S kadmin/admin@${R} baz@${R} || exit 1 173echo "kadmin globacl" 174env KRB5CCNAME=${cache} \ 175${kadmin} -p baz@${R} get bar@${R} > /dev/null || 176 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 177 178#---------------------------------- 179${kadmind} -d & 180kadmpid=$! 181sleep 1 182 183echo "kinit (no admin)" 184${kinit} --password-file=${objdir}/foopassword \ 185 -S kadmin/admin@${R} baz@${R} || exit 1 186echo "kadmin globacl, negative" 187env KRB5CCNAME=${cache} \ 188${kadmin} -p baz@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 189 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 190 191#---------------------------------- 192${kadmind} -d & 193kadmpid=$! 194sleep 1 195 196echo "kinit (no admin)" 197${kinit} --password-file=${objdir}/foopassword \ 198 -S kadmin/admin@${R} baz@${R} || exit 1 199echo "kadmin globacl" 200env KRB5CCNAME=${cache} \ 201${kadmin} -p baz@${R} get bar@${R} > /dev/null || 202 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 203 204#---------------------------------- 205${kadmind} -d & 206kadmpid=$! 207sleep 1 208 209echo "kinit (no admin)" 210${kinit} --password-file=${objdir}/foopassword \ 211 -S kadmin/admin@${R} bez@${R} || exit 1 212echo "kadmin globacl, negative" 213env KRB5CCNAME=${cache} \ 214${kadmin} -p bez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 215 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 216 217#---------------------------------- 218${kadmind} -d & 219kadmpid=$! 220sleep 1 221 222echo "kinit (no admin)" 223${kinit} --password-file=${objdir}/foopassword \ 224 -S kadmin/admin@${R} fez@${R} || exit 1 225echo "kadmin globacl" 226env KRB5CCNAME=${cache} \ 227${kadmin} -p fez@${R} get bar@${R} > /dev/null || 228 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 229 230#---------------------------------- 231${kadmind} -d & 232kadmpid=$! 233sleep 1 234 235echo "kinit (no admin)" 236${kinit} --password-file=${objdir}/foopassword \ 237 -S kadmin/admin@${R} fez@${R} || exit 1 238echo "kadmin globacl, negative" 239env KRB5CCNAME=${cache} \ 240${kadmin} -p fez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 241 { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 242 243#---------------------------------- 244${kadmind} -d & 245kadmpid=$! 246sleep 1 247 248echo "kinit (admin)" 249${kinit} --password-file=${objdir}/foopassword \ 250 -S kadmin/admin@${R} foo/admin@${R} || exit 1 251 252echo "kadmin" 253env KRB5CCNAME=${cache} \ 254${kadmin} -p foo/admin@${R} add -p foo --use-defaults kaka@${R} || 255 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 256 257#---------------------------------- 258${kadmind} -d & 259kadmpid=$! 260sleep 1 261 262echo "kadmin get doesnotexists" 263env KRB5CCNAME=${cache} \ 264${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \ 265 > /dev/null 2>kadmin.tmp && \ 266 { echo "kadmin passed"; cat messages.log ; exit 1; } 267 268# evil hack to support libtool 269sed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp 270mv kadmin2.tmp kadmin.tmp 271 272# If client tried IPv6, but service only listened on IPv4 273grep -v ': connect' kadmin.tmp > kadmin2.tmp 274mv kadmin2.tmp kadmin.tmp 275 276cmp kadmin.tmp ${srcdir}/donotexists.txt || \ 277 { echo "wrong response"; exit 1;} 278 279#---------------------------------- 280${kadmind} -d & 281kadmpid=$! 282sleep 1 283 284echo "kadmin get pkinit-acl" 285env KRB5CCNAME=${cache} \ 286${kadmin} -p foo/admin@${R} get -o pkinit-acl pkinit@${R} \ 287 > /dev/null || \ 288 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 289 290#---------------------------------- 291${kadmind} -d & 292kadmpid=$! 293sleep 1 294 295echo "kadmin get -o principal" 296env KRB5CCNAME=${cache} \ 297${kadmin} -p foo/admin@${R} get -o principal bar@${R} \ 298 > kadmin.tmp 2>&1 || \ 299 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 300if test "`cat kadmin.tmp`" != "Principal: bar@TEST.H5L.SE" ; then 301 cat kadmin.tmp ; cat messages.log ; exit 1 ; 302fi 303 304 305#---------------------------------- 306${kadmind} -d & 307kadmpid=$! 308sleep 1 309 310echo "kadmin get -o kvno" 311env KRB5CCNAME=${cache} \ 312${kadmin} -p foo/admin@${R} get -o kvno bar@${R} \ 313 > kadmin.tmp 2>&1 || \ 314 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 315if test "`cat kadmin.tmp`" != "Kvno: 1" ; then 316 cat kadmin.tmp ; cat messages.log ; exit 1 ; 317fi 318 319 320#---------------------------------- 321${kadmind} -d & 322kadmpid=$! 323sleep 1 324 325echo "kadmin get -o princ_expire_time" 326env KRB5CCNAME=${cache} \ 327${kadmin} -p foo/admin@${R} get -o princ_expire_time bar@${R} \ 328 > kadmin.tmp 2>&1 || \ 329 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 330if test "`cat kadmin.tmp`" != "Principal expires: never" ; then 331 cat kadmin.tmp ; cat messages.log ; exit 1 ; 332fi 333 334#---------------------------------- 335${kadmind} -d & 336kadmpid=$! 337sleep 1 338 339echo "kadmin get -s -o attributes" 340env KRB5CCNAME=${cache} \ 341${kadmin} -p foo/admin@${R} get -s -o attributes bar@${R} \ 342 > kadmin.tmp 2>&1 || \ 343 { echo "kadmin failed $?"; cat messages.log ; exit 1; } 344if test "`cat kadmin.tmp`" != "Attributes" ; then 345 cat kadmin.tmp ; cat messages.log ; exit 1 ; 346fi 347 348#---------------------------------- 349 350 351echo "killing kdc (${kdcpid} ${kadmpid})" 352sh ${leaks_kill} kdc $kdcpid || exit 1 353 354trap "" EXIT 355 356exit $ec 357