1ebfedea0SLionel Sambuc#!/bin/sh 2ebfedea0SLionel Sambuc# 3ebfedea0SLionel Sambuc# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan 4ebfedea0SLionel Sambuc# (Royal Institute of Technology, Stockholm, Sweden). 5ebfedea0SLionel Sambuc# All rights reserved. 6ebfedea0SLionel Sambuc# 7ebfedea0SLionel Sambuc# Redistribution and use in source and binary forms, with or without 8ebfedea0SLionel Sambuc# modification, are permitted provided that the following conditions 9ebfedea0SLionel Sambuc# are met: 10ebfedea0SLionel Sambuc# 11ebfedea0SLionel Sambuc# 1. Redistributions of source code must retain the above copyright 12ebfedea0SLionel Sambuc# notice, this list of conditions and the following disclaimer. 13ebfedea0SLionel Sambuc# 14ebfedea0SLionel Sambuc# 2. Redistributions in binary form must reproduce the above copyright 15ebfedea0SLionel Sambuc# notice, this list of conditions and the following disclaimer in the 16ebfedea0SLionel Sambuc# documentation and/or other materials provided with the distribution. 17ebfedea0SLionel Sambuc# 18ebfedea0SLionel Sambuc# 3. Neither the name of the Institute nor the names of its contributors 19ebfedea0SLionel Sambuc# may be used to endorse or promote products derived from this software 20ebfedea0SLionel Sambuc# without specific prior written permission. 21ebfedea0SLionel Sambuc# 22ebfedea0SLionel Sambuc# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23ebfedea0SLionel Sambuc# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ebfedea0SLionel Sambuc# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ebfedea0SLionel Sambuc# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26ebfedea0SLionel Sambuc# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ebfedea0SLionel Sambuc# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ebfedea0SLionel Sambuc# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ebfedea0SLionel Sambuc# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ebfedea0SLionel Sambuc# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ebfedea0SLionel Sambuc# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ebfedea0SLionel Sambuc# SUCH DAMAGE. 33ebfedea0SLionel Sambuc 34ebfedea0SLionel Sambuctop_builddir="@top_builddir@" 35ebfedea0SLionel Sambucenv_setup="@env_setup@" 36ebfedea0SLionel Sambucobjdir="@objdir@" 37ebfedea0SLionel Sambucsrcdir="@srcdir@" 38ebfedea0SLionel Sambuc 39ebfedea0SLionel Sambuc. ${env_setup} 40ebfedea0SLionel Sambuc 41ebfedea0SLionel Sambuc# If there is no useful db support compile in, disable test 42ebfedea0SLionel Sambuc${have_db} || exit 77 43ebfedea0SLionel Sambuc 44ebfedea0SLionel SambucR=TEST.H5L.SE 45ebfedea0SLionel SambucR2=TEST2.H5L.SE 46ebfedea0SLionel Sambuc 47ebfedea0SLionel Sambucport=@port@ 48ebfedea0SLionel Sambucadmport=@admport@ 49ebfedea0SLionel Sambuc 50ebfedea0SLionel Sambuccache="FILE:${objdir}/cache.krb5" 51ebfedea0SLionel Sambuc 52ebfedea0SLionel Sambuckadmin="${kadmin} -r $R" 53ebfedea0SLionel Sambuckdc="${kdc} --addresses=localhost -P $port" 54ebfedea0SLionel Sambuckadmind="${kadmind} -p $admport" 55ebfedea0SLionel Sambuc 56ebfedea0SLionel Sambucserver=host/datan.test.h5l.se 57ebfedea0SLionel Sambuc 58ebfedea0SLionel Sambuckinit="${kinit} -c $cache ${afs_no_afslog}" 59ebfedea0SLionel Sambuckgetcred="${kgetcred} -c $cache" 60ebfedea0SLionel Sambuckdestroy="${kdestroy} -c $cache ${afs_no_unlog}" 61ebfedea0SLionel Sambuc 62ebfedea0SLionel SambucKRB5_CONFIG="${objdir}/krb5.conf" 63ebfedea0SLionel Sambucexport KRB5_CONFIG 64ebfedea0SLionel Sambuc 65ebfedea0SLionel Sambucrm -f ${keytabfile} 66ebfedea0SLionel Sambucrm -f current-db* 67ebfedea0SLionel Sambucrm -f out-* 68ebfedea0SLionel Sambucrm -f mkey.file* 69ebfedea0SLionel Sambucrm -f messages.log 70ebfedea0SLionel Sambuc 71ebfedea0SLionel Sambuc> messages.log 72ebfedea0SLionel Sambuc 73ebfedea0SLionel Sambucecho Creating database 74ebfedea0SLionel Sambuc${kadmin} -l \ 75ebfedea0SLionel Sambuc init \ 76ebfedea0SLionel Sambuc --realm-max-ticket-life=1day \ 77ebfedea0SLionel Sambuc --realm-max-renewable-life=1month \ 78ebfedea0SLionel Sambuc ${R} || exit 1 79ebfedea0SLionel Sambuc 80ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults foo/admin@${R} || exit 1 81ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1 82ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults baz@${R} || exit 1 83ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults bez@${R} || exit 1 84ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults fez@${R} || exit 1 85ebfedea0SLionel Sambuc${kadmin} -l add -p foo --use-defaults pkinit@${R} || exit 1 86ebfedea0SLionel Sambuc${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1 87ebfedea0SLionel Sambuc 88ebfedea0SLionel Sambucecho foo > ${objdir}/foopassword 89ebfedea0SLionel Sambuc 90ebfedea0SLionel Sambucecho Starting kdc 91ebfedea0SLionel Sambuc${kdc} & 92ebfedea0SLionel Sambuckdcpid=$! 93ebfedea0SLionel Sambuc 94ebfedea0SLionel Sambucsh ${wait_kdc} 95ebfedea0SLionel Sambucif [ "$?" != 0 ] ; then 96ebfedea0SLionel Sambuc kill -9 ${kdcpid} 97ebfedea0SLionel Sambuc kill -9 ${kadmpid} 98ebfedea0SLionel Sambuc exit 1 99ebfedea0SLionel Sambucfi 100ebfedea0SLionel Sambuc 101ebfedea0SLionel Sambuctrap "kill -9 ${kdcpid} ${kadmpid}" EXIT 102ebfedea0SLionel Sambuc 103ebfedea0SLionel Sambuc#---------------------------------- 104ebfedea0SLionel Sambuc${kadmind} -d & 105ebfedea0SLionel Sambuckadmpid=$! 106ebfedea0SLionel Sambucsleep 1 107ebfedea0SLionel Sambuc 108ebfedea0SLionel Sambucecho "kinit (no admin)" 109ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 110ebfedea0SLionel Sambuc -S kadmin/admin@${R} bar@${R} || exit 1 111ebfedea0SLionel Sambucecho "kadmin" 112ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 113ebfedea0SLionel Sambuc${kadmin} -p bar@${R} add -p foo --use-defaults kaka2@${R} || 114ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 115ebfedea0SLionel Sambuc 116ebfedea0SLionel Sambuc${kadmin} -l get kaka2@${R} > /dev/null || 117ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 118ebfedea0SLionel Sambuc 119ebfedea0SLionel Sambuc#---------------------------------- 120ebfedea0SLionel Sambuc${kadmind} -d & 121ebfedea0SLionel Sambuckadmpid=$! 122ebfedea0SLionel Sambucsleep 1 123ebfedea0SLionel Sambuc 124ebfedea0SLionel Sambucecho "kinit (no admin)" 125ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 126ebfedea0SLionel Sambuc -S kadmin/admin@${R} baz@${R} || exit 1 127ebfedea0SLionel Sambucecho "kadmin globacl" 128ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 129ebfedea0SLionel Sambuc${kadmin} -p baz@${R} get bar@${R} > /dev/null || 130ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 131ebfedea0SLionel Sambuc 132ebfedea0SLionel Sambuc#---------------------------------- 133ebfedea0SLionel Sambuc${kadmind} -d & 134ebfedea0SLionel Sambuckadmpid=$! 135ebfedea0SLionel Sambucsleep 1 136ebfedea0SLionel Sambuc 137ebfedea0SLionel Sambucecho "kinit (no admin)" 138ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 139ebfedea0SLionel Sambuc -S kadmin/admin@${R} baz@${R} || exit 1 140ebfedea0SLionel Sambucecho "kadmin globacl, negative" 141ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 142ebfedea0SLionel Sambuc${kadmin} -p baz@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 143ebfedea0SLionel Sambuc { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 144ebfedea0SLionel Sambuc 145ebfedea0SLionel Sambuc#---------------------------------- 146ebfedea0SLionel Sambuc${kadmind} -d & 147ebfedea0SLionel Sambuckadmpid=$! 148ebfedea0SLionel Sambucsleep 1 149ebfedea0SLionel Sambuc 150ebfedea0SLionel Sambucecho "kinit (no admin)" 151ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 152ebfedea0SLionel Sambuc -S kadmin/admin@${R} baz@${R} || exit 1 153ebfedea0SLionel Sambucecho "kadmin globacl" 154ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 155ebfedea0SLionel Sambuc${kadmin} -p baz@${R} get bar@${R} > /dev/null || 156ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 157ebfedea0SLionel Sambuc 158ebfedea0SLionel Sambuc#---------------------------------- 159ebfedea0SLionel Sambuc${kadmind} -d & 160ebfedea0SLionel Sambuckadmpid=$! 161ebfedea0SLionel Sambucsleep 1 162ebfedea0SLionel Sambuc 163ebfedea0SLionel Sambucecho "kinit (no admin)" 164ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 165ebfedea0SLionel Sambuc -S kadmin/admin@${R} bez@${R} || exit 1 166ebfedea0SLionel Sambucecho "kadmin globacl, negative" 167ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 168ebfedea0SLionel Sambuc${kadmin} -p bez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 169ebfedea0SLionel Sambuc { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 170ebfedea0SLionel Sambuc 171ebfedea0SLionel Sambuc#---------------------------------- 172ebfedea0SLionel Sambuc${kadmind} -d & 173ebfedea0SLionel Sambuckadmpid=$! 174ebfedea0SLionel Sambucsleep 1 175ebfedea0SLionel Sambuc 176ebfedea0SLionel Sambucecho "kinit (no admin)" 177ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 178ebfedea0SLionel Sambuc -S kadmin/admin@${R} fez@${R} || exit 1 179ebfedea0SLionel Sambucecho "kadmin globacl" 180ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 181ebfedea0SLionel Sambuc${kadmin} -p fez@${R} get bar@${R} > /dev/null || 182ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 183ebfedea0SLionel Sambuc 184ebfedea0SLionel Sambuc#---------------------------------- 185ebfedea0SLionel Sambuc${kadmind} -d & 186ebfedea0SLionel Sambuckadmpid=$! 187ebfedea0SLionel Sambucsleep 1 188ebfedea0SLionel Sambuc 189ebfedea0SLionel Sambucecho "kinit (no admin)" 190ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 191ebfedea0SLionel Sambuc -S kadmin/admin@${R} fez@${R} || exit 1 192ebfedea0SLionel Sambucecho "kadmin globacl, negative" 193ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 194ebfedea0SLionel Sambuc${kadmin} -p fez@${R} passwd -p foo bar@${R} > /dev/null 2>/dev/null && 195ebfedea0SLionel Sambuc { echo "kadmin succesded $?"; cat messages.log ; exit 1; } 196ebfedea0SLionel Sambuc 197ebfedea0SLionel Sambuc#---------------------------------- 198ebfedea0SLionel Sambuc${kadmind} -d & 199ebfedea0SLionel Sambuckadmpid=$! 200ebfedea0SLionel Sambucsleep 1 201ebfedea0SLionel Sambuc 202ebfedea0SLionel Sambucecho "kinit (admin)" 203ebfedea0SLionel Sambuc${kinit} --password-file=${objdir}/foopassword \ 204ebfedea0SLionel Sambuc -S kadmin/admin@${R} foo/admin@${R} || exit 1 205ebfedea0SLionel Sambuc 206ebfedea0SLionel Sambucecho "kadmin" 207ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 208ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} add -p foo --use-defaults kaka@${R} || 209ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 210ebfedea0SLionel Sambuc 211ebfedea0SLionel Sambuc#---------------------------------- 212ebfedea0SLionel Sambuc${kadmind} -d & 213ebfedea0SLionel Sambuckadmpid=$! 214ebfedea0SLionel Sambucsleep 1 215ebfedea0SLionel Sambuc 216ebfedea0SLionel Sambucecho "kadmin get doesnotexists" 217ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 218ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \ 219ebfedea0SLionel Sambuc > /dev/null 2>kadmin.tmp && \ 220ebfedea0SLionel Sambuc { echo "kadmin passed"; cat messages.log ; exit 1; } 221ebfedea0SLionel Sambuc 222ebfedea0SLionel Sambuc# evil hack to support libtool 223ebfedea0SLionel Sambucsed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp 224ebfedea0SLionel Sambucmv kadmin2.tmp kadmin.tmp 225ebfedea0SLionel Sambuc 226ebfedea0SLionel Sambuc# If client tried IPv6, but service only listened on IPv4 227ebfedea0SLionel Sambucgrep -v ': connect' kadmin.tmp > kadmin2.tmp 228ebfedea0SLionel Sambucmv kadmin2.tmp kadmin.tmp 229ebfedea0SLionel Sambuc 230ebfedea0SLionel Sambuccmp kadmin.tmp ${srcdir}/donotexists.txt || \ 231ebfedea0SLionel Sambuc { echo "wrong response"; exit 1;} 232ebfedea0SLionel Sambuc 233ebfedea0SLionel Sambuc#---------------------------------- 234ebfedea0SLionel Sambuc${kadmind} -d & 235ebfedea0SLionel Sambuckadmpid=$! 236ebfedea0SLionel Sambucsleep 1 237ebfedea0SLionel Sambuc 238ebfedea0SLionel Sambucecho "kadmin get pkinit-acl" 239ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 240ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -o pkinit-acl pkinit@${R} \ 241ebfedea0SLionel Sambuc > /dev/null || \ 242ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 243ebfedea0SLionel Sambuc 244ebfedea0SLionel Sambuc#---------------------------------- 245ebfedea0SLionel Sambuc${kadmind} -d & 246ebfedea0SLionel Sambuckadmpid=$! 247ebfedea0SLionel Sambucsleep 1 248ebfedea0SLionel Sambuc 249ebfedea0SLionel Sambucecho "kadmin get -o principal" 250ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 251ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -o principal bar@${R} \ 252ebfedea0SLionel Sambuc > kadmin.tmp 2>&1 || \ 253ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 254*0a6a1f1dSLionel Sambucif test "`cat kadmin.tmp`" != "Principal: bar@TEST.H5L.SE" ; then 255ebfedea0SLionel Sambuc cat kadmin.tmp ; cat messages.log ; exit 1 ; 256ebfedea0SLionel Sambucfi 257ebfedea0SLionel Sambuc 258ebfedea0SLionel Sambuc 259ebfedea0SLionel Sambuc#---------------------------------- 260ebfedea0SLionel Sambuc${kadmind} -d & 261ebfedea0SLionel Sambuckadmpid=$! 262ebfedea0SLionel Sambucsleep 1 263ebfedea0SLionel Sambuc 264ebfedea0SLionel Sambucecho "kadmin get -o kvno" 265ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 266ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -o kvno bar@${R} \ 267ebfedea0SLionel Sambuc > kadmin.tmp 2>&1 || \ 268ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 269*0a6a1f1dSLionel Sambucif test "`cat kadmin.tmp`" != "Kvno: 1" ; then 270ebfedea0SLionel Sambuc cat kadmin.tmp ; cat messages.log ; exit 1 ; 271ebfedea0SLionel Sambucfi 272ebfedea0SLionel Sambuc 273ebfedea0SLionel Sambuc 274ebfedea0SLionel Sambuc#---------------------------------- 275ebfedea0SLionel Sambuc${kadmind} -d & 276ebfedea0SLionel Sambuckadmpid=$! 277ebfedea0SLionel Sambucsleep 1 278ebfedea0SLionel Sambuc 279ebfedea0SLionel Sambucecho "kadmin get -o princ_expire_time" 280ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 281ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -o princ_expire_time bar@${R} \ 282ebfedea0SLionel Sambuc > kadmin.tmp 2>&1 || \ 283ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 284*0a6a1f1dSLionel Sambucif test "`cat kadmin.tmp`" != "Principal expires: never" ; then 285ebfedea0SLionel Sambuc cat kadmin.tmp ; cat messages.log ; exit 1 ; 286ebfedea0SLionel Sambucfi 287ebfedea0SLionel Sambuc 288ebfedea0SLionel Sambuc#---------------------------------- 289ebfedea0SLionel Sambuc${kadmind} -d & 290ebfedea0SLionel Sambuckadmpid=$! 291ebfedea0SLionel Sambucsleep 1 292ebfedea0SLionel Sambuc 293ebfedea0SLionel Sambucecho "kadmin get -s -o attributes" 294ebfedea0SLionel Sambucenv KRB5CCNAME=${cache} \ 295ebfedea0SLionel Sambuc${kadmin} -p foo/admin@${R} get -s -o attributes bar@${R} \ 296ebfedea0SLionel Sambuc > kadmin.tmp 2>&1 || \ 297ebfedea0SLionel Sambuc { echo "kadmin failed $?"; cat messages.log ; exit 1; } 298*0a6a1f1dSLionel Sambucif test "`cat kadmin.tmp`" != "Attributes" ; then 299ebfedea0SLionel Sambuc cat kadmin.tmp ; cat messages.log ; exit 1 ; 300ebfedea0SLionel Sambucfi 301ebfedea0SLionel Sambuc 302ebfedea0SLionel Sambuc#---------------------------------- 303ebfedea0SLionel Sambuc 304ebfedea0SLionel Sambuc 305ebfedea0SLionel Sambucecho "killing kdc (${kdcpid} ${kadmpid})" 306ebfedea0SLionel Sambucsh ${leaks_kill} kdc $kdcpid || exit 1 307ebfedea0SLionel Sambuc 308ebfedea0SLionel Sambuctrap "" EXIT 309ebfedea0SLionel Sambuc 310ebfedea0SLionel Sambucexit $ec 311