1#!/bin/sh
2#
3# Copyright (c) 2007 Kungliga Tekniska Högskolan
4# (Royal Institute of Technology, Stockholm, Sweden).
5# All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10#
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13#
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# 3. Neither the name of the Institute nor the names of its contributors
19#    may be used to endorse or promote products derived from this software
20#    without specific prior written permission.
21#
22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32# SUCH DAMAGE.
33
34top_builddir="@top_builddir@"
35env_setup="@env_setup@"
36objdir="."
37
38. ${env_setup}
39
40srcdir="${top_srcdir}/tests/kdc"
41test_alname="${test_alname} --simple"
42
43rm -f localname
44
45check_localname() {
46    stderr=
47    if test "$2" -ne 0; then
48	stderr="2>/dev/null"
49    fi
50    eval ${test_alname} "'$1'" > localname $stderr
51    status=$?
52    if test $status -ne "$2"; then
53	echo "Unexpected exit code from test_alname $1: $status"
54	exit 1
55    fi
56    if test $status -ne 0; then
57	return 0
58    fi
59    read lname < localname
60    if test "X$lname" != "X$3"; then
61	echo "Unexpected mapping of $1: $lname"
62	exit 1
63    fi
64    return 0
65}
66
67R=TEST.H5L.SE
68R2=TEST2.H5L.SE
69R3=TEST3.H5L.SE
70R4=TEST4.H5L.SE
71
72KRB5_CONFIG="${objdir}/krb5-authz.conf"
73export KRB5_CONFIG
74
75echo "Checking 1-component principal names in default realms"
76check_localname mapped1@${R} 0 foo || exit 1
77check_localname mapped2@${R} 0 bar || exit 1
78check_localname mapped1@${R2} 0 m1 || exit 1
79check_localname mapped2@${R2} 0 m2 || exit 1
80check_localname mapped1@${R3} 0 mapped1 || exit 1
81check_localname mapped2@${R3} 0 mapped2 || exit 1
82check_localname notmapped1@${R} 0 notmapped1 || exit 1
83check_localname notmapped1@${R2} 0 notmapped1 || exit 1
84check_localname notmapped1@${R3} 0 notmapped1 || exit 1
85
86echo "Checking 1-component principal names in non-default realm"
87check_localname mapped1@${R4} 1 || exit 1
88check_localname notmapped1@${R4} 1 || exit 1
89
90echo "Checking 2-component principal names"
91check_localname foo/mapped1@${R} 0 foo || exit 1
92check_localname foo/mapped2@${R} 0 bar || exit 1
93check_localname bar/mapped1@${R2} 0 foobar || exit 1
94check_localname bar/mapped2@${R2} 0 foobaz || exit 1
95check_localname foo/mapped1@${R3} 1 || exit 1
96check_localname bar/mapped1@${R3} 1 || exit 1
97check_localname foo/notmapped1@${R} 1 || exit 1
98check_localname bar/notmapped1@${R2} 1 || exit 1
99
100echo "Checking 2-component principal names in non-default realm"
101check_localname foo/mapped1@${R4} 1 || exit 1
102check_localname bar/mapped1@${R4} 1 || exit 1
103check_localname foo/notmapped1@${R4} 1 || exit 1
104check_localname bar/notmapped1@${R4} 1 || exit 1
105
106echo "Checking for overflow"
107test_alname="${test_alname} --simple --lname-size=1"
108check_localname mapped1@${R} 3 || exit 1
109check_localname mapped2@${R} 3 || exit 1
110check_localname mapped1@${R2} 3 || exit 1
111check_localname mapped2@${R2} 3 || exit 1
112check_localname mapped1@${R3} 3 || exit 1
113check_localname mapped2@${R3} 3 || exit 1
114
115echo "Checking krb5_kuserok()"
116${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1
117${test_kuserok} mapped1@${R} foo > /dev/null || exit 1
118${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1
119${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1
120${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1
121
122# If the user running this test has a ~/.k5login or .k5logind, test
123# based on their content
124if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -s "${HOME}/.k5login"; then
125    echo "Checking ~/.k5login"
126    while read princ; do
127	${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1
128    done < "${HOME}/.k5login" || exit 1
129fi
130if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -d "${HOME}/.k5login.d"; then
131    echo "Checking ~/.k5login.d"
132    ls -f "${HOME}/.k5login.d" | egrep -v '^(\.|\.\.|#.*|.*~|\.*.sw.)$' | while read f; do
133	f="${HOME}/.k5login.d/$f"
134	test -d "${f}" && continue
135	while read princ; do
136	    ${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1
137	done < "${f}" || exit 1
138    done || exit 1
139fi
140
141KRB5_CONFIG="${objdir}/krb5-authz2.conf"
142export KRB5_CONFIG
143
144echo "Checking krb5_kuserok() (with authoritative k5login files)"
145${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1
146${test_kuserok} mapped1@${R} foo > /dev/null && exit 1
147${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1
148${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1
149${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1
150
151rm -f messages.log
152
153exit 0
154