1#!/bin/sh 2# 3# Copyright (c) 2007 Kungliga Tekniska Högskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33 34top_builddir="@top_builddir@" 35env_setup="@env_setup@" 36objdir="." 37 38. ${env_setup} 39 40srcdir="${top_srcdir}/tests/kdc" 41test_alname="${test_alname} --simple" 42 43rm -f localname 44 45check_localname() { 46 stderr= 47 if test "$2" -ne 0; then 48 stderr="2>/dev/null" 49 fi 50 eval ${test_alname} "'$1'" > localname $stderr 51 status=$? 52 if test $status -ne "$2"; then 53 echo "Unexpected exit code from test_alname $1: $status" 54 exit 1 55 fi 56 if test $status -ne 0; then 57 return 0 58 fi 59 read lname < localname 60 if test "X$lname" != "X$3"; then 61 echo "Unexpected mapping of $1: $lname" 62 exit 1 63 fi 64 return 0 65} 66 67R=TEST.H5L.SE 68R2=TEST2.H5L.SE 69R3=TEST3.H5L.SE 70R4=TEST4.H5L.SE 71 72KRB5_CONFIG="${objdir}/krb5-authz.conf" 73export KRB5_CONFIG 74 75echo "Checking 1-component principal names in default realms" 76check_localname mapped1@${R} 0 foo || exit 1 77check_localname mapped2@${R} 0 bar || exit 1 78check_localname mapped1@${R2} 0 m1 || exit 1 79check_localname mapped2@${R2} 0 m2 || exit 1 80check_localname mapped1@${R3} 0 mapped1 || exit 1 81check_localname mapped2@${R3} 0 mapped2 || exit 1 82check_localname notmapped1@${R} 0 notmapped1 || exit 1 83check_localname notmapped1@${R2} 0 notmapped1 || exit 1 84check_localname notmapped1@${R3} 0 notmapped1 || exit 1 85 86echo "Checking 1-component principal names in non-default realm" 87check_localname mapped1@${R4} 1 || exit 1 88check_localname notmapped1@${R4} 1 || exit 1 89 90echo "Checking 2-component principal names" 91check_localname foo/mapped1@${R} 0 foo || exit 1 92check_localname foo/mapped2@${R} 0 bar || exit 1 93check_localname bar/mapped1@${R2} 0 foobar || exit 1 94check_localname bar/mapped2@${R2} 0 foobaz || exit 1 95check_localname foo/mapped1@${R3} 1 || exit 1 96check_localname bar/mapped1@${R3} 1 || exit 1 97check_localname foo/notmapped1@${R} 1 || exit 1 98check_localname bar/notmapped1@${R2} 1 || exit 1 99 100echo "Checking 2-component principal names in non-default realm" 101check_localname foo/mapped1@${R4} 1 || exit 1 102check_localname bar/mapped1@${R4} 1 || exit 1 103check_localname foo/notmapped1@${R4} 1 || exit 1 104check_localname bar/notmapped1@${R4} 1 || exit 1 105 106echo "Checking for overflow" 107test_alname="${test_alname} --simple --lname-size=1" 108check_localname mapped1@${R} 3 || exit 1 109check_localname mapped2@${R} 3 || exit 1 110check_localname mapped1@${R2} 3 || exit 1 111check_localname mapped2@${R2} 3 || exit 1 112check_localname mapped1@${R3} 3 || exit 1 113check_localname mapped2@${R3} 3 || exit 1 114 115echo "Checking krb5_kuserok()" 116${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1 117${test_kuserok} mapped1@${R} foo > /dev/null || exit 1 118${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1 119${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1 120${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1 121 122# If the user running this test has a ~/.k5login or .k5logind, test 123# based on their content 124if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -s "${HOME}/.k5login"; then 125 echo "Checking ~/.k5login" 126 while read princ; do 127 ${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1 128 done < "${HOME}/.k5login" || exit 1 129fi 130if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -d "${HOME}/.k5login.d"; then 131 echo "Checking ~/.k5login.d" 132 ls -f "${HOME}/.k5login.d" | egrep -v '^(\.|\.\.|#.*|.*~|\.*.sw.)$' | while read f; do 133 f="${HOME}/.k5login.d/$f" 134 test -d "${f}" && continue 135 while read princ; do 136 ${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1 137 done < "${f}" || exit 1 138 done || exit 1 139fi 140 141KRB5_CONFIG="${objdir}/krb5-authz2.conf" 142export KRB5_CONFIG 143 144echo "Checking krb5_kuserok() (with authoritative k5login files)" 145${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1 146${test_kuserok} mapped1@${R} foo > /dev/null && exit 1 147${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1 148${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1 149${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1 150 151rm -f messages.log 152 153exit 0 154