3 # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 top_builddir="@top_builddir@"
35 env_setup="@env_setup@"
41 # If there is no useful db support compiled in, disable test
50 cache="FILE:${objdir}/cache.krb5"
52 kadmin="${kadmin} -r $R"
53 kdc="${kdc} --addresses=localhost -P $port"
54 kadmind="${kadmind} -p $admport"
56 server=host/datan.test.h5l.se
58 kinit="${kinit} -c $cache ${afs_no_afslog}"
59 kgetcred="${kgetcred} -c $cache"
60 kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
62 foopassword="fooLongPasswordYo123;"
64 KRB5_CONFIG="${objdir}/krb5.conf"
75 echo Creating database
78 --realm-max-ticket-life=1day \
79 --realm-max-renewable-life=1month \
82 ${kadmin} -l add -p "$foopassword" --use-defaults foo/admin@${R} || exit 1
83 ${kadmin} -l add -p "$foopassword" --use-defaults bar@${R} || exit 1
84 ${kadmin} -l add -p "$foopassword" --use-defaults baz@${R} || exit 1
85 ${kadmin} -l add -p "$foopassword" --use-defaults bez@${R} || exit 1
86 ${kadmin} -l add -p "$foopassword" --use-defaults fez@${R} || exit 1
87 ${kadmin} -l add -p "$foopassword" --use-defaults hasalias@${R} || exit 1
88 ${kadmin} -l add -p "$foopassword" --use-defaults pkinit@${R} || exit 1
89 ${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1
90 ${kadmin} -l add -p "$foopassword" --use-defaults prune@${R} || exit 1
91 ${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
92 ${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
93 ${kadmin} -l add -p "$foopassword" --use-defaults pruneall@${R} || exit 1
94 ${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
95 ${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
97 echo "$foopassword" > ${objdir}/foopassword
99 echo Starting kdc ; > messages.log
100 ${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
103 trap "kill -9 ${kdcpid} ${kadmpid}" EXIT
105 #----------------------------------
106 echo "kinit (no admin); test mod --alias authorization"
107 ${kinit} --password-file=${objdir}/foopassword \
108 -S kadmin/admin@${R} hasalias@${R} || exit 1
114 # Check that one non-permitted alias -> failure
115 env KRB5CCNAME=${cache} \
116 ${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=badalias@${R} hasalias@${R} &&
117 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
118 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
124 # Check that all permitted aliases -> success
125 env KRB5CCNAME=${cache} \
126 ${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} hasalias@${R} ||
127 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
128 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
134 # Check that we can drop aliases
135 env KRB5CCNAME=${cache} \
136 ${kadmin} -p hasalias@${R} modify --alias=goodalias3@${R} hasalias@${R} ||
137 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
138 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
139 ${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp
140 read junk aliases < kadmin.tmp
142 [ "$aliases" != "goodalias3@${R}" ] && { echo "kadmind failed $?"; cat messages.log ; exit 1; }
148 env KRB5CCNAME=${cache} \
149 ${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} --alias=goodalias3@${R} hasalias@${R} ||
150 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
151 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
152 ${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp
153 read junk aliases < kadmin.tmp
155 [ "$aliases" != "goodalias1@${R} goodalias2@${R} goodalias3@${R}" ] && { echo "FOO failed $?"; cat messages.log ; exit 1; }
157 #----------------------------------
162 echo "kinit (no admin)"
163 ${kinit} --password-file=${objdir}/foopassword \
164 -S kadmin/admin@${R} bar@${R} || exit 1
166 env KRB5CCNAME=${cache} \
167 ${kadmin} -p bar@${R} add -p "$foopassword" --use-defaults kaka2@${R} ||
168 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
170 ${kadmin} -l get kaka2@${R} > /dev/null ||
171 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
173 #----------------------------------
178 echo "kinit (no admin)"
179 ${kinit} --password-file=${objdir}/foopassword \
180 -S kadmin/admin@${R} baz@${R} || exit 1
181 echo "kadmin globacl"
182 env KRB5CCNAME=${cache} \
183 ${kadmin} -p baz@${R} get bar@${R} > /dev/null ||
184 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
186 #----------------------------------
191 echo "kinit (no admin)"
192 ${kinit} --password-file=${objdir}/foopassword \
193 -S kadmin/admin@${R} baz@${R} || exit 1
194 echo "kadmin globacl, negative"
195 env KRB5CCNAME=${cache} \
196 ${kadmin} -p baz@${R} passwd -p "$foopassword" bar@${R} > /dev/null 2>/dev/null &&
197 { echo "kadmin succesded $?"; cat messages.log ; exit 1; }
199 #----------------------------------
204 echo "kinit (no admin)"
205 ${kinit} --password-file=${objdir}/foopassword \
206 -S kadmin/admin@${R} baz@${R} || exit 1
207 echo "kadmin globacl"
208 env KRB5CCNAME=${cache} \
209 ${kadmin} -p baz@${R} get bar@${R} > /dev/null ||
210 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
212 #----------------------------------
217 echo "kinit (no admin)"
218 ${kinit} --password-file=${objdir}/foopassword \
219 -S kadmin/admin@${R} bez@${R} || exit 1
220 echo "kadmin globacl, negative"
221 env KRB5CCNAME=${cache} \
222 ${kadmin} -p bez@${R} passwd -p "$foopassword" bar@${R} > /dev/null 2>/dev/null &&
223 { echo "kadmin succesded $?"; cat messages.log ; exit 1; }
225 #----------------------------------
230 echo "kinit (no admin)"
231 ${kinit} --password-file=${objdir}/foopassword \
232 -S kadmin/admin@${R} fez@${R} || exit 1
233 echo "kadmin globacl"
234 env KRB5CCNAME=${cache} \
235 ${kadmin} -p fez@${R} get bar@${R} > /dev/null ||
236 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
238 #----------------------------------
243 echo "kinit (no admin)"
244 ${kinit} --password-file=${objdir}/foopassword \
245 -S kadmin/admin@${R} fez@${R} || exit 1
246 echo "kadmin globacl, negative"
247 env KRB5CCNAME=${cache} \
248 ${kadmin} -p fez@${R} passwd -p "$foopassword" bar@${R} > /dev/null 2>/dev/null &&
249 { echo "kadmin succesded $?"; cat messages.log ; exit 1; }
251 #----------------------------------
257 ${kinit} --password-file=${objdir}/foopassword \
258 -S kadmin/admin@${R} foo/admin@${R} || exit 1
261 env KRB5CCNAME=${cache} \
262 ${kadmin} -p foo/admin@${R} add -p "$foopassword" --use-defaults kaka@${R} ||
263 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
266 env KRB5CCNAME=${cache} \
267 ${kadmin} -p foo/admin@${R} add -p abc --use-defaults kaka@${R} &&
268 { echo "kadmin succeeded $?"; cat messages.log ; exit 1; }
270 #----------------------------------
275 echo "kadmin get doesnotexists"
276 env KRB5CCNAME=${cache} \
277 ${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \
278 > /dev/null 2>kadmin.tmp && \
279 { echo "kadmin passed"; cat messages.log ; exit 1; }
281 # evil hack to support libtool
282 sed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp
283 mv kadmin2.tmp kadmin.tmp
285 # If client tried IPv6, but service only listened on IPv4
286 grep -v ': connect' kadmin.tmp > kadmin2.tmp
287 mv kadmin2.tmp kadmin.tmp
289 cmp kadmin.tmp ${srcdir}/donotexists.txt || \
290 { echo "wrong response"; exit 1;}
292 #----------------------------------
297 echo "kadmin get pkinit-acl"
298 env KRB5CCNAME=${cache} \
299 ${kadmin} -p foo/admin@${R} get -o pkinit-acl pkinit@${R} \
301 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
303 #----------------------------------
308 echo "kadmin get -o principal"
309 env KRB5CCNAME=${cache} \
310 ${kadmin} -p foo/admin@${R} get -o principal bar@${R} \
311 > kadmin.tmp 2>&1 || \
312 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
313 if test "`cat kadmin.tmp`" != "Principal: bar@TEST.H5L.SE" ; then
314 cat kadmin.tmp ; cat messages.log ; exit 1 ;
318 #----------------------------------
323 echo "kadmin get -o kvno"
324 env KRB5CCNAME=${cache} \
325 ${kadmin} -p foo/admin@${R} get -o kvno bar@${R} \
326 > kadmin.tmp 2>&1 || \
327 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
328 if test "`cat kadmin.tmp`" != "Kvno: 1" ; then
329 cat kadmin.tmp ; cat messages.log ; exit 1 ;
333 #----------------------------------
338 echo "kadmin get -o princ_expire_time"
339 env KRB5CCNAME=${cache} \
340 ${kadmin} -p foo/admin@${R} get -o princ_expire_time bar@${R} \
341 > kadmin.tmp 2>&1 || \
342 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
343 if test "`cat kadmin.tmp`" != "Principal expires: never" ; then
344 cat kadmin.tmp ; cat messages.log ; exit 1 ;
347 #----------------------------------
352 echo "kadmin get -s -o attributes"
353 env KRB5CCNAME=${cache} \
354 ${kadmin} -p foo/admin@${R} get -s -o attributes bar@${R} \
355 > kadmin.tmp 2>&1 || \
356 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
357 if test "`cat kadmin.tmp`" != "Attributes" ; then
358 cat kadmin.tmp ; cat messages.log ; exit 1 ;
361 #----------------------------------
367 env KRB5CCNAME=${cache} \
368 ${kadmin} prune --kvno=2 prune@${R} \
369 > kadmin.tmp 2>&1 || \
370 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
371 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
377 env KRB5CCNAME=${cache} \
378 ${kadmin} get prune@${R} \
379 > kadmin.tmp 2>&1 || \
380 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
381 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
383 cat kadmin.tmp | ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
384 ' | sed 's/^.*[[]\(.*\)[]].*$/\1/' | grep '[0-9]' | sort -nu | tr -d '
385 ' | ${EGREP} '^13$' > /dev/null || \
386 { echo "kadmin prune failed $?"; cat messages.log ; exit 1; }
388 #----------------------------------
393 echo "kadmin pruneall"
394 env KRB5CCNAME=${cache} \
395 ${kadmin} get pruneall@${R} \
396 > kadmin.tmp 2>&1 || \
397 { echo "kadmin failed $?"; cat messages.log ; exit 1; }
398 wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
400 cat kadmin.tmp | ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
401 ' | sed 's/^.*[[]\(.*\)[]].*$/\1/' | grep '[0-9]' | sort -nu | tr -d '
402 ' | ${EGREP} '^3$' > /dev/null || \
403 { echo "kadmin pruneall failed $?"; cat messages.log ; exit 1; }
405 #----------------------------------
407 echo "killing kdc (${kdcpid} ${kadmpid})"
408 sh ${leaks_kill} kdc $kdcpid || exit 1