diff options
Diffstat (limited to 'third_party/heimdal/tests/java')
-rw-r--r-- | third_party/heimdal/tests/java/KerberosInit.java | 95 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/Makefile.am | 46 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/NTMakefile | 35 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/check-kinit.in | 147 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/have-java.sh | 58 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/jaas.conf | 14 | ||||
-rw-r--r-- | third_party/heimdal/tests/java/krb5.conf.in | 32 |
7 files changed, 427 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/java/KerberosInit.java b/third_party/heimdal/tests/java/KerberosInit.java new file mode 100644 index 0000000..9442417 --- /dev/null +++ b/third_party/heimdal/tests/java/KerberosInit.java @@ -0,0 +1,95 @@ +/* + * + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +import javax.security.auth.login.*; +import javax.security.auth.callback.*; + +public class KerberosInit { + + private class TestCallBackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) + throws UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof TextOutputCallback) { + TextOutputCallback toc = (TextOutputCallback)callbacks[i]; + System.out.println(toc.getMessage()); + } else if (callbacks[i] instanceof NameCallback) { + NameCallback nc = (NameCallback)callbacks[i]; + nc.setName("lha"); + } else if (callbacks[i] instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback)callbacks[i]; + pc.setPassword("foo".toCharArray()); + } else { + throw new + UnsupportedCallbackException(callbacks[i], + "Unrecognized Callback"); + } + } + } + } + private TestCallBackHandler getHandler() { + return new TestCallBackHandler(); + } + + public static void main(String[] args) { + + LoginContext lc = null; + try { + lc = new LoginContext("kinit", new KerberosInit().getHandler()); + } catch (LoginException e) { + System.err.println("Cannot create LoginContext. " + e.getMessage()); + e.printStackTrace(); + System.exit(1); + } catch (SecurityException e) { + System.err.println("Cannot create LoginContext. " + e.getMessage()); + e.printStackTrace(); + System.exit(1); + } + + try { + lc.login(); + } catch (LoginException e) { + System.err.println("Authentication failed:" + e.getMessage()); + e.printStackTrace(); + System.exit(1); + } + + System.out.println("lc.login ok"); + System.exit(0); + } +} + diff --git a/third_party/heimdal/tests/java/Makefile.am b/third_party/heimdal/tests/java/Makefile.am new file mode 100644 index 0000000..acbe874 --- /dev/null +++ b/third_party/heimdal/tests/java/Makefile.am @@ -0,0 +1,46 @@ +# $Id: Makefile.am 20739 2007-05-31 16:53:21Z lha $ + +include $(top_srcdir)/Makefile.am.common + +noinst_DATA = krb5.conf + +check_SCRIPTS = $(SCRIPT_TESTS) + +SCRIPT_TESTS = check-kinit + +TESTS = $(SCRIPT_TESTS) + +port = 49188 + +do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ + -e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g' \ + -e 's,[@]port[@],$(port),g' \ + -e 's,[@]objdir[@],$(top_builddir)/tests/java,g' + +LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken) + +check-kinit: check-kinit.in Makefile + $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp + chmod +x check-kinit.tmp + mv check-kinit.tmp check-kinit + +krb5.conf: krb5.conf.in Makefile + $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp + mv krb5.conf.tmp krb5.conf + +CLEANFILES= \ + $(TESTS) \ + *.tmp \ + *.class \ + current-db* \ + krb5.conf \ + messages.log + + +EXTRA_DIST = \ + NTMakefile \ + KerberosInit.java \ + jaas.conf \ + check-kinit.in \ + have-java.sh \ + krb5.conf.in diff --git a/third_party/heimdal/tests/java/NTMakefile b/third_party/heimdal/tests/java/NTMakefile new file mode 100644 index 0000000..5783739 --- /dev/null +++ b/third_party/heimdal/tests/java/NTMakefile @@ -0,0 +1,35 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=tests\java + +!include ../../windows/NTMakefile.w32 + diff --git a/third_party/heimdal/tests/java/check-kinit.in b/third_party/heimdal/tests/java/check-kinit.in new file mode 100644 index 0000000..8203344 --- /dev/null +++ b/third_party/heimdal/tests/java/check-kinit.in @@ -0,0 +1,147 @@ +#!/bin/sh +# +# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +srcdir="@srcdir@" +env_setup="@env_setup@" +objdir="@objdir@" +port="@port@" + +. ${env_setup} + +# Disable test if: no data, no java, or socket wrapper +../db/have-db || exit 77 +sh ${srcdir}/have-java.sh || exit 77 +[ X"$SOCKET_WRAPPER_DIR" != X ] && exit 77 + +R=TEST.H5L.SE +server=host/localhost +keytabfile="${objdir}/server.keytab" +keytab="FILE:${keytabfile}" +cache="FILE:${objdir}/cache.krb5" + +kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}" +kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R" +kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=127.0.0.1 -P $port" +gssclient="${TESTS_ENVIRONMENT} ../../appl/test/gssapi_client" + +KRB5_CONFIG="${objdir}/krb5.conf" +export KRB5_CONFIG + +rm -f ${keytabfile} messages.log +rm -f current-db* +rm -f out-* +rm -f mkey.file* + +echo "Compile" +javac -d "${objdir}" "${srcdir}/KerberosInit.java" || \ + { echo "Failed to compile java program: $?" ; exit 77; } + +echo "Compile" +javac -d "${objdir}" "${srcdir}/../../appl/test/jgssapi_server.java" || \ + { echo "Failed to compile java program: $?" ; exit 77; } + +> messages.log + +echo foo > ${objdir}/foopassword + +echo Creating database +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R} || exit 1 + +${kadmin} add -p foo --use-defaults lha@${R} || exit 1 +${kadmin} modify --attributes=+requires-pre-auth lha@${R} || exit 1 +${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1 +${kadmin} ext -k ${keytab} ${server}@${R} || exit 1 + +echo Starting kdc +${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; } +kdcpid=`getpid kdc` + +trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT + +echo "Run init" +java \ + -Dsun.security.krb5.debug=true \ + -Djava.security.krb5.conf="${objdir}"/krb5.conf \ + -Djava.security.auth.login.config="${srcdir}/jaas.conf" \ + KerberosInit > output.tmp 2>&1 || { cat output.tmp ; exit 1; } + + +# Disabled because of: +# +# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7077646 +# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7077640 +# + +if false ; then + + echo "start server" + java \ + -Dsun.security.krb5.debug=true \ + -Djava.security.krb5.conf="${objdir}"/krb5.conf \ + -Djavax.security.auth.useSubjectCredsOnly=false \ + -Djava.security.auth.login.config="${srcdir}/jaas.conf" \ + jgssapi_server > output.tmp 2>&1 & + javapid=$! + sleep 5 + + trap "kill -9 ${kdcpid} ${javapid}; echo signal killing kdc java; exit 1;" EXIT + + echo "Getting client initial tickets"; > messages.log + ${kinit} --password-file=${objdir}/foopassword lha@$R || \ + { echo "kinit failed" ; exit 1; } + + env KRB5CCNAME=${cache} \ + ${gssclient} --port=4717 --service=host localhost || exit 1 + + sleep 5 + + kill ${javapid} + + grep 'Exception in thread' output.tmp && exit 1 +fi + +echo "Done" + +echo "killing kdc (${kdcpid} ${javapid})" +kill $kdcpid $javapid || exit 1 + +trap "" EXIT + +exit 0 diff --git a/third_party/heimdal/tests/java/have-java.sh b/third_party/heimdal/tests/java/have-java.sh new file mode 100644 index 0000000..84ac00e --- /dev/null +++ b/third_party/heimdal/tests/java/have-java.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# +# Copyright (c) 2007 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +echo "Checking for java and javac" + +oldifs=$IFS +IFS=: +set -- $PATH +IFS=$oldifs +for i in $*; do + test -n "$i" || i="." + test -x $i/java && j=f + test -x $i/javac && k=c +done + +test "$j$k" = fc || exit 1 + +# GNU GCC Java doesn't support Kerberos +if java -version 2>&1 | grep 'gij' > /dev/null ; then + exit 1 +fi + +echo "ok" + +exit 0 diff --git a/third_party/heimdal/tests/java/jaas.conf b/third_party/heimdal/tests/java/jaas.conf new file mode 100644 index 0000000..00a9e02 --- /dev/null +++ b/third_party/heimdal/tests/java/jaas.conf @@ -0,0 +1,14 @@ +/* $Id$ */ + +kinit { + com.sun.security.auth.module.Krb5LoginModule required; +}; + +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + keyTab="server.keytab" + principal="host/localhost" + isInitiator=false; +}; diff --git a/third_party/heimdal/tests/java/krb5.conf.in b/third_party/heimdal/tests/java/krb5.conf.in new file mode 100644 index 0000000..ca6b74f --- /dev/null +++ b/third_party/heimdal/tests/java/krb5.conf.in @@ -0,0 +1,32 @@ +# $Id$ + +[libdefaults] + default_realm = TEST.H5L.SE + + +[realms] + TEST.H5L.SE = { + kdc = localhost:@port@ + } + +[kdc] + database = { + dbname = @objdir@/current-db + realm = TEST.H5L.SE + mkey_file = @objdir@/mkey.file + log_file = @objdir@/current.log + } + +[hdb] + db-dir = @objdir@ + +[logging] + kdc = 0-/FILE:@objdir@/messages.log + default = 0-/FILE:@objdir@/messages.log + +# Have both default and non default salting for single DES encryptes, +# this to check if the kdc return default salting. +[kadmin] + default_keys = aes256-cts-hmac-sha1-96:pw-salt + default_keys = aes128-cts-hmac-sha1-96:pw-salt + default_keys = des3-cbc-sha1:pw-salt |