From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- third_party/heimdal/tests/gss/check-basic.in | 219 +++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 third_party/heimdal/tests/gss/check-basic.in (limited to 'third_party/heimdal/tests/gss/check-basic.in') diff --git a/third_party/heimdal/tests/gss/check-basic.in b/third_party/heimdal/tests/gss/check-basic.in new file mode 100644 index 0000000..c5151c4 --- /dev/null +++ b/third_party/heimdal/tests/gss/check-basic.in @@ -0,0 +1,219 @@ +#!/bin/sh +# +# Copyright (c) 2007 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +env_setup="@env_setup@" +srcdir="@srcdir@" +objdir="@objdir@" + +. ${env_setup} + +# If there is no useful db support compiled in, disable test +../db/have-db || exit 77 + +R=TEST.H5L.SE + +port=@port@ + +keytabfile=${objdir}/server.keytab +keytab="FILE:${keytabfile}" +nokeytab="FILE:no-such-keytab" +cache="FILE:krb5ccfile" +cache2="FILE:krb5ccfile2" +nocache="FILE:no-such-cache" + +kadmin="${kadmin} -l -r $R" +kdc="${kdc} --addresses=localhost -P $port" + +acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred" +test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred" +test_add_store_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_add_store_cred" + +KRB5_CONFIG="${objdir}/krb5.conf" +export KRB5_CONFIG + +KRB5_KTNAME="${keytab}" +export KRB5_KTNAME +KRB5CCNAME="${cache}" +export KRB5CCNAME + +rm -f ${keytabfile} +rm -f current-db* +rm -f out-* +rm -f mkey.file* + +> messages.log + +echo Creating database +${kadmin} \ + init \ + --realm-max-ticket-life=1day \ + --realm-max-renewable-life=1month \ + ${R} || exit 1 + +echo upw > ${objdir}/foopassword + +${kadmin} add -p upw --use-defaults user@${R} || exit 1 +${kadmin} add -p upw --use-defaults another@${R} || exit 1 +${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1 +${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1 + +echo "Doing database check" +${kadmin} check ${R} || exit 1 + +echo Starting kdc +${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; } +kdcpid=`getpid kdc` + +trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT + +exitcode=0 + +echo "initial ticket" +${kinit} -c ${cache} --password-file=${objdir}/foopassword user@${R} || exitcode=1 + +echo "copy ccache with gss_store_cred" +# Note we test that the ccache used for storing is token-expanded +${test_add_store_cred} --default --overwrite --env ${cache} "${cache2}%{null}" || exit 1 +${klist} -c ${cache2} || exit 1 + +echo "keytab" +${acquire_cred} \ + --acquire-type=accept \ + --acquire-name=host@host.test.h5l.se || exit 1 + +echo "keytab w/ short-form name and name canon rules" +${acquire_cred} \ + --acquire-type=accept \ + --acquire-name=host@host || exit 1 + +echo "keytab w/o name" +${acquire_cred} \ + --acquire-type=accept || exit 1 + +echo "keytab w/ wrong name" +${acquire_cred} \ + --acquire-type=accept --kerberos \ + --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1 + +echo "init using keytab" +${acquire_cred} \ + --kerberos \ + --acquire-type=initiate \ + --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 + +echo "init using keytab (loop 10)" +${acquire_cred} \ + --kerberos \ + --acquire-type=initiate \ + --loops=10 \ + --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 + +echo "init using keytab (loop 10, target)" +${acquire_cred} \ + --kerberos \ + --acquire-type=initiate \ + --loops=10 \ + --target=host@host.test.h5l.se \ + --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 + +echo "init using keytab (loop 10, kerberos)" +${acquire_cred} \ + --acquire-type=initiate \ + --loops=10 \ + --kerberos \ + --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 + +echo "init using keytab (loop 10, target, kerberos)" +${acquire_cred} \ + --acquire-type=initiate \ + --loops=10 \ + --kerberos \ + --target=host@host.test.h5l.se \ + --acquire-name=host@host.test.h5l.se > /dev/null || exit 1 + +echo "init using existing cc" +${acquire_cred} \ + --kerberos \ + --name-type=user-name \ + --acquire-type=initiate \ + --acquire-name=user || exit 1 + +KRB5CCNAME=${nocache} + +echo "fail init using existing cc" +${acquire_cred} \ + --kerberos \ + --name-type=user-name \ + --acquire-type=initiate \ + --acquire-name=user 2>/dev/null && exit 1 + +echo "use gss_krb5_ccache_name for user" +${acquire_cred} \ + --kerberos \ + --name-type=user-name \ + --ccache=${cache} \ + --acquire-type=initiate \ + --acquire-name=user >/dev/null || exit 1 + +KRB5CCNAME=${cache} +KRB5_KTNAME=${nokeytab} + +echo "kcred" +${test_kcred} || exit 1 + +${kdestroy} -c ${cache} + +KRB5_KTNAME="${keytab}" + +echo "init using keytab" +${acquire_cred} \ + --kerberos \ + --acquire-type=initiate \ + --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1 + +echo "init using keytab (ccache)" +${acquire_cred} \ + --kerberos \ + --acquire-type=initiate \ + --ccache=${cache} \ + --acquire-name=host@host.test.h5l.se 2>/dev/null || exit 1 + +trap "" EXIT + +echo "killing kdc (${kdcpid})" +kill ${kdcpid} 2> /dev/null + +exit $exitcode -- cgit v1.2.3