Current Path : /usr/src/crypto/heimdal/tests/kdc/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/src/crypto/heimdal/tests/kdc/check-digest.in |
#!/bin/sh # # Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the name of the Institute nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $Id: check-digest.in 21849 2007-08-08 06:56:41Z lha $ # srcdir="@srcdir@" objdir="@objdir@" # If there is no useful db support compile in, disable test ../db/have-db || exit 77 R=TEST.H5L.SE port=@port@ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R" kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port" server=host/datan.test.h5l.se cache="FILE:${objdir}/cache.krb5" ocache="FILE:${objdir}/ocache.krb5" keytabfile=${objdir}/server.keytab keytab="FILE:${keytabfile}" kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog" klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache" kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest --ccache=$cache" test_ntlm="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_ntlm" context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context" username=foo userpassword=digestpassword password=foobarbaz KRB5_CONFIG="${objdir}/krb5.conf" export KRB5_CONFIG rm -f ${keytabfile} rm -f current-db* rm -f out-* rm -f mkey.file* > messages.log echo Creating database ${kadmin} \ init \ --realm-max-ticket-life=1day \ --realm-max-renewable-life=1month \ ${R} || exit 1 ${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1 ${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1 ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1 ${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1 ${kadmin} ext -k ${keytab} ${server}@${R} || exit 1 echo "Doing database check" ${kadmin} check ${R} || exit 1 echo $password > ${objdir}/foopassword echo Starting kdc ${kdc} & kdcpid=$! sh ${srcdir}/wait-kdc.sh if [ "$?" != 0 ] ; then kill ${kdcpid} exit 1 fi trap "kill ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT exitcode=0 echo "Getting digest server tickets" ${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1 ${kdigest} digest-server-init \ --kerberos-realm=${R} \ --type=CHAP > /dev/null || exitcode=1 echo "Trying NTLM" NTLM_ACCEPTOR_CCACHE="$cache" export NTLM_ACCEPTOR_CCACHE echo "Trying server-init" echo ${kdigest} ntlm-server-init \ --kerberos-realm=${R} \ > sdigest-init || exitcode=1 echo "test_ntlm" ${test_ntlm} || { echo "test_ntlm failed"; exit 1; } NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt" export NTLM_USER_FILE echo "test_context --mech-type=ntlm" ${context} --mech-type=ntlm \ --name-type=hostbased-service datan@TEST || \ { echo "test_context 1 failed"; exit 1; } ${context} --mech-type=ntlm \ --name-type=hostbased-service datan@host.TEST || \ { echo "test_context 2 failed"; exit 1; } ${context} --mech-type=ntlm \ --name-type=hostbased-service datan@host.test.domain2 || \ { echo "test_context 3 failed"; exit 1; } ${context} --mech-type=ntlm \ --name-type=hostbased-service datan@host.foo 2>/dev/null && \ { echo "test_context 4 failed"; exit 1; } echo "Trying SL in NTLM" for type in \ "" \ "--getverifymic" \ "--wrapunwrap" \ "--getverifymic --wrapunwrap" \ ; do echo "Trying NTLM type: ${type}" ${context} --mech-type=ntlm ${type} \ --name-type=hostbased-service datan@TEST || \ { echo "test_context 1 failed"; exit 1; } done echo "Trying CHAP" ${kdigest} digest-server-init \ --kerberos-realm=${R} \ --type=CHAP \ > sdigest-reply || exitcode=1 snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=` identifier=`grep identifier= sdigest-reply | cut -f2- -d=` opaque=`grep opaque= sdigest-reply | cut -f2- -d=` ${kdigest} digest-client-request \ --type=CHAP \ --username="$username" \ --password="$userpassword" \ --opaque="$opaque" \ --server-identifier="$identifier" \ --server-nonce="$snonce" \ > cdigest-reply || exitcode=1 cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=` #echo user: $username #echo server-nonce: $snonce #echo opaqeue: $opaque #echo identifier: $identifier ${kdigest} digest-server-request \ --kerberos-realm=${R} \ --type=CHAP \ --username="$username" \ --opaque="$opaque" \ --client-response="$cresponseData" \ --server-identifier="$identifier" \ --server-nonce="$snonce" \ > s2digest-reply || exitcode=1 status=`grep status= s2digest-reply | cut -f2- -d=` if test "X$status" = "Xok" ; then echo "CHAP response ok" else echo "CHAP response failed" exitcode=1 fi cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'` ${kdigest} digest-server-request \ --kerberos-realm=${R} \ --type=CHAP \ --username="$username" \ --opaque="$opaque" \ --client-response="$cresponseData" \ --server-identifier="$identifier" \ --server-nonce="$snonce" \ > s2digest-reply || exitcode=1 status=`grep status= s2digest-reply | cut -f2- -d=` if test "X$status" = "Xfailed" ; then echo "CHAP response fail as it should" else echo "CHAP response succeeded errorously" exitcode=1 fi echo "Trying MS-CHAP-V2" ${kdigest} digest-server-init \ --kerberos-realm=${R} \ --type=MS-CHAP-V2 \ > sdigest-reply || exitcode=1 snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=` opaque=`grep opaque= sdigest-reply | cut -f2- -d=` cnonce="21402324255E262A28295F2B3A337C7E" echo "MS-CHAP-V2 client request" ${kdigest} digest-client-request \ --type=MS-CHAP-V2 \ --username="$username" \ --password="$userpassword" \ --opaque="$opaque" \ --client-nonce="$cnonce" \ --server-nonce="$snonce" \ > cdigest-reply || exitcode=1 cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=` cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=` ckey=`grep session-key= cdigest-reply | cut -f2- -d=` ${kdigest} digest-server-request \ --kerberos-realm=${R} \ --type=MS-CHAP-V2 \ --username="$username" \ --opaque="$opaque" \ --client-response="$cresponseData" \ --client-nonce="$cnonce" \ --server-nonce="$snonce" \ > s2digest-reply || exitcode=1 status=`grep status= s2digest-reply | cut -f2- -d=` sRsp=`grep rsp= s2digest-reply | cut -f2- -d=` skey=`grep session-key= s2digest-reply | cut -f2- -d=` if test "X$sRsp" != "X$cRsp" ; then echo "rsp wrong $sRsp != $cRsp" exitcode=1 fi if test "X$skey" != "X$ckey" ; then echo "rsp wrong" exitcode=1 fi if test "X$status" = "Xok" ; then echo "MS-CHAP-V2 response ok" else echo "MS-CHAP-V2 response failed" exitcode=1 fi trap "" EXIT echo "killing kdc (${kdcpid})" kill $kdcpid || exit 1 exit $exitcode