1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16KRB5_TRACE=$TESTDIR/k5_trace
17KRB5_CONFIG=$TESTDIR/krb5.conf
18KRB5_KDC_PROFILE=$KRB5_CONFIG
19KRB5_KTNAME=$TESTDIR/server.kt
20KRB5_CLIENT_KTNAME=$TESTDIR/client.kt
21KRB5CCNAME=$TESTDIR/client.ccache
22
23export KRB5_TRACE KRB5_CONFIG KRB5_KDC_PROFILE KRB5_KTNAME KRB5_CLIENT_KTNAME KRB5CCNAME
24
25KDCLOG=$TESTDIR/setup_kdc.log
26KSERVICE=ldap/$LOCALHOST
27KUSER=kuser
28
29. $CONFFILTER < $DATADIR/krb5.conf > $KRB5_CONFIG
30
31PATH=${PATH}:/usr/lib/heimdal-servers:/usr/sbin:/usr/local/sbin
32
33echo "Trying Heimdal KDC..."
34
35command -v kdc >/dev/null 2>&1
36if test $? = 0 ; then
37          kstash --random-key > $KDCLOG 2>&1
38          RC=$?
39          if test $RC != 0 ; then
40                    echo "Heimdal: kstash failed, skipping GSSAPI tests"
41                    exit 0
42          fi
43
44          flags="--realm-max-ticket-life=1h --realm-max-renewable-life=1h"
45          kadmin -l init $flags $KRB5REALM > $KDCLOG 2>&1
46          RC=$?
47          if test $RC != 0 ; then
48                    echo "Heimdal: kadmin init failed, skipping GSSAPI tests"
49                    exit 0
50          fi
51
52          kadmin -l add --random-key --use-defaults $KSERVICE > $KDCLOG 2>&1
53          RC=$?
54          if test $RC != 0 ; then
55                    echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
56                    exit 0
57          fi
58
59          kadmin -l ext -k $KRB5_KTNAME $KSERVICE > $KDCLOG 2>&1
60          RC=$?
61          if test $RC != 0 ; then
62                    echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
63                    exit 0
64          fi
65
66          kadmin -l add --random-key --use-defaults $KUSER > $KDCLOG 2>&1
67          RC=$?
68          if test $RC != 0 ; then
69                    echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
70                    exit 0
71          fi
72
73          kadmin -l ext -k $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
74          RC=$?
75          if test $RC != 0 ; then
76                    echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
77                    exit 0
78          fi
79
80          kdc --addresses=$LOCALIP --ports="$KDCPORT/udp" > $KDCLOG 2>&1 &
81else
82          echo "Trying MIT KDC..."
83
84          command -v krb5kdc >/dev/null 2>&1
85          if test $? != 0; then
86                    echo "No KDC available, skipping GSSAPI tests"
87                    exit 0
88          fi
89
90          kdb5_util create -r $KRB5REALM -s -P password > $KDCLOG 2>&1
91          RC=$?
92          if test $RC != 0 ; then
93                    echo "MIT: kdb5_util create failed, skipping GSSAPI tests"
94                    exit 0
95          fi
96
97          kadmin.local -q "addprinc -randkey $KSERVICE" > $KDCLOG 2>&1
98          RC=$?
99          if test $RC != 0 ; then
100                    echo "MIT: admin addprinc failed, skipping GSSAPI tests"
101                    exit 0
102          fi
103
104          kadmin.local -q "ktadd -k $KRB5_KTNAME $KSERVICE" > $KDCLOG 2>&1
105          RC=$?
106          if test $RC != 0 ; then
107                    echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
108                    exit 0
109          fi
110
111          kadmin.local -q "addprinc -randkey $KUSER" > $KDCLOG 2>&1
112          RC=$?
113          if test $RC != 0 ; then
114                    echo "MIT: kadmin addprinc failed, skipping GSSAPI tests"
115                    exit 0
116          fi
117
118          kadmin.local -q "ktadd -k $KRB5_CLIENT_KTNAME $KUSER" > $KDCLOG 2>&1
119          RC=$?
120          if test $RC != 0 ; then
121                    echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
122                    exit 0
123          fi
124
125          krb5kdc -n > $KDCLOG 2>&1 &
126fi
127
128KDCPROC=$!
129sleep 1
130
131kinit -kt $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
132RC=$?
133if test $RC != 0 ; then
134          kill $KDCPROC
135          echo "SASL/GSSAPI: kinit failed, skipping GSSAPI tests"
136          exit 0
137fi
138
139pluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
140RC=$?
141if test $RC != 0 ; then
142
143          saslpluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
144          RC=$?
145          if test $RC != 0 ; then
146                    kill $KDCPROC
147                    echo "cyrus-sasl has no GSSAPI support, test skipped"
148                    exit 0
149          fi
150fi
151
152HAVE_SASL_GSS_CBIND=no
153
154grep CHANNEL_BINDING $TESTDIR/plugin_out > /dev/null 2>&1
155RC=$?
156if test $RC = 0 ; then
157          HAVE_SASL_GSS_CBIND=yes
158fi
159