3 # Copyright (c) 2006 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 env_setup="@env_setup@"
47 keytabfile="${objdir}/server.keytab-no"
48 keytab="FILE:${keytabfile}-no"
49 cache="FILE:krb5ccfile-no"
50 cacheds="FILE:krb5ccfile-ds-no"
52 context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
54 KRB5_CONFIG="${objdir}/krb5.conf"
57 KRB5_KTNAME="${keytab}-no"
59 KRB5CCNAME="${cache}-no"
61 unset NTLM_ACCEPTOR_CCACHE
64 GSSAPI_SPNEGO_NAME=host@host.test.h5l.se
65 export GSSAPI_SPNEGO_NAME
67 GSS_MECH_CONFIG="${objdir}/mech"
68 export GSS_MECH_CONFIG
74 echo "======context building for negoex"
78 echo "test_negoex_1 $HOPS hops"
80 --mech-type=spnego --ret-mech-type=test_negoex_1 \
81 --name-type=hostbased-service \
82 host@host.test.h5l.se || \
83 { exitcode=1 ; echo test failed; }
88 echo "test_negoex_1 $HOPS hops early keys"
89 KEY=always ${context} \
90 --mech-type=spnego --ret-mech-type=test_negoex_1 \
91 --name-type=hostbased-service \
92 host@host.test.h5l.se || \
93 { exitcode=1 ; echo test failed; }
97 echo "test_negoex_1 no keys"
98 KEY=never ${context} \
99 --mech-type=spnego --ret-mech-type=test_negoex_1 \
100 --name-type=hostbased-service \
101 host@host.test.h5l.se 2>/dev/null && \
102 { exitcode=1 ; echo test failed; }
104 echo "test_negoex_1 no optimistic token"
105 NEGOEX_NO_OPTIMISTIC_TOKEN=1 ${context} \
106 --mech-type=spnego --ret-mech-type=test_negoex_1 \
107 --name-type=hostbased-service \
108 host@host.test.h5l.se || \
109 { exitcode=1 ; echo test failed; }
111 echo "test_negoex_1 initiator query fail, test_negoex_2 pass"
112 INIT_QUERY_FAIL=102 ${context} \
113 --mech-type=spnego --ret-mech-type=test_negoex_2 \
114 --name-type=hostbased-service \
115 host@host.test.h5l.se 2>/dev/null || \
116 { exitcode=1 ; echo test failed; }
118 echo "test_negoex_1 acceptor query fail, test_negoex_2 pass"
119 ACCEPT_QUERY_FAIL=102 ${context} \
120 --mech-type=spnego --ret-mech-type=test_negoex_2 \
121 --name-type=hostbased-service \
122 host@host.test.h5l.se 2>/dev/null || \
123 { exitcode=1 ; echo test failed; }
125 echo "test_negoex_1 acceptor exchange fail, test_negoex_2 pass"
126 ACCEPT_EXCHANGE_FAIL=102 ${context} \
127 --mech-type=spnego --ret-mech-type=test_negoex_2 \
128 --name-type=hostbased-service \
129 host@host.test.h5l.se 2>/dev/null || \
130 { exitcode=1 ; echo test failed; }
132 echo "test_negoex_1 first mech initiator exchange fail"
133 INIT_EXCHANGE_FAIL=102 ${context} \
134 --mech-type=spnego --ret-mech-type=test_negoex_1 \
135 --name-type=hostbased-service \
136 host@host.test.h5l.se 2>/dev/null && \
137 { exitcode=1 ; echo test failed; }
139 echo "test_negoex_1 first mech initiator exchange fail, two hops"
140 HOPS=2 INIT_EXCHANGE_FAIL=102 ${context} \
141 --mech-type=spnego --ret-mech-type=test_negoex_1 \
142 --name-type=hostbased-service \
143 host@host.test.h5l.se 2>/dev/null && \
144 { exitcode=1 ; echo test failed; }
146 echo "test_negoex_1 first mech initiator exchange fail, two hops, early keys"
147 HOPS=2 KEY=always INIT_EXCHANGE_FAIL=102 ${context} \
148 --mech-type=spnego --ret-mech-type=test_negoex_1 \
149 --name-type=hostbased-service \
150 host@host.test.h5l.se 2>/dev/null && \
151 { exitcode=1 ; echo test failed; }
153 echo "test_negoex_1 first mech init_sec_context fail"
154 INIT_FAIL=102 ${context} \
155 --mech-type=spnego --ret-mech-type=test_negoex_1 \
156 --name-type=hostbased-service \
157 host@host.test.h5l.se 2>/dev/null && \
158 { exitcode=1 ; echo test failed; }
160 echo "test_negoex_1 first mech accept_sec_context fail"
161 HOPS=2 ACCEPT_FAIL=102 ${context} \
162 --mech-type=spnego --ret-mech-type=test_negoex_1 \
163 --name-type=hostbased-service \
164 host@host.test.h5l.se 2>/dev/null && \
165 { exitcode=1 ; echo test failed; }
167 echo "test_negoex_1 alert from acceptor to initiator"
168 HOPS=3 KEY=init-always ${context} \
169 --mech-type=spnego --ret-mech-type=test_negoex_1 \
170 --name-type=hostbased-service \
171 host@host.test.h5l.se || \
172 { exitcode=1 ; echo test failed; }
174 echo "test_negoex_1 alert from initiator to acceptor"
175 HOPS=4 KEY=accept-always ${context} \
176 --mech-type=spnego --ret-mech-type=test_negoex_1 \
177 --name-type=hostbased-service \
178 host@host.test.h5l.se || \
179 { exitcode=1 ; echo test failed; }