aboutsummaryrefslogtreecommitdiffstats
path: root/tests/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'tests/kdc')
-rw-r--r--tests/kdc/Makefile.am228
-rw-r--r--tests/kdc/Makefile.in1057
-rw-r--r--tests/kdc/an2ln-db.txt143
-rw-r--r--tests/kdc/check-authz.in153
-rw-r--r--tests/kdc/check-canon.in210
-rw-r--r--tests/kdc/check-cc.in12
-rw-r--r--tests/kdc/check-delegation.in12
-rw-r--r--tests/kdc/check-des.in12
-rw-r--r--tests/kdc/check-digest.in13
-rw-r--r--tests/kdc/check-fast.in183
-rw-r--r--tests/kdc/check-hdb-mitdb.in111
-rw-r--r--tests/kdc/check-iprop.in303
-rw-r--r--tests/kdc/check-kadmin.in66
-rw-r--r--tests/kdc/check-kdc.in367
-rw-r--r--tests/kdc/check-keys.in16
-rw-r--r--tests/kdc/check-kinit.in149
-rw-r--r--tests/kdc/check-kpasswdd.in18
-rw-r--r--tests/kdc/check-pkinit.in12
-rw-r--r--tests/kdc/check-referral.in15
-rw-r--r--tests/kdc/check-tester.in118
-rw-r--r--tests/kdc/check-uu.in13
-rw-r--r--tests/kdc/hdb-mitdbbin0 -> 16384 bytes
-rw-r--r--tests/kdc/hdb-mitdb.kadm5bin0 -> 8192 bytes
-rw-r--r--tests/kdc/hdb-mitdb.mkeybin0 -> 30 bytes
-rw-r--r--tests/kdc/heimdal.acl4
-rw-r--r--tests/kdc/k5login/foo1
-rw-r--r--tests/kdc/kdc-tester1.json31
-rw-r--r--tests/kdc/kdc-tester2.json12
-rw-r--r--tests/kdc/kdc-tester3.json23
-rw-r--r--tests/kdc/kdc-tester4.json.in22
-rw-r--r--tests/kdc/krb5-authz.conf.in26
-rw-r--r--tests/kdc/krb5-authz2.conf.in27
-rw-r--r--tests/kdc/krb5-canon.conf.in100
-rw-r--r--tests/kdc/krb5-canon2.conf.in97
-rw-r--r--tests/kdc/krb5-hdb-mitdb.conf.in60
-rw-r--r--tests/kdc/krb5-pkinit.conf.in5
-rw-r--r--tests/kdc/krb5.conf.in79
-rw-r--r--tests/kdc/krb5.conf.keys.in5
-rw-r--r--tests/kdc/leaks-kill.sh47
-rw-r--r--tests/kdc/wait-kdc.sh15
40 files changed, 3290 insertions, 475 deletions
diff --git a/tests/kdc/Makefile.am b/tests/kdc/Makefile.am
index ecf74e5d190c..e080527db378 100644
--- a/tests/kdc/Makefile.am
+++ b/tests/kdc/Makefile.am
@@ -1,20 +1,32 @@
include $(top_srcdir)/Makefile.am.common
noinst_DATA = \
+ an2ln-db.txt \
+ kdc-tester4.json \
krb5.conf \
+ krb5-authz.conf \
+ krb5-authz2.conf \
+ krb5-canon.conf \
+ krb5-canon2.conf \
+ krb5-hdb-mitdb.conf \
krb5-weak.conf \
krb5-pkinit.conf \
krb5-pkinit-win.conf \
+ krb5-slave2.conf \
krb5-slave.conf
check_SCRIPTS = $(SCRIPT_TESTS)
SCRIPT_TESTS = \
+ check-authz \
+ check-canon \
check-cc \
check-delegation \
check-des \
check-digest \
+ check-fast \
check-kadmin \
+ check-hdb-mitdb \
check-kdc \
check-kdc-weak \
check-keys \
@@ -22,6 +34,7 @@ SCRIPT_TESTS = \
check-pkinit \
check-iprop \
check-referral \
+ check-tester \
check-uu
TESTS = $(SCRIPT_TESTS)
@@ -36,134 +49,221 @@ else
do_dlopen = -e 's,[@]DLOPEN[@],false,g'
endif
-do_subst = sed $(do_dlopen) \
+do_subst = $(heim_verbose)sed $(do_dlopen) \
-e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g' \
+ -e 's,[@]top_srcdir[@],$(top_srcdir),g' \
-e 's,[@]srcdir[@],$(srcdir),g' \
-e 's,[@]port[@],$(port),g' \
-e 's,[@]admport[@],$(admport),g' \
-e 's,[@]pwport[@],$(pwport),g' \
-e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
-e 's,[@]top_builddir[@],$(top_builddir),g' \
+ -e 's,[@]db_type[@],$(db_type),g' \
+ -e 's,[@]ENABLE_AFS_STRING_TO_KEY[@],$(ENABLE_AFS_STRING_TO_KEY),' \
-e 's,[@]EGREP[@],$(EGREP),g'
+chmod = chmod
+
LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+check-authz: check-authz.in Makefile krb5-authz.conf krb5-authz2.conf
+ $(do_subst) < $(srcdir)/check-authz.in > check-authz.tmp && \
+ $(chmod) +x check-authz.tmp && \
+ mv check-authz.tmp check-authz
+
+check-canon: check-canon.in Makefile krb5-canon.conf krb5-canon2.conf
+ $(do_subst) < $(srcdir)/check-canon.in > check-canon.tmp && \
+ $(chmod) +x check-canon.tmp && \
+ mv check-canon.tmp check-canon
+
check-cc: check-cc.in Makefile
- $(do_subst) < $(srcdir)/check-cc.in > check-cc.tmp
- chmod +x check-cc.tmp
+ $(do_subst) < $(srcdir)/check-cc.in > check-cc.tmp && \
+ $(chmod) +x check-cc.tmp && \
mv check-cc.tmp check-cc
check-delegation: check-delegation.in Makefile
- $(do_subst) < $(srcdir)/check-delegation.in > check-delegation.tmp
- chmod +x check-delegation.tmp
+ $(do_subst) < $(srcdir)/check-delegation.in > check-delegation.tmp && \
+ $(chmod) +x check-delegation.tmp && \
mv check-delegation.tmp check-delegation
check-des: check-des.in Makefile krb5.conf
- $(do_subst) < $(srcdir)/check-des.in > check-des.tmp
- chmod +x check-des.tmp
+ $(do_subst) < $(srcdir)/check-des.in > check-des.tmp && \
+ $(chmod) +x check-des.tmp && \
mv check-des.tmp check-des
+check-hdb-mitdb: check-hdb-mitdb.in Makefile krb5-hdb-mitdb.conf
+ $(do_subst) < $(srcdir)/check-hdb-mitdb.in > check-hdb-mitdb.tmp && \
+ $(chmod) +x check-hdb-mitdb.tmp && \
+ mv check-hdb-mitdb.tmp check-hdb-mitdb
+
+check-fast: check-fast.in Makefile
+ $(do_subst) < $(srcdir)/check-fast.in > check-fast.tmp && \
+ $(chmod) +x check-fast.tmp && \
+ mv check-fast.tmp check-fast
+
check-kdc: check-kdc.in Makefile
- $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
- chmod +x check-kdc.tmp
+ $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp && \
+ $(chmod) +x check-kdc.tmp && \
mv check-kdc.tmp check-kdc
check-kdc-weak: check-kdc-weak.in Makefile
- $(do_subst) < $(srcdir)/check-kdc-weak.in > check-kdc-weak.tmp
- chmod +x check-kdc-weak.tmp
+ $(do_subst) < $(srcdir)/check-kdc-weak.in > check-kdc-weak.tmp && \
+ $(chmod) +x check-kdc-weak.tmp && \
mv check-kdc-weak.tmp check-kdc-weak
+check-tester: check-tester.in kdc-tester4.json Makefile
+ $(do_subst) < $(srcdir)/check-tester.in > check-tester.tmp && \
+ $(chmod) +x check-tester.tmp && \
+ mv check-tester.tmp check-tester
+
check-keys: check-keys.in Makefile
- $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
- chmod +x check-keys.tmp
+ $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp && \
+ $(chmod) +x check-keys.tmp && \
mv check-keys.tmp check-keys
+check-kinit: check-kinit.in Makefile
+ $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp && \
+ $(chmod) +x check-kinit.tmp && \
+ mv check-kinit.tmp check-kinit
+
check-kadmin: check-kadmin.in Makefile
- $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
- chmod +x check-kadmin.tmp
+ $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp && \
+ $(chmod) +x check-kadmin.tmp && \
mv check-kadmin.tmp check-kadmin
check-uu: check-uu.in Makefile
- $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
- chmod +x check-uu.tmp
+ $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp && \
+ $(chmod) +x check-uu.tmp && \
mv check-uu.tmp check-uu
check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
- $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
- chmod +x check-pkinit.tmp
+ $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp && \
+ $(chmod) +x check-pkinit.tmp && \
mv check-pkinit.tmp check-pkinit
-check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
- $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
- chmod +x check-iprop.tmp
+check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf krb5-slave2.conf
+ $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp && \
+ $(chmod) +x check-iprop.tmp && \
mv check-iprop.tmp check-iprop
check-digest: check-digest.in Makefile
- $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
- chmod +x check-digest.tmp
+ $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp && \
+ $(chmod) +x check-digest.tmp && \
mv check-digest.tmp check-digest
check-referral: check-referral.in Makefile
- $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
- chmod +x check-referral.tmp
+ $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp && \
+ $(chmod) +x check-referral.tmp && \
mv check-referral.tmp check-referral
check-kpasswdd: check-kpasswdd.in Makefile
- $(do_subst) < $(srcdir)/check-kpasswdd.in > check-kpasswdd.tmp
- chmod +x check-kpasswdd.tmp
+ $(do_subst) < $(srcdir)/check-kpasswdd.in > check-kpasswdd.tmp && \
+ $(chmod) +x check-kpasswdd.tmp && \
mv check-kpasswdd.tmp check-kpasswdd
+kdc-tester4.json: kdc-tester4.json.in Makefile
+ $(do_subst) < $(srcdir)/kdc-tester4.json.in > kdc-tester4.json.tmp && \
+ mv kdc-tester4.json.tmp kdc-tester4.json
+
krb5.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],false,g' \
-e 's,[@]dk[@],,g' \
- -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp && \
mv krb5.conf.tmp krb5.conf
+krb5-authz.conf: krb5-authz.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5-authz.conf.in > krb5-authz.conf.tmp && \
+ mv krb5-authz.conf.tmp krb5-authz.conf
+
+krb5-authz2.conf: krb5-authz2.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5-authz2.conf.in > krb5-authz2.conf.tmp && \
+ mv krb5-authz2.conf.tmp krb5-authz2.conf
+
+krb5-canon.conf: krb5-canon.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-canon.conf.in > krb5-canon.conf.tmp && \
+ mv krb5-canon.conf.tmp krb5-canon.conf
+
+krb5-canon2.conf: krb5-canon2.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-canon2.conf.in > krb5-canon2.conf.tmp && \
+ mv krb5-canon2.conf.tmp krb5-canon2.conf
+
+krb5-hdb-mitdb.conf: krb5-hdb-mitdb.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-hdb-mitdb.conf.in > krb5-hdb-mitdb.conf.tmp && \
+ mv krb5-hdb-mitdb.conf.tmp krb5-hdb-mitdb.conf
+
krb5-weak.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],true,g' \
-e 's,[@]dk[@],default_keys = aes256-cts-hmac-sha1-96:pw-salt arcfour-hmac-md5:pw-salt des3-cbc-sha1:pw-salt des:pw-salt,g' \
- -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5-weak.conf.tmp
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5-weak.conf.tmp && \
mv krb5-weak.conf.tmp krb5-weak.conf
krb5-slave.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],true,g' \
-e 's,[@]dk[@],,g' \
- -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
+ -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp && \
mv krb5-slave.conf.tmp krb5-slave.conf
+krb5-slave2.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],true,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],.slave2,g' < $(srcdir)/krb5.conf.in > krb5-slave2.conf.tmp && \
+ mv krb5-slave2.conf.tmp krb5-slave2.conf
+
krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
- $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
+ $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp && \
mv krb5-pkinit.conf.tmp krb5-pkinit.conf
krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
- $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
+ $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp && \
mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
CLEANFILES= \
$(TESTS) \
- iprop-stats \
+ *.tmp \
+ acache.krb5 \
barpassword \
+ ca.crt \
cache.krb5 \
cdigest-reply \
- *.tmp \
client-cache \
- current-db* \
current*.log \
- iprop.keytab \
+ current-db* \
digest-reply \
foopassword \
- krb5.conf \
- krb5-weak.conf \
- krb5.conf.keys \
+ foopassword.rkpty \
+ iprop-stats \
+ iprop.keytab \
+ ipropd.dumpfile \
+ kdc-tester4.json \
+ kdc.crt \
+ krb5-authz.conf \
+ krb5-authz2.conf \
+ krb5-canon.conf \
+ krb5-canon2.conf \
krb5-cc.conf \
- krb5-slave.conf \
- krb5-pkinit.conf \
+ krb5-hdb-mitdb.conf \
krb5-pkinit-win.conf \
- signal \
+ krb5-pkinit.conf \
+ krb5-slave2.conf \
+ krb5-slave.conf \
+ krb5-weak.conf \
+ krb5.conf \
+ krb5.conf.keys \
leaks-log \
+ localname \
malloc-log \
malloc-log-master \
malloc-log-slave \
@@ -171,44 +271,64 @@ CLEANFILES= \
o2cache.krb5 \
o2digest-reply \
ocache.krb5 \
- s2digest-reply \
- sdigest-init \
- sdigest-reply \
- server.keytab \
- req-pkinit.der \
- req-pkinit2.der \
- req-kdc.der \
+ out-log \
pkinit.crt \
pkinit2.crt \
pkinit3.crt \
pkinit4.crt \
- kdc.crt \
- ca.crt \
- uuserver.log \
+ req-kdc.der \
+ req-pkinit.der \
+ req-pkinit2.der \
+ s2digest-reply \
+ sdigest-init \
+ sdigest-reply \
+ server.keytab \
+ signal \
tempfile \
- test-rc-file.rc
+ test-rc-file.rc \
+ uuserver.log
EXTRA_DIST = \
NTMakefile \
+ an2ln-db.txt \
+ check-authz.in \
+ check-canon.in \
check-cc.in \
check-delegation.in \
check-des.in \
check-digest.in \
+ check-fast.in \
check-iprop.in \
check-kadmin.in \
+ check-kinit.in \
+ check-hdb-mitdb.in \
check-kdc.in \
check-kdc-weak.in \
check-keys.in \
check-kpasswdd.in \
check-pkinit.in \
check-referral.in \
+ check-tester.in \
check-uu.in \
donotexists.txt \
+ hdb-mitdb \
+ hdb-mitdb.kadm5 \
+ hdb-mitdb.mkey \
heimdal.acl \
iprop-acl \
+ kdc-tester1.json \
+ kdc-tester2.json \
+ kdc-tester3.json \
+ kdc-tester4.json.in \
krb5-pkinit.conf.in \
krb5.conf.in \
+ krb5-authz.conf.in \
+ krb5-authz2.conf.in \
+ krb5-canon.conf.in \
+ krb5-canon2.conf.in \
+ krb5-hdb-mitdb.conf.in \
krb5.conf.keys.in \
+ k5login/foo \
ntlm-user-file.txt \
leaks-kill.sh \
pki-mapping \
diff --git a/tests/kdc/Makefile.in b/tests/kdc/Makefile.in
index dd57e8edbe54..e363dc623b77 100644
--- a/tests/kdc/Makefile.in
+++ b/tests/kdc/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -20,6 +19,61 @@
# $Id$
VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -38,9 +92,6 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- $(top_srcdir)/Makefile.am.common \
- $(top_srcdir)/cf/Makefile.am.common
subdir = tests/kdc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
@@ -56,8 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/check-man.m4 \
$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
$(top_srcdir)/cf/check-type-extra.m4 \
- $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
- $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/crypto.m4 \
$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
$(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \
$(top_srcdir)/cf/find-func-no-libs.m4 \
@@ -70,6 +120,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/krb-bigendian.m4 \
$(top_srcdir)/cf/krb-func-getlogin.m4 \
$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-prog-perl.m4 \
$(top_srcdir)/cf/krb-readline.m4 \
$(top_srcdir)/cf/krb-struct-spwd.m4 \
$(top_srcdir)/cf/krb-struct-winsize.m4 \
@@ -89,20 +140,246 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/include/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
SOURCES =
DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
DATA = $(noinst_DATA)
-am__tty_colors = \
-red=; grn=; lgn=; blu=; std=
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__recheck_rx = ^[ ]*:recheck:[ ]*
+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+ recheck = 1; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ { \
+ if ((getline line2 < ($$0 ".log")) < 0) \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+ { \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+ { \
+ break; \
+ } \
+ }; \
+ if (recheck) \
+ print $$0; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+ print "fatal: making $@: " msg | "cat >&2"; \
+ exit 1; \
+} \
+function rst_section(header) \
+{ \
+ print header; \
+ len = length(header); \
+ for (i = 1; i <= len; i = i + 1) \
+ printf "="; \
+ printf "\n\n"; \
+} \
+{ \
+ copy_in_global_log = 1; \
+ global_test_result = "RUN"; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".trs"); \
+ if (line ~ /$(am__global_test_result_rx)/) \
+ { \
+ sub("$(am__global_test_result_rx)", "", line); \
+ sub("[ ]*$$", "", line); \
+ global_test_result = line; \
+ } \
+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+ copy_in_global_log = 0; \
+ }; \
+ if (copy_in_global_log) \
+ { \
+ rst_section(global_test_result ": " $$0); \
+ while ((rc = (getline line < ($$0 ".log"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".log"); \
+ print line; \
+ }; \
+ printf "\n"; \
+ }; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+ --color-tests "$$am__color_tests" \
+ --enable-hard-errors "$$am__enable_hard_errors" \
+ --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test. Creates the
+# directory for the log if needed. Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log. Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup); \
+$(am__vpath_adj_setup) $(am__vpath_adj) \
+$(am__tty_colors); \
+srcdir=$(srcdir); export srcdir; \
+case "$@" in \
+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
+ *) am__odir=.;; \
+esac; \
+test "x$$am__odir" = x"." || test -d "$$am__odir" \
+ || $(MKDIR_P) "$$am__odir" || exit $$?; \
+if test -f "./$$f"; then dir=./; \
+elif test -f "$$f"; then dir=; \
+else dir="$(srcdir)/"; fi; \
+tst=$$dir$$f; log='$@'; \
+if test -n '$(DISABLE_HARD_ERRORS)'; then \
+ am__enable_hard_errors=no; \
+else \
+ am__enable_hard_errors=yes; \
+fi; \
+case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
+ am__expect_failure=yes;; \
+ *) \
+ am__expect_failure=no;; \
+esac; \
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed). The result is saved in the shell variable
+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+ bases='$(TEST_LOGS)'; \
+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+ bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+ case '$@' in \
+ */*) \
+ case '$*' in \
+ */*) b='$*';; \
+ *) b=`echo '$@' | sed 's/\.log$$//'`; \
+ esac;; \
+ *) \
+ b='$*';; \
+ esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+ $(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+AS = @AS@
ASN1_COMPILE = @ASN1_COMPILE@
ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@
AUTOCONF = @AUTOCONF@
@@ -121,12 +398,12 @@ COMPILE_ET = @COMPILE_ET@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
+DB1LIB = @DB1LIB@
+DB3LIB = @DB3LIB@
DBHEADER = @DBHEADER@
-DBLIB = @DBLIB@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
DIR_hdbdir = @DIR_hdbdir@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
@@ -136,17 +413,17 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ENABLE_AFS_STRING_TO_KEY = @ENABLE_AFS_STRING_TO_KEY@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCD_MIG = @GCD_MIG@
GREP = @GREP@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
INCLUDE_libedit = @INCLUDE_libedit@
INCLUDE_libintl = @INCLUDE_libintl@
INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_openssl_crypto = @INCLUDE_openssl_crypto@
INCLUDE_readline = @INCLUDE_readline@
INCLUDE_sqlite3 = @INCLUDE_sqlite3@
INSTALL = @INSTALL@
@@ -165,12 +442,9 @@ LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
LIB_bswap16 = @LIB_bswap16@
LIB_bswap32 = @LIB_bswap32@
+LIB_bswap64 = @LIB_bswap64@
LIB_com_err = @LIB_com_err@
LIB_com_err_a = @LIB_com_err_a@
LIB_com_err_so = @LIB_com_err_so@
@@ -179,6 +453,7 @@ LIB_db_create = @LIB_db_create@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dispatch_async_f = @LIB_dispatch_async_f@
+LIB_dladdr = @LIB_dladdr@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_dns_search = @LIB_dns_search@
@@ -195,10 +470,8 @@ LIB_hcrypto = @LIB_hcrypto@
LIB_hcrypto_a = @LIB_hcrypto_a@
LIB_hcrypto_appl = @LIB_hcrypto_appl@
LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
LIB_hstrerror = @LIB_hstrerror@
LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
LIB_libedit = @LIB_libedit@
LIB_libintl = @LIB_libintl@
LIB_loadquery = @LIB_loadquery@
@@ -206,6 +479,7 @@ LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_openldap = @LIB_openldap@
LIB_openpty = @LIB_openpty@
+LIB_openssl_crypto = @LIB_openssl_crypto@
LIB_otp = @LIB_otp@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
@@ -220,12 +494,15 @@ LIB_sqlite3 = @LIB_sqlite3@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIPO = @LIPO@
+LMDBLIB = @LMDBLIB@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
+NDBMLIB = @NDBMLIB@
NM = @NM@
NMEDIT = @NMEDIT@
NO_AFS = @NO_AFS@
@@ -242,6 +519,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LDADD = @PTHREAD_LDADD@
@@ -256,13 +534,7 @@ STRIP = @STRIP@
VERSION = @VERSION@
VERSIONING = @VERSIONING@
WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
+WFLAGS_LITE = @WFLAGS_LITE@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
@@ -286,6 +558,8 @@ build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
+db_type = @db_type@
+db_type_preference = @db_type_preference@
docdir = @docdir@
dpagaix_cflags = @dpagaix_cflags@
dpagaix_ldadd = @dpagaix_ldadd@
@@ -321,43 +595,63 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+SUFFIXES = .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 \
+ .cat5 .cat7 .cat8
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
AM_CPPFLAGS = $(INCLUDES_roken)
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
AM_CFLAGS = $(WFLAGS)
CP = cp
buildinclude = $(top_builddir)/include
+LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
libexec_heimdaldir = $(libexecdir)/heimdal
NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_FALSE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_TRUE@LIB_kafs =
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-LIB_heimbase = $(top_builddir)/base/libheimbase.la
+LIB_heimbase = $(top_builddir)/lib/base/libheimbase.la
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+
+#silent-rules
+heim_verbose = $(heim_verbose_$(V))
+heim_verbose_ = $(heim_verbose_$(AM_DEFAULT_VERBOSITY))
+heim_verbose_0 = @echo " GEN "$@;
noinst_DATA = \
+ an2ln-db.txt \
+ kdc-tester4.json \
krb5.conf \
+ krb5-authz.conf \
+ krb5-authz2.conf \
+ krb5-canon.conf \
+ krb5-canon2.conf \
+ krb5-hdb-mitdb.conf \
krb5-weak.conf \
krb5-pkinit.conf \
krb5-pkinit-win.conf \
+ krb5-slave2.conf \
krb5-slave.conf
check_SCRIPTS = $(SCRIPT_TESTS)
SCRIPT_TESTS = \
+ check-authz \
+ check-canon \
check-cc \
check-delegation \
check-des \
check-digest \
+ check-fast \
check-kadmin \
+ check-hdb-mitdb \
check-kdc \
check-kdc-weak \
check-keys \
@@ -365,6 +659,7 @@ SCRIPT_TESTS = \
check-pkinit \
check-iprop \
check-referral \
+ check-tester \
check-uu
TESTS = $(SCRIPT_TESTS)
@@ -373,39 +668,55 @@ admport = 49189
pwport = 49190
@HAVE_DLOPEN_FALSE@do_dlopen = -e 's,[@]DLOPEN[@],false,g'
@HAVE_DLOPEN_TRUE@do_dlopen = -e 's,[@]DLOPEN[@],true,g'
-do_subst = sed $(do_dlopen) \
+do_subst = $(heim_verbose)sed $(do_dlopen) \
-e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g' \
+ -e 's,[@]top_srcdir[@],$(top_srcdir),g' \
-e 's,[@]srcdir[@],$(srcdir),g' \
-e 's,[@]port[@],$(port),g' \
-e 's,[@]admport[@],$(admport),g' \
-e 's,[@]pwport[@],$(pwport),g' \
-e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
-e 's,[@]top_builddir[@],$(top_builddir),g' \
+ -e 's,[@]db_type[@],$(db_type),g' \
+ -e 's,[@]ENABLE_AFS_STRING_TO_KEY[@],$(ENABLE_AFS_STRING_TO_KEY),' \
-e 's,[@]EGREP[@],$(EGREP),g'
+chmod = chmod
LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
CLEANFILES = \
$(TESTS) \
- iprop-stats \
+ *.tmp \
+ acache.krb5 \
barpassword \
+ ca.crt \
cache.krb5 \
cdigest-reply \
- *.tmp \
client-cache \
- current-db* \
current*.log \
- iprop.keytab \
+ current-db* \
digest-reply \
foopassword \
- krb5.conf \
- krb5-weak.conf \
- krb5.conf.keys \
+ foopassword.rkpty \
+ iprop-stats \
+ iprop.keytab \
+ ipropd.dumpfile \
+ kdc-tester4.json \
+ kdc.crt \
+ krb5-authz.conf \
+ krb5-authz2.conf \
+ krb5-canon.conf \
+ krb5-canon2.conf \
krb5-cc.conf \
- krb5-slave.conf \
- krb5-pkinit.conf \
+ krb5-hdb-mitdb.conf \
krb5-pkinit-win.conf \
- signal \
+ krb5-pkinit.conf \
+ krb5-slave2.conf \
+ krb5-slave.conf \
+ krb5-weak.conf \
+ krb5.conf \
+ krb5.conf.keys \
leaks-log \
+ localname \
malloc-log \
malloc-log-master \
malloc-log-slave \
@@ -413,44 +724,64 @@ CLEANFILES = \
o2cache.krb5 \
o2digest-reply \
ocache.krb5 \
- s2digest-reply \
- sdigest-init \
- sdigest-reply \
- server.keytab \
- req-pkinit.der \
- req-pkinit2.der \
- req-kdc.der \
+ out-log \
pkinit.crt \
pkinit2.crt \
pkinit3.crt \
pkinit4.crt \
- kdc.crt \
- ca.crt \
- uuserver.log \
+ req-kdc.der \
+ req-pkinit.der \
+ req-pkinit2.der \
+ s2digest-reply \
+ sdigest-init \
+ sdigest-reply \
+ server.keytab \
+ signal \
tempfile \
- test-rc-file.rc
+ test-rc-file.rc \
+ uuserver.log
EXTRA_DIST = \
NTMakefile \
+ an2ln-db.txt \
+ check-authz.in \
+ check-canon.in \
check-cc.in \
check-delegation.in \
check-des.in \
check-digest.in \
+ check-fast.in \
check-iprop.in \
check-kadmin.in \
+ check-kinit.in \
+ check-hdb-mitdb.in \
check-kdc.in \
check-kdc-weak.in \
check-keys.in \
check-kpasswdd.in \
check-pkinit.in \
check-referral.in \
+ check-tester.in \
check-uu.in \
donotexists.txt \
+ hdb-mitdb \
+ hdb-mitdb.kadm5 \
+ hdb-mitdb.mkey \
heimdal.acl \
iprop-acl \
+ kdc-tester1.json \
+ kdc-tester2.json \
+ kdc-tester3.json \
+ kdc-tester4.json.in \
krb5-pkinit.conf.in \
krb5.conf.in \
+ krb5-authz.conf.in \
+ krb5-authz2.conf.in \
+ krb5-canon.conf.in \
+ krb5-canon2.conf.in \
+ krb5-hdb-mitdb.conf.in \
krb5.conf.keys.in \
+ k5login/foo \
ntlm-user-file.txt \
leaks-kill.sh \
pki-mapping \
@@ -460,7 +791,7 @@ EXTRA_DIST = \
all: all-am
.SUFFIXES:
-.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+.SUFFIXES: .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 .cat5 .cat7 .cat8 .c .log .test .test$(EXEEXT) .trs
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -473,7 +804,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/kdc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign tests/kdc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -482,6 +812,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
+$(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -497,104 +828,294 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
- @failed=0; all=0; xfail=0; xpass=0; skip=0; \
- srcdir=$(srcdir); export srcdir; \
- list=' $(TESTS) '; \
- $(am__tty_colors); \
- if test -n "$$list"; then \
- for tst in $$list; do \
- if test -f ./$$tst; then dir=./; \
- elif test -f $$tst; then dir=; \
- else dir="$(srcdir)/"; fi; \
- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xpass=`expr $$xpass + 1`; \
- failed=`expr $$failed + 1`; \
- col=$$red; res=XPASS; \
- ;; \
- *) \
- col=$$grn; res=PASS; \
- ;; \
- esac; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xfail=`expr $$xfail + 1`; \
- col=$$lgn; res=XFAIL; \
- ;; \
- *) \
- failed=`expr $$failed + 1`; \
- col=$$red; res=FAIL; \
- ;; \
- esac; \
- else \
- skip=`expr $$skip + 1`; \
- col=$$blu; res=SKIP; \
- fi; \
- echo "$${col}$$res$${std}: $$tst"; \
- done; \
- if test "$$all" -eq 1; then \
- tests="test"; \
- All=""; \
- else \
- tests="tests"; \
- All="All "; \
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+ rm -f $< $@
+ $(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+ @:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+ @$(am__set_TESTS_bases); \
+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+ redo_bases=`for i in $$bases; do \
+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+ done`; \
+ if test -n "$$redo_bases"; then \
+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+ if $(am__make_dryrun); then :; else \
+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
fi; \
- if test "$$failed" -eq 0; then \
- if test "$$xfail" -eq 0; then \
- banner="$$All$$all $$tests passed"; \
- else \
- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
- fi; \
- else \
- if test "$$xpass" -eq 0; then \
- banner="$$failed of $$all $$tests failed"; \
+ fi; \
+ if test -n "$$am__remaking_logs"; then \
+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+ "recursion detected" >&2; \
+ elif test -n "$$redo_logs"; then \
+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+ fi; \
+ if $(am__make_dryrun); then :; else \
+ st=0; \
+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+ for i in $$redo_bases; do \
+ test -f $$i.trs && test -r $$i.trs \
+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+ test -f $$i.log && test -r $$i.log \
+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+ done; \
+ test $$st -eq 0 || exit 1; \
+ fi
+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+ ws='[ ]'; \
+ results=`for b in $$bases; do echo $$b.trs; done`; \
+ test -n "$$results" || results=/dev/null; \
+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+ success=true; \
+ else \
+ success=false; \
+ fi; \
+ br='==================='; br=$$br$$br$$br$$br; \
+ result_count () \
+ { \
+ if test x"$$1" = x"--maybe-color"; then \
+ maybe_colorize=yes; \
+ elif test x"$$1" = x"--no-color"; then \
+ maybe_colorize=no; \
else \
- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \
fi; \
- fi; \
- dashes="$$banner"; \
- skipped=""; \
- if test "$$skip" -ne 0; then \
- if test "$$skip" -eq 1; then \
- skipped="($$skip test was not run)"; \
+ shift; \
+ desc=$$1 count=$$2; \
+ if test $$maybe_colorize = yes && test $$count -gt 0; then \
+ color_start=$$3 color_end=$$std; \
else \
- skipped="($$skip tests were not run)"; \
+ color_start= color_end=; \
fi; \
- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$skipped"; \
- fi; \
- report=""; \
- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
- report="Please report to $(PACKAGE_BUGREPORT)"; \
- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$report"; \
- fi; \
- dashes=`echo "$$dashes" | sed s/./=/g`; \
- if test "$$failed" -eq 0; then \
- echo "$$grn$$dashes"; \
- else \
- echo "$$red$$dashes"; \
- fi; \
- echo "$$banner"; \
- test -z "$$skipped" || echo "$$skipped"; \
- test -z "$$report" || echo "$$report"; \
- echo "$$dashes$$std"; \
- test "$$failed" -eq 0; \
- else :; fi
+ echo "$${color_start}# $$desc $$count$${color_end}"; \
+ }; \
+ create_testsuite_report () \
+ { \
+ result_count $$1 "TOTAL:" $$all "$$brg"; \
+ result_count $$1 "PASS: " $$pass "$$grn"; \
+ result_count $$1 "SKIP: " $$skip "$$blu"; \
+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+ result_count $$1 "FAIL: " $$fail "$$red"; \
+ result_count $$1 "XPASS:" $$xpass "$$red"; \
+ result_count $$1 "ERROR:" $$error "$$mgn"; \
+ }; \
+ { \
+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
+ $(am__rst_title); \
+ create_testsuite_report --no-color; \
+ echo; \
+ echo ".. contents:: :depth: 2"; \
+ echo; \
+ for b in $$bases; do echo $$b; done \
+ | $(am__create_global_log); \
+ } >$(TEST_SUITE_LOG).tmp || exit 1; \
+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
+ if $$success; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
+ fi; \
+ echo "$${col}$$br$${std}"; \
+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}$$br$${std}"; \
+ create_testsuite_report --maybe-color; \
+ echo "$$col$$br$$std"; \
+ if $$success; then :; else \
+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
+ if test -n "$(PACKAGE_BUGREPORT)"; then \
+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
+ fi; \
+ echo "$$col$$br$$std"; \
+ fi; \
+ $$success || exit 1
+
+check-TESTS:
+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+ exit $$?;
+recheck: all $(check_SCRIPTS)
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ bases=`for i in $$bases; do echo $$i; done \
+ | $(am__list_recheck_tests)` || exit 1; \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ log_list=`echo $$log_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+ am__force_recheck=am--force-recheck \
+ TEST_LOGS="$$log_list"; \
+ exit $$?
+check-authz.log: check-authz
+ @p='check-authz'; \
+ b='check-authz'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-canon.log: check-canon
+ @p='check-canon'; \
+ b='check-canon'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-cc.log: check-cc
+ @p='check-cc'; \
+ b='check-cc'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-delegation.log: check-delegation
+ @p='check-delegation'; \
+ b='check-delegation'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-des.log: check-des
+ @p='check-des'; \
+ b='check-des'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-digest.log: check-digest
+ @p='check-digest'; \
+ b='check-digest'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-fast.log: check-fast
+ @p='check-fast'; \
+ b='check-fast'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-kadmin.log: check-kadmin
+ @p='check-kadmin'; \
+ b='check-kadmin'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-hdb-mitdb.log: check-hdb-mitdb
+ @p='check-hdb-mitdb'; \
+ b='check-hdb-mitdb'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-kdc.log: check-kdc
+ @p='check-kdc'; \
+ b='check-kdc'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-kdc-weak.log: check-kdc-weak
+ @p='check-kdc-weak'; \
+ b='check-kdc-weak'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-keys.log: check-keys
+ @p='check-keys'; \
+ b='check-keys'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-kpasswdd.log: check-kpasswdd
+ @p='check-kpasswdd'; \
+ b='check-kpasswdd'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-pkinit.log: check-pkinit
+ @p='check-pkinit'; \
+ b='check-pkinit'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-iprop.log: check-iprop
+ @p='check-iprop'; \
+ b='check-iprop'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-referral.log: check-referral
+ @p='check-referral'; \
+ b='check-referral'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-tester.log: check-tester
+ @p='check-tester'; \
+ b='check-tester'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+check-uu.log: check-uu
+ @p='check-uu'; \
+ b='check-uu'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+ @p='$<'; \
+ $(am__set_b); \
+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@ @p='$<'; \
+@am__EXEEXT_TRUE@ $(am__set_b); \
+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -645,11 +1166,19 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
@@ -688,9 +1217,8 @@ install-dvi: install-dvi-am
install-dvi-am:
-install-exec-am:
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec-am: install-exec-local
+
install-html: install-html-am
install-html-am:
@@ -730,37 +1258,51 @@ ps-am:
uninstall-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-.MAKE: check-am install-am install-data-am install-exec-am \
- install-strip uninstall-am
+.MAKE: check-am install-am install-data-am install-strip uninstall-am
.PHONY: all all-am all-local check check-TESTS check-am check-local \
- clean clean-generic clean-libtool dist-hook distclean \
- distclean-generic distclean-libtool distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-data-hook install-dvi install-dvi-am \
- install-exec install-exec-am install-exec-hook install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ clean clean-generic clean-libtool cscopelist-am ctags-am \
+ dist-hook distclean distclean-generic distclean-libtool \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-local install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am recheck tags-am \
uninstall uninstall-am uninstall-hook
+.PRECIOUS: Makefile
+
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
- x=$(DESTDIR)$(bindir)/$$file; \
- if chown 0:0 $$x && chmod u+s $$x; then :; else \
- echo "*"; \
- echo "* Failed to install $$x setuid root"; \
- echo "*"; \
- fi; done
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; \
+ done
-install-exec-hook: install-suid-programs
+install-exec-local: install-suid-programs
+
+codesign-all:
+ @if [ X"$$CODE_SIGN_IDENTITY" != X ] ; then \
+ foo='$(bin_PROGRAMS) $(sbin_PROGRAMS) $(libexec_PROGRAMS)' ; \
+ for file in $$foo ; do \
+ echo "CODESIGN $$file" ; \
+ codesign -f -s "$$CODE_SIGN_IDENTITY" $$file || exit 1 ; \
+ done ; \
+ fi
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
- @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+all-local: codesign-all
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) $(noinst_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(noinst_HEADERS)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -768,7 +1310,7 @@ install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_incl
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f; \
+ $(CP) $$file $(buildinclude)/$$f || true; \
fi ; \
done ; \
foo='$(nobase_include_HEADERS)'; \
@@ -825,6 +1367,8 @@ check-local::
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
+.7.cat7:
+ $(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
@@ -867,6 +1411,19 @@ dist-cat5-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
+dist-cat7-mans:
+ @foo='$(man7_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.7) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat7/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
@@ -880,13 +1437,13 @@ dist-cat8-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat7-mans dist-cat8-mans
install-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
uninstall-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
install-data-hook: install-cat-mans
uninstall-hook: uninstall-cat-mans
@@ -917,98 +1474,168 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
fi ; \
done
+check-authz: check-authz.in Makefile krb5-authz.conf krb5-authz2.conf
+ $(do_subst) < $(srcdir)/check-authz.in > check-authz.tmp && \
+ $(chmod) +x check-authz.tmp && \
+ mv check-authz.tmp check-authz
+
+check-canon: check-canon.in Makefile krb5-canon.conf krb5-canon2.conf
+ $(do_subst) < $(srcdir)/check-canon.in > check-canon.tmp && \
+ $(chmod) +x check-canon.tmp && \
+ mv check-canon.tmp check-canon
+
check-cc: check-cc.in Makefile
- $(do_subst) < $(srcdir)/check-cc.in > check-cc.tmp
- chmod +x check-cc.tmp
+ $(do_subst) < $(srcdir)/check-cc.in > check-cc.tmp && \
+ $(chmod) +x check-cc.tmp && \
mv check-cc.tmp check-cc
check-delegation: check-delegation.in Makefile
- $(do_subst) < $(srcdir)/check-delegation.in > check-delegation.tmp
- chmod +x check-delegation.tmp
+ $(do_subst) < $(srcdir)/check-delegation.in > check-delegation.tmp && \
+ $(chmod) +x check-delegation.tmp && \
mv check-delegation.tmp check-delegation
check-des: check-des.in Makefile krb5.conf
- $(do_subst) < $(srcdir)/check-des.in > check-des.tmp
- chmod +x check-des.tmp
+ $(do_subst) < $(srcdir)/check-des.in > check-des.tmp && \
+ $(chmod) +x check-des.tmp && \
mv check-des.tmp check-des
+check-hdb-mitdb: check-hdb-mitdb.in Makefile krb5-hdb-mitdb.conf
+ $(do_subst) < $(srcdir)/check-hdb-mitdb.in > check-hdb-mitdb.tmp && \
+ $(chmod) +x check-hdb-mitdb.tmp && \
+ mv check-hdb-mitdb.tmp check-hdb-mitdb
+
+check-fast: check-fast.in Makefile
+ $(do_subst) < $(srcdir)/check-fast.in > check-fast.tmp && \
+ $(chmod) +x check-fast.tmp && \
+ mv check-fast.tmp check-fast
+
check-kdc: check-kdc.in Makefile
- $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
- chmod +x check-kdc.tmp
+ $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp && \
+ $(chmod) +x check-kdc.tmp && \
mv check-kdc.tmp check-kdc
check-kdc-weak: check-kdc-weak.in Makefile
- $(do_subst) < $(srcdir)/check-kdc-weak.in > check-kdc-weak.tmp
- chmod +x check-kdc-weak.tmp
+ $(do_subst) < $(srcdir)/check-kdc-weak.in > check-kdc-weak.tmp && \
+ $(chmod) +x check-kdc-weak.tmp && \
mv check-kdc-weak.tmp check-kdc-weak
+check-tester: check-tester.in kdc-tester4.json Makefile
+ $(do_subst) < $(srcdir)/check-tester.in > check-tester.tmp && \
+ $(chmod) +x check-tester.tmp && \
+ mv check-tester.tmp check-tester
+
check-keys: check-keys.in Makefile
- $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
- chmod +x check-keys.tmp
+ $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp && \
+ $(chmod) +x check-keys.tmp && \
mv check-keys.tmp check-keys
+check-kinit: check-kinit.in Makefile
+ $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp && \
+ $(chmod) +x check-kinit.tmp && \
+ mv check-kinit.tmp check-kinit
+
check-kadmin: check-kadmin.in Makefile
- $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
- chmod +x check-kadmin.tmp
+ $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp && \
+ $(chmod) +x check-kadmin.tmp && \
mv check-kadmin.tmp check-kadmin
check-uu: check-uu.in Makefile
- $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
- chmod +x check-uu.tmp
+ $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp && \
+ $(chmod) +x check-uu.tmp && \
mv check-uu.tmp check-uu
check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
- $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
- chmod +x check-pkinit.tmp
+ $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp && \
+ $(chmod) +x check-pkinit.tmp && \
mv check-pkinit.tmp check-pkinit
-check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
- $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
- chmod +x check-iprop.tmp
+check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf krb5-slave2.conf
+ $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp && \
+ $(chmod) +x check-iprop.tmp && \
mv check-iprop.tmp check-iprop
check-digest: check-digest.in Makefile
- $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
- chmod +x check-digest.tmp
+ $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp && \
+ $(chmod) +x check-digest.tmp && \
mv check-digest.tmp check-digest
check-referral: check-referral.in Makefile
- $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
- chmod +x check-referral.tmp
+ $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp && \
+ $(chmod) +x check-referral.tmp && \
mv check-referral.tmp check-referral
check-kpasswdd: check-kpasswdd.in Makefile
- $(do_subst) < $(srcdir)/check-kpasswdd.in > check-kpasswdd.tmp
- chmod +x check-kpasswdd.tmp
+ $(do_subst) < $(srcdir)/check-kpasswdd.in > check-kpasswdd.tmp && \
+ $(chmod) +x check-kpasswdd.tmp && \
mv check-kpasswdd.tmp check-kpasswdd
+kdc-tester4.json: kdc-tester4.json.in Makefile
+ $(do_subst) < $(srcdir)/kdc-tester4.json.in > kdc-tester4.json.tmp && \
+ mv kdc-tester4.json.tmp kdc-tester4.json
+
krb5.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],false,g' \
-e 's,[@]dk[@],,g' \
- -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp && \
mv krb5.conf.tmp krb5.conf
+krb5-authz.conf: krb5-authz.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5-authz.conf.in > krb5-authz.conf.tmp && \
+ mv krb5-authz.conf.tmp krb5-authz.conf
+
+krb5-authz2.conf: krb5-authz2.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5-authz2.conf.in > krb5-authz2.conf.tmp && \
+ mv krb5-authz2.conf.tmp krb5-authz2.conf
+
+krb5-canon.conf: krb5-canon.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-canon.conf.in > krb5-canon.conf.tmp && \
+ mv krb5-canon.conf.tmp krb5-canon.conf
+
+krb5-canon2.conf: krb5-canon2.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-canon2.conf.in > krb5-canon2.conf.tmp && \
+ mv krb5-canon2.conf.tmp krb5-canon2.conf
+
+krb5-hdb-mitdb.conf: krb5-hdb-mitdb.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],false,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5-hdb-mitdb.conf.in > krb5-hdb-mitdb.conf.tmp && \
+ mv krb5-hdb-mitdb.conf.tmp krb5-hdb-mitdb.conf
+
krb5-weak.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],true,g' \
-e 's,[@]dk[@],default_keys = aes256-cts-hmac-sha1-96:pw-salt arcfour-hmac-md5:pw-salt des3-cbc-sha1:pw-salt des:pw-salt,g' \
- -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5-weak.conf.tmp
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5-weak.conf.tmp && \
mv krb5-weak.conf.tmp krb5-weak.conf
krb5-slave.conf: krb5.conf.in Makefile
$(do_subst) \
-e 's,[@]WEAK[@],true,g' \
-e 's,[@]dk[@],,g' \
- -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
+ -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp && \
mv krb5-slave.conf.tmp krb5-slave.conf
+krb5-slave2.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]WEAK[@],true,g' \
+ -e 's,[@]dk[@],,g' \
+ -e 's,[@]kdc[@],.slave2,g' < $(srcdir)/krb5.conf.in > krb5-slave2.conf.tmp && \
+ mv krb5-slave2.conf.tmp krb5-slave2.conf
+
krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
- $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
+ $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp && \
mv krb5-pkinit.conf.tmp krb5-pkinit.conf
krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
- $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
+ $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp && \
mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/tests/kdc/an2ln-db.txt b/tests/kdc/an2ln-db.txt
new file mode 100644
index 000000000000..39e1a50182eb
--- /dev/null
+++ b/tests/kdc/an2ln-db.txt
@@ -0,0 +1,143 @@
+0575ee035f72dfb1 junk
+074897aaa3c4eace junk
+0c0015d1cb0edf2e junk
+15c02bb64902a207 junk
+1730cb4567c1bfce junk
+17c6e78171587710 junk
+21bef891f06af28e junk
+2358b67cdd649987 junk
+2b334ee5d32eb55b junk
+2f4cd4424e58822d junk
+4758f671c662b7e2 junk
+4bf0af25dd5211bd junk
+4d7f715b271ddb10 junk
+4f701fa5a4055c00 junk
+4f7634440d7bef3a junk
+5593a6bc03a68a3d junk
+5652948873ae4a9b junk
+5ababa9c833ce592 junk
+5c2fb83355b59cf1 junk
+5cf29f522abbcbe1 junk
+5d184a0f45bdaf61 junk
+70a01e2a09ba4b40 junk
+75bdfdb4c9c9b26b junk
+787aa58456e66463 junk
+788fa38b04026ca9 junk
+79ad9f69fb354592 junk
+7a686ba61c736eb1 junk
+807644c5c50f29d5 junk
+826de82aa81c3f8a junk
+85316d269114d787 junk
+86b7d20af35cffba junk
+895ca88e162d398f junk
+9008213d189aac2b junk
+98a51d5c9a172691 junk
+9af7d4a596944dcf junk
+a094067ad439189c junk
+a86904ae8f55df9e junk
+aa3ae6e252f65711 junk
+b19ffc6336a23be3 junk
+b4e37e4d23c4d7be junk
+b5c8b14d1e8ae7cb junk
+b9365f7ec3b0d52c junk
+bar/mapped1@TEST2.H5L.SE foobar
+bar/mapped2@TEST2.H5L.SE foobaz
+c118fb30610b8011 junk
+c19ffa62f50ad8f7 junk
+c9fce89738e25054 junk
+cb4555bb49891436 junk
+ccfb9930466fe627 junk
+cd2e8bc1fd014a86 junk
+d0d8dfeddf1b1eaa junk
+d22ff9ea01dfe15f junk
+d2bce251fcf6d5a3 junk
+d377b118646db95d junk
+d42fd3b12935a24a junk
+d948845a3b0068ac junk
+dbb143ecf6019b50 junk
+dbe41b5888e50c9c junk
+dd7a0a53ed569e21 junk
+dd82f76178ff0315 junk
+e1d62414205aa5a1 junk
+e3156ded04399027 junk
+e6bccd04c18fbd2e junk
+e9cb04e892e8f072 junk
+ebb5773344e4ade4 junk
+ef08d2dc9fef4f05 junk
+f59975170a04e071 junk
+f75338796ea735f0 junk
+f8cd2e85efa891af junk
+fd6e5e417b8296a7 junk
+foo/mapped1@TEST2.H5L.SE foo_mapped
+mapped1@TEST2.H5L.SE m1
+mapped1@TEST3.H5L.SE mapped1
+mapped2@TEST2.H5L.SE m2
+mapped2@TEST3.H5L.SE mapped2
+z008213d189aac2b junk
+z07644c5c50f29d5 junk
+z094067ad439189c junk
+z0a01e2a09ba4b40 junk
+z0d8dfeddf1b1eaa junk
+z118fb30610b8011 junk
+z19ffa62f50ad8f7 junk
+z19ffc6336a23be3 junk
+z1bef891f06af28e junk
+z1d62414205aa5a1 junk
+z22ff9ea01dfe15f junk
+z26de82aa81c3f8a junk
+z2bce251fcf6d5a3 junk
+z3156ded04399027 junk
+z358b67cdd649987 junk
+z377b118646db95d junk
+z42fd3b12935a24a junk
+z4e37e4d23c4d7be junk
+z5316d269114d787 junk
+z575ee035f72dfb1 junk
+z593a6bc03a68a3d junk
+z59975170a04e071 junk
+z5bdfdb4c9c9b26b junk
+z5c02bb64902a207 junk
+z5c8b14d1e8ae7cb junk
+z652948873ae4a9b junk
+z6b7d20af35cffba junk
+z6bccd04c18fbd2e junk
+z730cb4567c1bfce junk
+z74897aaa3c4eace junk
+z75338796ea735f0 junk
+z758f671c662b7e2 junk
+z7c6e78171587710 junk
+z86904ae8f55df9e junk
+z87aa58456e66463 junk
+z88fa38b04026ca9 junk
+z8a51d5c9a172691 junk
+z8cd2e85efa891af junk
+z9365f7ec3b0d52c junk
+z948845a3b0068ac junk
+z95ca88e162d398f junk
+z9ad9f69fb354592 junk
+z9cb04e892e8f072 junk
+z9fce89738e25054 junk
+za3ae6e252f65711 junk
+za686ba61c736eb1 junk
+zababa9c833ce592 junk
+zaf7d4a596944dcf junk
+zb334ee5d32eb55b junk
+zb4555bb49891436 junk
+zbb143ecf6019b50 junk
+zbb5773344e4ade4 junk
+zbe41b5888e50c9c junk
+zbf0af25dd5211bd junk
+zc0015d1cb0edf2e junk
+zc2fb83355b59cf1 junk
+zcf29f522abbcbe1 junk
+zcfb9930466fe627 junk
+zd184a0f45bdaf61 junk
+zd2e8bc1fd014a86 junk
+zd6e5e417b8296a7 junk
+zd7a0a53ed569e21 junk
+zd7f715b271ddb10 junk
+zd82f76178ff0315 junk
+zf08d2dc9fef4f05 junk
+zf4cd4424e58822d junk
+zf701fa5a4055c00 junk
+zf7634440d7bef3a junk
diff --git a/tests/kdc/check-authz.in b/tests/kdc/check-authz.in
new file mode 100644
index 000000000000..9acd7f05d6b7
--- /dev/null
+++ b/tests/kdc/check-authz.in
@@ -0,0 +1,153 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+top_builddir="@top_builddir@"
+env_setup="@env_setup@"
+objdir="."
+
+. ${env_setup}
+
+srcdir="${top_srcdir}/tests/kdc"
+test_alname="${test_alname} --simple"
+
+rm -f localname
+
+check_localname() {
+ stderr=
+ if test "$2" -ne 0; then
+ stderr="2>/dev/null"
+ fi
+ eval ${test_alname} "'$1'" > localname $stderr
+ status=$?
+ if test $status -ne "$2"; then
+ echo "Unexpected exit code from test_alname $1: $status"
+ exit 1
+ fi
+ if test $status -ne 0; then
+ return 0
+ fi
+ read lname < localname
+ if test "X$lname" != "X$3"; then
+ echo "Unexpected mapping of $1: $lname"
+ exit 1
+ fi
+ return 0
+}
+
+R=TEST.H5L.SE
+R2=TEST2.H5L.SE
+R3=TEST3.H5L.SE
+R4=TEST4.H5L.SE
+
+KRB5_CONFIG="${objdir}/krb5-authz.conf"
+export KRB5_CONFIG
+
+echo "Checking 1-component principal names in default realms"
+check_localname mapped1@${R} 0 foo || exit 1
+check_localname mapped2@${R} 0 bar || exit 1
+check_localname mapped1@${R2} 0 m1 || exit 1
+check_localname mapped2@${R2} 0 m2 || exit 1
+check_localname mapped1@${R3} 0 mapped1 || exit 1
+check_localname mapped2@${R3} 0 mapped2 || exit 1
+check_localname notmapped1@${R} 0 notmapped1 || exit 1
+check_localname notmapped1@${R2} 0 notmapped1 || exit 1
+check_localname notmapped1@${R3} 0 notmapped1 || exit 1
+
+echo "Checking 1-component principal names in non-default realm"
+check_localname mapped1@${R4} 1 || exit 1
+check_localname notmapped1@${R4} 1 || exit 1
+
+echo "Checking 2-component principal names"
+check_localname foo/mapped1@${R} 0 foo || exit 1
+check_localname foo/mapped2@${R} 0 bar || exit 1
+check_localname bar/mapped1@${R2} 0 foobar || exit 1
+check_localname bar/mapped2@${R2} 0 foobaz || exit 1
+check_localname foo/mapped1@${R3} 1 || exit 1
+check_localname bar/mapped1@${R3} 1 || exit 1
+check_localname foo/notmapped1@${R} 1 || exit 1
+check_localname bar/notmapped1@${R2} 1 || exit 1
+
+echo "Checking 2-component principal names in non-default realm"
+check_localname foo/mapped1@${R4} 1 || exit 1
+check_localname bar/mapped1@${R4} 1 || exit 1
+check_localname foo/notmapped1@${R4} 1 || exit 1
+check_localname bar/notmapped1@${R4} 1 || exit 1
+
+echo "Checking for overflow"
+test_alname="${test_alname} --simple --lname-size=1"
+check_localname mapped1@${R} 3 || exit 1
+check_localname mapped2@${R} 3 || exit 1
+check_localname mapped1@${R2} 3 || exit 1
+check_localname mapped2@${R2} 3 || exit 1
+check_localname mapped1@${R3} 3 || exit 1
+check_localname mapped2@${R3} 3 || exit 1
+
+echo "Checking krb5_kuserok()"
+${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1
+${test_kuserok} mapped1@${R} foo > /dev/null || exit 1
+${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1
+${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1
+${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1
+
+# If the user running this test has a ~/.k5login or .k5logind, test
+# based on their content
+if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -s "${HOME}/.k5login"; then
+ echo "Checking ~/.k5login"
+ while read princ; do
+ ${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1
+ done < "${HOME}/.k5login" || exit 1
+fi
+if test -n "${HOME}" -a -n "${USER:-${LOGNAME}}" -a -d "${HOME}/.k5login.d"; then
+ echo "Checking ~/.k5login.d"
+ ls -f "${HOME}/.k5login.d" | egrep -v '^(\.|\.\.|#.*|.*~|\.*.sw.)$' | while read f; do
+ f="${HOME}/.k5login.d/$f"
+ test -d "${f}" && continue
+ while read princ; do
+ ${test_kuserok} "${princ}" "${USER:-${LOGNAME}}" > /dev/null || exit 1
+ done < "${f}" || exit 1
+ done || exit 1
+fi
+
+KRB5_CONFIG="${objdir}/krb5-authz2.conf"
+export KRB5_CONFIG
+
+echo "Checking krb5_kuserok() (with authoritative k5login files)"
+${test_kuserok} random-princ@RANDOM-REALM foo > /dev/null || exit 1
+${test_kuserok} mapped1@${R} foo > /dev/null && exit 1
+${test_kuserok} mapped1@${R2} m1 > /dev/null || exit 1
+${test_kuserok} notmapped1@${R3} notmapped1 > /dev/null || exit 1
+${test_kuserok} this-better-not-exist@NOR-THIS foo > /dev/null && exit 1
+
+rm -f messages.log
+
+exit 0
diff --git a/tests/kdc/check-canon.in b/tests/kdc/check-canon.in
new file mode 100644
index 000000000000..ef5d8275eda9
--- /dev/null
+++ b/tests/kdc/check-canon.in
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Copyright (c) 2011, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+env_setup="@env_setup@"
+objdir="@objdir@"
+
+. ${env_setup}
+
+# If there is no useful db support compile in, disable test
+# (krb5_kt_get_entry() is tested in another test)
+${have_db} || exit 77
+
+R1=TEST.H5L.SE
+R2=TEST2.H5L.SE
+R3=TEST3.H5L.SE
+
+port=@port@
+
+kadmin="${kadmin} -l -r ${R1}"
+kdc="${kdc} --addresses=localhost -P $port"
+
+cache="FILE:${objdir}/cache.krb5"
+
+kinit="${kinit} -c $cache ${afs_no_afslog}"
+klist="${klist} -c $cache"
+kgetcred="${kgetcred} -c $cache"
+kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+KRB5_CONFIG="${objdir}/krb5-canon.conf"
+export KRB5_CONFIG
+
+testfailed="echo test failed; ${klist}; exit 1"
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo "Creating database"
+initflags="init --realm-max-ticket-life=1day --realm-max-renewable-life=1month"
+
+${kadmin} ${initflags} ${R1} || exit 1
+${kadmin} ${initflags} ${R2} || exit 1
+${kadmin} ${initflags} ${R3} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R1} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R1}@${R2} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R1} || exit 1
+${kadmin} add -p cross3 --use-defaults krbtgt/${R3}@${R1} || exit 1
+${kadmin} add -p cross4 --use-defaults krbtgt/${R1}@${R3} || exit 1
+${kadmin} add -p cross5 --use-defaults krbtgt/${R3}@${R2} || exit 1
+${kadmin} add -p cross6 --use-defaults krbtgt/${R2}@${R3} || exit 1
+
+${kadmin} add -p foo --use-defaults host/t1@${R1} || exit 1
+${kadmin} add -p foo --use-defaults host/t2@${R2} || exit 1
+${kadmin} add -p foo --use-defaults host/t3@${R3} || exit 1
+${kadmin} add -p foo --use-defaults host/t11.test1.h5l.se@${R1} || exit 1
+${kadmin} add -p foo --use-defaults host/t12.test1.h5l.se@${R2} || exit 1
+${kadmin} add -p foo --use-defaults host/t22.test2.h5l.se@${R2} || exit 1
+${kadmin} add -p foo --use-defaults host/t23.test2.h5l.se@${R3} || exit 1
+${kadmin} add -p foo --use-defaults host/t33.test3.h5l.se@${R3} || exit 1
+
+
+echo "Doing database check"
+${kadmin} check ${R1} || exit 1
+${kadmin} check ${R2} || exit 1
+${kadmin} check ${R3} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo "Starting kdc" ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
+
+trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Getting client initial tickets";
+${kinit} --password-file=${objdir}/foopassword foo@${R1} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "get service tickets (success)"
+for host in t1 t2 t3 t11 t12 t22 t33 ; do
+ echo " $host"
+ ${kgetcred} --name-type=SRV_HST host $host || { ec=1 ; eval "${testfailed}"; }
+done
+echo "get service tickets (failure)"
+for host in t23 ; do
+ echo " $host"
+ ${kgetcred} --name-type=SRV_HST host $host 2>/dev/null && { ec=1 ; eval "${testfailed}"; }
+done
+
+echo "check result"
+${klist} | grep 'host/t1@$' > /dev/null ||
+ { ec=1 ; echo "t1 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t1@${R1}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t1 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t2@$' > /dev/null ||
+ { ec=1 ; echo "t2 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t2@${R2}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t2 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t3@$' > /dev/null ||
+ { ec=1 ; echo "t3 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t3@${R3}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t3 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t11@$' > /dev/null ||
+ { ec=1 ; echo "t11 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t11.test1.h5l.se@${R1}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t11 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t12@$' > /dev/null ||
+ { ec=1 ; echo "t12 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t12.test1.h5l.se@${R2}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t12 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t22@$' > /dev/null ||
+ { ec=1 ; echo "t22 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t22.test2.h5l.se@${R2}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t22 entry not present"; eval "${testfailed}"; }
+${klist} | grep 'host/t33@$' > /dev/null ||
+ { ec=1 ; echo "t33 referral entry not present"; eval "${testfailed}"; }
+${klist} | grep "host/t33.test3.h5l.se@${R3}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t33 entry not present"; eval "${testfailed}"; }
+
+
+${kdestroy}
+
+if false; then
+
+ # This may not be portable. It'd be nice to be able to set more of the
+ # resolver configuration via the environment!
+ LOCALDOMAIN=test1.h5l.se
+ export LOCALDOMAIN
+ KRB5_CONFIG="${objdir}/krb5-canon2.conf"
+ export KRB5_CONFIG
+
+ echo "Getting client initial tickets (round 2)";
+ ${kinit} --password-file=${objdir}/foopassword foo@${R1} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+ echo "get service tickets (success)"
+ for host in t1 t2 t3 t11 ; do
+ echo " $host"
+ ${kgetcred} --name-type=SRV_HST host $host || { ec=1 ; eval "${testfailed}"; }
+ done
+ echo "get service tickets (failure)"
+ for host in t12 t22 t23 t33 ; do
+ echo " $host"
+ ${kgetcred} --name-type=SRV_HST host $host 2> /dev/null &&
+ { ec=1 ; eval "${testfailed}"; }
+ done
+
+ echo "check result"
+ ${klist} | grep 'host/t1@$' > /dev/null ||
+ { ec=1 ; echo "t1 referral entry not present"; eval "${testfailed}"; }
+ ${klist} | grep "host/t1@${R1}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t1 entry not present"; eval "${testfailed}"; }
+ ${klist} | grep 'host/t2@$' > /dev/null ||
+ { ec=1 ; echo "t2 referral entry not present"; eval "${testfailed}"; }
+ ${klist} | grep "host/t2@${R2}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t2 entry not present"; eval "${testfailed}"; }
+ ${klist} | grep 'host/t3@$' > /dev/null ||
+ { ec=1 ; echo "t3 referral entry not present"; eval "${testfailed}"; }
+ ${klist} | grep "host/t3@${R3}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t3 entry not present"; eval "${testfailed}"; }
+ ${klist} | grep 'host/t11@$' > /dev/null ||
+ { ec=1 ; echo "t11 referral entry not present"; eval "${testfailed}"; }
+ ${klist} | grep "host/t11.test1.h5l.se@${R1}" > /dev/null ||
+ { ec=1 ; echo "canonicalized t11 entry not present"; eval "${testfailed}"; }
+
+
+ ${kdestroy}
+fi
+
+
+echo "killing kdc (${kdcpid})"
+sh ${leaks_kill} kdc $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in
index aef5e160737a..6e02589471df 100644
--- a/tests/kdc/check-cc.in
+++ b/tests/kdc/check-cc.in
@@ -87,15 +87,9 @@ ${kadmin} check ${R} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
diff --git a/tests/kdc/check-delegation.in b/tests/kdc/check-delegation.in
index b5acb1ee8e5b..5fa19adba9a2 100644
--- a/tests/kdc/check-delegation.in
+++ b/tests/kdc/check-delegation.in
@@ -101,15 +101,9 @@ ${kadmin} check ${R4} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
diff --git a/tests/kdc/check-des.in b/tests/kdc/check-des.in
index 77a39b19a7bc..301baa6edf7d 100644
--- a/tests/kdc/check-des.in
+++ b/tests/kdc/check-des.in
@@ -95,15 +95,9 @@ ${kadmin} check ${R} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
diff --git a/tests/kdc/check-digest.in b/tests/kdc/check-digest.in
index 4ce5a7e17001..d31ba323ca8c 100644
--- a/tests/kdc/check-digest.in
+++ b/tests/kdc/check-digest.in
@@ -93,15 +93,10 @@ ${kadmin} check ${R} || exit 1
echo $password > ${objdir}/foopassword
-echo "Starting kdc"
-env ${HEIM_MALLOC_DEBUG} ${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo "Starting kdc" ; > messages.log
+env ${HEIM_MALLOC_DEBUG} ${kdc} --detach --testing ||
+ { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
diff --git a/tests/kdc/check-fast.in b/tests/kdc/check-fast.in
new file mode 100644
index 000000000000..96c00c31921f
--- /dev/null
+++ b/tests/kdc/check-fast.in
@@ -0,0 +1,183 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2011 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+top_builddir="@top_builddir@"
+env_setup="@env_setup@"
+objdir="@objdir@"
+
+. ${env_setup}
+
+KRB5_CONFIG="${1-${objdir}/krb5.conf}"
+export KRB5_CONFIG
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+${have_db} || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${kadmin} -l -r $R"
+kdc="${kdc} --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+cache="FILE:${objdir}/cache.krb5"
+acache="FILE:${objdir}/acache.krb5"
+
+kinit="${kinit} -c $cache ${afs_no_afslog}"
+akinit="${kinit} -c $acache ${afs_no_afslog}"
+klist="${klist} -c $cache"
+aklist="${klist} -c $acache"
+kgetcred="${kgetcred} -c $cache"
+kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo foo > ${objdir}/foopassword
+echo bar > ${objdir}/barpassword
+
+echo Starting kdc ; > messages.log
+env MallocStackLogging=1 MallocStackLoggingNoCompact=1 MallocErrorAbort=1 MallocLogFile=${objdir}/malloc-log \
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
+
+trap "kill -9 ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
+
+ec=0
+
+#
+# Check armor ticket
+#
+
+echo "Getting client initial tickets"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Checking for FAST avail"
+${klist} --hidden | grep fast_avail > /dev/null || { exit 1; }
+echo "Getting tickets"; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Listing tickets"; > messages.log
+${klist} > /dev/null || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Acquire host ticket to be used as an ARMOR ticket"; > messages.log
+${akinit} --password-file=${objdir}/foopassword ${server}@${R} >/dev/null|| { exit 1; }
+echo "Checking for FAST avail (in the FAST armor cache)"; > messages.log
+${aklist} --hidden | grep fast_avail > /dev/null || { exit 1; }
+
+#
+# Client tests
+#
+
+echo "Getting client initial tickets with FAST armor ticket"; > messages.log
+${kinit} --fast-armor-cache=${acache} \
+ --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting client initial tickets with FAST armor ticket [failure]"; > messages.log
+${kinit} --fast-armor-cache=${acache} \
+ --password-file=${objdir}/barpassword foo@$R 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Checking for FAST avail (in the FAST acquired cache)"; > messages.log
+${klist} --hidden | grep fast_avail > /dev/null || { exit 1; }
+
+echo "Getting service ticket"
+${kgetcred} ${server}@${R} || { exit 1; }
+${kdestroy}
+
+#
+# Use MIT client tools
+#
+
+mit=/usr/local/mitkerberos/bin
+
+if [ -f ${mit}/kinit ] ; then
+ echo "Running MIT FAST tests"
+
+ kinitpty=${objdir}/foopassword.rkpty
+cat > ${kinitpty} <<EOF
+expect Password
+password foo\n
+EOF
+
+ echo "Acquire host ticket"; > messages.log
+ ${rkpty} ${kinitpty} ${mit}/kinit -c ${acache} ${server}@${R} >/dev/null|| { exit 1; }
+ (${aklist} | grep ${server} > /dev/null ) || { exit 1; }
+
+ echo "Checking for FAST avail"; > messages.log
+ ${aklist} --hidden | grep fast_avail > /dev/null || { exit 1; }
+
+ echo "Using plain to get a initial ticket"; > messages.log
+ ${rkpty} ${kinitpty} ${mit}/kinit -c ${cache} foo@${R} >/dev/null|| { exit 1; }
+ (${klist} | grep foo > /dev/null ) || { exit 1; }
+
+ echo "Using FAST to get a initial ticket"; > messages.log
+ ${rkpty} ${kinitpty} ${mit}/kinit -c ${cache} -T ${acache} foo@${R} >/dev/null || { exit 1; }
+ (${klist} | grep foo > /dev/null ) || { exit 1; }
+
+ echo "Checking for FAST avail"; > messages.log
+ ${klist} --hidden | grep fast_avail > /dev/null || { exit 1; }
+
+ echo "Getting service ticket"; > messages.log
+ ${mit}/kvno -c ${cache} ${server}@${R} || { exit 1; }
+
+fi
+
+
+echo "killing kdc (${kdcpid})"
+sh ${leaks_kill} kdc $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
diff --git a/tests/kdc/check-hdb-mitdb.in b/tests/kdc/check-hdb-mitdb.in
new file mode 100644
index 000000000000..13559d9c9eaa
--- /dev/null
+++ b/tests/kdc/check-hdb-mitdb.in
@@ -0,0 +1,111 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+top_builddir="@top_builddir@"
+env_setup="@env_setup@"
+objdir="@objdir@"
+
+. ${env_setup}
+
+KRB5_CONFIG="${1-${objdir}/krb5-hdb-mitdb.conf}"
+export KRB5_CONFIG
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no ldap support compile in, disable test
+if ${kdc} --builtin-hdb | grep mit-db > /dev/null ; then
+ :
+else
+ echo "no MIT KDB support"
+ exit 77
+fi
+
+# If there is no useful db support compile in, disable test
+${have_db} || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${kadmin} -l -r $R --config-file=${KRB5_CONFIG}"
+kdc="${kdc} --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+cache="FILE:${objdir}/cache.krb5"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+
+kinit="${kinit} -c $cache ${afs_no_afslog}"
+klist="${klist} -c $cache"
+kgetcred="${kgetcred} -c $cache"
+kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Database should exist
+
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc ; > messages.log
+env MallocStackLogging=1 MallocStackLoggingNoCompact=1 MallocErrorAbort=1 MallocLogFile=${objdir}/malloc-log \
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
+
+trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Getting client initial tickets"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Getting tickets"; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Listing tickets"; > messages.log
+${klist} > /dev/null || { ec=1 ; eval "${testfailed}"; }
+${test_ap_req} ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "killing kdc (${kdcpid})"
+sh ${leaks_kill} kdc $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
diff --git a/tests/kdc/check-iprop.in b/tests/kdc/check-iprop.in
index ba9aff14e752..ebdbaf1a459e 100644
--- a/tests/kdc/check-iprop.in
+++ b/tests/kdc/check-iprop.in
@@ -35,6 +35,8 @@ top_builddir="@top_builddir@"
env_setup="@env_setup@"
objdir="@objdir@"
+db_type=@db_type@
+
. ${env_setup}
# If there is no useful db support compile in, disable test
@@ -56,6 +58,74 @@ kdc="${kdc} --addresses=localhost -P $port"
kadmin="${kadmin} -r $R"
kinit="${kinit} -c $cache ${afs_no_afslog}"
+slave_ver_from_master_old=
+slave_ver_from_master_new=
+slave_ver_old=
+slave_ver_new=
+get_iprop_ver () {
+ min_change=${1:-1}
+ slave_ver_from_master_new=`grep '^iprop/' iprop-stats | head -1 | awk '{print $3}'`
+ slave_ver_new=`grep 'up-to-date with version:' iprop-slave-status | awk '{print $4}'`
+ if [ -z "$slave_ver_from_master_new" -o -z "$slave_ver_new" ]; then
+ return 1
+ fi
+ if [ x"$slave_ver_from_master_new" != x"$slave_ver_new" ]; then
+ return 1
+ fi
+ if [ x"$slave_ver_from_master_old" != x ]; then
+ change=`expr "$slave_ver_from_master_new" - "$slave_ver_from_master_old"`
+ if [ "$change" -lt "$min_change" ]; then
+ return 1
+ fi
+ fi
+ slave_ver_from_master_old=$slave_ver_from_master_new
+ slave_ver_old=$slave_ver_new
+ return 0
+}
+
+waitsec=65
+sleeptime=2
+wait_for () {
+ msg=$1
+ shift
+ t=0
+ while ! "$@"; do
+ sleep $sleeptime;
+ t=`expr $t + $sleeptime`
+ if [ $t -gt $waitsec ]; then
+ echo "Waited too long for $msg"
+ exit 1
+ fi
+ done
+ return 0
+}
+
+check_pidfile_is_dead () {
+ if test ! -f lt-${1}.pid -a ! -f ${1}.pid; then
+ return 0
+ fi
+ _pid=`cat lt-${1}.pid ${1}.pid 2>/dev/null`
+ if [ -z "$_pid" ]; then
+ return 0
+ fi
+ if kill -0 $_pid 2>/dev/null; then
+ return 1
+ fi
+ return 0
+}
+
+wait_for_slave () {
+ wait_for "iprop versions to change and/or slave to catch up" get_iprop_ver "$@"
+}
+
+wait_for_master_down () {
+ wait_for "master to exit" check_pidfile_is_dead ipropd-master
+}
+
+wait_for_slave_down () {
+ wait_for "slave to exit" check_pidfile_is_dead ipropd-slave
+}
+
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
@@ -84,48 +154,120 @@ ${kadmin} -l ext -k ${keytab} iprop/slave.test.h5l.se@${R} || exit 1
echo foo > ${objdir}/foopassword
+echo "Test log recovery"
+${kadmin} -l add --random-key --use-defaults recovtest@${R} || exit 1
+# Test theory: save the log, make a change and save the record it
+# produced, restore the log, append to it the saved record, then get
+
+# Save the log
+cp current.log current.log.tmp
+ls -l current.log.tmp | awk '{print $5}' > tmp
+read sz < tmp
+# Make a change
+${kadmin} -l mod -a requires-pre-auth recovtest@${R} || exit 1
+${kadmin} -l get recovtest@${R} | grep 'Attributes: requires-pre-auth$' > /dev/null || exit 1
+# Save the resulting log record
+ls -l current.log | awk '{print $5}' > tmp
+read nsz < tmp
+rm tmp
+dd bs=1 if=current.log skip=$sz of=current.log.tmp.saved-record count=`expr $nsz - $sz` 2>/dev/null
+# Undo the change
+${kadmin} -l mod -a -requires-pre-auth recovtest@${R} || exit 1
+${kadmin} -l get recovtest@${R} | grep 'Attributes:.$' > /dev/null || exit 1
+# Restore the log
+cp current.log current.log.save
+mv current.log.tmp current.log
+# Append the saved record
+cat current.log.tmp.saved-record >> current.log
+rm current.log.tmp.saved-record
+# Check that we still see the principal as modified
+${kadmin} -l get recovtest@${R} | grep 'Attributes: requires-pre-auth$' > /dev/null || exit 1
+
# -- foo
ipds=
ipdm=
kdcpid=
> iprop-stats
-trap "echo 'killing ipropd s + m + kdc'; kill -9 \${ipdm} \${ipds} \${kdcpid} >/dev/null 2>/dev/null; tail messages.log ; tail iprop-stats; exit 1;" EXIT
+rm -f iprop-slave-status
-echo Starting kdc
-${kdc} &
-kdcpid=$!
+ipropd_slave="${ipropd_slave} --status-file=iprop-slave-status"
-sh ${wait_kdc} || exit 1
+trap "echo 'killing ipropd s + m + kdc'; kill -9 \${ipdm} \${ipds} \${kdcpid} >/dev/null 2>/dev/null; tail messages.log ; tail iprop-stats; exit 1;" EXIT
+
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
-echo "starting master"
+echo "starting master" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
${ipropd_master} --hostname=localhost -k ${keytab} \
- --database=${objdir}/current-db &
-ipdm=$!
-sh ${wait_kdc} ipropd-master || exit 1
+ --database=${objdir}/current-db --detach ||
+ { echo "ipropd-master failed to start"; exit 1; }
+ipdm=`getpid ipropd-master`
-echo "starting slave"
+echo "starting slave" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} localhost &
-ipds=$!
-sh ${wait_kdc} ipropd-slave || exit 1
+${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} --detach localhost ||
+ { echo "ipropd-slave failed to start"; exit 1; }
+ipds=`getpid ipropd-slave`
+sh ${wait_kdc} ipropd-slave messages.log 'slave status change: up-to-date' || exit 1
+get_iprop_ver || exit 1
echo "checking slave is up"
${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+${EGREP} 'up-to-date with version' iprop-slave-status >/dev/null || { echo "slave to up to date" ; cat iprop-slave-status ; exit 1; }
# ----------------- checking: pushing lives changes
+slave_get() { KRB5_CONFIG="${objdir}/krb5-slave.conf" ${kadmin} -l get "$@"; }
+slave_check_exists() {
+ # Creation with a random key is not atomic, there are at present
+ # 3 log entries to create a random key principal, the entry is
+ # "invalid" for the first two of these. We wait for the entry to
+ # exist and not be invalid
+ #
+ attrs=`slave_get -o attributes "$@" 2>/dev/null` || return 1
+ echo $attrs | egrep 'Attributes:' | egrep -v invalid >/dev/null || return 1
+ get_iprop_ver 0
+}
+
echo "Add host"
${kadmin} -l add --random-key --use-defaults host/foo@${R} || exit 1
-sleep 2
+wait_for "Slave sees new host" slave_check_exists "host/foo@${R}"
+
+echo "Rollover host keys"
+${kadmin} -l cpw -r --keepold host/foo@${R} || exit 1
+${kadmin} -l cpw -r --keepold host/foo@${R} || exit 1
+${kadmin} -l cpw -r --keepold host/foo@${R} || exit 1
+wait_for_slave 3
+slave_get host/foo@${R} | \
+ ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
+' | sed 's/^.*[[]\(.*\)[]].*$/\1/' | grep '[0-9]' | sort -nu | tr -d '
+' | ${EGREP} 1234 > /dev/null || exit 1
+
+echo "Delete 3DES keys"
+${kadmin} -l del_enctype host/foo@${R} des3-cbc-sha1
+wait_for_slave
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/foo@${R} | \
+ ${EGREP} Keytypes: | cut -d: -f2 | tr ' ' '
+' | sed 's/^.*[[]\(.*\)[]].*$/\1/' | grep '[0-9]' | sort -nu | tr -d '
+' | ${EGREP} 1234 > /dev/null || exit 1
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${kadmin} -l get host/foo@${R} > /dev/null || exit 1
+${kadmin} -l get host/foo@${R} | \
+ ${EGREP} 'Keytypes:.*des3-cbc-sha1' > /dev/null && exit 1
+
+echo "Change policy host"
+${kadmin} -l modify --policy=default host/foo@${R} || exit 1
+wait_for_slave
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/foo@${R} > /dev/null 2>/dev/null || exit 1
echo "Rename host"
${kadmin} -l rename host/foo@${R} host/bar@${R} || exit 1
-sleep 2
+wait_for_slave
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
${kadmin} -l get host/foo@${R} > /dev/null 2>/dev/null && exit 1
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
@@ -133,19 +275,28 @@ ${kadmin} -l get host/bar@${R} > /dev/null || exit 1
echo "Delete host"
${kadmin} -l delete host/bar@${R} || exit 1
-sleep 2
+wait_for_slave
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
${kadmin} -l get host/bar@${R} > /dev/null 2>/dev/null && exit 1
-echo "kill slave"
+# See note below in LMDB sanity checking
+echo "Re-add host"
+${kadmin} -l add --random-key --use-defaults host/foo@${R} || exit 1
+${kadmin} -l add --random-key --use-defaults host/bar@${R} || exit 1
+wait_for "Slave sees re-added host" slave_check_exists "host/bar@${R}"
+
+echo "kill slave and remove log and database"
> iprop-stats
sh ${leaks_kill} ipropd-slave $ipds || exit 1
-sleep 2
+rm -f iprop-slave-status
+wait_for_slave_down
${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Down' iprop-stats >/dev/null || exit 1
# ----------------- checking: slave is missing changes while down
+rm current.slave.log current-db.slave* || exit 1
+
echo "doing changes while slave is down"
${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
@@ -155,53 +306,67 @@ cp ${objdir}/current.log ${objdir}/current.log.tmp
# ----------------- checking: checking that master and slaves resyncs
-echo "starting slave again"
+echo "starting slave again" ; > messages.log
> iprop-stats
-> messages.log
env ${HEIM_MALLOC_DEBUG} \
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} localhost &
-ipds=$!
-sh ${wait_kdc} ipropd-slave || exit 1
+${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} --detach localhost ||
+ { echo "ipropd-slave failed to start"; exit 1; }
+ipds=`getpid ipropd-slave`
echo "checking slave is up again"
-${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+wait_for "slave to start and connect to master" \
+ ${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null
+wait_for_slave 2
+${EGREP} 'up-to-date with version' iprop-slave-status >/dev/null || { echo "slave not up to date" ; cat iprop-slave-status ; exit 1; }
echo "checking for replay problems"
${EGREP} 'Entry already exists in database' messages.log && exit 1
+echo "compare versions on master and slave logs (no lock)"
+KRB5_CONFIG=${objdir}/krb5-slave.conf \
+${iprop_log} last-version -n > slave-last.tmp
+${iprop_log} last-version -n > master-last.tmp
+cmp master-last.tmp slave-last.tmp || exit 1
+
echo "kill slave and remove log and database"
sh ${leaks_kill} ipropd-slave $ipds || exit 1
-sleep 2
+wait_for_slave_down
rm current.slave.log current-db.slave* || exit 1
> iprop-stats
-> messages.log
+rm -f iprop-slave-status
+echo "starting slave" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} localhost &
-ipds=$!
-sh ${wait_kdc} ipropd-slave || exit 1
+${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} --detach localhost ||
+ { echo "ipropd-slave failed to start"; exit 1; }
+ipds=`getpid ipropd-slave`
+wait_for_slave 0
echo "checking slave is up again"
-${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+wait_for "slave to start and connect to master" \
+ ${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null
+${EGREP} 'up-to-date with version' iprop-slave-status >/dev/null || { echo "slave not up to date" ; cat iprop-slave-status ; exit 1; }
echo "checking for replay problems"
${EGREP} 'Entry already exists in database' messages.log && exit 1
# ----------------- checking: checking live truncation of master log
${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-sleep 2
+wait_for_slave
echo "live truncate on master log"
-${iprop_log} truncate || exit 1
-sleep 2
+${iprop_log} truncate -K 5 || exit 1
+wait_for_slave 0
echo "Killing master and slave"
sh ${leaks_kill} ipropd-master $ipdm || exit 1
sh ${leaks_kill} ipropd-slave $ipds || exit 1
-#sleep 2
-#${EGREP} "^master down at " iprop-stats > /dev/null || exit 1
+rm -f iprop-slave-status
+
+wait_for_slave_down
+wait_for_master_down
echo "compare versions on master and slave logs"
KRB5_CONFIG=${objdir}/krb5-slave.conf \
@@ -216,33 +381,39 @@ cmp master-last.tmp slave-last.tmp || exit 1
echo "Going back to old version of the master log file"
cp ${objdir}/current.log.tmp ${objdir}/current.log
-echo "starting master"
+echo "starting master" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
${ipropd_master} --hostname=localhost -k ${keytab} \
- --database=${objdir}/current-db &
-ipdm=$!
-sh ${wait_kdc} ipropd-master || exit 1
+ --database=${objdir}/current-db --detach ||
+ { echo "ipropd-master failed to start"; exit 1; }
+ipdm=`getpid ipropd-master`
-echo "starting slave"
+echo "starting slave" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} localhost &
-ipds=$!
-sh ${wait_kdc} ipropd-slave || exit 1
+${ipropd_slave} --hostname=slave.test.h5l.se -k ${keytab} --detach localhost ||
+ { echo "ipropd-slave failed to start"; exit 1; }
+ipds=`getpid ipropd-slave`
+wait_for_slave -1
echo "checking slave is up again"
-${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+wait_for "slave to start and connect to master" \
+ ${EGREP} 'iprop/slave.test.h5l.se@TEST.H5L.SE.*Up' iprop-stats >/dev/null
+${EGREP} 'up-to-date with version' iprop-slave-status >/dev/null || { echo "slave to up to date" ; cat iprop-slave-status ; exit 1; }
echo "checking for replay problems"
${EGREP} 'Entry already exists in database' messages.log && exit 1
echo "pushing one change"
${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-sleep 2
+wait_for_slave
echo "Killing master"
sh ${leaks_kill} ipropd-master $ipdm || exit 1
-sleep 4
+wait_for_master_down
+
+wait_for "slave to disconnect" \
+ ${EGREP} 'disconnected' iprop-slave-status >/dev/null
if ! tail -30 messages.log | grep 'disconnected for server' > /dev/null; then
echo "client didnt disconnect"
@@ -254,30 +425,30 @@ kill -0 ${ipds} || { echo "slave no longer there"; exit 1; }
> messages.log
-echo "Staring master again"
+echo "Staring master again" ; > messages.log
env ${HEIM_MALLOC_DEBUG} \
${ipropd_master} --hostname=localhost -k ${keytab} \
- --database=${objdir}/current-db &
-ipdm=$!
-sh ${wait_kdc} ipropd-master || exit 1
+ --database=${objdir}/current-db --detach ||
+ { echo "ipropd-master failed to start"; exit 1; }
+ipdm=`getpid ipropd-master`
echo "probing for slave pid"
kill -0 ${ipds} || { echo "slave no longer there"; exit 1; }
-sh ${wait_kdc} ipropd-slave messages.log "connection successful to master" || exit 1
-
-sh ${wait_kdc} ipropd-slave messages.log "ipropd-slave started at version" || exit 1
echo "pushing one change"
${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-sleep 2
+wait_for_slave
echo "shutting down all services"
+leaked=false
+sh ${leaks_kill} kdc $kdcpid || leaked=true
+sh ${leaks_kill} ipropd-master $ipdm || leaked=true
+sh ${leaks_kill} ipropd-slave $ipds || leaked=true
+rm -f iprop-slave-status
trap "" EXIT
-sh ${leaks_kill} kdc $kdcpid || exit 1
-sh ${leaks_kill} ipropd-master $ipdm || exit 1
-sh ${leaks_kill} ipropd-slave $ipds || exit 1
+$leaked && exit 1
echo "compare versions on master and slave logs"
KRB5_CONFIG=${objdir}/krb5-slave.conf \
@@ -285,4 +456,18 @@ ${iprop_log} last-version > slave-last.tmp
${iprop_log} last-version > master-last.tmp
cmp master-last.tmp slave-last.tmp || exit 1
-exit $ec
+if [ "$db_type" = lmdb ] && type mdb_stat > /dev/null 2>&1; then
+ # Sanity check that we have the same number of principals at the HDB
+ # and LMDB levels.
+ #
+ # We should also do this for the sqlite backend, but that would
+ # require a sqlite3(1) shell that is capable of opening our HDB
+ # files.
+ echo "checking that principals in DB == entries in LMDB"
+ # Add one to match lmdb overhead
+ princs=`(echo; ${kadmin} -l list '*') | wc -l`
+ entries=`mdb_stat -n current-db.mdb | grep 'Entries:' | awk '{print $2}'`
+ [ "$princs" -eq "$entries" ] || exit 1
+fi
+
+exit 0
diff --git a/tests/kdc/check-kadmin.in b/tests/kdc/check-kadmin.in
index fdd225cc8e53..d40d0ea8812e 100644
--- a/tests/kdc/check-kadmin.in
+++ b/tests/kdc/check-kadmin.in
@@ -82,25 +82,71 @@ ${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1
${kadmin} -l add -p foo --use-defaults baz@${R} || exit 1
${kadmin} -l add -p foo --use-defaults bez@${R} || exit 1
${kadmin} -l add -p foo --use-defaults fez@${R} || exit 1
+${kadmin} -l add -p foo --use-defaults hasalias@${R} || exit 1
${kadmin} -l add -p foo --use-defaults pkinit@${R} || exit 1
${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- kill -9 ${kadmpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid} ${kadmpid}" EXIT
#----------------------------------
+echo "kinit (no admin); test mod --alias authorization"
+${kinit} --password-file=${objdir}/foopassword \
+ -S kadmin/admin@${R} hasalias@${R} || exit 1
+
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+# Check that one non-permitted alias -> failure
+env KRB5CCNAME=${cache} \
+${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=badalias@${R} hasalias@${R} &&
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
+
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+# Check that all permitted aliases -> success
+env KRB5CCNAME=${cache} \
+${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} hasalias@${R} ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
+
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+# Check that we can drop aliases
+env KRB5CCNAME=${cache} \
+${kadmin} -p hasalias@${R} modify --alias=goodalias3@${R} hasalias@${R} ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
+${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp
+read junk aliases < kadmin.tmp
+rm kadmin.tmp
+[ "$aliases" != "goodalias3@${R}" ] && { echo "kadmind failed $?"; cat messages.log ; exit 1; }
+
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+env KRB5CCNAME=${cache} \
+${kadmin} -p hasalias@${R} modify --alias=goodalias1@${R} --alias=goodalias2@${R} --alias=goodalias3@${R} hasalias@${R} ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+wait $kadmpid || { echo "kadmind failed $?"; cat messages.log ; exit 1; }
+${kadmin} -l get hasalias@${R} | grep Aliases: > kadmin.tmp
+read junk aliases < kadmin.tmp
+rm kadmin.tmp
+[ "$aliases" != "goodalias1@${R} goodalias2@${R} goodalias3@${R}" ] && { echo "FOO failed $?"; cat messages.log ; exit 1; }
+
+#----------------------------------
${kadmind} -d &
kadmpid=$!
sleep 1
diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in
index 4f16158bc62c..f6e78ccaccac 100644
--- a/tests/kdc/check-kdc.in
+++ b/tests/kdc/check-kdc.in
@@ -46,13 +46,33 @@ testfailed="echo test failed; cat messages.log; exit 1"
${have_db} || exit 77
R=TEST.H5L.SE
+RH=TEST-HTTP.H5L.SE
R2=TEST2.H5L.SE
-R3=TEST-HTTP.H5L.SE
+R3=TEST3.H5L.SE
+R4=TEST4.H5L.SE
+R5=SOME-REALM5.FR
+R6=SOME-REALM6.US
+R7=SOME-REALM7.UK
+R8=SOME-REALM8.UK
+
+H1=H1.$R
+H2=H2.$R
+H3=H3.$H2
+H4=H4.$H2
+
+r=`echo "$R" | tr '[A-Z]' '[a-z]'`
+h1=`echo "${H1}" | tr '[A-Z]' '[a-z]'`
+h2=`echo "${H2}" | tr '[A-Z]' '[a-z]'`
+h3=`echo "${H3}" | tr '[A-Z]' '[a-z]'`
+h4=`echo "${H4}" | tr '[A-Z]' '[a-z]'`
port=@port@
+pwport=@pwport@
kadmin="${kadmin} -l -r $R"
+kadmin5="${kadmin} -l -r $R5"
kdc="${kdc} --addresses=localhost -P $port"
+kpasswdd="${kpasswdd} --addresses=localhost -p $pwport"
server=host/datan.test.h5l.se
server2=host/computer.example.com
@@ -77,6 +97,7 @@ kgetcred="${kgetcred} -c $cache"
kgetcred_imp="${kgetcred} -c $cache --out-cache=${ocache}"
kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
kimpersonate="${kimpersonate} -k ${keytab} --ccache=${ocache}"
+test_set_kvno0="${test_set_kvno0} -c $cache"
rm -f ${keytabfile}
rm -f current-db*
@@ -104,17 +125,98 @@ ${kadmin} \
--realm-max-renewable-life=1month \
${R3} || exit 1
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R4} || exit 1
+
+${kadmin5} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R5} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R6} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R7} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R8} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${H1} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${H2} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${H3} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${H4} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${RH} || exit 1
+
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p foo --use-defaults foo/host.${r}@${R} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R2} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R3} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R4} || exit 1
+${kadmin5} add -p foo --use-defaults foo@${R5} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R6} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R7} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R8} || exit 1
+${kadmin} add -p foo --use-defaults foo@${H1} || exit 1
+${kadmin} add -p foo --use-defaults foo/host.${h1}@${H1} || exit 1
+${kadmin} add -p foo --use-defaults foo@${H2} || exit 1
+${kadmin} add -p foo --use-defaults foo/host.${h2}@${H2} || exit 1
+${kadmin} add -p foo --use-defaults foo@${H3} || exit 1
+${kadmin} add -p foo --use-defaults foo/host.${h3}@${H3} || exit 1
+${kadmin} add -p foo --use-defaults foo@${H4} || exit 1
+${kadmin} add -p foo --use-defaults foo/host.${h4}@${H4} || exit 1
${kadmin} add -p bar --use-defaults bar@${R} || exit 1
${kadmin} add -p foo --use-defaults remove@${R} || exit 1
-${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
+${kadmin} add -p nop --use-defaults ${server}@${R} || exit 1
+${kadmin} cpw -p bla --keepold ${server}@${R} || exit 1
+${kadmin} cpw -p kaka --keepold ${server}@${R} || exit 1
${kadmin} add -p kaka --use-defaults ${server}-des3@${R} || exit 1
${kadmin} add -p kaka --use-defaults kt-des3@${R} || exit 1
+${kadmin} add -p kaka --use-defaults foo/des3-only@${R} || exit 1
+${kadmin} add -p kaka --use-defaults bar/des3-only@${R} || exit 1
+${kadmin} add -p kaka --use-defaults foo/aes-only@${R} || exit 1
${kadmin} add -p foo --use-defaults ${ps} || exit 1
${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
@@ -137,10 +239,49 @@ ${kadmin} modify --alias=${alias2}@${R} ${alias1}@${R}
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
+${kadmin} add -p cross1 --use-defaults krbtgt/${R3}@${R2} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R3} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R2} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R4} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R3} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R3}@${R4} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R5}@${R} || exit 1
+${kadmin5} add -p cross2 --use-defaults krbtgt/${R}@${R5} || exit 1
+
+${kadmin5} add -p cross1 --use-defaults krbtgt/${R6}@${R5} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R5}@${R6} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R7}@${R6} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R6}@${R7} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R8}@${R6} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R6}@${R8} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${H1}@${R} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${H1} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${H2}@${R} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${H2} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${H3}@${H2} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${H2}@${H3} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${H3}@${H4} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${H4}@${H3} || exit 1
+
${kadmin} add -p foo --use-defaults pw-expire@${R} || exit 1
${kadmin} modify --pw-expiration-time=+1day pw-expire@${R} || exit 1
-${kadmin} add -p foo --use-defaults foo@${R3} || exit 1
+${kadmin} add -p foo --use-defaults pw-expired@${R} || exit 1
+${kadmin} modify --pw-expiration-time=2012-06-12 pw-expired@${R} || exit 1
+
+${kadmin} add -p foo --use-defaults account-expired@${R} || exit 1
+${kadmin} modify --expiration-time=2012-06-12 account-expired@${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${RH} || exit 1
echo "Check parser"
${kadmin} add -p foo --use-defaults -- -p || exit 1
@@ -149,14 +290,29 @@ ${kadmin} delete -- -p || exit 1
echo "Doing database check"
${kadmin} check ${R} || exit 1
${kadmin} check ${R2} || exit 1
+${kadmin} check ${R3} || exit 1
+${kadmin} check ${R4} || exit 1
+${kadmin5} check ${R5} || exit 1
+${kadmin} check ${R6} || exit 1
+${kadmin} check ${R7} || exit 1
+${kadmin} check ${R8} || exit 1
+${kadmin} check ${H1} || exit 1
+${kadmin} check ${H2} || exit 1
+${kadmin} check ${H3} || exit 1
+${kadmin} check ${H4} || exit 1
echo "Extracting enctypes"
${ktutil} -k ${keytab} list > tempfile || exit 1
${EGREP} -v '^FILE:' tempfile | ${EGREP} -v '^Vno' | ${EGREP} -v '^$' | \
+ ${EGREP} -v "$server" | # we did cpw for this one
awk '$1 !~ /1/ { exit 1 }' || exit 1
+${EGREP} -v '^FILE:' tempfile | ${EGREP} -v '^Vno' | ${EGREP} -v '^$' | \
+ ${EGREP} "$server" | head -1 |
+ awk '$1 !~ /3/ { exit 1 }' || exit 1
+
${kadmin} get foo@${R} > tempfile || exit 1
-enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://'`
+enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://' | sed 's/\[[0-9]*\]//g'`
enctype_sans_aes=`echo $enctypes | sed 's/aes[^ ]*//g'`
enctype_sans_des3=`echo $enctypes | sed 's/des3-cbc-sha1//g'`
@@ -167,26 +323,52 @@ for a in ${enctype_sans_des3} ; do
${ktutil} -k ${keytab} remove -p kt-des3@${R} -e $a
done
+echo "checking globbing keys rules"
+${kadmin} get foo/des3-only@${R} > tempfile || exit 1
+enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://' | sed 's/\[[0-9]*\]//g' | sed 's/ //g'`
+if [ X"$enctypes" != Xdes3-cbc-sha1 ] ; then
+ echo "des3 only is not only des3: $enctypes"
+ exit 1
+fi
+
+${kadmin} get foo/aes-only@${R} > tempfile || exit 1
+enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://' | sed 's/\[[0-9]*\]//g' | sed 's/ //g'`
+if [ X"$enctypes" != Xaes256-cts-hmac-sha1-96 ] ; then
+ echo "aes only is not only aes: $enctypes"
+ exit 1
+fi
+
+
echo foo > ${objdir}/foopassword
+echo notfoo > ${objdir}/notfoopassword
-echo Starting kdc
+echo Starting kdc ; > messages.log
env MallocStackLogging=1 MallocStackLoggingNoCompact=1 MallocErrorAbort=1 MallocLogFile=${objdir}/malloc-log \
-${kdc} &
-kdcpid=$!
+${kdc} --detach --testing ||
+ { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
+
+echo Starting kpasswdd; > messages.log
+env ${HEIM_MALLOC_DEBUG} ${kpasswdd} --detach ||
+ { echo "kpasswdd failed to start"; exit 1; }
+kpasswddpid=`getpid kpasswdd`
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
-trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+trap "kill -9 ${kdcpid} ${kpasswddpid}; echo signal killing kdc kpasswdd; exit 1;" EXIT
ec=0
+echo "Getting client initial tickets with wrong password"; > messages.log
+${kinit} --password-file=${objdir}/notfoopassword \
+ foo@${R} 2>kinit-log.tmp && \
+ { ec=1 ; eval "${testfailed}"; }
+grep 'Password incorrect' kinit-log.tmp > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
echo "Getting client initial tickets"; > messages.log
${kinit} --password-file=${objdir}/foopassword foo@$R || \
{ ec=1 ; eval "${testfailed}"; }
+echo "Doing krbtgt key rollover"; > messages.log
+${kadmin} cpw -r --keepold krbtgt/${R}@${R} || exit 1
echo "Getting tickets"; > messages.log
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
echo "Listing tickets"; > messages.log
@@ -196,10 +378,87 @@ ${test_ap_req} ${server}@${R} ${keytab} ${cache} || \
${kdestroy}
echo "Getting client initial tickets (http transport)"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@${R3} || \
+${kinit} --password-file=${objdir}/foopassword foo@${RH} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Testing capaths logic"
+${kinit} --password-file=${objdir}/foopassword \
+ -e ${aesenctype} -e ${aesenctype} \
+ foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting x-realm tickets with capaths for $R -> $R2"
+${kgetcred} foo@${R2} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R3"
+${kgetcred} foo@${R3} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R4"
+${kgetcred} foo@${R4} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R5"
+${kgetcred} foo@${R5} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R6"
+${kgetcred} foo@${R6} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R7"
+${kgetcred} foo@${R7} || { ec=1 ; eval "${testfailed}"; }
+echo "Should not get x-realm tickets with capaths for $R -> $R8"
+${kgetcred} foo@${R8} && { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Testing capaths logic (reverse order)"
+${kinit} --password-file=${objdir}/foopassword \
+ -e ${aesenctype} -e ${aesenctype} \
+ foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting x-realm tickets with capaths for $R -> $R4"
+${kgetcred} foo@${R4} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R3"
+${kgetcred} foo@${R3} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R2"
+${kgetcred} foo@${R2} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R7"
+${kgetcred} foo@${R7} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R6"
+${kgetcred} foo@${R6} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with capaths for $R -> $R5"
+${kgetcred} foo@${R5} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Testing hierarchical referral logic"
+${kinit} --password-file=${objdir}/foopassword \
+ -e ${aesenctype} -e ${aesenctype} \
+ foo@${H3} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting x-realm tickets with hierarchical referrals for $H3 -> $H1"
+${kgetcred} --hostbased --canonicalize foo host.${h1} || { ec=1 ; eval "${testfailed}"; }
+fgrep "cross-realm ${H3} -> ${H1} via [${H2}, ${R}]" messages.log > /dev/null || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with hierarchical referrals for $H3 -> $R"
+${kgetcred} --hostbased --canonicalize foo host.${r} || { ec=1 ; eval "${testfailed}"; }
+fgrep "cross-realm ${H3} -> ${R} via [${H2}]" messages.log > /dev/null || { ec=1 ; eval "${testfailed}"; }
+echo "Getting x-realm tickets with hierarchical referrals for $H3 -> $H2"
+${kgetcred} --hostbased --canonicalize foo host.${h2} || { ec=1 ; eval "${testfailed}"; }
+fgrep "cross-realm ${H3} -> ${H2}" messages.log > /dev/null || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Testing multi-hop [capaths] referral logic"
+${kinit} --password-file=${objdir}/foopassword \
+ -e ${aesenctype} -e ${aesenctype} \
+ foo@${H4} || \
{ ec=1 ; eval "${testfailed}"; }
+
+echo "Getting x-realm tickets with [capaths] referrals for $H4 -> $H1"
+${kgetcred} --hostbased --canonicalize foo/host.${h1}@${H4} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
+echo "Testing forwardable/renewable flag copying in TGS-REQ"
+${kinit} -f --renewable -r 5d --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${klist} -f | grep ${server} | grep FRA > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+
+
echo "Specific enctype"; > messages.log
${kinit} --password-file=${objdir}/foopassword \
-e ${aesenctype} -e ${aesenctype} \
@@ -242,6 +501,60 @@ for a in $enctypes; do
done
${kdestroy}
+echo "Trying x-realm TGT with kvno 0 case";
+${kinit} --password-file=${objdir}/foopassword foo@$R ||
+ { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting cross realm tickets"; > messages.log
+${kgetcred} krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting service ticket"; > messages.log
+${kgetcred} ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying x-realm TGT with kvno 0 case with key rollover";
+${kinit} --password-file=${objdir}/foopassword foo@$R ||
+ { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting cross realm tickets"; > messages.log
+${kgetcred} krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Rolling over cross realm keys"; > messages.log
+${kadmin} cpw -r --keepold krbtgt/${R}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kadmin} cpw -r --keepold krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kadmin} cpw -r --keepold krbtgt/${R}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} || { ec=1 ; eval "${testfailed}"; }
+echo "Getting service ticket"; > messages.log
+echo "Start tracing kdc, then hit return"
+${kgetcred} ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying x-realm TGT with no kvno case";
+${kinit} --password-file=${objdir}/foopassword foo@$R ||
+ { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} -n || { ec=1 ; eval "${testfailed}"; }
+echo "Getting cross realm tickets"; > messages.log
+${kgetcred} krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} -n || { ec=1 ; eval "${testfailed}"; }
+echo "Getting service ticket"; > messages.log
+${kgetcred} ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying x-realm TGT with no kvno case with key rollover";
+${kinit} --password-file=${objdir}/foopassword foo@$R ||
+ { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} -n || { ec=1 ; eval "${testfailed}"; }
+echo "Getting cross realm tickets"; > messages.log
+${kgetcred} krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Rolling over cross realm keys"; > messages.log
+${kadmin} cpw -r --keepold krbtgt/${R}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kadmin} cpw -r --keepold krbtgt/${R2}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kadmin} cpw -r --keepold krbtgt/${R}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${test_set_kvno0} -n || { ec=1 ; eval "${testfailed}"; }
+echo "Getting service ticket"; > messages.log
+echo "Start tracing kdc, then hit return"
+${kgetcred} ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
echo "try all permutations"; > messages.log
for a in $enctypes; do
echo "Getting client initial tickets ($a)"; > messages.log
@@ -531,7 +844,7 @@ echo "testing removal of keytab"
${ktutil} -k ${keytab} destroy || { ec=1 ; eval "${testfailed}"; }
test -f ${keytabfile} && { ec=1 ; eval "${testfailed}"; }
-echo "Getting client pw expire"; > messages.log
+echo "Checking client pw expire"; > messages.log
${kinit} --password-file=${objdir}/foopassword \
pw-expire@${R} 2>kinit-log.tmp|| \
{ ec=1 ; eval "${testfailed}"; }
@@ -544,8 +857,30 @@ ${EGREP} "^e type: 6" kinit-log.tmp > /dev/null || \
echo " test_gic passes"
${kdestroy}
-echo "killing kdc (${kdcpid})"
+echo "Checking password expiration" ; > messages.log
+
+kinitpty=${objdir}/foopassword.rkpty
+cat > ${kinitpty} <<EOF
+expect Password
+password foo\n
+expect Password has expired
+expect New password
+password Foobar11\n
+expect password
+password Foobar11\n
+expect Success: Password changed
+EOF
+
+echo "Checking client pw expire"; > messages.log
+${rkpty} ${kinitpty} ${kinit} pw-expired@${R}|| \
+ { ec=1 ; eval "${testfailed}"; }
+
+${kdestroy}
+
+
+echo "killing kdc (${kdcpid}) kpasswdd (${kpasswddpid})"
sh ${leaks_kill} kdc $kdcpid || exit 1
+sh ${leaks_kill} kpasswdd $kpasswddpid || exit 1
trap "" EXIT
diff --git a/tests/kdc/check-keys.in b/tests/kdc/check-keys.in
index e96592b4ff9d..e8aca2684ae7 100644
--- a/tests/kdc/check-keys.in
+++ b/tests/kdc/check-keys.in
@@ -91,12 +91,14 @@ sed -e 's/@keys@/des:pw-salt:/' \
${sedvars} < ${CIN} > ${COUT}
${kadmin} cpw -p foo ${principal} || exit 1
-sed -e 's/@keys@/des-cbc-crc:afs3-salt:test.h5l.se/' \
- ${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/des:afs3-salt:test.h5l.se/' \
- ${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
+if [ 'X@ENABLE_AFS_STRING_TO_KEY@' = "X1" ]; then
+ sed -e 's/@keys@/des-cbc-crc:afs3-salt:test.h5l.se/' \
+ ${sedvars} < ${CIN} > ${COUT}
+ ${kadmin} cpw -p foo ${principal} || exit 1
+
+ sed -e 's/@keys@/des:afs3-salt:test.h5l.se/' \
+ ${sedvars} < ${CIN} > ${COUT}
+ ${kadmin} cpw -p foo ${principal} || exit 1
+fi
exit 0
diff --git a/tests/kdc/check-kinit.in b/tests/kdc/check-kinit.in
new file mode 100644
index 000000000000..e541a844d167
--- /dev/null
+++ b/tests/kdc/check-kinit.in
@@ -0,0 +1,149 @@
+#!/bin/bash
+#
+# Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+env_setup="@env_setup@"
+objdir="@objdir@"
+
+. ${env_setup}
+
+KRB5_CONFIG="${objdir}/krb5-kinit.conf"
+export KRB5_CONFIG
+KRB5CCNAME="${objdir}/foocc"
+export KRB5CCNAME
+
+testfailed="echo test failed; exit 1"
+
+# If there is no useful db support compile in, disable test
+${have_db} || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+pwport=@pwport@
+
+kinit="${kinit} --password-file=${objdir}/foopassword ${afs_no_afslog} -c ${objdir}/foocc"
+klist="${klist} -c ${objdir}/foocc"
+kgetcred="${kgetcred} -c ${objdir}/foocc"
+kdestroy="${kdestroy} ${afs_no_unlog}"
+kadmin="${kadmin} -l -r $R"
+kdc="${kdc} --addresses=localhost -P $port"
+
+
+cache="FILE:${objdir}/cache.krb5"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+
+> messages.log
+
+num_concurrent=50
+num_princs=20
+torture_time=200
+cred_life=$((torture_time / 10))
+cred_renew_life=$((torture_time / 2))
+out=${objdir}/out-kinit-torture-kgetcred
+kinit_out=${objdir}/out-kinit-torture-kinit
+
+parent_shell_proc=$$
+
+if (($# == 0)); then
+
+ echo "This is a MANUAL test."
+
+ rm -f ${keytabfile}
+ rm -f current-db*
+ rm -f out-*
+ rm -f mkey.file*
+
+ cp "${objdir}/krb5.conf" "${objdir}/krb5-kinit.conf"
+
+ echo "Creating database"
+ ${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+ echo "Adding foo"
+ ${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+
+ echo "Creating torture principals"
+ for i in $(seq 0 $((num_princs - 1)) ); do
+ ${kadmin} add -r --use-defaults svc${i}@${R} || exit 1
+ done
+
+ echo "Doing database check"
+ ${kadmin} check ${R} || exit 1
+
+ echo foo > ${objdir}/foopassword
+
+ echo Starting kdc ; > messages.log
+ ${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+ kdcpid=`getpid kdc`
+
+ trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ ec=0
+else
+ echo "begin torture (output in $out)"
+ secs=$(date +%s)
+ cat /dev/null > "$out"
+ while (($(date +%s) < (secs + torture_time) )); do
+ echo .
+ for i in $(seq 0 1000); do
+ printf '%d\n' $((i % num_princs))
+ done | xargs -P $num_concurrent -I '{}' ${kgetcred} "svc{}@${R}"
+ ${klist} -v || exit 1
+ if ! kill -0 $parent_shell_proc; then
+ printf 'Parent shell script exited; exiting'
+ exit 1
+ grep 'Matching credential .* not found' messages.log > /dev/null &&
+ echo "THAT DID NOT WORK RIGHT"
+ fi
+ sleep 5
+ done
+ ${klist} -v
+ exit 0
+fi
+
+echo "checking that we have tickets"
+${kinit} -l $cred_life -r $cred_renew_life foo@${R} || { ec=1 ; eval "${testfailed}"; }
+${klist} -v || { ec=1 ; eval "${testfailed}"; }
+echo "torturing"
+${kinit} -l $cred_life -r $cred_renew_life foo@${R} "$0" torture-me || { ec=1 ; eval "${testfailed}"; }
+
+echo "killing kdc (${kdcpid})"
+sh ${leaks_kill} kdc $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
diff --git a/tests/kdc/check-kpasswdd.in b/tests/kdc/check-kpasswdd.in
index 355930fc7a47..3711ede01d91 100644
--- a/tests/kdc/check-kpasswdd.in
+++ b/tests/kdc/check-kpasswdd.in
@@ -101,19 +101,15 @@ ${kadmin} check ${R2} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-env ${HEIM_MALLOC_DEBUG} ${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+env ${HEIM_MALLOC_DEBUG} ${kdc} --detach --testing ||
+ { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
echo Starting kpasswdd
-env ${HEIM_MALLOC_DEBUG} ${kpasswdd} &
-kpasswddpid=$!
+env ${HEIM_MALLOC_DEBUG} ${kpasswdd} --detach ||
+ { echo "kpasswdd failed to start"; exit 1; }
+kpasswddpid=`getpid kpasswdd`
trap "kill -9 ${kdcpid} ${kpasswddpid}; echo signal killing kdc; exit \$ec;" EXIT
diff --git a/tests/kdc/check-pkinit.in b/tests/kdc/check-pkinit.in
index 723cc142b148..92c515ffbe91 100644
--- a/tests/kdc/check-pkinit.in
+++ b/tests/kdc/check-pkinit.in
@@ -168,15 +168,9 @@ ${hxtool} issue-certificate \
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; cat ca.crt kdc.crt pkinit.crt ;exit 1;" EXIT
diff --git a/tests/kdc/check-referral.in b/tests/kdc/check-referral.in
index 75790780c6e7..bbb72a349b65 100644
--- a/tests/kdc/check-referral.in
+++ b/tests/kdc/check-referral.in
@@ -45,7 +45,7 @@ ${have_db} || exit 77
R=TEST.H5L.SE
R2=SUB.TEST.H5L.SE
-service=ldap/host.sub.test.h5l.se
+service=ldap/host.sub.test.h5l.se:389
port=@port@
@@ -59,7 +59,6 @@ klist="${klist} -c $cache"
kgetcred="${kgetcred} -c $cache"
kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
-
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
@@ -100,15 +99,9 @@ ${kadmin} check ${R2} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
diff --git a/tests/kdc/check-tester.in b/tests/kdc/check-tester.in
new file mode 100644
index 000000000000..8f1679f50510
--- /dev/null
+++ b/tests/kdc/check-tester.in
@@ -0,0 +1,118 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+top_builddir="@top_builddir@"
+env_setup="@env_setup@"
+objdir="@objdir@"
+srcdir="@srcdir@"
+
+. ${env_setup}
+
+KRB5_CONFIG="${1-${objdir}/krb5.conf}"
+export KRB5_CONFIG
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+${have_db} || exit 77
+
+R=TEST.H5L.SE
+
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+keyfile="${hx509_data}/key.der"
+keyfile2="${hx509_data}/key2.der"
+
+kadmin="${kadmin} -l -r $R"
+
+server=host/datan.test.h5l.se
+
+rsa=yes
+pkinit=no
+if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
+ rsa=no
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ rsa=no
+fi
+
+if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
+ pkinit=yes
+fi
+
+# If we doesn't support pkinit and have RSA, give up
+if test "$rsa" != yes ; then
+ pkinit=no
+fi
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} ext -k ${keytab} foo@${R} || exit 1
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+
+echo "password"
+${kdc_tester} ${srcdir}/kdc-tester1.json > out-log 2>&1 || exit 1
+sed 's/^/ /' out-log
+
+echo "keytab"
+${kdc_tester} ${srcdir}/kdc-tester2.json > out-log 2>&1 || exit 1
+sed 's/^/ /' out-log
+
+echo "FAST + keytab"
+${kdc_tester} ${srcdir}/kdc-tester3.json > out-log 2>&1 || exit 1
+sed 's/^/ /' out-log
+
+
+if test "$pkinit" = yes ; then
+
+ echo "pkinit"
+ ${kdc_tester} ${objdir}/kdc-tester4.json > out-log 2>&1 || exit 1
+ sed 's/^/ /' out-log
+
+fi
+
+exit $ec
diff --git a/tests/kdc/check-uu.in b/tests/kdc/check-uu.in
index 26709562049e..c6607fa239ba 100644
--- a/tests/kdc/check-uu.in
+++ b/tests/kdc/check-uu.in
@@ -61,7 +61,6 @@ kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 ${afs_no_unlog}"
uu_server="${TESTS_ENVIRONMENT} ../../appl/test/uu_server"
uu_client="${TESTS_ENVIRONMENT} ../../appl/test/uu_client"
-
KRB5_CONFIG="${objdir}/krb5.conf"
export KRB5_CONFIG
@@ -86,15 +85,9 @@ ${kadmin} check ${R} || exit 1
echo foo > ${objdir}/foopassword
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${wait_kdc}
-if [ "$?" != 0 ] ; then
- kill -9 ${kdcpid}
- exit 1
-fi
+echo Starting kdc ; > messages.log
+${kdc} --detach --testing || { echo "kdc failed to start"; exit 1; }
+kdcpid=`getpid kdc`
trap "kill -9 ${kdcpid} ${uuspid}; echo signal killing kdc; exit 1;" EXIT
diff --git a/tests/kdc/hdb-mitdb b/tests/kdc/hdb-mitdb
new file mode 100644
index 000000000000..00fefb9d427c
--- /dev/null
+++ b/tests/kdc/hdb-mitdb
Binary files differ
diff --git a/tests/kdc/hdb-mitdb.kadm5 b/tests/kdc/hdb-mitdb.kadm5
new file mode 100644
index 000000000000..41663b9eb61c
--- /dev/null
+++ b/tests/kdc/hdb-mitdb.kadm5
Binary files differ
diff --git a/tests/kdc/hdb-mitdb.mkey b/tests/kdc/hdb-mitdb.mkey
new file mode 100644
index 000000000000..627c0faffc66
--- /dev/null
+++ b/tests/kdc/hdb-mitdb.mkey
Binary files differ
diff --git a/tests/kdc/heimdal.acl b/tests/kdc/heimdal.acl
index 351b99f8bcc1..fc7133f099f3 100644
--- a/tests/kdc/heimdal.acl
+++ b/tests/kdc/heimdal.acl
@@ -3,3 +3,7 @@ bar@TEST.H5L.SE all
baz@TEST.H5L.SE get,add *
bez@TEST.H5L.SE get,add *@TEST.H5L.SE
fez@TEST.H5L.SE get,add
+hasalias@TEST.H5L.SE get,mod hasalias@TEST.H5L.SE
+hasalias@TEST.H5L.SE get,add goodalias1@TEST.H5L.SE
+hasalias@TEST.H5L.SE get,add goodalias2@TEST.H5L.SE
+hasalias@TEST.H5L.SE get,add goodalias3@TEST.H5L.SE
diff --git a/tests/kdc/k5login/foo b/tests/kdc/k5login/foo
new file mode 100644
index 000000000000..b51a40b589c1
--- /dev/null
+++ b/tests/kdc/k5login/foo
@@ -0,0 +1 @@
+random-princ@RANDOM-REALM
diff --git a/tests/kdc/kdc-tester1.json b/tests/kdc/kdc-tester1.json
new file mode 100644
index 000000000000..08a7744c0402
--- /dev/null
+++ b/tests/kdc/kdc-tester1.json
@@ -0,0 +1,31 @@
+[
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "password" : "foo"
+ }
+ },
+ {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "password" : "foo",
+ "ccache" : "MEMORY:cache"
+ },
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kgetcred",
+ "server" : "host/datan.test.h5l.se@TEST.H5L.SE",
+ "ccache" : "MEMORY:cache"
+ }
+ },
+ {
+ "op" : "kdestroy",
+ "ccache" : "MEMORY:cache"
+ }
+]
+
diff --git a/tests/kdc/kdc-tester2.json b/tests/kdc/kdc-tester2.json
new file mode 100644
index 000000000000..207ae372fc33
--- /dev/null
+++ b/tests/kdc/kdc-tester2.json
@@ -0,0 +1,12 @@
+[
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "keytab" : "FILE:server.keytab"
+ }
+ }
+]
+
diff --git a/tests/kdc/kdc-tester3.json b/tests/kdc/kdc-tester3.json
new file mode 100644
index 000000000000..682e4853af84
--- /dev/null
+++ b/tests/kdc/kdc-tester3.json
@@ -0,0 +1,23 @@
+[
+ {
+ "op" : "kinit",
+ "client" : "host/datan.test.h5l.se@TEST.H5L.SE",
+ "keytab" : "FILE:server.keytab",
+ "ccache" : "MEMORY:fast-cc"
+ },
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "keytab" : "FILE:server.keytab",
+ "fast-armor-cc" : "MEMORY:fast-cc"
+ }
+ },
+ {
+ "op" : "kdestroy",
+ "ccache" : "MEMORY:fast-cc"
+ }
+]
+
diff --git a/tests/kdc/kdc-tester4.json.in b/tests/kdc/kdc-tester4.json.in
new file mode 100644
index 000000000000..0cbc337318c8
--- /dev/null
+++ b/tests/kdc/kdc-tester4.json.in
@@ -0,0 +1,22 @@
+[
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "pkinit-user-cert-id" : "FILE:@top_srcdir@/lib/hx509/data/pkinit.crt,@top_srcdir@/lib/hx509/data/pkinit.key"
+ }
+ },
+ {
+ "op" : "repeat",
+ "num" : 333,
+ "value" : {
+ "op" : "kinit",
+ "client" : "foo@TEST.H5L.SE",
+ "pkinit-user-cert-id" : "FILE:@top_srcdir@/lib/hx509/data/pkinit.crt,@top_srcdir@/lib/hx509/data/pkinit.key",
+ "pkinit-use-rsa" : true
+ }
+ }
+]
+
diff --git a/tests/kdc/krb5-authz.conf.in b/tests/kdc/krb5-authz.conf.in
new file mode 100644
index 000000000000..0d4f38b745b9
--- /dev/null
+++ b/tests/kdc/krb5-authz.conf.in
@@ -0,0 +1,26 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE TEST3.H5L.SE
+ no-addresses = TRUE
+ kuserok = SYSTEM-K5LOGIN:@srcdir@/k5login
+ kuserok = USER-K5LOGIN
+ kuserok = SIMPLE
+
+[appdefaults]
+
+[realms]
+ TEST.H5L.SE = {
+ auth_to_local_names = {
+ foo/mapped1 = foo
+ foo/mapped2 = bar
+ mapped1 = foo
+ mapped2 = bar
+ }
+ auth_to_local = DB:@srcdir@/an2ln-db.txt DEFAULT
+ }
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ default = 0-/FILE:@objdir@/messages.log
+
diff --git a/tests/kdc/krb5-authz2.conf.in b/tests/kdc/krb5-authz2.conf.in
new file mode 100644
index 000000000000..9a8efb0c7043
--- /dev/null
+++ b/tests/kdc/krb5-authz2.conf.in
@@ -0,0 +1,27 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE TEST3.H5L.SE
+ no-addresses = TRUE
+ k5login_authoritative = TRUE
+ k5login_directory = @srcdir@/k5login
+ kuserok = SYSTEM-K5LOGIN
+ kuserok = SIMPLE
+
+[appdefaults]
+
+[realms]
+ TEST.H5L.SE = {
+ auth_to_local_names = {
+ foo/mapped1 = foo
+ foo/mapped2 = bar
+ mapped1 = foo
+ mapped2 = bar
+ }
+ auth_to_local = DB:@srcdir@/an2ln-db.txt DEFAULT
+ }
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ default = 0-/FILE:@objdir@/messages.log
+
diff --git a/tests/kdc/krb5-canon.conf.in b/tests/kdc/krb5-canon.conf.in
new file mode 100644
index 000000000000..0ce45b58c248
--- /dev/null
+++ b/tests/kdc/krb5-canon.conf.in
@@ -0,0 +1,100 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE
+ no-addresses = TRUE
+ dns_lookup_realm = no
+ name_canon_rules = as-is:realm=TEST.H5L.SE
+ name_canon_rules = as-is:realm=TEST2.H5L.SE
+ name_canon_rules = as-is:realm=TEST3.H5L.SE
+ name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST.H5L.SE
+ name_canon_rules = qualify:domain=test1.h5l.se:realm=TEST2.H5L.SE
+ name_canon_rules = qualify:domain=test2.h5l.se:realm=TEST2.H5L.SE
+ name_canon_rules = qualify:domain=test3.h5l.se:realm=TEST3.H5L.SE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ reconnect-min = 2s
+ reconnect-backoff = 2s
+ reconnect-max = 10s
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ admin_server = localhost:@admport@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST2.H5L.SE = {
+ kdc = localhost:@port@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST3.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[domain_realm]
+ .test1.h5l.se = TEST.H5L.SE
+ .test2.h5l.se = TEST2.H5L.SE
+ .test3.h5l.se = TEST3.H5L.SE
+ localhost = TEST.H5L.SE
+
+
+[kdc]
+ enable-digest = true
+ allow-anonymous = true
+ digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+ strict-nametypes = true
+
+ enable-http = true
+
+ enable-pkinit = true
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
+# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
+ pkinit_mappings_file = @srcdir@/pki-mapping
+ pkinit_allow_proxy_certificate = true
+
+ database = {
+ label = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ label2 = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST2.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ }
+
+ signal_socket = @objdir@/signal
+ iprop-stats = @objdir@/iprop-stats
+ iprop-acl = @srcdir@/iprop-acl
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
+ @dk@
+
+[capaths]
+ TEST.H5L.SE = {
+ TEST3.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
+ TEST2.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST3.H5L.SE = .
+ }
+ TEST3.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
diff --git a/tests/kdc/krb5-canon2.conf.in b/tests/kdc/krb5-canon2.conf.in
new file mode 100644
index 000000000000..dae71d3e51ca
--- /dev/null
+++ b/tests/kdc/krb5-canon2.conf.in
@@ -0,0 +1,97 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE
+ no-addresses = TRUE
+ dns_lookup_realm = no
+ name_canon_rules = as-is:realm=TEST.H5L.SE
+ name_canon_rules = as-is:realm=TEST2.H5L.SE
+ name_canon_rules = as-is:realm=TEST3.H5L.SE
+ name_canon_rules = nss
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ reconnect-min = 2s
+ reconnect-backoff = 2s
+ reconnect-max = 10s
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ admin_server = localhost:@admport@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST2.H5L.SE = {
+ kdc = localhost:@port@
+ kpasswd_server = localhost:@pwport@
+ }
+ TEST3.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[domain_realm]
+ .test1.h5l.se = TEST.H5L.SE
+ .test2.h5l.se = TEST2.H5L.SE
+ .test3.h5l.se = TEST3.H5L.SE
+ localhost = TEST.H5L.SE
+
+
+[kdc]
+ enable-digest = true
+ allow-anonymous = true
+ digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+ strict-nametypes = true
+
+ enable-http = true
+
+ enable-pkinit = true
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
+# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
+ pkinit_mappings_file = @srcdir@/pki-mapping
+ pkinit_allow_proxy_certificate = true
+
+ database = {
+ label = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ label2 = {
+ dbname = @objdir@/current-db@kdc@
+ realm = TEST2.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ }
+
+ signal_socket = @objdir@/signal
+ iprop-stats = @objdir@/iprop-stats
+ iprop-acl = @srcdir@/iprop-acl
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
+ @dk@
+
+[capaths]
+ TEST.H5L.SE = {
+ TEST3.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
+ TEST2.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST3.H5L.SE = .
+ }
+ TEST3.H5L.SE = {
+ TEST.H5L.SE = .
+ TEST2.H5L.SE = .
+ }
diff --git a/tests/kdc/krb5-hdb-mitdb.conf.in b/tests/kdc/krb5-hdb-mitdb.conf.in
new file mode 100644
index 000000000000..2be7eed4e3f4
--- /dev/null
+++ b/tests/kdc/krb5-hdb-mitdb.conf.in
@@ -0,0 +1,60 @@
+[libdefaults]
+ default_realm = TEST.H5L.SE TEST2.H5L.SE
+ no-addresses = TRUE
+ allow_weak_crypto = TRUE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ reconnect-min = 2s
+ reconnect-backoff = 2s
+ reconnect-max = 10s
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ admin_server = localhost:@admport@
+ kpasswd_server = localhost:@pwport@
+ }
+
+[domain_realm]
+ .test.h5l.se = TEST.H5L.SE
+ localhost = TEST.H5L.SE
+
+[kdc]
+ enable-digest = true
+ allow-anonymous = true
+ digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+ strict-nametypes = true
+
+ enable-http = true
+
+ enable-pkinit = true
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
+# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
+ pkinit_mappings_file = @srcdir@/pki-mapping
+ pkinit_allow_proxy_certificate = true
+
+ database = {
+ label = {
+ dbname = mit-db:@srcdir@/hdb-mitdb
+ realm = TEST.H5L.SE
+ mkey_file = @srcdir@/hdb-mitdb.mkey
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
+ }
+
+ signal_socket = @objdir@/signal
+ iprop-stats = @objdir@/iprop-stats
+ iprop-acl = @srcdir@/iprop-acl
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
+ @dk@
+
diff --git a/tests/kdc/krb5-pkinit.conf.in b/tests/kdc/krb5-pkinit.conf.in
index 57299bc4d996..9be7ea4005b1 100644
--- a/tests/kdc/krb5-pkinit.conf.in
+++ b/tests/kdc/krb5-pkinit.conf.in
@@ -13,6 +13,7 @@
}
[kdc]
+ strict-nametypes = true
enable-pkinit = true
pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
pkinit_anchors = FILE:@objdir@/ca.crt
@@ -22,8 +23,12 @@
dbname = @objdir@/current-db
realm = TEST.H5L.SE
mkey_file = @objdir@/mkey.file
+ log_file = @objdir@/log.current-db.log
}
+[hdb]
+ db-dir = @objdir@
+
[logging]
kdc = 0-/FILE:@objdir@/messages.log
default = 0-/FILE:@objdir@/messages.log
diff --git a/tests/kdc/krb5.conf.in b/tests/kdc/krb5.conf.in
index db44fdb7a670..849e773d067f 100644
--- a/tests/kdc/krb5.conf.in
+++ b/tests/kdc/krb5.conf.in
@@ -2,6 +2,9 @@
default_realm = TEST.H5L.SE TEST2.H5L.SE
no-addresses = TRUE
allow_weak_crypto = @WEAK@
+ dns_lookup_kdc = no
+ dns_lookup_realm = no
+
[appdefaults]
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
@@ -28,21 +31,54 @@
TEST4.H5L.SE = {
kdc = localhost:@port@
}
+ SOME-REALM5.FR = {
+ kdc = localhost:@port@
+ }
+ SOME-REALM6.US = {
+ kdc = localhost:@port@
+ }
+ SOME-REALM7.UK = {
+ kdc = localhost:@port@
+ }
+ SOME-REALM8.UK = {
+ kdc = localhost:@port@
+ }
TEST-HTTP.H5L.SE = {
kdc = http/localhost:@port@
}
+ H1.TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+ H2.TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+ H3.H2.TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+ H4.H2.TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
[domain_realm]
.test.h5l.se = TEST.H5L.SE
.sub.test.h5l.se = SUB.TEST.H5L.SE
+ .h1.test.h5l.se = H1.TEST.H5L.SE
+ .h2.test.h5l.se = H2.TEST.H5L.SE
+ .h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE
+ .h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE
.example.com = TEST2.H5L.SE
localhost = TEST.H5L.SE
+ .localdomain = TEST.H5L.SE
+ localdomain = TEST.H5L.SE
+ .localdomain6 = TEST.H5L.SE
+ localdomain6 = TEST.H5L.SE
[kdc]
enable-digest = true
allow-anonymous = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+ strict-nametypes = true
enable-http = true
@@ -56,38 +92,73 @@
database = {
label = {
- dbname = @objdir@/current-db@kdc@
+ dbname = @db_type@:@objdir@/current-db@kdc@
realm = TEST.H5L.SE
mkey_file = @objdir@/mkey.file
acl_file = @srcdir@/heimdal.acl
log_file = @objdir@/current@kdc@.log
}
label2 = {
- dbname = @objdir@/current-db@kdc@
+ dbname = @db_type@:@objdir@/current-db@kdc@
realm = TEST2.H5L.SE
mkey_file = @objdir@/mkey.file
acl_file = @srcdir@/heimdal.acl
log_file = @objdir@/current@kdc@.log
}
+ label3 = {
+ dbname = sqlite:@objdir@/current-db@kdc@.sqlite3
+ realm = SOME-REALM5.FR
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current@kdc@.log
+ }
}
signal_socket = @objdir@/signal
iprop-stats = @objdir@/iprop-stats
iprop-acl = @srcdir@/iprop-acl
+ log-max-size = 40000
+
+[hdb]
+ db-dir = @objdir@
[logging]
kdc = 0-/FILE:@objdir@/messages.log
+ krb5 = 0-/FILE:@objdir@/messages.log
default = 0-/FILE:@objdir@/messages.log
+# If you are doing preformance measurements on OSX you want to change
+# the kdc LOG line from = to - below to keep the FILE open and avoid
+# open/write/close which is blocking (rdar:// ) on OSX.
+# kdc = 0-/FILE=@objdir@/messages.log
+
[kadmin]
save-password = true
+ default_key_rules = {
+ */des3-only@* = des3-cbc-sha1:pw-salt
+ */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt
+ }
@dk@
[capaths]
TEST.H5L.SE = {
+ TEST2.H5L.SE = .
+ SOME-REALM5.FR = 1
TEST3.H5L.SE = TEST2.H5L.SE
- }
- TEST.H5L.SE = {
TEST4.H5L.SE = TEST2.H5L.SE
TEST4.H5L.SE = TEST3.H5L.SE
+ SOME-REALM6.US = SOME-REALM5.FR
+ SOME-REALM7.UK = SOME-REALM6.US
+ SOME-REALM7.UK = SOME-REALM5.FR
+ SOME-REALM8.UK = SOME-REALM6.US
}
+ H4.H2.TEST.H5L.SE = {
+ H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE
+ H1.TEST.H5L.SE = H2.TEST.H5L.SE
+ H1.TEST.H5L.SE = TEST.H5L.SE
+
+ TEST.H5L.SE = H3.H2.TEST.H5L.SE
+ TEST.H5L.SE = H2.TEST.H5L.SE
+
+ H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE
+ }
diff --git a/tests/kdc/krb5.conf.keys.in b/tests/kdc/krb5.conf.keys.in
index 059ffcb5099a..16891decb83a 100644
--- a/tests/kdc/krb5.conf.keys.in
+++ b/tests/kdc/krb5.conf.keys.in
@@ -2,13 +2,18 @@
allow_weak_crypto = TRUE
[kdc]
+ strict-nametypes = true
database = {
dbname = @objdir@/current-db
realm = TEST.H5L.SE
mkey_file = @objdir@/mkey.file
acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/log.current-db.log
}
+[hdb]
+ db-dir = @objdir@
+
[kadmin]
default_keys = @keys@
diff --git a/tests/kdc/leaks-kill.sh b/tests/kdc/leaks-kill.sh
index e67d274f5e74..1474bdd18c44 100644
--- a/tests/kdc/leaks-kill.sh
+++ b/tests/kdc/leaks-kill.sh
@@ -3,30 +3,25 @@
name=$1
pid=$2
-ec=0
-
-if [ "$(uname -s)" = "Darwin" ] ; then
- echo "leaks check on $name ($pid)"
- leaks -exclude __CFInitialize $pid > leaks-log 2>&1 || \
- { echo "leaks failed: $?"; cat leaks-log; exit 1; }
-
- env pid=${pid} \
- perl -e 'my $excluded = 0; my $num = -1; while (<>) {
-if (/Process $ENV{pid}: (\d+) leaks for \d+ total leaked bytes/) { $num = $1;}
-if (/(\d+) leaks excluded/) { $excluded = $1;}
-}
-exit 1 if ($num != 0 && $num != $excluded);
-exit 0;' leaks-log || \
- { echo "Memory leak in $name" ; echo ""; cat leaks-log; ec=1; }
-
- # [ "$ec" != "0" ] && { env PS1=": leaks-debugger !!!! ; " bash ; }
-
-fi
-
kill $pid
-sleep 3
-kill -9 $pid 2> /dev/null
-
-rm -f leaks-log
-
-exit $ec
+set -- .
+while kill -0 $pid 2>/dev/null
+do
+ set -- "$@" "."
+ if [ $# -gt 4 ]
+ then
+ kill kill -9 $pid 2> /dev/null
+ break
+ fi
+ sleep 1
+done
+
+set -- .
+while kill -0 $pid 2>/dev/null
+do
+ set -- "$@" "."
+ if [ $# -gt 4 ]; then exit 1; fi
+ sleep 1
+done
+
+exit 0
diff --git a/tests/kdc/wait-kdc.sh b/tests/kdc/wait-kdc.sh
index dc8262519844..5bfa523eca5d 100644
--- a/tests/kdc/wait-kdc.sh
+++ b/tests/kdc/wait-kdc.sh
@@ -36,22 +36,19 @@ log=${2:-messages.log}
waitfor="${3:-${name} started}"
t=0
-waitsec=35
+waitsec=65
echo "Waiting for ${name} to start, looking logfile ${log}"
while true ; do
- t=`expr ${t} + 2`
- sleep 2
- echo "Have waited $t seconds"
- if tail -30 ${log} | grep "${waitfor}" > /dev/null; then
+ if grep "${waitfor}" ${log} > /dev/null; then
break
fi
- if tail -30 ${log} | grep "No sockets" ; then
+ if grep "No sockets" ${log} ; then
echo "The ${name} failed to bind to any sockets, another ${name} running ?"
exit 1
fi
- if tail -30 ${log} | grep "bind" | grep "Operation not permitted" ; then
+ if grep "bind" ${log} | grep "Operation not permitted" ; then
echo "The ${name} failed to bind to any sockets, another ${name} running ?"
exit 1
fi
@@ -59,6 +56,10 @@ while true ; do
echo "Waited for $waitsec for the ${name} to start, and it didnt happen"
exit 2
fi
+
+ t=`expr ${t} + 2`
+ sleep 2
+ echo "Have waited $t seconds"
done
exit 0 \ No newline at end of file