# Shell function library to initialize Kerberos credentials
#
# Note that while many of the functions in this library could benefit from
# using "local" to avoid possibly hammering global variables, Solaris /bin/sh
# doesn't support local and this library aspires to be portable to Solaris
# Bourne shell.  Instead, all private variables are prefixed with "tap_".
#
# The canonical version of this file is maintained in the rra-c-util package,
# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2009, 2010, 2011, 2012
#     The Board of Trustees of the Leland Stanford Junior University
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.

# We use test_tmpdir.
. "${SOURCE}/tap/libtap.sh"

# Set up Kerberos, including the ticket cache environment variable.  Bail out
# if not successful, return 0 if successful, and return 1 if Kerberos is not
# configured.  Sets the global principal variable to the principal to use.
kerberos_setup () {
    tap_keytab=`test_file_path config/keytab`
    principal=`test_file_path config/principal`
    principal=`cat "$principal" 2>/dev/null`
    if [ -z "$tap_keytab" ] || [ -z "$principal" ] ; then
        return 1
    fi
    KRB5CCNAME=`test_tmpdir`/krb5cc_test; export KRB5CCNAME
    kinit --no-afslog -k -t "$tap_keytab" "$principal" >/dev/null </dev/null
    status=$?
    if [ $status != 0 ] ; then
        kinit -k -t "$tap_keytab" "$principal" >/dev/null </dev/null
        status=$?
    fi
    if [ $status != 0 ] ; then
        kinit -t "$tap_keytab" "$principal" >/dev/null </dev/null
        status=$?
    fi
    if [ $status != 0 ] ; then
        kinit -k -K "$tap_keytab" "$principal" >/dev/null </dev/null
        status=$?
    fi
    if [ $status != 0 ] ; then
        bail "Can't get Kerberos tickets"
    fi
    return 0
}

# Clean up at the end of a test.  Currently only removes the ticket cache.
kerberos_cleanup () {
    tap_tmp=`test_tmpdir`
    rm -f "$tap_tmp"/krb5cc_test
}

# List the contents of a keytab with enctypes and keys.  This adjusts for the
# difference between MIT Kerberos (which uses klist) and Heimdal (which uses
# ktutil).  Be careful to try klist first, since the ktutil on MIT Kerberos
# may just hang.  Takes the keytab to list and the file into which to save the
# output, and strips off the header containing the file name.
ktutil_list () {
    tap_tmp=`test_tmpdir`
    if klist -keK "$1" > "$tap_tmp"/ktutil-tmp 2>/dev/null ; then
        :
    else
        ktutil -k "$1" list --keys > "$tap_tmp"/ktutil-tmp </dev/null \
            2>/dev/null
    fi
    sed -e '/Keytab name:/d' -e "/^[^ ]*:/d" "$tap_tmp"/ktutil-tmp > "$2"
    rm -f "$tap_tmp"/ktutil-tmp
}