blob: 396362f7c63b0f1ea6fcfe0b79d7287fec7fc976 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/bin/sh
#
# Build a Kerberos test realm for MIT Kerberos
#
# This script automates the process of setting up a Kerberos test realm from
# scratch suitable for testing pam-krb5. It is primarily intended to be run
# from inside CI in a VM or container from the top of the wallet source tree,
# and must be run as root. It expects to be operating on the Debian MIT
# Kerberos package.
#
# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
#
# SPDX-License-Identifier: MIT
set -eux
# Install the KDC and user programs.
apt-get install krb5-admin-server krb5-kdc krb5-user
# Install its configuration files.
cp ci/files/mit/kadm5.acl /etc/krb5kdc/kadm5.acl
cp ci/files/mit/kdc.conf /etc/krb5kdc/kdc.conf
cp ci/files/mit/krb5.conf /etc/krb5.conf
# Add domain-realm mappings for the local host, since otherwise Heimdal and
# MIT Kerberos may attempt to discover the realm of the local domain, and the
# DNS server for GitHub Actions has a habit of just not responding and causing
# the test to hang.
cat <<EOF >>/etc/krb5.conf
[domain_realm]
$(hostname -f) = MIT.TEST
EOF
# Create the basic KDC.
kdb5_util create -s -P 'this is a test master database password'
# Create and store the keytab.
kadmin.local -q 'add_principal +requires_preauth -randkey test/wallet@MIT.TEST'
kadmin.local -q 'ktadd -k tests/config/keytab test/wallet@MIT.TEST'
echo 'test/wallet@MIT.TEST' >tests/config/principal
# Create a user principal with a known password.
password="iceedKaicVevjunwiwyd"
kadmin.local -q \
"add_principal +requires_preauth -pw $password testuser@MIT.TEST"
echo 'testuser@MIT.TEST' >tests/config/password
echo "$password" >>tests/config/password
# Copy some of those files to the Perl test suite.
cp tests/config/keytab perl/t/data/test.keytab
cp tests/config/principal perl/t/data/test.principal
echo 'MIT.TEST' >perl/t/data/test.realm
echo 'MIT' >perl/t/data/test.krbtype
# Fix permissions on all the newly-created files.
chmod 644 tests/config/* perl/t/data/test.*
# Restart the MIT Kerberos KDC and services.
systemctl stop krb5-kdc krb5-admin-server
systemctl start krb5-kdc krb5-admin-server
# Ensure that the KDC is running.
for n in $(seq 1 5); do
if echo "$password" | kinit testuser@MIT.TEST; then
break
fi
sleep 1
done
klist
kdestroy
|
