mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-27 12:02:10 -05:00
1d4fbe2511
Four named instances in the "nsupdate" system test have GSS-TSIG support
enabled. All of them currently use "tkey-gssapi-keytab". Configure two
of them with "tkey-gssapi-credential" to test that option.
As "tkey-gssapi-keytab" and "tkey-gssapi-credential" both provide the
same functionality, no test modifications are required. The difference
between the two options is that the value of "tkey-gssapi-keytab" is an
explicit path to the keytab file to acquire credentials from, while the
value of "tkey-gssapi-credential" is the name of the principal whose
credentials should be used; those credentials are looked up in the
keytab file expected by the Kerberos library, i.e. /etc/krb5.keytab by
default. The path to the default keytab file can be overridden using by
setting the KRB5_KTNAME environment variable. Utilize that variable to
use existing keytab files with the "tkey-gssapi-credential" option.
The KRB5_KTNAME environment variable should not interfere with the
"tkey-gssapi-keytab" option. Nevertheless, rename one of the keytab
files used with "tkey-gssapi-keytab" to something else than the contents
of the KRB5_KTNAME environment variable in order to make sure that both
"tkey-gssapi-keytab" and "tkey-gssapi-credential" are actually tested.
(cherry picked from commit 1746d2e84a)
135 lines
3.9 KiB
Bash
135 lines
3.9 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
#
|
|
# Common configuration data for system tests, to be sourced into
|
|
# other shell scripts.
|
|
#
|
|
|
|
# Find the top of the BIND9 tree.
|
|
TOP=@abs_top_builddir@
|
|
TOP_SRCDIR=@abs_top_srcdir@
|
|
|
|
# Provide TMPDIR variable for tests that need it.
|
|
TMPDIR=${TMPDIR:-/tmp}
|
|
|
|
# This is not the windows build.
|
|
CYGWIN=""
|
|
|
|
# Load common values shared between windows and unix/linux.
|
|
. $TOP/bin/tests/system/conf.sh.common
|
|
|
|
ARPANAME=$TOP/bin/tools/arpaname
|
|
CDS=$TOP/bin/dnssec/dnssec-cds
|
|
CHECKCONF=$TOP/bin/check/named-checkconf
|
|
CHECKDS=$TOP/bin/python/dnssec-checkds
|
|
CHECKZONE=$TOP/bin/check/named-checkzone
|
|
COVERAGE=$TOP/bin/python/dnssec-coverage
|
|
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
|
|
DELV=$TOP/bin/delv/delv
|
|
DIG=$TOP/bin/dig/dig
|
|
DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
|
DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
|
|
FEATURETEST=$TOP/bin/tests/system/feature-test
|
|
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
|
HOST=$TOP/bin/dig/host
|
|
IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
|
|
JOURNALPRINT=$TOP/bin/tools/named-journalprint
|
|
KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
|
|
KEYGEN=$TOP/bin/dnssec/dnssec-keygen
|
|
KEYMGR=$TOP/bin/python/dnssec-keymgr
|
|
MDIG=$TOP/bin/tools/mdig
|
|
NAMED=$TOP/bin/named/named
|
|
NSEC3HASH=$TOP/bin/tools/nsec3hash
|
|
NSLOOKUP=$TOP/bin/dig/nslookup
|
|
NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
|
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
|
|
PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
|
|
PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
|
PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
|
RESOLVE=$TOP/bin/tests/system/resolve
|
|
REVOKE=$TOP/bin/dnssec/dnssec-revoke
|
|
RNDC=$TOP/bin/rndc/rndc
|
|
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
|
|
RRCHECKER=$TOP/bin/tools/named-rrchecker
|
|
SETTIME=$TOP/bin/dnssec/dnssec-settime
|
|
SIGNER=$TOP/bin/dnssec/dnssec-signzone
|
|
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
|
|
VERIFY=$TOP/bin/dnssec/dnssec-verify
|
|
WIRETEST=$TOP/bin/tests/wire_test
|
|
|
|
BIGKEY=$TOP/bin/tests/system/rsabigexponent/bigkey
|
|
GENCHECK=$TOP/bin/tests/system/rndc/gencheck
|
|
KEYCREATE=$TOP/bin/tests/system/tkey/keycreate
|
|
KEYDELETE=$TOP/bin/tests/system/tkey/keydelete
|
|
MAKEJOURNAL=$TOP/bin/tests/makejournal
|
|
PIPEQUERIES=$TOP/bin/tests/system/pipelined/pipequeries
|
|
|
|
# we don't want a KRB5_CONFIG setting breaking the tests
|
|
KRB5_CONFIG=/dev/null
|
|
# use local keytab instead of default /etc/krb5.keytab
|
|
KRB5_KTNAME=dns.keytab
|
|
|
|
#
|
|
# Construct the lists of tests to run
|
|
#
|
|
SEQUENTIAL_UNIX="@PKCS11_TEST@"
|
|
SEQUENTIALDIRS="$SEQUENTIAL_COMMON $SEQUENTIAL_UNIX"
|
|
|
|
PARALLEL_UNIX="@CHECKDS@ @COVERAGE@ @DNSTAP@ @KEYMGR@ cookie cpu logfileconfig"
|
|
PARALLELDIRS="$PARALLEL_COMMON $PARALLEL_UNIX"
|
|
|
|
SUBDIRS="$SEQUENTIALDIRS $PARALLELDIRS"
|
|
|
|
|
|
# Things that are different on Windows
|
|
KILL=kill
|
|
DIFF=diff
|
|
DOS2UNIX=true
|
|
# There's no trailing period on Windows
|
|
TP=.
|
|
|
|
# Use the CONFIG_SHELL detected by configure for tests
|
|
SHELL=@SHELL@
|
|
|
|
# CURL will be empty if no program was found by configure
|
|
CURL=@CURL@
|
|
|
|
# XMLLINT will be empty if no program was found by configure
|
|
XMLLINT=@XMLLINT@
|
|
|
|
# XSLTPROC will be empty if no program was found by configure
|
|
XSLTPROC=@XSLTPROC@
|
|
|
|
# PERL will be an empty string if no perl interpreter was found.
|
|
PERL=@PERL@
|
|
|
|
# Windows process management leave empty
|
|
PSSUSPEND=
|
|
|
|
PYTHON=@PYTHON@
|
|
PYTEST=@PYTEST@
|
|
|
|
#
|
|
# Determine if we support various optional features.
|
|
#
|
|
LIBXML2_LIBS="@LIBXML2_LIBS@"
|
|
HAVEXMLSTATS=${LIBXML2_LIBS:+1}
|
|
JSON_C_LIBS="@JSON_C_LIBS@"
|
|
HAVEJSONSTATS=${JSON_C_LIBS:+1}
|
|
MAXMINDDB_LIBS="@MAXMINDDB_LIBS@"
|
|
HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
|
|
ZLIB_LIBS="@ZLIB_LIBS@"
|
|
HAVEZLIB=${ZLIB_LIBS:+1}
|
|
NZD=@NZD_TOOLS@
|
|
CRYPTO=@CRYPTO@
|
|
|
|
export HAVEXMLSTATS HAVEJSONSTATS
|