#!/bin/sh
# 'testauth,v 3.3 1997/12/16 15:06:17 papowell Exp'
USER=${USER:-`whomai`};
SHELL=/bin/sh
SETUPAUTH=/tmp/setupauth
AUTHENTICATE_PGP=/tmp/authenticate_pgp
## Setup:
##  1. copy setupauth executable to /tmp
##  2. copy authenticate_pgp executable to /tmp
##  3. Uncomment the test parts as you need them
## ## Remove comments to the point indicated
## ##  There is an 'exit 0' to stop test
## ## Test 1 - 
## ## show environment variables
## ## shows client and server environment variables
## ##  This makes sure that you have set up the various environment vars
## ${SETUPAUTH} \
##  	"${USER}" "${SHELL} -c 'echo CLIENT; printenv ;'" \
##  	"${USER}" "${SHELL} -c 'echo SERVER; printenv ;'"
## 
## ## end of Test 1
## exit 0;

## ## Test 2 - 
## ## check birectionality of data transfer between client and server
## ##  using the shell redirections
##   ${SETUPAUTH} \
##  	"${USER}" "${SHELL} -c 'echo CLIENT STARTING SENDING 1>&2; echo hi 1>&0;'" \
##  	"${USER}" "${SHELL} -c 'echo SERVER READING; cat ;'" \
##  sleep 3;
##   ${SETUPAUTH} \
##  	"${USER}" "${SHELL} -c 'echo CLIENT STARTING READING; cat '" \
##  	"${USER}" "${SHELL} -c 'echo SERVER SENDING 1>&2; echo hi 1>&0'"
## ## end of Test 2
## exit 0;
 
## ## ## Test 3 - 
## ## standalone test of /usr/authenticate_pgp -D
## ## The -D (debug) option causes it to use a temporary file for
## ## storing information.  This tests the authenticate_pgp shell
## ## script.

## ${AUTHENTICATE_PGP} -D
## exit

## ## ## end of Test 3 

## ## ## Test 4 - 
## ##  check the authenticate pgp operation, using user level authentication
## ## The authenticate_pgp program
## ##  will use the various environment variable values to set up the
## ##  PGP authentication.  You run this test as yourself,  and let the
## ##  authenticate_pgp use your PGP keys to do the authentication
## ## The authenticate_pgp is a shell script - you might want to read
## ##  it and see what it does first.  You can set the -x flag in it
## ##  (#!/bin/sh -x) to have a verbose record of the test.
## ##  You can also use "sh -x ${AUTHENTICATE_PGP}" in the script below
## ##  and turn on extensive debugging, but this can be overwhelming.
## ##
## ## In your ~/.pgp directory you will need the file 'serverkey' and
## ##  clientkey,  each of which should contain your pgpkey.  The
## ##  authenticate_pgp will use serverkey to get the server key and
## ##  clientkey to get the client key if it is not present in the
## ##  environment as PGPKEY.
## 
## ##  After you have run this script as an ordinary user,  run it as
## ##  root and check to see that the right keys/directories are accessed
## 
## ##  What is happening here is that the authenticate_pgp script is being
## ##  invoked with a set of flags that causes it to encrypt the various
## ##  files and then is invoked to decrypt them.  This simulates the
## ##  actions of a user transfering a job/command to the server using
## ##  PGP authentication.  The -C/-S flags sets up the authenticate_pgp
## ##  as a client (user) end or server (lpd) end;  the -n and -R give
## ##  the names of the user and client to be used to look up keys.
## ##  The -T names a temp file that will be used to store information to
## ##  be exchanged.
## ##  The input you enter is effectively the print job or commands to be
## ##  transferred.  When you enter ^D,  the client end takes the entered text,
## ##  encrypts it,  and sends it to the server end.  This decrypts and
## ##  checks it.
## 
## rm -f /tmp/tempc /tmp/temps
## echo Hi $$ >/tmp/tempc
## chmod 777 /tmp/tempc
## echo "When output stops, Enter a line of text, and then a ^D for EOF"; 
## ${SETUPAUTH} \
##  	${USER} "${AUTHENTICATE_PGP} -C -n${USER} -R${USER} -T/tmp/tempc" \
##  	${USER} "${AUTHENTICATE_PGP} -S -n${USER} -R${USER} -T/tmp/temps"
## exit
## ## ## End Test 4 - 
## 

## Test 5 - 
#  simulate server and client,  with server and client different users
#  
#  For the client:
#    KEY is the identifier to be used to look up the pgp server public key
#      in the user's key ring
#  For the server:
#    DAEMON is the server 'user name' that the server end of the
#     authentication runs as.
#  The client end will look up KEY in its public key ring,  and
#     encrypt the message, sending it to the server
#  The server will run as DAEMON,  and get its private key from the
#     DAEMON's home directory .pgp/* files or the specified
#     file passed on the authenticate_pgp command line
#     It will then look up the user's public key in its private keys.
#  You can test out DAEMON's authentication setup in this manner.
#  This test must run on the server host, and as root as it does
#     various setuid() operations.
#
#  You usually set up the server key as daemon_host, i.e. -
KEY=daemon_astart4
#  DAEMON is the userid which LPD runs on.
DAEMON=daemon
echo "USER ($USER) needs public key for KEY '$KEY'"
echo "DAEMON ($DAEMON) needs public key for user ($USER)"


rm -f /tmp/tempc /tmp/temps
echo Hi $$ >/tmp/tempc
chmod 777 /tmp/tempc
echo "When output stops, Enter a line of text, and then a ^D for EOF"; 
${SETUPAUTH} \
	${USER} "${AUTHENTICATE_PGP} -C -n${USER} -R${KEY} -T/tmp/tempc" \
	${DAEMON} "${AUTHENTICATE_PGP} -S -n${USER} -R${KEY} -T/tmp/temps"
rm -f /tmp/tempc /tmp/temps
