search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:kdc: Implement KDC plugin hardware authentication policy
[Samba.git] / wintest / test-s3.py
blob1c5142bea56fc874ff64fa805898d7cd3c5cf38d
1 #!/usr/bin/env python3
2
3 '''automated testing of Samba3 against windows'''
4
5 import wintest
6
7
8 def set_libpath(t):
9 t.putenv("LD_LIBRARY_PATH", "${PREFIX}/lib")
10
11
12 def set_krb5_conf(t):
13 t.run_cmd("mkdir -p ${PREFIX}/etc")
14 t.write_file("${PREFIX}/etc/krb5.conf",
15 '''[libdefaults]
16 dns_lookup_realm = false
17 dns_lookup_kdc = true''')
18
19 t.putenv("KRB5_CONFIG", '${PREFIX}/etc/krb5.conf')
20
21
22 def build_s3(t):
23 '''build samba3'''
24 t.info('Building s3')
25 t.chdir('${SOURCETREE}/source3')
26 t.putenv('CC', 'ccache gcc')
27 t.run_cmd("./autogen.sh")
28 t.run_cmd("./configure -C --prefix=${PREFIX} --enable-developer")
29 t.run_cmd('make basics')
30 t.run_cmd('make -j4')
31 t.run_cmd('rm -rf ${PREFIX}')
32 t.run_cmd('make install')
33
34
35 def start_s3(t):
36 t.info('Starting Samba3')
37 t.chdir("${PREFIX}")
38 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
39 t.run_cmd("rm -f var/locks/*.pid")
40 t.run_cmd(['sbin/nmbd', "-D"])
41 t.run_cmd(['sbin/winbindd', "-D"])
42 t.run_cmd(['sbin/smbd', "-D"])
43 t.port_wait("${INTERFACE_IP}", 139)
44
45
46 def test_wbinfo(t):
47 t.info('Testing wbinfo')
48 t.chdir('${PREFIX}')
49 t.cmd_contains("bin/wbinfo --version", ["Version 4."])
50 t.cmd_contains("bin/wbinfo -p", ["Ping to winbindd succeeded"])
51 t.retry_cmd("bin/wbinfo --online-status",
52 ["BUILTIN : online",
53 "${HOSTNAME} : online",
54 "${WIN_DOMAIN} : online"],
55 casefold=True)
56 t.cmd_contains("bin/wbinfo -u",
57 ["${WIN_DOMAIN}/administrator",
58 "${WIN_DOMAIN}/krbtgt"],
59 casefold=True)
60 t.cmd_contains("bin/wbinfo -g",
61 ["${WIN_DOMAIN}/domain users",
62 "${WIN_DOMAIN}/domain guests",
63 "${WIN_DOMAIN}/domain admins"],
64 casefold=True)
65 t.cmd_contains("bin/wbinfo --name-to-sid administrator",
66 "S-1-5-.*-500 SID_USER .1",
67 regex=True)
68 t.cmd_contains("bin/wbinfo --name-to-sid 'domain users'",
69 "S-1-5-.*-513 SID_DOM_GROUP .2",
70 regex=True)
71
72 t.retry_cmd("bin/wbinfo --authenticate=${WIN_DOMAIN}/administrator%${WIN_PASS}",
73 ["plaintext password authentication succeeded",
74 "challenge/response password authentication succeeded"])
75
76 t.retry_cmd("bin/wbinfo --krb5auth=${WIN_DOMAIN}/administrator%${WIN_PASS}",
77 ["succeeded"])
78
79
80 def test_smbclient(t):
81 t.info('Testing smbclient')
82 smbclient = t.getvar("smbclient")
83 t.chdir('${PREFIX}')
84 t.cmd_contains("%s --version" % (smbclient), ["Version 4."])
85 t.cmd_contains('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["Domain=[${WIN_DOMAIN}]", "test", "IPC$", "Samba 4."],
86 casefold=True)
87 child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2}' % (smbclient))
88 child.expect("smb:")
89 child.sendline("dir")
90 child.expect("blocks available")
91 child.sendline("mkdir testdir")
92 child.expect("smb:")
93 child.sendline("cd testdir")
94 child.expect('testdir')
95 child.sendline("cd ..")
96 child.sendline("rmdir testdir")
97
98 child = t.pexpect_spawn('%s //${HOSTNAME}.${WIN_REALM}/test -Uroot@${WIN_REALM}%%${PASSWORD2} -k' % (smbclient))
99 child.expect("smb:")
100 child.sendline("dir")
101 child.expect("blocks available")
102 child.sendline("mkdir testdir")
103 child.expect("smb:")
104 child.sendline("cd testdir")
105 child.expect('testdir')
106 child.sendline("cd ..")
107 child.sendline("rmdir testdir")
108
109
110 def create_shares(t):
111 t.info("Adding test shares")
112 t.chdir('${PREFIX}')
113 t.write_file("etc/smb.conf", '''
114 [test]
115 path = ${PREFIX}/test
116 read only = no
117 ''',
118 mode='a')
119 t.run_cmd("mkdir -p test")
120
121
122 def prep_join_as_member(t, vm):
123 '''prepare to join a windows domain as a member server'''
124 t.setwinvars(vm)
125 t.info("Starting VMs for joining ${WIN_VM} as a member using net ads join")
126 t.chdir('${PREFIX}')
127 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
128 t.vm_poweroff("${WIN_VM}", checkfail=False)
129 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
130 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
131 t.get_ipconfig(child)
132 t.del_files(["var", "private"])
133 t.write_file("etc/smb.conf", '''
134 [global]
135 netbios name = ${HOSTNAME}
136 log level = ${DEBUGLEVEL}
137 realm = ${WIN_REALM}
138 workgroup = ${WIN_DOMAIN}
139 security = ADS
140 bind interfaces only = yes
141 interfaces = ${INTERFACE}
142 winbind separator = /
143 idmap uid = 1000000-2000000
144 idmap gid = 1000000-2000000
145 winbind enum users = yes
146 winbind enum groups = yes
147 max protocol = SMB2
148 map hidden = no
149 map system = no
150 ea support = yes
151 panic action = xterm -e gdb --pid %d
152 ''')
153
154
155 def join_as_member(t, vm):
156 '''join a windows domain as a member server'''
157 t.setwinvars(vm)
158 t.info("Joining ${WIN_VM} as a member using net ads join")
159 t.port_wait("${WIN_IP}", 389)
160 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
161 t.cmd_contains("bin/net ads join -Uadministrator%${WIN_PASS}", ["Joined"])
162 t.cmd_contains("bin/net ads testjoin", ["Join is OK"])
163 t.cmd_contains("bin/net ads dns register ${HOSTNAME}.${WIN_REALM} -P", ["Successfully registered hostname with DNS"])
164 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}",
165 ['${HOSTNAME}.${WIN_REALM} has address'])
166
167
168 def create_root_account(t, vm):
169 t.setwinvars(vm)
170 t.info("Creating 'root' account for testing Samba3 member server")
171 t.chdir('${PREFIX}')
172 t.run_cmd('bin/net ads user add root -Uadministrator%${WIN_PASS}')
173 child = t.pexpect_spawn('bin/net ads password root -Uadministrator%${WIN_PASS}')
174 child.expect("Enter new password for root")
175 child.sendline("${PASSWORD2}")
176 child.expect("Password change for ")
177 child.expect(" completed")
178 child = t.pexpect_spawn('bin/net rpc shell -S ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}')
179 child.expect("net rpc>")
180 child.sendline("user edit disabled root no")
181 child.expect("Set root's disabled flag")
182
183
184 def test_join_as_member(t, vm):
185 '''test the domain join'''
186 t.setwinvars(vm)
187 t.info('Testing join as member')
188 t.chdir('${PREFIX}')
189 test_wbinfo(t)
190 test_smbclient(t)
191
192
193 def test_s3(t):
194 '''basic s3 testing'''
195
196 t.setvar("SAMBA_VERSION", "Version 4")
197 t.setvar("smbclient", "bin/smbclient")
198 t.check_prerequesites()
199 set_libpath(t)
200
201 if not t.skip("configure_bind"):
202 t.configure_bind()
203 if not t.skip("stop_bind"):
204 t.stop_bind()
205 if not t.skip("stop_vms"):
206 t.stop_vms()
207
208 if not t.skip("build"):
209 build_s3(t)
210
211 set_krb5_conf(t)
212 if not t.skip("configure_bind2"):
213 t.configure_bind()
214 if not t.skip("start_bind"):
215 t.start_bind()
216
217 dc_started = False
218 if t.have_var('W2K8R2A_VM') and not t.skip("join_w2k8r2"):
219 t.start_winvm('W2K8R2A')
220 dc_started = True
221 prep_join_as_member(t, "W2K8R2A")
222 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
223 join_as_member(t, "W2K8R2A")
224 create_shares(t)
225 start_s3(t)
226 create_root_account(t, "W2K8R2A")
227 test_join_as_member(t, "W2K8R2A")
228
229 if t.have_var('WINDOWS7_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_windows7_2008r2"):
230 if not dc_started:
231 t.start_winvm('W2K8R2A')
232 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
233 dc_started = True
234 else:
235 t.setwinvars('W2K8R2A')
236 realm = t.getvar("WIN_REALM")
237 dom_username = t.getvar("WIN_USER")
238 dom_password = t.getvar("WIN_PASS")
239 dom_realm = t.getvar("WIN_REALM")
240 t.start_winvm('WINDOWS7')
241 t.test_remote_smbclient("WINDOWS7")
242 t.run_winjoin('WINDOWS7', realm, username=dom_username, password=dom_password)
243 t.test_remote_smbclient("WINDOWS7", dom_username, dom_password)
244 t.test_remote_smbclient('WINDOWS7', dom_username, dom_password, args='--option=clientntlmv2auth=no')
245 t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
246 t.test_remote_smbclient('WINDOWS7', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --option=clientusespnegoprincipal=yes")
247 t.test_net_use('WINDOWS7', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
248
249 if t.have_var('WINXP_VM') and t.have_var('W2K8R2A_VM') and not t.skip("join_winxp_2008r2"):
250 if not dc_started:
251 t.start_winvm('W2K8R2A')
252 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
253 dc_started = True
254 else:
255 t.setwinvars('W2K8R2A')
256 realm = t.getvar("WIN_REALM")
257 dom_username = t.getvar("WIN_USER")
258 dom_password = t.getvar("WIN_PASS")
259 dom_realm = t.getvar("WIN_REALM")
260 t.start_winvm('WINXP')
261 t.run_winjoin('WINXP', realm, username=dom_username, password=dom_password)
262 t.test_remote_smbclient('WINXP', dom_username, dom_password)
263 t.test_remote_smbclient('WINXP', dom_username, dom_password, args='--option=clientntlmv2auth=no')
264 t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k")
265 t.test_remote_smbclient('WINXP', "%s@%s" % (dom_username, dom_realm), dom_password, args="-k --clientusespnegoprincipal=yes")
266 t.test_net_use('WINXP', dom_realm, t.getvar("W2K8R2A_DOMAIN"), 'root', '${PASSWORD2}')
267
268 t.info("S3 test: All OK")
269
270
271 def test_cleanup(t):
272 '''cleanup after tests'''
273 t.info("Cleaning up ...")
274 t.restore_resolv_conf()
275 if getattr(t, 'bind_child', False):
276 t.bind_child.kill()
277
278
279 if __name__ == '__main__':
280 t = wintest.wintest()
281
282 t.setup("test-s3.py", "source3")
283
284 try:
285 test_s3(t)
286 except:
287 if not t.opts.nocleanup:
288 test_cleanup(t)
289 raise
290
291 if not t.opts.nocleanup:
292 test_cleanup(t)
293 t.info("S3 test: All OK")
Samba GIT mirror