search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
talloc_stack: Call talloc destructors while frame is still around
[Samba.git] / testprogs / blackbox / test_export_keytab_mit.sh
blobb972cd8f1c4e61e9c6c212c7268fe846375f7147
1 #!/bin/sh
2 #
3 # Blackbox tests for an exported keytab with kinit
4 #
5 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
6 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
7 # Copyright (C) 2016 Andreas Schneider <asn@cryptomilk.org>
8
9 if [ $# -lt 5 ]; then
10 cat <<EOF
11 Usage: test_extract_keytab.sh SERVER USERNAME REALM DOMAIN PREFIX SMBCLIENT
12 EOF
13 exit 1;
14 fi
15
16 SERVER=$1
17 USERNAME=$2
18 REALM=$3
19 DOMAIN=$4
20 PREFIX=$5
21 smbclient=$6
22 shift 6
23 failed=0
24
25 samba_bindir="$BINDIR"
26 samba_tool="$samba_bindir/samba-tool"
27 samba_newuser="$samba_tool user create"
28 samba_texpect="$samba_bindir/texpect"
29 samba_ktutil="$BINDIR/samba4ktutil"
30
31 samba_kinit=kinit
32 samba_kdestroy=kdestroy
33
34 SERVER_FQDN="$SERVER.$(echo $REALM | tr '[:upper:]' '[:lower:]')"
35
36 source `dirname $0`/subunit.sh
37
38 test_smbclient() {
39 name="$1"
40 cmd="$2"
41 shift
42 shift
43 echo "test: $name"
44 $VALGRIND $smbclient //$SERVER/tmp -c "$cmd" $@
45 status=$?
46 if [ x$status = x0 ]; then
47 echo "success: $name"
48 else
49 echo "failure: $name"
50 fi
51 return $status
52 }
53
54 test_keytab() {
55 testname="$1"
56 keytab="$2"
57 principal="$3"
58 expected_nkeys="$4"
59
60 echo "test: $testname"
61
62 NKEYS=$($VALGRIND $samba_ktutil $keytab | grep -i "$principal" | egrep -c "DES|AES|ArcFour")
63 status=$?
64 if [ x$status != x0 ]; then
65 echo "failure: $testname"
66 return $status
67 fi
68
69 if [ x$NKEYS != x$expected_nkeys ] ; then
70 echo "failure: $testname"
71 return 1
72 fi
73 echo "success: $testname"
74 return 0
75 }
76
77 TEST_USER=nettestuser
78 TEST_PASSWORD=testPaSS@01%
79
80 testit "create local user $TEST_USER" $VALGRIND $samba_newuser $TEST_USER $TEST_PASSWORD $@ || failed=`expr $failed + 1`
81
82 testit "dump keytab from domain" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-all $@ || failed=`expr $failed + 1`
83 test_keytab "read keytab from domain" "$PREFIX/tmpkeytab-all" "$SERVER\\\$" 5
84
85 testit "dump keytab from domain (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-all $@ || failed=`expr $failed + 1`
86 test_keytab "read keytab from domain (2nd time)" "$PREFIX/tmpkeytab-all" "$SERVER\\\$" 5
87
88 testit "dump keytab from domain for cifs service principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER_FQDN $@ || failed=`expr $failed + 1`
89 test_keytab "read keytab from domain for cifs service principal" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
90 testit "dump keytab from domain for cifs service principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER_FQDN $@ || failed=`expr $failed + 1`
91 test_keytab "read keytab from domain for cifs service principal (2nd time)" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
92
93 testit "dump keytab from domain for user principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-user-princ --principal=$TEST_USER $@ || failed=`expr $failed + 1`
94 test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-user-princ" "$TEST_USER@$REALM" 5
95 testit "dump keytab from domain for user principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-user-princ --principal=$TEST_USER@$REALM $@ || failed=`expr $failed + 1`
96 test_keytab "dump keytab from domain for user principal (2nd time)" "$PREFIX/tmpkeytab-user-princ" "$TEST_USER@$REALM" 5
97
98 KRB5CCNAME="$PREFIX/tmpuserccache"
99 export KRB5CCNAME
100
101 testit "kinit with keytab as user" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $TEST_USER@$REALM || failed=`expr $failed + 1`
102 test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
103 $samba_kdestroy
104
105 testit "kinit with keytab as user (one princ)" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-user-princ $TEST_USER@$REALM || failed=`expr $failed + 1`
106 test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' -k yes || failed=`expr $failed + 1`
107 $samba_kdestroy
108
109 KRB5CCNAME="$PREFIX/tmpadminccache"
110 export KRB5CCNAME
111
112 testit "kinit with keytab as $USERNAME" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $USERNAME@$REALM || failed=`expr $failed + 1`
113
114 KRB5CCNAME="$PREFIX/tmpserverccache"
115 export KRB5CCNAME
116 echo "$samba_kinit -k -t $PREFIX/tmpkeytab-server cifs/$SERVER_FQDN"
117 testit "kinit with SPN from keytab" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-server cifs/$SERVER_FQDN || failed=`expr $failed + 1`
118
119 exit 0
120
121 # cleanup
122 testit "delete user $TEST_USER" $VALGRIND $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
123
124 $samba_kdestroy
125 rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-server
126
127 exit $failed
Samba GIT mirror