5 Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH
19 incdir
=`dirname $0`/..
/..
/..
/testprogs
/blackbox
22 SID
=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1`
23 BADSID
=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
27 test_plaintext_check_output_stdout
()
29 tmpfile
=$PREFIX/ntlm_commands
32 $DOMAIN/$USERNAME $PASSWORD
34 cmd
='$NTLM_AUTH "$@" --require-membership-of=$SID --helper-protocol=squid-2.5-basic < $tmpfile 2>&1'
40 if [ $ret != 0 ] ; then
47 echo "$out" |
grep "OK" >/dev
/null
2>&1
50 # authenticated .. succeed
53 echo failed to get successful authentication
58 test_plaintext_check_output_fail
()
60 tmpfile
=$PREFIX/ntlm_commands
63 $DOMAIN\\$USERNAME $PASSWORD
65 cmd
='$NTLM_AUTH "$@" --require-membership-of=$BADSID --helper-protocol=squid-2.5-basic < $tmpfile 2>&1'
71 if [ $ret != 0 ] ; then
78 echo "$out" |
grep "ERR" >/dev
/null
2>&1
81 # failed to authenticate .. success
84 echo "incorrectly gave a successful authentication"
89 test_ntlm_server_1_check_output
()
91 tmpfile
=$PREFIX/ntlm_commands
94 LANMAN-Challenge: 0123456789abcdef
95 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
98 Request-User-Session-Key: Yes
101 cmd
='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01< $tmpfile 2>&1'
107 if [ $ret != 0 ] ; then
109 echo "command failed"
114 echo "$out" |
grep "User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4" >/dev
/null
2>&1
117 # authenticated .. succeed
120 echo failed to get successful authentication
125 test_ntlm_server_1_check_output_fail
()
127 tmpfile
=$PREFIX/ntlm_commands
129 # Break the password with a leading A on the challenge
131 LANMAN-Challenge: A123456789abcdef
132 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
135 Request-User-Session-Key: Yes
138 cmd
='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01 < $tmpfile 2>&1'
144 if [ $ret != 0 ] ; then
146 echo "command failed"
151 echo "$out" |
grep "Authenticated: No" >/dev
/null
2>&1
154 # failed to authenticate .. success
157 echo "incorrectly gave a successful authentication"
162 test_ntlm_server_1_check_winbind_output
()
164 tmpfile
=$PREFIX/ntlm_commands
166 # This isn't the correct password
171 Request-User-Session-Key: Yes
174 cmd
='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$SID < $tmpfile 2>&1'
180 if [ $ret != 0 ] ; then
182 echo "command failed"
187 echo "$out" |
grep "Authenticated: Yes" >/dev
/null
2>&1
190 # authenticated .. success
193 echo "Failed to authenticate the user or match with SID $SID"
198 test_ntlm_server_1_check_winbind_output_wrong_sid
()
200 tmpfile
=$PREFIX/ntlm_commands
202 # This isn't the correct password
207 Request-User-Session-Key: Yes
210 cmd
='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$BADSID < $tmpfile 2>&1'
216 if [ $ret != 0 ] ; then
218 echo "command failed"
223 echo "$out" |
grep "Authenticated: No" >/dev
/null
2>&1
226 # failed to authenticate .. success
229 echo "incorrectly gave a successful authentication"
234 test_ntlm_server_1_check_winbind_output_fail
()
236 tmpfile
=$PREFIX/ntlm_commands
238 # This isn't the correct password
240 LANMAN-Challenge: 0123456789abcdef
241 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
244 Request-User-Session-Key: Yes
247 cmd
='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 < $tmpfile 2>&1'
253 if [ $ret != 0 ] ; then
255 echo "command failed"
260 echo "$out" |
grep "Authenticated: No" >/dev
/null
2>&1
263 # failed to authenticate .. success
266 echo "incorrectly gave a successful authentication"
271 testit
"ntlm_auth" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH $ADDARGS || failed
=`expr $failed + 1`
272 # This should work even with NTLMv2
273 testit
"ntlm_auth with specified domain" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH $ADDARGS --client-domain=fOo
--server-domain=fOo || failed
=`expr $failed + 1`
274 testit
"ntlm_auth against winbindd" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS || failed
=`expr $failed + 1`
275 testit
"ntlm_auth with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH $ADDARGS --client-domain=fOo
--server-domain=fOo
--client-helper=ntlmssp-client-1
--server-helper=gss-spnego || failed
=`expr $failed + 1`
276 testit
"ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH $ADDARGS --client-domain=fOo
--server-domain=fOo
--client-helper=gss-spnego-client
--server-helper=gss-spnego || failed
=`expr $failed + 1`
277 testit
"ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client
--server-helper=gss-spnego
$ADDARGS || failed
=`expr $failed + 1`
279 testit
"wbinfo store cached credentials" $BINDIR/wbinfo
--ccache-save=$DOMAIN/$USERNAME%$PASSWORD || failed
=`expr $failed + 1`
280 testit
"ntlm_auth ccached credentials with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH $ADDARGS --client-username=$USERNAME --client-domain=$DOMAIN --client-use-cached-creds --client-helper=ntlmssp-client-1
--server-helper=gss-spnego
--server-use-winbindd || failed
=`expr $failed + 1`
282 testit
"ntlm_auth against winbindd with require-membership-of" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$SID || failed
=`expr $failed + 1`
283 testit
"ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with require-membership-of" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client
--server-helper=gss-spnego
$ADDARGS --require-membership-of=$SID || failed
=`expr $failed + 1`
285 testit_expect_failure
"ntlm_auth against winbindd with failed require-membership-of" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$BADSID && failed
=`expr $failed + 1`
286 testit_expect_failure
"ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of" $PYTHON $SRC3DIR/torture
/test_ntlm_auth.py
$NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client
--server-helper=gss-spnego
$ADDARGS --require-membership-of=$BADSID && failed
=`expr $failed + 1`
288 testit
"ntlm_auth plaintext authentication with require-membership-of" test_plaintext_check_output_stdout || failed
=`expr $failed + 1`
289 testit
"ntlm_auth plaintext authentication with failed require-membership-of" test_plaintext_check_output_fail || failed
=`expr $failed + 1`
291 testit
"ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed
=`expr $failed + 1`
292 testit
"ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed
=`expr $failed + 1`
293 testit
"ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed
=`expr $failed + 1`
294 testit
"ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed
=`expr $failed + 1`
295 testit
"ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed
=`expr $failed + 1`