2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
23 . $
(dirname $0)/subunit.sh
24 . $
(dirname $0)/common_test_fns.inc
26 samba_bindir
="$BINDIR"
27 samba_rpcclient
="$samba_bindir/rpcclient"
28 samba_smbclient
="$samba_bindir/smbclient"
29 samba_smbtorture
="$samba_bindir/smbtorture"
32 if test -x ${samba_bindir}/samba4kinit
; then
33 samba_kinit
=${samba_bindir}/samba4kinit
36 samba_kdestroy
=kdestroy
37 if test -x ${samba_bindir}/samba4kdestroy
; then
38 samba_kinit
=${samba_bindir}/samba4kdestroy
41 test_rpc_getusername
() {
45 if [ $ret -ne 0 ] ; then
46 echo "Failed to connect! Error: $ret"
51 echo "$out" |
grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
53 if [ $ret -ne 0 ] ; then
54 echo "Incorrect account/authority name! Error: $ret"
66 if [ $ret -ne 0 ] ; then
67 echo "Failed to connect! Error: $ret"
74 test_smbclient_kerberos
() {
78 if [ $ret -ne 0 ] ; then
79 echo "Failed to connect! Error: $ret"
84 echo "$out" |
grep "Doing init for" >/dev
/null
2>&1
86 if [ $ret -eq 0 ] ; then
87 echo "Kinit failed for smbclient"
95 KRB5CCNAME_PATH
="$PREFIX/ccache_client_kerberos"
96 KRB5CCNAME
="FILE:$KRB5CCNAME_PATH"
99 ### RPCCLIENT (legacy)
100 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
101 testit
"test rpcclient legacy ntlm" \
102 test_rpc_getusername || \
103 failed
=$
(expr $failed + 1)
105 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
106 testit
"test rpcclient legacy ntlm interactive" \
107 test_rpc_getusername || \
108 failed
=$
(expr $failed + 1)
110 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
111 testit
"test rpcclient legacy ntlm interactive with -U" \
112 test_rpc_getusername || \
113 failed
=$
(expr $failed + 1)
115 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
116 testit
"test rpcclient legacy kerberos" \
117 test_rpc_getusername || \
118 failed
=$
(expr $failed + 1)
120 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
121 testit_expect_failure
"test rpcclient legacy kerberos interactive (negative test)" \
122 test_rpc_getusername || \
123 failed
=$
(expr $failed + 1)
125 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
126 cmd
='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
127 testit
"test rpcclient legacy kerberos ccache" \
128 test_rpc_getusername || \
129 failed
=$
(expr $failed + 1)
133 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
134 testit
"test rpcclient ntlm" \
135 test_rpc_getusername || \
136 failed
=$
(expr $failed + 1)
138 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
139 testit
"test rpcclient ntlm interactive" \
140 test_rpc_getusername || \
141 failed
=$
(expr $failed + 1)
143 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
144 testit
"test rpcclient ntlm interactive with -U" \
145 test_rpc_getusername || \
146 failed
=$
(expr $failed + 1)
148 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
149 testit
"test rpcclient kerberos" \
150 test_rpc_getusername || \
151 failed
=$
(expr $failed + 1)
153 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
154 testit_expect_failure
"test rpcclient kerberos interactive (negative test)" \
155 test_rpc_getusername || \
156 failed
=$
(expr $failed + 1)
158 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
159 cmd
='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
160 testit
"test rpcclient kerberos ccache" \
161 test_rpc_getusername || \
162 failed
=$
(expr $failed + 1)
165 ### SMBTORTURE (legacy)
167 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
168 testit
"test smbtorture legacy default" \
169 test_rpc_getusername || \
170 failed
=$
(expr $failed + 1)
172 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
173 testit
"test smbtorture legacy ntlm (kerberos=no)" \
174 test_rpc_getusername || \
175 failed
=$
(expr $failed + 1)
177 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
178 testit
"test smbtorture legacy kerberos=yes" \
179 test_rpc_getusername || \
180 failed
=$
(expr $failed + 1)
182 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
183 cmd
='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
184 testit
"test smbtorture legacy kerberos=yes ccache" \
185 test_rpc_getusername || \
186 failed
=$
(expr $failed + 1)
189 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
190 cmd
='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
191 testit_expect_failure
"test smbtorture legacy kerberos=no ccache (negative test)" \
192 test_rpc_getusername || \
193 failed
=$
(expr $failed + 1)
198 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
199 testit
"test smbtorture default" \
200 test_rpc_getusername || \
201 failed
=$
(expr $failed + 1)
203 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
204 testit
"test smbtorture ntlm (kerberos=no)" \
205 test_rpc_getusername || \
206 failed
=$
(expr $failed + 1)
208 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
209 testit
"test smbtorture kerberos=yes" \
210 test_rpc_getusername || \
211 failed
=$
(expr $failed + 1)
213 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
214 cmd
='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
215 testit
"test smbtorture kerberos=yes ccache" \
216 test_rpc_getusername || \
217 failed
=$
(expr $failed + 1)
220 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
221 cmd
='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
222 testit_expect_failure
"test smbtorture kerberos=no ccache (negative test)" \
223 test_rpc_getusername || \
224 failed
=$
(expr $failed + 1)
227 ### SMBCLIENT (legacy)
228 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
229 testit
"test smbclient legacy ntlm" \
231 failed
=$
(expr $failed + 1)
233 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
234 testit
"test smbclient legacy ntlm interactive" \
236 failed
=$
(expr $failed + 1)
238 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
239 testit
"test smbclient legacy ntlm interactive with -U" \
241 failed
=$
(expr $failed + 1)
243 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
244 testit
"test smbclient legacy kerberos" \
246 failed
=$
(expr $failed + 1)
248 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
249 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
250 testit
"test smbclient legacy kerberos ccache" \
252 failed
=$
(expr $failed + 1)
255 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
256 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
257 testit
"test smbclient ntlm" \
259 failed
=$
(expr $failed + 1)
261 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
262 testit
"test smbclient ntlm interactive" \
264 failed
=$
(expr $failed + 1)
266 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
267 testit
"test smbclient ntlm interactive with -U" \
269 failed
=$
(expr $failed + 1)
271 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
272 testit
"test smbclient kerberos=desired" \
273 test_smbclient_kerberos || \
274 failed
=$
(expr $failed + 1)
276 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
277 testit
"test smbclient kerberos=required" \
278 test_smbclient_kerberos || \
279 failed
=$
(expr $failed + 1)
281 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
282 cmd
='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
283 testit
"test smbclient kerberos=required ccache" \
285 failed
=$
(expr $failed + 1)
288 rm -rf $KRB5CCNAME_PATH