search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2020-25718 tests/krb5: Fix indentation
[Samba.git] / testprogs / blackbox / test_client_kerberos.sh
blob8b9d846d0f7ceabf195ed2cc84a0ecdac7cc3235
1 #!/bin/sh
2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
4
5 if [ $# -lt 6 ]; then
6 cat <<EOF
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
8 EOF
9 exit 1;
10 fi
11
12 DOMAIN=$1
13 REALM=$2
14 USERNAME=$3
15 PASSWORD=$4
16 SERVER=$5
17 PREFIX=$6
18 CONFIGURATION=$7
19 shift 7
20
21 failed=0
22
23 . $(dirname $0)/subunit.sh
24 . $(dirname $0)/common_test_fns.inc
25
26 samba_bindir="$BINDIR"
27 samba_rpcclient="$samba_bindir/rpcclient"
28 samba_smbclient="$samba_bindir/smbclient"
29 samba_smbtorture="$samba_bindir/smbtorture"
30
31 samba_kinit=kinit
32 if test -x ${samba_bindir}/samba4kinit; then
33 samba_kinit=${samba_bindir}/samba4kinit
34 fi
35
36 samba_kdestroy=kdestroy
37 if test -x ${samba_bindir}/samba4kdestroy; then
38 samba_kinit=${samba_bindir}/samba4kdestroy
39 fi
40
41 test_rpc_getusername() {
42 eval echo "$cmd"
43 out=$(eval $cmd)
44 ret=$?
45 if [ $ret -ne 0 ] ; then
46 echo "Failed to connect! Error: $ret"
47 echo "$out"
48 return 1
49 fi
50
51 echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
52 ret=$?
53 if [ $ret -ne 0 ] ; then
54 echo "Incorrect account/authority name! Error: $ret"
55 echo "$out"
56 return 1
57 fi
58
59 return 0
60 }
61
62 test_smbclient() {
63 eval echo "$cmd"
64 out=$(eval $cmd)
65 ret=$?
66 if [ $ret -ne 0 ] ; then
67 echo "Failed to connect! Error: $ret"
68 echo "$out"
69 fi
70
71 return $ret
72 }
73
74 test_smbclient_kerberos() {
75 eval echo "$cmd -d5"
76 out=$(eval $cmd)
77 ret=$?
78 if [ $ret -ne 0 ] ; then
79 echo "Failed to connect! Error: $ret"
80 echo "$out"
81 return 1
82 fi
83
84 echo "$out" | grep "Doing init for" >/dev/null 2>&1
85 ret=$?
86 if [ $ret -eq 0 ] ; then
87 echo "Kinit failed for smbclient"
88 echo "$out"
89 return 1
90 fi
91
92 return 0
93 }
94
95 KRB5CCNAME_PATH="$PREFIX/ccache_client_kerberos"
96 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
97 export KRB5CCNAME
98
99 ### RPCCLIENT (legacy)
100 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
101 testit "test rpcclient legacy ntlm" \
102 test_rpc_getusername || \
103 failed=$(expr $failed + 1)
104
105 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
106 testit "test rpcclient legacy ntlm interactive" \
107 test_rpc_getusername || \
108 failed=$(expr $failed + 1)
109
110 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
111 testit "test rpcclient legacy ntlm interactive with -U" \
112 test_rpc_getusername || \
113 failed=$(expr $failed + 1)
114
115 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
116 testit "test rpcclient legacy kerberos" \
117 test_rpc_getusername || \
118 failed=$(expr $failed + 1)
119
120 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
121 testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \
122 test_rpc_getusername || \
123 failed=$(expr $failed + 1)
124
125 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
126 cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
127 testit "test rpcclient legacy kerberos ccache" \
128 test_rpc_getusername || \
129 failed=$(expr $failed + 1)
130 $samba_kdestroy
131
132 ### RPCCLIENT
133 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
134 testit "test rpcclient ntlm" \
135 test_rpc_getusername || \
136 failed=$(expr $failed + 1)
137
138 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
139 testit "test rpcclient ntlm interactive" \
140 test_rpc_getusername || \
141 failed=$(expr $failed + 1)
142
143 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
144 testit "test rpcclient ntlm interactive with -U" \
145 test_rpc_getusername || \
146 failed=$(expr $failed + 1)
147
148 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
149 testit "test rpcclient kerberos" \
150 test_rpc_getusername || \
151 failed=$(expr $failed + 1)
152
153 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
154 testit_expect_failure "test rpcclient kerberos interactive (negative test)" \
155 test_rpc_getusername || \
156 failed=$(expr $failed + 1)
157
158 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
159 cmd='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
160 testit "test rpcclient kerberos ccache" \
161 test_rpc_getusername || \
162 failed=$(expr $failed + 1)
163 $samba_kdestroy
164
165 ### SMBTORTURE (legacy)
166
167 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
168 testit "test smbtorture legacy default" \
169 test_rpc_getusername || \
170 failed=$(expr $failed + 1)
171
172 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
173 testit "test smbtorture legacy ntlm (kerberos=no)" \
174 test_rpc_getusername || \
175 failed=$(expr $failed + 1)
176
177 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
178 testit "test smbtorture legacy kerberos=yes" \
179 test_rpc_getusername || \
180 failed=$(expr $failed + 1)
181
182 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
183 cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
184 testit "test smbtorture legacy kerberos=yes ccache" \
185 test_rpc_getusername || \
186 failed=$(expr $failed + 1)
187 $samba_kdestroy
188
189 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
190 cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
191 testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \
192 test_rpc_getusername || \
193 failed=$(expr $failed + 1)
194 $samba_kdestroy
195
196 ### SMBTORTURE
197
198 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
199 testit "test smbtorture default" \
200 test_rpc_getusername || \
201 failed=$(expr $failed + 1)
202
203 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
204 testit "test smbtorture ntlm (kerberos=no)" \
205 test_rpc_getusername || \
206 failed=$(expr $failed + 1)
207
208 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
209 testit "test smbtorture kerberos=yes" \
210 test_rpc_getusername || \
211 failed=$(expr $failed + 1)
212
213 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
214 cmd='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
215 testit "test smbtorture kerberos=yes ccache" \
216 test_rpc_getusername || \
217 failed=$(expr $failed + 1)
218 $samba_kdestroy
219
220 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
221 cmd='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
222 testit_expect_failure "test smbtorture kerberos=no ccache (negative test)" \
223 test_rpc_getusername || \
224 failed=$(expr $failed + 1)
225 $samba_kdestroy
226
227 ### SMBCLIENT (legacy)
228 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
229 testit "test smbclient legacy ntlm" \
230 test_smbclient || \
231 failed=$(expr $failed + 1)
232
233 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
234 testit "test smbclient legacy ntlm interactive" \
235 test_smbclient || \
236 failed=$(expr $failed + 1)
237
238 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
239 testit "test smbclient legacy ntlm interactive with -U" \
240 test_smbclient || \
241 failed=$(expr $failed + 1)
242
243 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
244 testit "test smbclient legacy kerberos" \
245 test_smbclient || \
246 failed=$(expr $failed + 1)
247
248 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
249 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
250 testit "test smbclient legacy kerberos ccache" \
251 test_smbclient || \
252 failed=$(expr $failed + 1)
253 $samba_kdestroy
254
255 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
256 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
257 testit "test smbclient ntlm" \
258 test_smbclient || \
259 failed=$(expr $failed + 1)
260
261 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
262 testit "test smbclient ntlm interactive" \
263 test_smbclient || \
264 failed=$(expr $failed + 1)
265
266 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
267 testit "test smbclient ntlm interactive with -U" \
268 test_smbclient || \
269 failed=$(expr $failed + 1)
270
271 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
272 testit "test smbclient kerberos=desired" \
273 test_smbclient_kerberos || \
274 failed=$(expr $failed + 1)
275
276 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
277 testit "test smbclient kerberos=required" \
278 test_smbclient_kerberos || \
279 failed=$(expr $failed + 1)
280
281 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
282 cmd='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
283 testit "test smbclient kerberos=required ccache" \
284 test_smbclient || \
285 failed=$(expr $failed + 1)
286 $samba_kdestroy
287
288 rm -rf $KRB5CCNAME_PATH
289
290 exit $failed
Samba GIT mirror