testprogs/blackbox/test_export_keytab_heimdal.sh

   1 #!/bin/sh
   2 # Blackbox tests for kinit and kerberos integration with smbclient etc
   3 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
   4 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
   5
   6 if [ $# -lt 5 ]; then
   7 cat <<EOF
   8 Usage: test_extract_keytab.sh SERVER USERNAME REALM DOMAIN PREFIX SMBCLIENT
   9 EOF
  10 exit 1;
  11 fi
  12
  13 SERVER=$1
  14 USERNAME=$2
  15 REALM=$3
  16 DOMAIN=$4
  17 PREFIX=$5
  18 smbclient=$6
  19 shift 6
  20 failed=0
  21
  22 samba4bindir="$BINDIR"
  23 samba_tool="$samba4bindir/samba-tool"
  24 samba4ktutil="$BINDIR/samba4ktutil"
  25 newuser="$samba_tool user create"
  26
  27 SERVER_FQDN="$SERVER.$(echo $REALM | tr '[:upper:]' '[:lower:]')"
  28
  29 samba4kinit=kinit
  30 if test -x $BINDIR/samba4kinit; then
  31         samba4kinit=$BINDIR/samba4kinit
  32 fi
  33
  34 . `dirname $0`/subunit.sh
  35 . `dirname $0`/common_test_fns.inc
  36
  37 test_keytab() {
  38         testname="$1"
  39         keytab="$2"
  40         principal="$3"
  41         expected_nkeys="$4"
  42
  43         echo "test: $testname"
  44
  45         NKEYS=$($VALGRIND $samba4ktutil $keytab | grep -i "$principal" | egrep -c "des|aes|arcfour")
  46         status=$?
  47         if [ x$status != x0 ]; then
  48                 echo "failure: $testname"
  49                 return $status
  50         fi
  51
  52         if [ x$NKEYS != x$expected_nkeys ] ; then
  53                 echo "failure: $testname"
  54                 return 1
  55         fi
  56         echo "success: $testname"
  57         return 0
  58 }
  59
  60 USERPASS=testPaSS@01%
  61 unc="//$SERVER/tmp"
  62
  63 testit "create user locally" $VALGRIND $newuser nettestuser $USERPASS $@ || failed=`expr $failed + 1`
  64
  65 testit "dump keytab from domain" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1`
  66 test_keytab "read keytab from domain" "$PREFIX/tmpkeytab" "$SERVER\\\$" 5
  67 testit "dump keytab from domain (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1`
  68 test_keytab "read keytab from domain (2nd time)" "$PREFIX/tmpkeytab" "$SERVER\\\$" 5
  69
  70 testit "dump keytab from domain for cifs principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER_FQDN $@ || failed=`expr $failed + 1`
  71 test_keytab "read keytab from domain for cifs principal" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
  72 testit "dump keytab from domain for cifs principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER_FQDN $@ || failed=`expr $failed + 1`
  73 test_keytab "read keytab from domain for cifs principal (2nd time)" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
  74
  75 testit "dump keytab from domain for user principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-2 --principal=nettestuser $@ || failed=`expr $failed + 1`
  76 test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-2" "nettestuser@$REALM" 5
  77 testit "dump keytab from domain for user principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-2 --principal=nettestuser@$REALM $@ || failed=`expr $failed + 1`
  78 test_keytab "dump keytab from domain for user principal (2nd time)" "$PREFIX/tmpkeytab-2" "nettestuser@$REALM" 5
  79
  80 KRB5CCNAME="$PREFIX/tmpuserccache"
  81 export KRB5CCNAME
  82
  83 testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
  84
  85 test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
  86
  87 testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
  88
  89 test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
  90
  91 KRB5CCNAME="$PREFIX/tmpadminccache"
  92 export KRB5CCNAME
  93
  94 testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
  95
  96 KRB5CCNAME="$PREFIX/tmpserverccache"
  97 export KRB5CCNAME
  98 testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-server cifs/$SERVER_FQDN || failed=`expr $failed + 1`
  99
 100 testit "del user" $VALGRIND $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
 101
 102 rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-server
 103 exit $failed