2 # Blackbox tests for kinit and kerberos integration with smbclient etc
3 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
8 Usage: test_extract_keytab.sh SERVER USERNAME REALM DOMAIN PREFIX SMBCLIENT
22 samba4bindir
="$BINDIR"
23 samba_tool
="$samba4bindir/samba-tool"
24 samba4ktutil
="$BINDIR/samba4ktutil"
25 newuser
="$samba_tool user create"
27 SERVER_FQDN
="$SERVER.$(echo $REALM | tr '[:upper:]' '[:lower:]')"
30 if test -x $BINDIR/samba4kinit
; then
31 samba4kinit
=$BINDIR/samba4kinit
34 .
`dirname $0`/subunit.sh
35 .
`dirname $0`/common_test_fns.inc
43 echo "test: $testname"
45 NKEYS
=$
($VALGRIND $samba4ktutil $keytab |
grep -i "$principal" |
egrep -c "des|aes|arcfour")
47 if [ x
$status != x0
]; then
48 echo "failure: $testname"
52 if [ x
$NKEYS != x
$expected_nkeys ] ; then
53 echo "failure: $testname"
56 echo "success: $testname"
63 testit
"create user locally" $VALGRIND $newuser nettestuser
$USERPASS $@ || failed
=`expr $failed + 1`
65 testit
"dump keytab from domain" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab $@ || failed
=`expr $failed + 1`
66 test_keytab
"read keytab from domain" "$PREFIX/tmpkeytab" "$SERVER\\\$" 5
67 testit
"dump keytab from domain (2nd time)" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab $@ || failed
=`expr $failed + 1`
68 test_keytab
"read keytab from domain (2nd time)" "$PREFIX/tmpkeytab" "$SERVER\\\$" 5
70 testit
"dump keytab from domain for cifs principal" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab-server
--principal=cifs
/$SERVER_FQDN $@ || failed
=`expr $failed + 1`
71 test_keytab
"read keytab from domain for cifs principal" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
72 testit
"dump keytab from domain for cifs principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab-server
--principal=cifs
/$SERVER_FQDN $@ || failed
=`expr $failed + 1`
73 test_keytab
"read keytab from domain for cifs principal (2nd time)" "$PREFIX/tmpkeytab-server" "cifs/$SERVER_FQDN" 5
75 testit
"dump keytab from domain for user principal" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab-2
--principal=nettestuser $@ || failed
=`expr $failed + 1`
76 test_keytab
"dump keytab from domain for user principal" "$PREFIX/tmpkeytab-2" "nettestuser@$REALM" 5
77 testit
"dump keytab from domain for user principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab
$PREFIX/tmpkeytab-2
--principal=nettestuser@
$REALM $@ || failed
=`expr $failed + 1`
78 test_keytab
"dump keytab from domain for user principal (2nd time)" "$PREFIX/tmpkeytab-2" "nettestuser@$REALM" 5
80 KRB5CCNAME
="$PREFIX/tmpuserccache"
83 testit
"kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab
--request-pac nettestuser@
$REALM || failed
=`expr $failed + 1`
85 test_smbclient
"Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed
=`expr $failed + 1`
87 testit
"kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2
--request-pac nettestuser@
$REALM || failed
=`expr $failed + 1`
89 test_smbclient
"Test login with user kerberos ccache as user (2)" 'ls' "$unc" -k yes || failed
=`expr $failed + 1`
91 KRB5CCNAME
="$PREFIX/tmpadminccache"
94 testit
"kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab
--request-pac $USERNAME@
$REALM || failed
=`expr $failed + 1`
96 KRB5CCNAME
="$PREFIX/tmpserverccache"
98 testit
"kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-server cifs
/$SERVER_FQDN || failed
=`expr $failed + 1`
100 testit
"del user" $VALGRIND $samba_tool user delete nettestuser
-k yes $@ || failed
=`expr $failed + 1`
102 rm -f $PREFIX/tmpadminccache
$PREFIX/tmpuserccache
$PREFIX/tmpkeytab
$PREFIX/tmpkeytab-2
$PREFIX/tmpkeytab-server