2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
23 . $
(dirname $0)/subunit.sh
24 . $
(dirname $0)/common_test_fns.inc
26 samba_bindir
="$BINDIR"
27 samba_rpcclient
="$samba_bindir/rpcclient"
28 samba_smbclient
="$samba_bindir/smbclient"
29 samba_smbtorture
="$samba_bindir/smbtorture"
32 if test -x ${samba_bindir}/samba4kinit
; then
33 samba_kinit
=${samba_bindir}/samba4kinit
36 samba_kdestroy
=kdestroy
37 if test -x ${samba_bindir}/samba4kdestroy
; then
38 samba_kinit
=${samba_bindir}/samba4kdestroy
41 test_rpc_getusername
()
46 if [ $ret -ne 0 ]; then
47 echo "Failed to connect! Error: $ret"
52 echo "$out" |
grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
54 if [ $ret -ne 0 ]; then
55 echo "Incorrect account/authority name! Error: $ret"
68 if [ $ret -ne 0 ]; then
69 echo "Failed to connect! Error: $ret"
76 test_smbclient_kerberos
()
81 if [ $ret -ne 0 ]; then
82 echo "Failed to connect! Error: $ret"
87 echo "$out" |
grep "Doing init for" >/dev
/null
2>&1
89 if [ $ret -eq 0 ]; then
90 echo "Kinit failed for smbclient"
98 KRB5CCNAME_PATH
="$PREFIX/ccache_client_kerberos"
99 KRB5CCNAME
="FILE:$KRB5CCNAME_PATH"
102 ### RPCCLIENT (legacy)
103 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
104 testit
"test rpcclient legacy ntlm" \
105 test_rpc_getusername ||
106 failed
=$
(expr $failed + 1)
108 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
109 testit
"test rpcclient legacy ntlm interactive" \
110 test_rpc_getusername ||
111 failed
=$
(expr $failed + 1)
113 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
114 testit
"test rpcclient legacy ntlm interactive with -U" \
115 test_rpc_getusername ||
116 failed
=$
(expr $failed + 1)
118 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
119 testit
"test rpcclient legacy kerberos" \
120 test_rpc_getusername ||
121 failed
=$
(expr $failed + 1)
123 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
124 testit_expect_failure
"test rpcclient legacy kerberos interactive (negative test)" \
125 test_rpc_getusername ||
126 failed
=$
(expr $failed + 1)
128 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
129 cmd
='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
130 testit
"test rpcclient legacy kerberos ccache" \
131 test_rpc_getusername ||
132 failed
=$
(expr $failed + 1)
136 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
137 testit
"test rpcclient ntlm" \
138 test_rpc_getusername ||
139 failed
=$
(expr $failed + 1)
141 cmd
='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
142 testit
"test rpcclient ntlm interactive" \
143 test_rpc_getusername ||
144 failed
=$
(expr $failed + 1)
146 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
147 testit
"test rpcclient ntlm interactive with -U" \
148 test_rpc_getusername ||
149 failed
=$
(expr $failed + 1)
151 cmd
='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
152 testit
"test rpcclient kerberos" \
153 test_rpc_getusername ||
154 failed
=$
(expr $failed + 1)
156 cmd
='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
157 testit_expect_failure
"test rpcclient kerberos interactive (negative test)" \
158 test_rpc_getusername ||
159 failed
=$
(expr $failed + 1)
161 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
162 cmd
='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
163 testit
"test rpcclient kerberos ccache" \
164 test_rpc_getusername ||
165 failed
=$
(expr $failed + 1)
168 ### SMBTORTURE (legacy)
170 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
171 testit
"test smbtorture legacy default" \
172 test_rpc_getusername ||
173 failed
=$
(expr $failed + 1)
175 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
176 testit
"test smbtorture legacy ntlm (kerberos=no)" \
177 test_rpc_getusername ||
178 failed
=$
(expr $failed + 1)
180 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
181 testit
"test smbtorture legacy kerberos=yes" \
182 test_rpc_getusername ||
183 failed
=$
(expr $failed + 1)
185 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
186 cmd
='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
187 testit
"test smbtorture legacy kerberos=yes ccache" \
188 test_rpc_getusername ||
189 failed
=$
(expr $failed + 1)
192 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
193 cmd
='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
194 testit_expect_failure
"test smbtorture legacy kerberos=no ccache (negative test)" \
195 test_rpc_getusername ||
196 failed
=$
(expr $failed + 1)
201 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
202 testit
"test smbtorture default" \
203 test_rpc_getusername ||
204 failed
=$
(expr $failed + 1)
206 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
207 testit
"test smbtorture ntlm (kerberos=no)" \
208 test_rpc_getusername ||
209 failed
=$
(expr $failed + 1)
211 cmd
='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
212 testit
"test smbtorture kerberos=yes" \
213 test_rpc_getusername ||
214 failed
=$
(expr $failed + 1)
216 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
217 cmd
='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
218 testit
"test smbtorture kerberos=yes ccache" \
219 test_rpc_getusername ||
220 failed
=$
(expr $failed + 1)
223 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
224 cmd
='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
225 testit_expect_failure
"test smbtorture kerberos=no ccache (negative test)" \
226 test_rpc_getusername ||
227 failed
=$
(expr $failed + 1)
230 ### SMBCLIENT (legacy)
231 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
232 testit
"test smbclient legacy ntlm" \
234 failed
=$
(expr $failed + 1)
236 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
237 testit
"test smbclient legacy ntlm interactive" \
239 failed
=$
(expr $failed + 1)
241 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
242 testit
"test smbclient legacy ntlm interactive with -U" \
244 failed
=$
(expr $failed + 1)
246 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
247 testit
"test smbclient legacy kerberos" \
249 failed
=$
(expr $failed + 1)
251 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
252 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
253 testit
"test smbclient legacy kerberos ccache" \
255 failed
=$
(expr $failed + 1)
258 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
259 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
260 testit
"test smbclient ntlm" \
262 failed
=$
(expr $failed + 1)
264 cmd
='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
265 testit
"test smbclient ntlm interactive" \
267 failed
=$
(expr $failed + 1)
269 cmd
='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
270 testit
"test smbclient ntlm interactive with -U" \
272 failed
=$
(expr $failed + 1)
274 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
275 testit
"test smbclient kerberos=desired" \
276 test_smbclient_kerberos ||
277 failed
=$
(expr $failed + 1)
279 cmd
='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
280 testit
"test smbclient kerberos=required" \
281 test_smbclient_kerberos ||
282 failed
=$
(expr $failed + 1)
284 kerberos_kinit
$samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
285 cmd
='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
286 testit
"test smbclient kerberos=required ccache" \
288 failed
=$
(expr $failed + 1)
291 rm -rf $KRB5CCNAME_PATH