search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:param: Fix old-style function definition
[Samba.git] / testprogs / blackbox / test_client_kerberos.sh
blobb436192e7680065eddf91b82810ae15e347fc440
1 #!/bin/sh
2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
4
5 if [ $# -lt 6 ]; then
6 cat <<EOF
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
8 EOF
9 exit 1
10 fi
11
12 DOMAIN=$1
13 REALM=$2
14 USERNAME=$3
15 PASSWORD=$4
16 SERVER=$5
17 PREFIX=$6
18 CONFIGURATION=$7
19 shift 7
20
21 failed=0
22
23 . $(dirname $0)/subunit.sh
24 . $(dirname $0)/common_test_fns.inc
25
26 samba_bindir="$BINDIR"
27 samba_rpcclient="$samba_bindir/rpcclient"
28 samba_smbclient="$samba_bindir/smbclient"
29 samba_smbtorture="$samba_bindir/smbtorture"
30
31 samba_kinit=kinit
32 if test -x ${samba_bindir}/samba4kinit; then
33 samba_kinit=${samba_bindir}/samba4kinit
34 fi
35
36 samba_kdestroy=kdestroy
37 if test -x ${samba_bindir}/samba4kdestroy; then
38 samba_kinit=${samba_bindir}/samba4kdestroy
39 fi
40
41 test_rpc_getusername()
42 {
43 eval echo "$cmd"
44 out=$(eval $cmd)
45 ret=$?
46 if [ $ret -ne 0 ]; then
47 echo "Failed to connect! Error: $ret"
48 echo "$out"
49 return 1
50 fi
51
52 echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
53 ret=$?
54 if [ $ret -ne 0 ]; then
55 echo "Incorrect account/authority name! Error: $ret"
56 echo "$out"
57 return 1
58 fi
59
60 return 0
61 }
62
63 test_smbclient()
64 {
65 eval echo "$cmd"
66 out=$(eval $cmd)
67 ret=$?
68 if [ $ret -ne 0 ]; then
69 echo "Failed to connect! Error: $ret"
70 echo "$out"
71 fi
72
73 return $ret
74 }
75
76 test_smbclient_kerberos()
77 {
78 eval echo "$cmd -d5"
79 out=$(eval $cmd)
80 ret=$?
81 if [ $ret -ne 0 ]; then
82 echo "Failed to connect! Error: $ret"
83 echo "$out"
84 return 1
85 fi
86
87 echo "$out" | grep "Doing init for" >/dev/null 2>&1
88 ret=$?
89 if [ $ret -eq 0 ]; then
90 echo "Kinit failed for smbclient"
91 echo "$out"
92 return 1
93 fi
94
95 return 0
96 }
97
98 KRB5CCNAME_PATH="$PREFIX/ccache_client_kerberos"
99 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
100 export KRB5CCNAME
101
102 ### RPCCLIENT (legacy)
103 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
104 testit "test rpcclient legacy ntlm" \
105 test_rpc_getusername ||
106 failed=$(expr $failed + 1)
107
108 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
109 testit "test rpcclient legacy ntlm interactive" \
110 test_rpc_getusername ||
111 failed=$(expr $failed + 1)
112
113 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
114 testit "test rpcclient legacy ntlm interactive with -U" \
115 test_rpc_getusername ||
116 failed=$(expr $failed + 1)
117
118 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
119 testit "test rpcclient legacy kerberos" \
120 test_rpc_getusername ||
121 failed=$(expr $failed + 1)
122
123 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
124 testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \
125 test_rpc_getusername ||
126 failed=$(expr $failed + 1)
127
128 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
129 cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
130 testit "test rpcclient legacy kerberos ccache" \
131 test_rpc_getusername ||
132 failed=$(expr $failed + 1)
133 $samba_kdestroy
134
135 ### RPCCLIENT
136 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
137 testit "test rpcclient ntlm" \
138 test_rpc_getusername ||
139 failed=$(expr $failed + 1)
140
141 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
142 testit "test rpcclient ntlm interactive" \
143 test_rpc_getusername ||
144 failed=$(expr $failed + 1)
145
146 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
147 testit "test rpcclient ntlm interactive with -U" \
148 test_rpc_getusername ||
149 failed=$(expr $failed + 1)
150
151 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
152 testit "test rpcclient kerberos" \
153 test_rpc_getusername ||
154 failed=$(expr $failed + 1)
155
156 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
157 testit_expect_failure "test rpcclient kerberos interactive (negative test)" \
158 test_rpc_getusername ||
159 failed=$(expr $failed + 1)
160
161 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
162 cmd='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
163 testit "test rpcclient kerberos ccache" \
164 test_rpc_getusername ||
165 failed=$(expr $failed + 1)
166 $samba_kdestroy
167
168 ### SMBTORTURE (legacy)
169
170 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
171 testit "test smbtorture legacy default" \
172 test_rpc_getusername ||
173 failed=$(expr $failed + 1)
174
175 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
176 testit "test smbtorture legacy ntlm (kerberos=no)" \
177 test_rpc_getusername ||
178 failed=$(expr $failed + 1)
179
180 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
181 testit "test smbtorture legacy kerberos=yes" \
182 test_rpc_getusername ||
183 failed=$(expr $failed + 1)
184
185 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
186 cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
187 testit "test smbtorture legacy kerberos=yes ccache" \
188 test_rpc_getusername ||
189 failed=$(expr $failed + 1)
190 $samba_kdestroy
191
192 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
193 cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
194 testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \
195 test_rpc_getusername ||
196 failed=$(expr $failed + 1)
197 $samba_kdestroy
198
199 ### SMBTORTURE
200
201 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
202 testit "test smbtorture default" \
203 test_rpc_getusername ||
204 failed=$(expr $failed + 1)
205
206 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
207 testit "test smbtorture ntlm (kerberos=no)" \
208 test_rpc_getusername ||
209 failed=$(expr $failed + 1)
210
211 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
212 testit "test smbtorture kerberos=yes" \
213 test_rpc_getusername ||
214 failed=$(expr $failed + 1)
215
216 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
217 cmd='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
218 testit "test smbtorture kerberos=yes ccache" \
219 test_rpc_getusername ||
220 failed=$(expr $failed + 1)
221 $samba_kdestroy
222
223 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
224 cmd='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
225 testit_expect_failure "test smbtorture kerberos=no ccache (negative test)" \
226 test_rpc_getusername ||
227 failed=$(expr $failed + 1)
228 $samba_kdestroy
229
230 ### SMBCLIENT (legacy)
231 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
232 testit "test smbclient legacy ntlm" \
233 test_smbclient ||
234 failed=$(expr $failed + 1)
235
236 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
237 testit "test smbclient legacy ntlm interactive" \
238 test_smbclient ||
239 failed=$(expr $failed + 1)
240
241 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
242 testit "test smbclient legacy ntlm interactive with -U" \
243 test_smbclient ||
244 failed=$(expr $failed + 1)
245
246 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
247 testit "test smbclient legacy kerberos" \
248 test_smbclient ||
249 failed=$(expr $failed + 1)
250
251 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
252 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
253 testit "test smbclient legacy kerberos ccache" \
254 test_smbclient ||
255 failed=$(expr $failed + 1)
256 $samba_kdestroy
257
258 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
259 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
260 testit "test smbclient ntlm" \
261 test_smbclient ||
262 failed=$(expr $failed + 1)
263
264 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
265 testit "test smbclient ntlm interactive" \
266 test_smbclient ||
267 failed=$(expr $failed + 1)
268
269 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
270 testit "test smbclient ntlm interactive with -U" \
271 test_smbclient ||
272 failed=$(expr $failed + 1)
273
274 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
275 testit "test smbclient kerberos=desired" \
276 test_smbclient_kerberos ||
277 failed=$(expr $failed + 1)
278
279 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
280 testit "test smbclient kerberos=required" \
281 test_smbclient_kerberos ||
282 failed=$(expr $failed + 1)
283
284 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
285 cmd='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
286 testit "test smbclient kerberos=required ccache" \
287 test_smbclient ||
288 failed=$(expr $failed + 1)
289 $samba_kdestroy
290
291 rm -rf $KRB5CCNAME_PATH
292
293 exit $failed
Samba GIT mirror