testprogs/blackbox/test_net_ads_fips.sh

   1 if [ $# -lt 4 ]; then
   2         cat <<EOF
   3 Usage: test_net_ads_fips.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS
   4 EOF
   5         exit 1
   6 fi
   7
   8 DC_SERVER=$1
   9 DC_USERNAME=$2
  10 DC_PASSWORD=$3
  11 BASEDIR=$4
  12
  13 HOSTNAME=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10)
  14
  15 RUNDIR=$(pwd)
  16 cd $BASEDIR
  17 WORKDIR=$(mktemp -d -p .)
  18 WORKDIR=$(basename $WORKDIR)
  19 cp -a client/* $WORKDIR/
  20 sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
  21 sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
  22 rm -f $WORKDIR/private/secrets.tdb
  23 cd $RUNDIR
  24
  25 failed=0
  26
  27 net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=security=ads"
  28
  29 # Load test functions
  30 . $(dirname $0)/subunit.sh
  31
  32 # This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode).
  33 testit "join" $VALGRIND $net_tool ads join --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  34
  35 testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
  36
  37 testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed=$(expr $failed + 1)
  38
  39 testit "leave" $VALGRIND $net_tool ads leave --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  40
  41 rm -rf $BASEDIR/$WORKDIR
  42
  43 exit $failed