testprogs/blackbox/test_rpcclient_schannel.sh

   1 #!/bin/bash
   2 # Blackbox tests rpcclient with schannel
   3 # Copyright (c) 2021      Andreas Schneider <asn@samba.org>
   4
   5 if [ $# -lt 8 ]; then
   6         cat <<EOF
   7 Usage: test_rpcclient_schannel.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION TESTENV
   8 EOF
   9         exit 1
  10 fi
  11
  12 DOMAIN=$1
  13 REALM=$2
  14 USERNAME=$3
  15 PASSWORD=$4
  16 SERVER=$5
  17 PREFIX=$6
  18 CONFIGURATION=$7
  19 TESTENV=$8
  20 shift 8
  21
  22 failed=0
  23
  24 samba_subunit_dir=$(dirname "$0")
  25 . "${samba_subunit_dir}/subunit.sh"
  26 . "${samba_subunit_dir}/common_test_fns.inc"
  27
  28 samba_bindir="${BINDIR}"
  29 samba_rpcclient="${samba_bindir}/rpcclient"
  30
  31 test_rpc_getusername()
  32 {
  33         cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c getusername 2>&1"
  34         out=$(eval "$cmd")
  35         ret=$?
  36         if [ $ret -ne 0 ]; then
  37                 echo "Failed to connect! Error: $ret"
  38                 echo "$out"
  39                 return 1
  40         fi
  41
  42         echo "$out" | grep -q "Account Name: ANONYMOUS LOGON, Authority Name: NT AUTHORITY"
  43         ret=$?
  44         if [ $ret -ne 0 ]; then
  45                 echo "Incorrect account/authority name! Error: $ret"
  46                 echo "$out"
  47                 return 1
  48         fi
  49
  50         return 0
  51 }
  52
  53 test_rpc_lookupsids()
  54 {
  55         cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
  56         out=$(eval "$cmd")
  57         ret=$?
  58         if [ $ret -ne 0 ]; then
  59                 echo "Failed to connect! Error: $ret"
  60                 echo "$out"
  61                 return 1
  62         fi
  63
  64         echo "$out" | grep -q "S-1-1-0 Everyone"
  65         ret=$?
  66         if [ $ret -ne 0 ]; then
  67                 echo "Incorrect account/authority name! Error: $ret"
  68                 echo "$out"
  69                 return 1
  70         fi
  71
  72         return 0
  73 }
  74
  75 testit "ncacn_np.getusername" \
  76         test_rpc_getusername ||
  77         failed=$((failed + 1))
  78
  79 if [[ "$TESTENV" == "ad_member_fips"* ]]; then
  80         unset GNUTLS_FORCE_FIPS_MODE
  81
  82         testit "ncacn_np.getusername.fips" \
  83                 test_rpc_getusername ||
  84                 failed=$((failed + 1))
  85
  86         GNUTLS_FORCE_FIPS_MODE=1
  87         export GNUTLS_FORCE_FIPS_MODE
  88 fi
  89
  90 testit "ncacn_ip_tcp.lookupsids" \
  91         test_rpc_lookupsids ||
  92         failed=$((failed + 1))
  93
  94 exit ${failed}