testprogs/blackbox/test_net_offline.sh

   1 if [ $# -lt 4 ]; then
   2         cat <<EOF
   3 Usage: test_net_offline.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS
   4 EOF
   5         exit 1
   6 fi
   7
   8 DC_SERVER=$1
   9 DC_USERNAME=$2
  10 DC_PASSWORD=$3
  11 BASEDIR=$4
  12
  13 HOSTNAME=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10)
  14
  15 RUNDIR=$(pwd)
  16 cd $BASEDIR
  17 WORKDIR=$(mktemp -d -p .)
  18 WORKDIR=$(basename $WORKDIR)
  19 ODJFILE="$BASEDIR/$WORKDIR/odj_provision.txt"
  20
  21 cp -a client/* $WORKDIR/
  22 sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
  23 sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
  24 rm -f $WORKDIR/private/secrets.tdb
  25 cd $RUNDIR
  26
  27 failed=0
  28
  29 net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=security=ads"
  30 samba_texpect="$BINDIR/texpect"
  31
  32 # Load test functions
  33 . $(dirname $0)/subunit.sh
  34
  35 netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
  36
  37 # 1. Test w/o dcname
  38
  39 testit "provision without dcname" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  40
  41 testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
  42
  43 testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
  44
  45 rm -f $ODJFILE
  46
  47 testit "leave" $VALGRIND $net_tool ads leave  -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  48
  49 # 2. Test with dcname
  50
  51 testit "provision with dcname" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE dcname=$DC_SERVER -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  52
  53 testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
  54
  55 testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
  56
  57 rm -f $ODJFILE
  58
  59 testit "leave" $VALGRIND $net_tool ads leave  -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  60
  61 # 3. Test with defpwd
  62
  63 testit "provision with dcname and default password" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE dcname=$DC_SERVER defpwd -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  64
  65 testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
  66
  67 testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
  68
  69 rm -f $ODJFILE
  70
  71 testit "leave" $VALGRIND $net_tool ads leave  -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
  72
  73 test_compose_odj() {
  74         local mode=$1
  75         local composeargv=()
  76
  77         # Retrieve the necessary information to compose the ODJ blob
  78         # The machine needs to be correctly joined at this point
  79         local netbios_domain_name=$($net_tool ads lookup | awk -F': ' '/^Pre-Win2k Domain/ {print $2}')
  80         local domain_sid=$($net_tool getdomainsid | awk -F': ' "/^SID for domain $netbios_domain_name/ {print \$2}")
  81         local domain_guid=$($net_tool ads lookup | awk -F': ' '/^GUID/ {print $2}')
  82         local forest_name=$($net_tool ads lookup | awk -F': ' '/^Forest/ {print $2}')
  83         local dc_name=$($net_tool ads info | awk -F': ' '/^LDAP server name/ {print $2}')
  84         local dc_address=$($net_tool ads info | awk -F': ' '/^LDAP server:/ {print $2}')
  85         local ret=1
  86         local out=""
  87
  88         composeargv=( \
  89                 "domain_sid=${domain_sid}" \
  90                 "domain_guid=${domain_guid}" \
  91                 "forest_name=${forest_name}" \
  92                 "-S ${dc_name}" \
  93                 "-I ${dc_address}" \
  94                 "savefile=${ODJFILE}"
  95         )
  96         case $mode in
  97         machacct)
  98                 cmd='$net_tool offlinejoin composeodj ${composeargv[@]} -P 2>&1'
  99                 out=$(eval $cmd)
 100                 ret=$?
 101         ;;
 102         stdinfd)
 103                 cmd='echo ${netbios} | $net_tool offlinejoin composeodj ${composeargv[@]} -U${netbios^^}\$ 2>&1'
 104                 out=$(PASSWD_FD=0 eval $cmd)
 105                 ret=$?
 106         ;;
 107         callback)
 108                 tmpfile=$BASEDIR/$WORKDIR/composeodj_password_script
 109                 cat >$tmpfile <<EOF
 110 expect Password for [${netbios_domain_name^^}\\${netbios^^}\$]:
 111 send $netbios\n
 112 EOF
 113                 cmd='$samba_texpect -v $tmpfile $net_tool offlinejoin composeodj ${composeargv[@]} 2>&1'
 114                 out=$(eval $cmd)
 115                 ret=$?
 116                 rm -f $tmpfile
 117         ;;
 118         *)
 119                 out="Unknown mode '$mode'"
 120         ;;
 121         esac
 122
 123         if [ $ret -ne 0 ]; then
 124                 echo "Failed to compose ODJ blob: $out"
 125                 return 1
 126         fi
 127 }
 128
 129 # 4. Test composeodj
 130
 131 modes=("machacct" "stdinfd" "callback")
 132 for mode in "${modes[@]}"; do
 133
 134         defpwd="defpwd"
 135         if [ "$mode" == "machacct" ]; then
 136                 defpwd=""
 137         fi
 138
 139         testit "provision[$mode]" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE $defpwd -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
 140
 141         testit "requestodj [$mode]" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
 142
 143         testit "testjoin [$mode]" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
 144
 145         testit "removeodjblob [$mode]" rm $ODJFILE || failed=$(expr $failed + 1)
 146
 147         testit "composeodj [$mode]" test_compose_odj $mode || failed=$(expr $failed + 1)
 148
 149         testit "removesecretsdb [$mode]" rm $BASEDIR/$WORKDIR/private/secrets.tdb || failed=$(expr $failed + 1)
 150
 151         testit "requestodj [$mode]" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
 152
 153         testit "removeodjblob [$mode]" rm $ODJFILE || failed=$(expr $failed + 1)
 154
 155         testit "testjoin [$mode]" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
 156
 157         testit "leave [$mode]" $VALGRIND $net_tool ads leave  -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
 158 done
 159
 160 rm -rf $BASEDIR/$WORKDIR
 161
 162 exit $failed