diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-02-11 15:07:40 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2015-07-08 18:38:22 +0200 |
| commit | 7ee4f23821eb63699c4a67ff18003e3b955e0765 (patch) | |
| tree | 2d769b31de616c82d579d4ec65b560498669aea3 /testprogs | |
| parent | 90956d608814cd83c0edee6521bc11a29c76826f (diff) | |
| download | samba-7ee4f23821eb63699c4a67ff18003e3b955e0765.tar.gz | |
testprogs/blackbox: add test_kinit_trusts.sh
That verifies kinit and smbclient work across trusts.
It also tests a trust password change and a following
access.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'testprogs')
| -rwxr-xr-x | testprogs/blackbox/test_kinit_trusts.sh | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/testprogs/blackbox/test_kinit_trusts.sh b/testprogs/blackbox/test_kinit_trusts.sh new file mode 100755 index 00000000000..3a5662fdf56 --- /dev/null +++ b/testprogs/blackbox/test_kinit_trusts.sh @@ -0,0 +1,98 @@ +#!/bin/sh +# Copyright (C) 2015 Stefan Metzmacher <metze@samba.org> + +if [ $# -lt 13 ]; then +cat <<EOF +Usage: test_kinit_trusts.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN PREFIX TYPE ENCTYPE +EOF +exit 1; +fi + +SERVER=$1 +USERNAME=$2 +PASSWORD=$3 +REALM=$4 +DOMAIN=$5 +shift 5 +TRUST_SERVER=$1 +TRUST_USERNAME=$2 +TRUST_PASSWORD=$3 +TRUST_REALM=$4 +TRUST_DOMAIN=$5 +shift 5 +PREFIX=$1 +TYPE=$2 +ENCTYPE=$3 +shift 3 +failed=0 + +samba4bindir="$BINDIR" +samba4kinit=kinit +if test -x $samba4bindir/samba4kinit; then + samba4kinit=$samba4bindir/samba4kinit +fi + +smbclient="$samba4bindir/smbclient4" +wbinfo="$samba4bindir/wbinfo" +rpcclient="$samba4bindir/rpcclient" +samba_tool="$samba4bindir/samba-tool" + +. `dirname $0`/subunit.sh + +SMBCLIENT_UNC="//$SERVER.$REALM/tmp" + +test_smbclient() { + name="$1" + cmd="$2" + shift + shift + echo "test: $name" + $VALGRIND $smbclient $CONFIGURATION $SMBCLIENT_UNC -c "$cmd" $@ + status=$? + if [ x$status = x0 ]; then + echo "success: $name" + else + echo "failure: $name" + fi + return $status +} + +enctype="-e $ENCTYPE" + +KRB5CCNAME_PATH="$PREFIX/tmpccache" +KRB5CCNAME="FILE:$KRB5CCNAME_PATH" +export KRB5CCNAME +rm -rf $KRB5CCNAME_PATH + +echo $TRUST_PASSWORD > $PREFIX/tmppassfile +testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R + +test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +testit "check time with kerberos ccache" $VALGRIND $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` + +lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]') +test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1` + +# Test the outgoing direction +SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp" +test_smbclient "Test user login with the first outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` + +testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` +testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` +testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` + +test_smbclient "Test user login with the changed outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` + +rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript +exit $failed |