diff options
| author | Andreas Schneider <asn@samba.org> | 2023-03-21 08:39:47 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2023-04-06 13:45:35 +0000 |
| commit | deff466648d4d0dc5d52a94ea252350380f24864 (patch) | |
| tree | 3de57e6cb0744480999b155723720ed9c12dc364 /testprogs | |
| parent | 715f7c46b9084ffb003f965dd27e7a6a14b1e3bf (diff) | |
| download | samba-deff466648d4d0dc5d52a94ea252350380f24864.tar.gz | |
testprogs: Reformat test_kinit_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'testprogs')
| -rwxr-xr-x | testprogs/blackbox/test_kinit_mit.sh | 220 |
1 files changed, 172 insertions, 48 deletions
diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh index 162e9c0d914..dc45a8ec089 100755 --- a/testprogs/blackbox/test_kinit_mit.sh +++ b/testprogs/blackbox/test_kinit_mit.sh @@ -78,11 +78,20 @@ EOF ### Test kinit defaults ########################################################### -testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "kinit renew ticket" $samba_kinit -R || failed=$(expr $failed + 1) -test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password" \ + $samba_texpect $PREFIX/tmpkinitscript \ + $samba_kinit $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "kinit renew ticket" \ + $samba_kinit -R || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -90,12 +99,21 @@ $samba_kdestroy ### Test kinit with enterprice principal ########################################################### -testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password (enterprise style)" \ + $samba_texpect $PREFIX/tmpkinitscript \ + $samba_kinit -E $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) # This does not work with MIT Kerberos 1.14 or older -testit "kinit renew ticket (enterprise style)" $samba_kinit -R || failed=$(expr $failed + 1) -test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit renew ticket (enterprise style)" \ + $samba_kinit -R || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -103,15 +121,25 @@ $samba_kdestroy ### Tests with kinit default again ########################################################### -testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=$(expr $failed + 1) -testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "kinit with password" \ + $samba_texpect $PREFIX/tmpkinitscript \ + $samba_kinit $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +testit "check time with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool time $SERVER \ + $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) USERPASS="testPass@12%" -testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "add user with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS \ + $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) echo "Getting defaultNamingContext" -BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') +BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base \ + DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') cat >$PREFIX/tmpldbmodify <<EOF dn: cn=${TEST_USER},cn=users,$BASEDN @@ -122,18 +150,31 @@ replace: userPrincipalName userPrincipalName: nettest@$REALM EOF -testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "modify servicePrincipalName and userPrincpalName" \ + $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify \ + --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) -testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "set user password with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} \ + --newpassword=$USERPASS $CONFIGURATION \ + --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) -testit "enable user with kerberos cache" $VALGRIND $PYTHON $samba_enableaccount ${TEST_USER} -H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "enable user with kerberos cache" \ + $VALGRIND $PYTHON $samba_enableaccount ${TEST_USER} \ + -H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) ########################################################### ### Test kinit with canonicalization ########################################################### upperusername=$(echo $USERNAME | tr '[a-z]' '[A-Z]') -testit "kinit with canonicalize" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -C $upperusername@$REALM -S kadmin/changepw@$REALM || failed=$(expr $failed + 1) +testit "kinit with canonicalize" \ + $samba_texpect $PREFIX/tmpkinitscript \ + $samba_kinit -C $upperusername@$REALM -S kadmin/changepw@$REALM || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -152,21 +193,35 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with user password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) ### Change password NEWUSERPASS="testPaSS@34%" -testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION --use-kerberos=off --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) +testit "change user password with 'samba-tool user password' (rpc)" \ + $VALGRIND $PYTHON $samba_tool user password \ + -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION --use-kerberos=off \ + --newpassword=$NEWUSERPASS "$@" || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmpkinituserpassscript <<EOF expect Password for send ${NEWUSERPASS}\n EOF -testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with new user password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -174,13 +229,23 @@ $samba_kdestroy ### Test kinit with user credentials in special formats ########################################################### -testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with new (NT-Principal style) using UPN" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit nettest@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from NT UPN" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy -testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with new (enterprise style) using UPN" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit -E nettest@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from enterprise UPN" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -195,10 +260,19 @@ replace: userPrincipalName userPrincipalName: nettest@$REALM.org EOF -testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "modify userPrincipalName to be a different domain" \ + $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \ + $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \ + --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) -testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with new (enterprise style) using UPN" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit -E nettest@$REALM.org || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from enterprise UPN" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -206,8 +280,13 @@ $samba_kdestroy ### Test password change with kpasswd ########################################################### -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with user password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) USERPASS=$NEWUSERPASS NEWUSERPASS=testPaSS@56% @@ -222,7 +301,10 @@ send ${NEWUSERPASS}\n expect Password changed EOF -testit "change user password with kpasswd" $samba_texpect $PREFIX/tmpkpasswdscript $samba_kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "change user password with kpasswd" \ + $samba_texpect $PREFIX/tmpkpasswdscript \ + $samba_kpasswd ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -232,8 +314,13 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with user password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) $samba_kdestroy @@ -257,7 +344,11 @@ EOF USERPASS=$NEWUSERPASS NEWUSERPASS=testPaSS@911% -testit "modify pwdLastSet" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "modify pwdLastSet" \ + $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \ + $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \ + --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmpkinituserpassscript <<EOF expect Password for @@ -269,8 +360,13 @@ expect Enter it again send ${NEWUSERPASS}\n EOF -testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit (MIT) with user password for expired password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) USERPASS=$NEWUSERPASS cat >$PREFIX/tmpkinituserpassscript <<EOF @@ -278,8 +374,13 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with user password" \ + $samba_texpect $PREFIX/tmpkinituserpassscript \ + $samba_kinit ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) ########################################################### ### Test login with lowercase realm @@ -292,20 +393,41 @@ export KRB5CCNAME rm -rf $KRB5CCNAME_PATH lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') -test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) - -testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm" \ + 'ls' --use-kerberos=required \ + -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm 2" \ + 'ls' --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS \ + --realm=$lowerrealm || \ + failed=$(expr $failed + 1) + +testit "del user with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} \ + $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \ + failed=$(expr $failed + 1) ########################################################### ### Test login with machine account ########################################################### rm -f $KRB5CCNAME_PATH -testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) -test_smbclient "Test machine account login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1) +testit "kinit with machineaccountccache script" \ + $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || \ + failed=$(expr $failed + 1) +test_smbclient "Test machine account login with kerberos ccache" \ + 'ls' --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "reset password policies" \ + $VALGRIND $PYTHON $samba_tool domain passwordsettings set \ + $ADMIN_LDBMODIFY_CONFIG \ + --complexity=default \ + --history-length=default \ + --min-pwd-length=default \ + --min-pwd-age=default \ + --max-pwd-age=default || \ + failed=$(expr $failed + 1) ########################################################### ### Test basic s4u2self request @@ -316,7 +438,9 @@ testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordse MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM" $samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT # But we expect the KDC to be up and running still -testit "kinit with machineaccountccache after s4u2self" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with machineaccountccache after s4u2self" \ + $machineaccountccache $CONFIGURATION $KRB5CCNAME || \ + failed=$(expr $failed + 1) ### Cleanup |