diff options
| -rw-r--r-- | selftest/knownfail | 1 | ||||
| -rwxr-xr-x | source4/selftest/tests.py | 2 | ||||
| -rwxr-xr-x | testprogs/blackbox/test_kpasswd_heimdal.sh | 292 |
3 files changed, 123 insertions, 172 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 2f6a66b85a7..10515185d3f 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -142,7 +142,6 @@ ^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 -^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects ^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 19a41dc2ece..61d9a821058 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -393,7 +393,7 @@ if have_heimdal_support: plantestsuite("samba4.blackbox.kinit_trust(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest", "aes256-cts-hmac-sha1-96"]) plantestsuite("samba4.blackbox.kinit_trust(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"]) plantestsuite("samba4.blackbox.export.keytab(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4]) - plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs", smbclient4]) + plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"]) plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"]) plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"]) diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh index 61d546162aa..7e3daed8467 100755 --- a/testprogs/blackbox/test_kpasswd_heimdal.sh +++ b/testprogs/blackbox/test_kpasswd_heimdal.sh @@ -1,9 +1,11 @@ #!/bin/sh -# Blackbox tests for kinit and kerberos integration with smbclient etc +# Blackbox tests for chainging passwords with kinit and kpasswd +# # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> +# Copyright (C) 2016 Andreas Schneider <asn@samba.org> -if [ $# -lt 5 ]; then +if [ $# -lt 6 ]; then cat <<EOF Usage: test_passwords.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX SMBCLIENT EOF @@ -16,41 +18,32 @@ PASSWORD=$3 REALM=$4 DOMAIN=$5 PREFIX=$6 -smbclient=$7 -shift 7 +shift 6 failed=0 -samba4bindir="$BINDIR" -samba4kinit=kinit -if test -x $BINDIR/samba4kinit; then - samba4kinit=$BINDIR/samba4kinit -fi +samba_bindir="$BINDIR" -samba_tool="$samba4bindir/samba-tool" -net_tool="$samba4bindir/net" -smbpasswd="$samba4bindir/smbpasswd" -texpect="$samba4bindir/texpect" -samba4kpasswd=kpasswd -if test -x $BINDIR/samba4kpasswd; then - samba4kpasswd=$BINDIR/samba4kpasswd -fi +smbclient="$samba_bindir/smbclient" +samba_kinit=$samba_bindir/samba4kinit +samba_kpasswd=$samba_bindir/samba4kpasswd + +samba_tool="$samba_bindir/samba-tool" +net_tool="$samba_bindir/net" +texpect="$samba_bindir/texpect" newuser="$samba_tool user create" -unc="//$SERVER/tmp" +SMB_UNC="//$SERVER/tmp" . `dirname $0`/subunit.sh . `dirname $0`/common_test_fns.inc do_kinit() { - file="$1" + principal="$1" password="$2" shift shift - if test -x $BINDIR/samba4kinit; then - $samba4kinit --password-file=$file --request-pac $@ - else - echo $password | $samba4kinit $@ - fi + echo $password > $PREFIX/tmppassfile + $samba_kinit --password-file=$PREFIX/tmppassfile $principal $@ } UID_WRAPPER_ROOT=1 @@ -59,207 +52,166 @@ export UID_WRAPPER_ROOT CONFIG="--configfile=$PREFIX/etc/smb.conf" export CONFIG -testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $samba_tool domain passwordsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1` +testit "reset password policies beside of minimum password age of 0 days" \ + $VALGRIND $samba_tool domain passwordsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1` -USERPASS=testPaSS@00% +TEST_USERNAME="$(mktemp -u alice-XXXXXX)" +TEST_PRINCIPAL="$TEST_USERNAME@$REALM" +TEST_PASSWORD="testPaSS@00%" +TEST_PASSWORD_NEW="testPaSS@01%" +TEST_PASSWORD_SHORT="secret" +TEST_PASSWORD_WEAK="Supersecret" -testit "create user locally" $VALGRIND $newuser $CONFIG nettestuser $USERPASS $@ || failed=`expr $failed + 1` +testit "create user locally" \ + $VALGRIND $newuser $CONFIG $TEST_USERNAME $TEST_PASSWORD || failed=`expr $failed + 1` KRB5CCNAME="$PREFIX/tmpuserccache" export KRB5CCNAME -echo $USERPASS > $PREFIX/tmpuserpassfile - -testit "kinit with user password" do_kinit $PREFIX/tmpuserpassfile $USERPASS nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password" \ + do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache" \ + "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` -NEWUSERPASS=testPaSS@01% -testit "change user password with 'samba-tool user password' (unforced)" $VALGRIND $samba_tool user password -W$DOMAIN -U$DOMAIN/nettestuser%$USERPASS -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1` +testit "change user password with 'samba-tool user password' (unforced)" \ + $VALGRIND $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` -echo $NEWUSERPASS > ./tmpuserpassfile -testit "kinit with user password" do_kinit ./tmpuserpassfile $NEWUSERPASS nettestuser@$REALM || failed=`expr $failed + 1` +TEST_PASSWORD_OLD=$TEST_PASSWORD +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@02%" -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` +testit "kinit with user password" \ + do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` -# -# These tests demonstrate that a credential cache in the environment does not -# override a username/password, even an incorrect one, on the command line -# +test_smbclient "Test login with user kerberos ccache" \ + "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` -testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -Unettestuser@$REALM%wrongpass && failed=`expr $failed + 1` -testit_expect_failure "Test login with user kerberos ccache, but old password specified" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -Unettestuser@$REALM%$USERPASS && failed=`expr $failed + 1` - - -USERPASS=$NEWUSERPASS -WEAKPASS=testpass1 -NEWUSERPASS=testPaSS@02% - -# password mismatch check doesn't work yet (kpasswd bug, reported to Love) -#echo "check that password mismatch gives the right error" -#cat > ./tmpkpasswdscript <<EOF -#expect Password -#password ${USERPASS}\n -#expect New password -#send ${WEAKPASS}\n -#expect New password -#send ${NEWUSERPASS}\n -#expect password mismatch -#EOF -# -#testit "change user password with kpasswd" $texpect ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` +########################################################### +### check that a short password is rejected +########################################################### - -echo "check that a weak password is rejected" -cat > ./tmpkpasswdscript <<EOF +cat > $PREFIX/tmpkpasswdscript <<EOF expect Password -password ${USERPASS}\n +password ${TEST_PASSWORD}\n expect New password -send ${WEAKPASS}\n -expect New password -send ${WEAKPASS}\n -expect Password does not meet complexity requirements +send ${TEST_PASSWORD_SHORT}\n +expect Verify password +send ${TEST_PASSWORD_SHORT}\n +expect Password too short EOF -testit "change to weak user password with kpasswd" $texpect ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` +testit "kpasswd check short user password" \ + $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=`expr $failed + 1` + +########################################################### +### check that a weak password is rejected +########################################################### echo "check that a short password is rejected" cat > ./tmpkpasswdscript <<EOF expect Password -password ${USERPASS}\n -expect New password -send xx1\n +password ${TEST_PASSWORD}\n expect New password -send xx1\n -expect Password too short +send $TEST_PASSWORD_WEAK\n +expect Verify password +send $TEST_PASSWORD_WEAK\n +expect Password does not meet complexity requirements EOF -testit "change to short user password with kpasswd" $texpect ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` +testit "kpasswd check weak user password" \ + $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=`expr $failed + 1` +########################################################### +### check that a strong password is accepted +########################################################### -echo "check that a strong new password is accepted" cat > ./tmpkpasswdscript <<EOF expect Password -password ${USERPASS}\n +password ${TEST_PASSWORD}\n expect New password -send ${NEWUSERPASS}\n -expect New password -send ${NEWUSERPASS}\n +send ${TEST_PASSWORD_NEW}\n +expect Verify password +send ${TEST_PASSWORD_NEW}\n expect Success EOF -testit "change user password with kpasswd" $texpect ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` +testit "kpasswd change user password" \ + $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=`expr $failed + 1` -test_smbclient "Test login with user kerberos (unforced)" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@03%" -NEWUSERPASS=testPaSS@03% +########################################################### +### Force password change at login +########################################################### -echo "set password with smbpasswd" -cat > ./tmpsmbpasswdscript <<EOF -expect New SMB password: -send ${NEWUSERPASS}\n -expect Retype new SMB password: -send ${NEWUSERPASS}\n -EOF +testit "set password on user locally" \ + $VALGRIND $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=`expr $failed + 1` -testit "set user password with smbpasswd" $texpect ./tmpsmbpasswdscript $smbpasswd -L -c $PREFIX/etc/smb.conf nettestuser || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@04%" -test_smbclient "Test login with user (ntlm)" 'ls' "$unc" -k no -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` +rm -f $PREFIX/tmpuserccache - -NEWUSERPASS=testPaSS@04% -testit "set password on user locally" $VALGRIND $samba_tool user setpassword nettestuser $CONFIG --newpassword=$NEWUSERPASS --must-change-at-next-login $@ || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS - -NEWUSERPASS=testPaSS@05% -testit "change user password with 'samba-tool user password' (after must change flag set)" $VALGRIND $samba_tool user password -W$DOMAIN -U$DOMAIN/nettestuser%$USERPASS -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS - -NEWUSERPASS=testPaSS@06% -testit "set password on user locally" $VALGRIND $samba_tool user setpassword $CONFIG nettestuser --newpassword=$NEWUSERPASS --must-change-at-next-login $@ || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS - -NEWUSERPASS=testPaSS@07% - -cat > ./tmpkpasswdscript <<EOF +cat > $PREFIX/tmpkinitscript <<EOF expect Password -password ${USERPASS}\n -expect New password -send ${NEWUSERPASS}\n +password ${TEST_PASSWORD}\n +expect Changing password expect New password -send ${NEWUSERPASS}\n +send ${TEST_PASSWORD_NEW}\n +expect Repeat new password +send ${TEST_PASSWORD_NEW}\n expect Success EOF -testit "change user password with kpasswd (after must change flag set)" $texpect ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS - -test_smbclient "Test login with user kerberos" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` - -NEWUSERPASS=testPaSS@08% -testit "set password on user locally" $VALGRIND $samba_tool user setpassword $CONFIG nettestuser --newpassword=$NEWUSERPASS --must-change-at-next-login $@ || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS - -NEWUSERPASS=testPaSS@09% - -cat > ./tmpsmbpasswdscript <<EOF -expect Old SMB password: -password ${USERPASS}\n -expect New SMB password: -send ${NEWUSERPASS}\n -expect Retype new SMB password: -send ${NEWUSERPASS}\n -EOF - -testit "change user password with smbpasswd (after must change flag set)" $texpect ./tmpsmbpasswdscript $smbpasswd -r $SERVER -c $PREFIX/etc/smb.conf -U nettestuser || failed=`expr $failed + 1` - -USERPASS=$NEWUSERPASS - -test_smbclient "Test login with user kerberos" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` - -NEWUSERPASS=abcdefg -testit_expect_failure "try to set a non-complex password (command should not succeed)" $VALGRIND $samba_tool user password -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no --newpassword="$NEWUSERPASS" $@ && failed=`expr $failed + 1` - -testit "allow non-complex passwords" $VALGRIND $samba_tool domain passwordsettings set $CONFIG --complexity=off || failed=`expr $failed + 1` - -testit "try to set a non-complex password (command should succeed)" $VALGRIND $samba_tool user password -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no --newpassword="$NEWUSERPASS" $@ || failed=`expr $failed + 1` -USERPASS=$NEWUSERPASS +testit "kinit and change user password" \ + $texpect $PREFIX/tmpkinitscript $samba_kinit $TEST_PRINCIPAL || failed=`expr $failed + 1` -test_smbclient "test login with non-complex password" 'ls' "$unc" -k no -Unettestuser@$REALM%$USERPASS || failed=`expr $failed + 1` +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@07%" -NEWUSERPASS=abc -testit_expect_failure "try to set a short password (command should not succeed)" $VALGRIND $samba_tool user password -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no --newpassword="$NEWUSERPASS" $@ && failed=`expr $failed + 1` +test_smbclient "Test login with user (kerberos)" \ + "ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` -testit "allow short passwords (length 1)" $VALGRIND $samba_tool domain passwordsettings $CONFIG set --min-pwd-length=1 || failed=`expr $failed + 1` +########################################################### +### Test kpasswd service via 'net ads password' +########################################################### -testit "try to set a short password (command should succeed)" $VALGRIND $samba_tool user password -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no --newpassword="$NEWUSERPASS" $@ || failed=`expr $failed + 1` -USERPASS="$NEWUSERPASS" +# NOTE: This works with heimdal because the krb5_set_password function tries +# set_password call first and falls back to change_password if it doesn't +# succeed. +testit "change user password with 'net ads password', admin: $DOMAIN/$TEST_USERNAME, target: $TEST_PRINCIPAL" \ + $VALGRIND $net_tool ads password -W$DOMAIN -U$TEST_PRINCIPAL%$TEST_PASSWORD $TEST_PRINCIPAL "$TEST_PASSWORD_NEW" || failed=`expr $failed + 1` -# test kpasswd via net ads password (change variant) -NEWUSERPASS="testPaSS@10%" -testit "change user password with 'net ads password', admin: $DOMAIN/nettestuser, target: nettestuser@$REALM" $VALGRIND $net_tool ads password -W$DOMAIN -Unettestuser@$REALM%$USERPASS nettestuser@$REALM "$NEWUSERPASS" $@ || failed=`expr $failed + 1` -USERPASS="$NEWUSERPASS" +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@08%" -test_smbclient "Test login with smbclient" 'ls' "$unc" -k no -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` +test_smbclient "Test login with smbclient (ntlm)" \ + "ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` -# test kpasswd via net ads password (admin set variant) -NEWUSERPASS="testPaSS@11%" -testit "set user password with 'net ads password', admin: $DOMAIN/$USERNAME, target: nettestuser@$REALM" $VALGRIND $net_tool ads password -W$DOMAIN -U$USERNAME@$REALM%$PASSWORD nettestuser@$REALM "$NEWUSERPASS" $@ || failed=`expr $failed + 1` -USERPASS="$NEWUSERPASS" +########################################################### +### Test kpasswd service via 'net ads password' as admin +########################################################### -test_smbclient "Test login with smbclient" 'ls' "$unc" -k no -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1` +testit "set user password with 'net ads password', admin: $DOMAIN/$USERNAME, target: $TEST_PRINCIPAL" \ + $VALGRIND $net_tool ads password -W$DOMAIN -U$USERNAME@$REALM%$PASSWORD $TEST_PRINCIPAL "$TEST_PASSWORD_NEW" || failed=`expr $failed + 1` -testit "require minimum password age of 1 day" $VALGRIND $samba_tool domain passwordsettings $CONFIG set --min-pwd-age=1 || failed=`expr $failed + 1` +TEST_PASSWORD=$TEST_PASSWORD_NEW +TEST_PASSWORD_NEW="testPaSS@07%" -testit "show password settings" $VALGRIND $samba_tool domain passwordsettings $CONFIG show || failed=`expr $failed + 1` +test_smbclient "Test login with smbclient (ntlm)" \ + "ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` -NEWUSERPASS="testPaSS@08%" -testit_expect_failure "try to change password too quickly (command should not succeed)" $VALGRIND $samba_tool user password -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no --newpassword="$NEWUSERPASS" $@ && failed=`expr $failed + 1` +########################################################### +### Cleanup +########################################################### -testit "reset password policies" $VALGRIND $samba_tool domain passwordsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` +testit "reset password policies" \ + $VALGRIND $samba_tool domain passwordsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` -testit "del user" $VALGRIND $samba_tool user delete nettestuser -U"$USERNAME%$PASSWORD" $CONFIG -k no $@ || failed=`expr $failed + 1` +testit "delete user" \ + $VALGRIND $samba_tool user delete $TEST_USERNAME -U"$USERNAME%$PASSWORD" $CONFIG -k no || failed=`expr $failed + 1` -rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript tmpsmbpasswdscript +rm -f $PREFIX/tmpuserccache $PREFIX/tmpkpasswdscript $PREFIX/tmpkinitscript exit $failed |