• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src/router/samba-3.5.8/testprogs/blackbox/
1#!/bin/sh
2# Blackbox tests for kinit and kerberos integration with smbclient etc
3# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
4# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
5
6if [ $# -lt 5 ]; then
7cat <<EOF
8Usage: test_kinit.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
9EOF
10exit 1;
11fi
12
13SERVER=$1
14USERNAME=$2
15PASSWORD=$3
16REALM=$4
17DOMAIN=$5
18PREFIX=$6
19shift 6
20failed=0
21
22samba4bindir="$BUILDDIR/bin"
23smbclient="$samba4bindir/smbclient$EXEEXT"
24samba4kinit="$samba4bindir/samba4kinit$EXEEXT"
25net="$samba4bindir/net$EXEEXT"
26rkpty="$samba4bindir/rkpty$EXEEXT"
27samba4kpasswd="$samba4bindir/samba4kpasswd$EXEEXT"
28enableaccount="$PYTHON `dirname $0`/../../source4/setup/enableaccount"
29
30. `dirname $0`/subunit.sh
31
32test_smbclient() {
33	name="$1"
34	cmd="$2"
35	shift
36	shift
37	echo "test: $name"
38	$VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@
39	status=$?
40	if [ x$status = x0 ]; then
41		echo "success: $name"
42	else
43		echo "failure: $name"
44	fi
45	return $status
46}
47
48KRB5CCNAME="$PREFIX/tmpccache"
49export KRB5CCNAME
50
51echo $PASSWORD > ./tmppassfile
52#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM   || failed=`expr $failed + 1`
53testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
54testit "kinit with password (enterprise style)" $samba4kinit --enterprise --password-file=./tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
55testit "kinit with password (windows style)" $samba4kinit --windows --password-file=./tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
56testit "kinit with pkinit (name specified)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
57testit "kinit with pkinit (enterprise name specified)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
58testit "kinit with pkinit (enterprise name in cert)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincertupn.pem,$PREFIX/dc/private/tls/adminkey.pem --pk-enterprise || failed=`expr $failed + 1`
59testit "kinit renew ticket" $samba4kinit --request-pac -R
60
61test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
62
63testit "domain join with kerberos ccache" $VALGRIND $net join $DOMAIN $CONFIGURATION  -W "$DOMAIN" -k yes $@ || failed=`expr $failed + 1`
64testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURATION  -W "$DOMAIN" -k yes $@ || failed=`expr $failed + 1`
65
66testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
67USERPASS=testPass@12%
68echo $USERPASS > ./tmpuserpassfile
69
70testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
71
72testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
73
74KRB5CCNAME="$PREFIX/tmpuserccache"
75export KRB5CCNAME
76
77testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
78
79test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
80
81NEWUSERPASS=testPaSS@34%
82testit "change user password with 'net password change' (rpc)" $VALGRIND $net password change -W$DOMAIN -U$DOMAIN\\nettestuser%$USERPASS $CONFIGURATION  -k no $NEWUSERPASS $@ || failed=`expr $failed + 1`
83
84echo $NEWUSERPASS > ./tmpuserpassfile
85testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
86
87test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
88
89
90USERPASS=$NEWUSERPASS
91NEWUSERPASS=testPaSS@56%
92echo $NEWUSERPASS > ./tmpuserpassfile
93
94cat > ./tmpkpasswdscript <<EOF
95expect Password
96password ${USERPASS}\n
97expect New password
98send ${NEWUSERPASS}\n
99expect New password
100send ${NEWUSERPASS}\n
101expect Success
102EOF
103
104testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
105
106testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
107
108NEWUSERPASS=testPaSS@78%
109echo $NEWUSERPASS > ./tmpuserpassfile
110
111test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
112
113cat > ./tmpkpasswdscript <<EOF
114expect New password
115send ${NEWUSERPASS}\n
116expect New password
117send ${NEWUSERPASS}\n
118expect Success
119EOF
120
121testit "set user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache nettestuser@$REALM || failed=`expr $failed + 1`
122
123testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
124
125test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
126
127KRB5CCNAME="$PREFIX/tmpccache"
128export KRB5CCNAME
129
130testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
131
132rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript
133exit $failed
134