1#!/bin/sh 2# Blackbox tests for kinit and kerberos integration with smbclient etc 3# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> 4# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> 5 6if [ $# -lt 5 ]; then 7cat <<EOF 8Usage: test_kinit.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX 9EOF 10exit 1; 11fi 12 13SERVER=$1 14USERNAME=$2 15PASSWORD=$3 16REALM=$4 17DOMAIN=$5 18PREFIX=$6 19shift 6 20failed=0 21 22samba4bindir="$BUILDDIR/bin" 23smbclient="$samba4bindir/smbclient$EXEEXT" 24samba4kinit="$samba4bindir/samba4kinit$EXEEXT" 25net="$samba4bindir/net$EXEEXT" 26rkpty="$samba4bindir/rkpty$EXEEXT" 27samba4kpasswd="$samba4bindir/samba4kpasswd$EXEEXT" 28enableaccount="$PYTHON `dirname $0`/../../source4/setup/enableaccount" 29 30. `dirname $0`/subunit.sh 31 32test_smbclient() { 33 name="$1" 34 cmd="$2" 35 shift 36 shift 37 echo "test: $name" 38 $VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@ 39 status=$? 40 if [ x$status = x0 ]; then 41 echo "success: $name" 42 else 43 echo "failure: $name" 44 fi 45 return $status 46} 47 48KRB5CCNAME="$PREFIX/tmpccache" 49export KRB5CCNAME 50 51echo $PASSWORD > ./tmppassfile 52#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1` 53testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` 54testit "kinit with password (enterprise style)" $samba4kinit --enterprise --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` 55testit "kinit with password (windows style)" $samba4kinit --windows --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` 56testit "kinit with pkinit (name specified)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` 57testit "kinit with pkinit (enterprise name specified)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` 58testit "kinit with pkinit (enterprise name in cert)" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincertupn.pem,$PREFIX/dc/private/tls/adminkey.pem --pk-enterprise || failed=`expr $failed + 1` 59testit "kinit renew ticket" $samba4kinit --request-pac -R 60 61test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` 62 63testit "domain join with kerberos ccache" $VALGRIND $net join $DOMAIN $CONFIGURATION -W "$DOMAIN" -k yes $@ || failed=`expr $failed + 1` 64testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURATION -W "$DOMAIN" -k yes $@ || failed=`expr $failed + 1` 65 66testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` 67USERPASS=testPass@12% 68echo $USERPASS > ./tmpuserpassfile 69 70testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` 71 72testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1` 73 74KRB5CCNAME="$PREFIX/tmpuserccache" 75export KRB5CCNAME 76 77testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` 78 79test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` 80 81NEWUSERPASS=testPaSS@34% 82testit "change user password with 'net password change' (rpc)" $VALGRIND $net password change -W$DOMAIN -U$DOMAIN\\nettestuser%$USERPASS $CONFIGURATION -k no $NEWUSERPASS $@ || failed=`expr $failed + 1` 83 84echo $NEWUSERPASS > ./tmpuserpassfile 85testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` 86 87test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` 88 89 90USERPASS=$NEWUSERPASS 91NEWUSERPASS=testPaSS@56% 92echo $NEWUSERPASS > ./tmpuserpassfile 93 94cat > ./tmpkpasswdscript <<EOF 95expect Password 96password ${USERPASS}\n 97expect New password 98send ${NEWUSERPASS}\n 99expect New password 100send ${NEWUSERPASS}\n 101expect Success 102EOF 103 104testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` 105 106testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` 107 108NEWUSERPASS=testPaSS@78% 109echo $NEWUSERPASS > ./tmpuserpassfile 110 111test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` 112 113cat > ./tmpkpasswdscript <<EOF 114expect New password 115send ${NEWUSERPASS}\n 116expect New password 117send ${NEWUSERPASS}\n 118expect Success 119EOF 120 121testit "set user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache nettestuser@$REALM || failed=`expr $failed + 1` 122 123testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` 124 125test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` 126 127KRB5CCNAME="$PREFIX/tmpccache" 128export KRB5CCNAME 129 130testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` 131 132rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript 133exit $failed 134