summaryrefslogtreecommitdiffstats
path: root/testprogs/blackbox/test_client_kerberos.sh
diff options
context:
space:
mode:
Diffstat (limited to 'testprogs/blackbox/test_client_kerberos.sh')
-rwxr-xr-xtestprogs/blackbox/test_client_kerberos.sh293
1 files changed, 293 insertions, 0 deletions
diff --git a/testprogs/blackbox/test_client_kerberos.sh b/testprogs/blackbox/test_client_kerberos.sh
new file mode 100755
index 0000000..b436192
--- /dev/null
+++ b/testprogs/blackbox/test_client_kerberos.sh
@@ -0,0 +1,293 @@
+#!/bin/sh
+# Blackbox tests for kerberos client options
+# Copyright (c) 2019 Andreas Schneider <asn@samba.org>
+
+if [ $# -lt 6 ]; then
+ cat <<EOF
+Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
+EOF
+ exit 1
+fi
+
+DOMAIN=$1
+REALM=$2
+USERNAME=$3
+PASSWORD=$4
+SERVER=$5
+PREFIX=$6
+CONFIGURATION=$7
+shift 7
+
+failed=0
+
+. $(dirname $0)/subunit.sh
+. $(dirname $0)/common_test_fns.inc
+
+samba_bindir="$BINDIR"
+samba_rpcclient="$samba_bindir/rpcclient"
+samba_smbclient="$samba_bindir/smbclient"
+samba_smbtorture="$samba_bindir/smbtorture"
+
+samba_kinit=kinit
+if test -x ${samba_bindir}/samba4kinit; then
+ samba_kinit=${samba_bindir}/samba4kinit
+fi
+
+samba_kdestroy=kdestroy
+if test -x ${samba_bindir}/samba4kdestroy; then
+ samba_kinit=${samba_bindir}/samba4kdestroy
+fi
+
+test_rpc_getusername()
+{
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "Failed to connect! Error: $ret"
+ echo "$out"
+ return 1
+ fi
+
+ echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "Incorrect account/authority name! Error: $ret"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+test_smbclient()
+{
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "Failed to connect! Error: $ret"
+ echo "$out"
+ fi
+
+ return $ret
+}
+
+test_smbclient_kerberos()
+{
+ eval echo "$cmd -d5"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "Failed to connect! Error: $ret"
+ echo "$out"
+ return 1
+ fi
+
+ echo "$out" | grep "Doing init for" >/dev/null 2>&1
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ echo "Kinit failed for smbclient"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+KRB5CCNAME_PATH="$PREFIX/ccache_client_kerberos"
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
+### RPCCLIENT (legacy)
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm interactive" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm interactive with -U" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy kerberos" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy kerberos ccache" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### RPCCLIENT
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient ntlm" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient ntlm interactive" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient ntlm interactive with -U" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient kerberos" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit_expect_failure "test rpcclient kerberos interactive (negative test)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient kerberos ccache" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBTORTURE (legacy)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy default" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy ntlm (kerberos=no)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy kerberos=yes" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy kerberos=yes ccache" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBTORTURE
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture default" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture ntlm (kerberos=no)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture kerberos=yes" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture kerberos=yes ccache" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit_expect_failure "test smbtorture kerberos=no ccache (negative test)" \
+ test_rpc_getusername ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBCLIENT (legacy)
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm interactive" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm interactive with -U" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy kerberos" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy kerberos ccache" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBCLIENT tests for --use-kerberos=desired|required|disabled
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient ntlm" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient ntlm interactive" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient ntlm interactive with -U" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient kerberos=desired" \
+ test_smbclient_kerberos ||
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient kerberos=required" \
+ test_smbclient_kerberos ||
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient kerberos=required ccache" \
+ test_smbclient ||
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+rm -rf $KRB5CCNAME_PATH
+
+exit $failed
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 21:37:06 +0000