blob: 9981d4dab5f329833d85facecfe3465a0ef96257 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/bin/bash
# Blackbox tests rpcclient with schannel
# Copyright (c) 2021 Andreas Schneider <asn@samba.org>
if [ $# -lt 8 ]; then
cat << EOF
Usage: test_rpcclient_schannel.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION TESTENV
EOF
exit 1
fi
DOMAIN=$1
REALM=$2
USERNAME=$3
PASSWORD=$4
SERVER=$5
PREFIX=$6
CONFIGURATION=$7
TESTENV=$8
shift 8
failed=0
samba_subunit_dir=$(dirname "$0")
. "${samba_subunit_dir}/subunit.sh"
. "${samba_subunit_dir}/common_test_fns.inc"
samba_bindir="${BINDIR}"
samba_rpcclient="${samba_bindir}/rpcclient"
test_rpc_getusername()
{
cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c getusername 2>&1"
out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to connect! Error: $ret"
echo "$out"
return 1
fi
echo "$out" | grep -q "Account Name: ANONYMOUS LOGON, Authority Name: NT AUTHORITY"
ret=$?
if [ $ret -ne 0 ]; then
echo "Incorrect account/authority name! Error: $ret"
echo "$out"
return 1
fi
return 0
}
test_rpc_lookupsids()
{
cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to connect! Error: $ret"
echo "$out"
return 1
fi
echo "$out" | grep -q "S-1-1-0 Everyone"
ret=$?
if [ $ret -ne 0 ]; then
echo "Incorrect account/authority name! Error: $ret"
echo "$out"
return 1
fi
return 0
}
testit "ncacn_np.getusername" \
test_rpc_getusername || \
failed=$((failed + 1))
if [[ "$TESTENV" == "ad_member_fips"* ]]; then
unset GNUTLS_FORCE_FIPS_MODE
testit "ncacn_np.getusername.fips" \
test_rpc_getusername || \
failed=$((failed + 1))
GNUTLS_FORCE_FIPS_MODE=1
export GNUTLS_FORCE_FIPS_MODE
fi
testit "ncacn_ip_tcp.lookupsids" \
test_rpc_lookupsids || \
failed=$((failed + 1))
exit ${failed}
|
