blob: d885b337cea558af1cc206ae28dc651089352dfa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
if [ $# -lt 4 ]; then
cat <<EOF
Usage: test_net_offline.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS
EOF
exit 1
fi
DC_SERVER=$1
DC_USERNAME=$2
DC_PASSWORD=$3
BASEDIR=$4
HOSTNAME=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10)
RUNDIR=$(pwd)
cd $BASEDIR
WORKDIR=$(mktemp -d -p .)
WORKDIR=$(basename $WORKDIR)
ODJFILE="$BASEDIR/$WORKDIR/odj_provision.txt"
cp -a client/* $WORKDIR/
sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
rm -f $WORKDIR/private/secrets.tdb
cd $RUNDIR
failed=0
net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=security=ads"
samba_texpect="$BINDIR/texpect"
# Load test functions
. $(dirname $0)/subunit.sh
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
# 1. Test w/o dcname
testit "provision without dcname" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
rm -f $ODJFILE
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
# 2. Test with dcname
testit "provision with dcname" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE dcname=$DC_SERVER -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
rm -f $ODJFILE
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
# 3. Test with defpwd
testit "provision with dcname and default password" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE dcname=$DC_SERVER defpwd -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
testit "requestodj" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
rm -f $ODJFILE
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
test_compose_odj() {
local mode=$1
local composeargv=()
# Retrieve the necessary information to compose the ODJ blob
# The machine needs to be correctly joined at this point
local netbios_domain_name=$($net_tool ads lookup | awk -F': ' '/^Pre-Win2k Domain/ {print $2}')
local domain_sid=$($net_tool getdomainsid | awk -F': ' "/^SID for domain $netbios_domain_name/ {print \$2}")
local domain_guid=$($net_tool ads lookup | awk -F': ' '/^GUID/ {print $2}')
local forest_name=$($net_tool ads lookup | awk -F': ' '/^Forest/ {print $2}')
local dc_name=$($net_tool ads info | awk -F': ' '/^LDAP server name/ {print $2}')
local dc_address=$($net_tool ads info | awk -F': ' '/^LDAP server:/ {print $2}')
local ret=1
local out=""
composeargv=( \
"domain_sid=${domain_sid}" \
"domain_guid=${domain_guid}" \
"forest_name=${forest_name}" \
"-S ${dc_name}" \
"-I ${dc_address}" \
"savefile=${ODJFILE}"
)
case $mode in
machacct)
cmd='$net_tool offlinejoin composeodj ${composeargv[@]} -P 2>&1'
out=$(eval $cmd)
ret=$?
;;
stdinfd)
cmd='echo ${netbios} | $net_tool offlinejoin composeodj ${composeargv[@]} -U${netbios^^}\$ 2>&1'
out=$(PASSWD_FD=0 eval $cmd)
ret=$?
;;
callback)
tmpfile=$BASEDIR/$WORKDIR/composeodj_password_script
cat >$tmpfile <<EOF
expect Password for [${netbios_domain_name^^}\\${netbios^^}\$]:
send $netbios\n
EOF
cmd='$samba_texpect -v $tmpfile $net_tool offlinejoin composeodj ${composeargv[@]} 2>&1'
out=$(eval $cmd)
ret=$?
rm -f $tmpfile
;;
*)
out="Unknown mode '$mode'"
;;
esac
if [ $ret -ne 0 ]; then
echo "Failed to compose ODJ blob: $out"
return 1
fi
}
# 4. Test composeodj
modes=("machacct" "stdinfd" "callback")
for mode in "${modes[@]}"; do
defpwd="defpwd"
if [ "$mode" == "machacct" ]; then
defpwd=""
fi
testit "provision[$mode]" $VALGRIND $net_tool offlinejoin provision domain=$REALM machine_name=$netbios savefile=$ODJFILE $defpwd -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
testit "requestodj [$mode]" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
testit "testjoin [$mode]" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
testit "removeodjblob [$mode]" rm $ODJFILE || failed=$(expr $failed + 1)
testit "composeodj [$mode]" test_compose_odj $mode || failed=$(expr $failed + 1)
testit "removesecretsdb [$mode]" rm $BASEDIR/$WORKDIR/private/secrets.tdb || failed=$(expr $failed + 1)
testit "requestodj [$mode]" $VALGRIND $net_tool offlinejoin requestodj loadfile=$ODJFILE || failed=$(expr $failed + 1)
testit "removeodjblob [$mode]" rm $ODJFILE || failed=$(expr $failed + 1)
testit "testjoin [$mode]" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=$(expr $failed + 1)
testit "leave [$mode]" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
done
rm -rf $BASEDIR/$WORKDIR
exit $failed
|