summaryrefslogtreecommitdiffstats
path: root/testprogs/blackbox/test_trust_utils.sh
blob: 3bd375a1fbc9e7fe008263c4e6294d9557cc36b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/bin/sh
# Copyright (C) 2015 Stefan Metzmacher <metze@samba.org>

if [ $# -lt 12 ]; then
	cat <<EOF
Usage: $# test_trust_utils.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN PREFIX TYPE
EOF
	exit 1
fi

SERVER=$1
USERNAME=$2
PASSWORD=$3
REALM=$4
DOMAIN=$5
shift 5
TRUST_SERVER=$1
TRUST_USERNAME=$2
TRUST_PASSWORD=$3
TRUST_REALM=$4
TRUST_DOMAIN=$5
shift 5
PREFIX=$1
TYPE=$2
shift 2
failed=0

samba4bindir="$BINDIR"

samba_tool="$samba4bindir/samba-tool"

. $(dirname $0)/subunit.sh

CREDS="${DOMAIN}\\${USERNAME}%${PASSWORD}"
TRUST_CREDS_DOMAIN="${TRUST_DOMAIN}\\${TRUST_USERNAME}%${TRUST_PASSWORD}"
TRUST_SERVER_CREDS_DOMAIN_ARGS="--local-dc-ipaddress ${TRUST_SERVER} --local-dc-username ${TRUST_CREDS_DOMAIN}"

TRUST_CREDS_REALM="${TRUST_REALM}\\${TRUST_USERNAME}%${TRUST_PASSWORD}"
TRUST_SERVER_CREDS_REALM_ARGS="--local-dc-ipaddress ${TRUST_SERVER} --local-dc-username ${TRUST_CREDS_REALM}"

list="$VALGRIND $PYTHON $samba_tool domain trust list"
testit "list domains default" $list || failed=$(expr $failed + 1)

# Show that the domain name and realm work
testit "list domains reverse (DOMAIN)" $list ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
testit "list domains reverse (REALM)" $list ${TRUST_SERVER_CREDS_REALM_ARGS} || failed=$(expr $failed + 1)

show="$VALGRIND $PYTHON $samba_tool domain trust show"
testit "show domains default realm" $show ${TRUST_REALM} || failed=$(expr $failed + 1)
testit "show domains reverse realm" $show ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
testit "show domains default netbios" $show ${TRUST_DOMAIN} || failed=$(expr $failed + 1)
testit "show domains reverse netbios" $show ${DOMAIN} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)

validate="$VALGRIND $PYTHON $samba_tool domain trust validate"
testit "validate trust default both" $validate ${TRUST_REALM} -U${TRUST_CREDS_DOMAIN} || failed=$(expr $failed + 1)
testit "validate trust default local" $validate ${TRUST_REALM} --validate-location=local || failed=$(expr $failed + 1)
testit "validate trust reverse both" $validate ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} -U${CREDS} || failed=$(expr $failed + 1)
testit "validate trust reverse local" $validate ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --validate-location=local || failed=$(expr $failed + 1)

namespaces="$VALGRIND $PYTHON $samba_tool domain trust namespaces"
testit "namespaces own default" $namespaces || failed=$(expr $failed + 1)
testit "namespaces own reverse" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)

DOMSID=$($namespaces | grep LocalDomain | sed -e 's!.*SID\[\(.*\)\].*!\1!')
#testit_expect_failure "namespaces domsid default" echo ${DOMSID} || failed=`expr $failed + 1`

TRUST_DOMSID=$($namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} | grep LocalDomain | sed -e 's!.*SID\[\(.*\)\].*!\1!')
#testit_expect_failure "namespaces domsid reverse" echo ${TRUST_DOMSID} || failed=`expr $failed + 1`

if test x$TYPE = x"forest"; then
	testit "namespaces trust default realm 1" $namespaces ${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse realm 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)

	testit "namespaces trust default domain 1" $namespaces ${TRUST_DOMAIN} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse domain 1" $namespaces ${DOMAIN} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)

	testit "namespaces own default add-upn-suffix 1" $namespaces --add-upn-suffix=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces own reverse add-upn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-upn-suffix=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces own default add-upn-suffix 2" $namespaces --add-upn-suffix=${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces own reverse add-upn-suffix 2" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-upn-suffix=${REALM} || failed=$(expr $failed + 1)

	testit "namespaces own default add-spn-suffix 1" $namespaces --add-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces own reverse add-spn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces trust default check 1" $namespaces ${TRUST_REALM} --refresh=check || failed=$(expr $failed + 1)
	testit "namespaces trust reverse check 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=check || failed=$(expr $failed + 1)

	testit "namespaces trust default store 1" $namespaces ${TRUST_REALM} --refresh=store || failed=$(expr $failed + 1)
	testit "namespaces trust reverse store 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=store || failed=$(expr $failed + 1)

	testit "namespaces trust default enable-tln 1" $namespaces ${TRUST_REALM} --enable-tln=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces trust reverse enable-tln 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=default.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces trust default enable-tln 2" $namespaces ${TRUST_REALM} --enable-tln=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces trust reverse enable-tln 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces trust default enable-tln 3" $namespaces ${TRUST_REALM} --enable-tln=${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse enable-tln 3" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=${REALM} || failed=$(expr $failed + 1)

	testit "namespaces trust default disable-nb 1" $namespaces ${TRUST_REALM} --disable-nb=${TRUST_DOMAIN} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse disable-nb 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-nb=${DOMAIN} || failed=$(expr $failed + 1)

	testit "namespaces trust default disable-sid 1" $namespaces ${TRUST_REALM} --disable-sid=${TRUST_DOMSID} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse disable-sid 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-sid=${DOMSID} || failed=$(expr $failed + 1)

	testit "namespaces trust default disable-tln 1" $namespaces ${TRUST_REALM} --disable-tln=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces trust reverse disable-tln 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-tln=default.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces trust default add-tln-ex 1" $namespaces ${TRUST_REALM} --add-tln-ex=exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse add-tln-ex 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-tln-ex=exclude.${REALM} || failed=$(expr $failed + 1)

	testit "namespaces trust default add-tln-ex 2" $namespaces ${TRUST_REALM} --add-tln-ex=sub.exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse add-tln-ex 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-tln-ex=sub.exclude.${REALM} || failed=$(expr $failed + 1)

	testit "namespaces trust default realm 2" $namespaces ${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse realm 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)

	testit "namespaces trust default delete-tln-ex 1" $namespaces ${TRUST_REALM} --delete-tln-ex=exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse delete-tln-ex 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-tln-ex=exclude.${REALM} || failed=$(expr $failed + 1)

	testit "namespaces trust default delete-tln-ex 2" $namespaces ${TRUST_REALM} --delete-tln-ex=sub.exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse delete-tln-ex 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-tln-ex=sub.exclude.${REALM} || failed=$(expr $failed + 1)

	testit "namespaces own default delete-upn-suffix 1" $namespaces --delete-upn-suffix=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces own reverse delete-upn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-upn-suffix=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces own default delete-upn-suffix 2" $namespaces --delete-upn-suffix=${TRUST_REALM} || failed=$(expr $failed + 1)
	testit "namespaces own reverse delete-upn-suffix 2" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-upn-suffix=${REALM} || failed=$(expr $failed + 1)

	testit "namespaces own default delete-spn-suffix 1" $namespaces --delete-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
	testit "namespaces own reverse delete-spn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)

	testit "namespaces trust default enable-nb 1" $namespaces ${TRUST_REALM} --enable-nb=${TRUST_DOMAIN} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse enable-nb 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-nb=${DOMAIN} || failed=$(expr $failed + 1)

	testit "namespaces trust default enable-sid 1" $namespaces ${TRUST_REALM} --enable-sid=${TRUST_DOMSID} || failed=$(expr $failed + 1)
	testit "namespaces trust reverse enable-sid 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-sid=${DOMSID} || failed=$(expr $failed + 1)

	testit "namespaces trust default reset final" $namespaces ${TRUST_REALM} --refresh=store --enable-all || failed=$(expr $failed + 1)
	testit "namespaces trust reverse reset final" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=store --enable-all || failed=$(expr $failed + 1)
fi

exit $failed