2020-05-13 17:33:14 +03:00
if [ $# -lt 4 ] ; then
2022-04-22 16:46:05 +03:00
cat <<EOF
2020-05-13 17:33:14 +03:00
Usage: test_net_ads_fips.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS
EOF
2022-04-22 16:46:05 +03:00
exit 1
2020-05-13 17:33:14 +03:00
fi
DC_SERVER = $1
DC_USERNAME = $2
DC_PASSWORD = $3
BASEDIR = $4
2022-04-22 16:46:05 +03:00
HOSTNAME = $( dd if = /dev/urandom bs = 1 count = 32 2>/dev/null | sha1sum | cut -b 1-10)
2020-05-13 17:33:14 +03:00
2022-04-22 16:46:05 +03:00
RUNDIR = $( pwd )
2020-05-13 17:33:14 +03:00
cd $BASEDIR
2022-04-22 16:46:05 +03:00
WORKDIR = $( mktemp -d -p .)
WORKDIR = $( basename $WORKDIR )
2020-05-13 17:33:14 +03:00
cp -a client/* $WORKDIR /
sed -ri " s@(dir|directory) = (.*)/client/@\1 = \2/ $WORKDIR /@ " $WORKDIR /client.conf
sed -ri " s/netbios name = .*/netbios name = $HOSTNAME / " $WORKDIR /client.conf
rm -f $WORKDIR /private/secrets.tdb
cd $RUNDIR
failed = 0
2021-04-14 12:44:51 +03:00
net_tool = " $BINDIR /net --configfile= $BASEDIR / $WORKDIR /client.conf --option=security=ads "
2020-05-13 17:33:14 +03:00
# Load test functions
2022-04-22 16:46:05 +03:00
. $( dirname $0 ) /subunit.sh
2020-05-13 17:33:14 +03:00
# This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode).
2022-04-22 16:46:05 +03:00
testit "join" $VALGRIND $net_tool ads join --use-kerberos= required -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-05-13 17:33:14 +03:00
2022-04-22 16:46:05 +03:00
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2020-05-13 17:33:14 +03:00
2022-04-22 16:46:05 +03:00
testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed = $( expr $failed + 1)
2020-05-13 17:33:14 +03:00
2022-04-22 16:46:05 +03:00
testit "leave" $VALGRIND $net_tool ads leave --use-kerberos= required -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-05-13 17:33:14 +03:00
rm -rf $BASEDIR /$WORKDIR
exit $failed
