sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
4ce5d8df25
samba-mirror/testprogs/blackbox/test_pkinit_pac.sh

64 lines
1.8 KiB
Bash
Raw Normal View History

testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
#!/bin/sh
# Blackbox tests for pkinit and pac verification
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
#
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
# Copyright (C) 2006-2008 Stefan Metzmacher
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
# Copyright (C) 2022 Andreas Schneider
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
if [ $# -lt 6 ]; then
testprogs: Reformat test_pkinit_pac.sh with shfmt Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-18 13:04:19 +03:00
cat <<EOF
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
Usage: test_pkinit_pac.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
EOF
testprogs: Reformat test_pkinit_pac.sh with shfmt Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-18 13:04:19 +03:00
exit 1
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
fi
SERVER=$1
USERNAME=$2
PASSWORD=$3
REALM=$4
DOMAIN=$5
PREFIX=$6
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
shift 6
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
failed=0
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
samba_bindir="$BINDIR"
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
samba_kinit="$(command -v kinit)"
if [ -x "${samba_bindir}/samba4kinit" ]; then
samba_kinit="${samba_bindir}/samba4kinit"
fi
samba_smbtorture="${samba_bindir}/smbtorture --basedir=$SELFTEST_TMPDIR"
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
. "$(dirname "$0")"/subunit.sh
. "$(dirname "$0")"/common_test_fns.inc
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
KRB5CCNAME_PATH="$PREFIX/tmpccache"
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
rm -f "${KRB5CCNAME_PATH}"
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
USER_PRINCIPAL_NAME="$(echo "${USERNAME}@${REALM}" | tr "[:upper:]" "[:lower:]")"
kbase="$(basename "${samba_kinit}")"
if [ "${kbase}" = "samba4kinit" ]; then
# HEIMDAL
X509_USER_IDENTITY="--pk-user=FILE:${PREFIX}/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,${PREFIX}/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
OPTION_RENEWABLE="--renewable"
else
X509_USER_IDENTITY="-X X509_user_identity=FILE:${PREFIX}/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,${PREFIX}/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
OPTION_RENEWABLE="-r 1h"
fi
OPTION_REQUEST_PAC="--request-pac"
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
testit "STEP1 kinit with pkinit (name specified)" \
"${samba_kinit}" "${OPTION_REQUEST_PAC}" "${OPTION_RENEWABLE}" \
testprogs: Reformat test_pkinit_pac.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_pac.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
"${X509_USER_IDENTITY}" "${USERNAME}@${REALM}" ||
testprogs: Manually reformat test_pkinit_pac.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-18 13:05:23 +03:00
failed=$((failed + 1))
testit "STEP1 remote.pac verification" \
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
"${samba_smbtorture}" ncacn_np:"${SERVER}" rpc.pac \
--workgroup="${DOMAIN}" -U"${USERNAME}%${PASSWORD}" \
--option=torture:pkinit_ccache="${KRB5CCNAME}" ||
testprogs: Manually reformat test_pkinit_pac.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-18 13:05:23 +03:00
failed=$((failed + 1))
testprogs/blackbox: add test_pkinit_pac_heimdal.sh This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC when using pkinit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 16:34:50 +03:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-01-25 21:35:06 +03:00
rm -f "${KRB5CCNAME_PATH}"
exit ${failed}
Copy Permalink