samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

93 lines

2.1 KiB

Bash

Raw Normal View History

testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`#!/bin/bash`
			`# Copyright (C) 2017 Stefan Metzmacher <metze@samba.org>`

			`if [ $# -lt 12 ]; then`
testprogs: Reformat test_trust_token.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 2022-04-22 16:46:05 +03:00			`cat <<EOF`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`Usage: $# test_trust_token.sh SERVER USERNAME PASSWORD REALM DOMAIN DOMSID TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN TRUST_DOMSID TYPE`
			`EOF`
testprogs: Reformat test_trust_token.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 2022-04-22 16:46:05 +03:00			`exit 1`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`fi`

			`SERVER=$1`
			`shift 1`
			`USERNAME=$1`
			`PASSWORD=$2`
			`REALM=$3`
			`DOMAIN=$4`
			`DOMSID=$5`
			`shift 5`
			`TRUST_USERNAME=$1`
			`TRUST_PASSWORD=$2`
			`TRUST_REALM=$3`
			`TRUST_DOMAIN=$4`
			`TRUST_DOMSID=$5`
			`shift 5`
			`TYPE=$1`
			`shift 1`
			`failed=0`

testprogs: Reformat test_trust_token.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 2022-04-22 16:46:05 +03:00			`. $(dirname $0)/subunit.sh`
			`. $(dirname $0)/common_test_fns.inc`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00
testprogs: Use system_or_builddir_binary() for test_trust_token Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 2022-12-22 16:37:21 +03:00			`ldbsearch=$(system_or_builddir_binary ldbsearch "${BINDIR}")`

testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`test_token()`
			`{`
			`auth_args="${1}"`
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2024-06-18 20:11:09 +03:00			`auth_sid="${2}"`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00
tests: Use ldbsearch '--scope instead of '-s' We should use long options in tests to make clear what we are trying to do. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 2020-12-17 14:25:15 +03:00			`out=$($VALGRIND $ldbsearch -H ldap://$SERVER.$REALM -U$TRUST_REALM\\$TRUST_USERNAME%$TRUST_PASSWORD -b '' --scope=base -k ${auth_args} tokenGroups 2>&1)`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`ret=$?`
			`test x"$ret" = x"0" \|\| {`
			`echo "$out"`
			`return 1`
			`}`

			`trust_sids=$(echo "$out" \| grep '^tokenGroups' \| grep "${TRUST_DOMSID}-" \| wc -l)`
			`test "$trust_sids" -ge "2" \|\| {`
			`echo "$out"`
			`echo "Less than 2 sids from $TRUST_DOMAIN $TRUST_DOMSID"`
			`return 1`
			`}`

			`domain_sids=$(echo "$out" \| grep '^tokenGroups' \| grep "${DOMSID}-" \| wc -l)`
			`test "$domain_sids" -ge "1" \|\| {`
			`echo "$out"`
			`echo "Less than 1 sid from $DOMAIN $DOMSID"`
			`return 1`
			`}`

			`builtin_sids=$(echo "$out" \| grep '^tokenGroups' \| grep "S-1-5-32-" \| wc -l)`
			`test "$builtin_sids" -ge "1" \|\| {`
			`echo "$out"`
			`echo "Less than 1 sid from BUILTIN S-1-5-32"`
			`return 1`
			`}`

			`#`
			`# The following should always be present`
			`#`
			`# SID_WORLD(S-1-1-0)`
			`# SID_NT_NETWORK(S-1-5-2)`
			`# SID_NT_AUTHENTICATED_USERS(S-1-5-11)`
			`#`
			`required_sids="S-1-1-0 S-1-5-2 S-1-5-11 ${auth_sid}"`
			`for sid in $required_sids; do`
			`found=$(echo "$out" \| grep "^tokenGroups: ${sid}$" \| wc -l)`
			`test x"$found" = x"1" \|\| {`
			`echo "$out"`
			`echo "SID: ${sid} not found"`
			`return 1`
			`}`
			`done`

			`return 0`
			`}`

testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2024-06-18 20:11:09 +03:00			`# Check that SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY(S-1-18-1) is added for krb5`
			`testit "Test token with kerberos" test_token "yes" "S-1-18-1" \|\| failed=$(expr $failed + 1)`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00			`# Check that SID_NT_NTLM_AUTHENTICATION(S-1-5-64-10) is added for NTLMSSP`
testprogs: Reformat test_trust_token.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 2022-04-22 16:46:05 +03:00			`testit "Test token with NTLMSSP" test_token "no" "S-1-5-64-10" \|\| failed=$(expr $failed + 1)`
testprogs/blackbox: add test_trust_token.sh This demonstrates, which SID we expect in a token of an user of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2018-02-26 19:46:55 +03:00
			`exit $failed`

93 lines 2.1 KiB Bash Raw Normal View History Unescape Escape

93 lines

2.1 KiB

Bash

Raw Normal View History