2015-11-04 07:31:47 +02:00
if [ $# -lt 4 ] ; then
2022-04-22 15:46:05 +02:00
cat <<EOF
2022-10-27 14:30:48 +02:00
Usage: test_net.sh DC_SERVER DC_USERNAME DC_PASSWORD BASEDIR
2015-10-20 15:54:39 +02:00
EOF
2022-04-22 15:46:05 +02:00
exit 1
2015-10-20 15:54:39 +02:00
fi
DC_SERVER = $1
DC_USERNAME = $2
DC_PASSWORD = $3
2015-11-04 07:31:47 +02:00
BASEDIR = $4
2022-04-22 15:46:05 +02:00
HOSTNAME = $( dd if = /dev/urandom bs = 1 count = 32 2>/dev/null | sha1sum | cut -b 1-10)
2015-11-04 07:31:47 +02:00
2022-04-22 15:46:05 +02:00
RUNDIR = $( pwd )
2015-11-04 07:31:47 +02:00
cd $BASEDIR
2022-04-22 15:46:05 +02:00
WORKDIR = $( mktemp -d -p .)
WORKDIR = $( basename $WORKDIR )
2015-11-04 07:31:47 +02:00
cp -a client/* $WORKDIR /
sed -ri " s@(dir|directory) = (.*)/client/@\1 = \2/ $WORKDIR /@ " $WORKDIR /client.conf
sed -ri " s/netbios name = .*/netbios name = $HOSTNAME / " $WORKDIR /client.conf
rm -f $WORKDIR /private/secrets.tdb
cd $RUNDIR
2015-10-20 15:54:39 +02:00
failed = 0
2021-04-14 11:44:51 +02:00
net_tool = " $BINDIR /net --configfile= $BASEDIR / $WORKDIR /client.conf --option=security=ads "
2015-10-20 15:54:39 +02:00
2018-06-28 11:08:27 -04:00
ldbsearch = "ldbsearch"
if [ -x " $BINDIR /ldbsearch " ] ; then
ldbsearch = " $BINDIR /ldbsearch "
fi
2019-08-22 16:31:30 +02:00
ldbadd = "ldbadd"
if [ -x " $BINDIR /ldbadd " ] ; then
ldbadd = " $BINDIR /ldbadd "
fi
ldbdel = "ldbdel"
if [ -x " $BINDIR /ldbdel " ] ; then
ldbdel = " $BINDIR /ldbdel "
fi
2020-06-16 22:01:49 +03:00
ldbmodify = "ldbmodify"
if [ -x " $BINDIR /ldbmodify " ] ; then
ldbmodify = " $BINDIR /ldbmodify "
fi
2015-10-20 15:54:39 +02:00
# Load test functions
2022-04-22 15:46:05 +02:00
. $( dirname $0 ) /subunit.sh
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2015-11-04 07:31:47 +02:00
2022-03-15 16:53:02 +01:00
workgroup = $( awk '/workgroup =/ { print $NR }' " ${ BASEDIR } / ${ WORKDIR } /client.conf " )
testit "local krb5.conf created" \
test -r \
" ${ BASEDIR } / ${ WORKDIR } /lockdir/smb_krb5/krb5.conf. ${ workgroup } " ||
failed = $(( failed + 1 ))
2022-04-22 15:46:05 +02:00
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2015-11-04 07:32:57 +02:00
2018-01-18 11:30:50 +00:00
netbios = $( grep "netbios name" $BASEDIR /$WORKDIR /client.conf | cut -f2 -d= | awk '{$1=$1};1' )
2022-04-22 15:46:05 +02:00
testit " test setspn list $netbios " $VALGRIND $net_tool ads setspn list $netbios -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
spn = "foo"
2022-04-22 15:46:05 +02:00
testit_expect_failure " test setspn add illegal windows spn ( $spn ) " $VALGRIND $net_tool ads setspn add $spn -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
spn = "foo/somehost.domain.com"
2022-04-22 15:46:05 +02:00
testit " test setspn add ( $spn ) " $VALGRIND $net_tool ads setspn add $spn -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $spn | wc -l)
2022-04-22 15:46:05 +02:00
testit " test setspn list shows the newly added spn ( $spn ) " test $found -eq 1 || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
up_spn = $( echo $spn | tr '[:lower:]' '[:upper:]' )
2022-04-22 15:46:05 +02:00
testit_expect_failure " test setspn add existing (case-insensitive) spn ( $spn ) " $VALGRIND $net_tool ads setspn add $up_spn -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
2022-04-22 15:46:05 +02:00
testit " test setspn delete existing (case-insensitive) ( $spn ) " $VALGRIND $net_tool ads setspn delete $spn -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $spn | wc -l)
testit " test setspn list shows the newly deleted spn ( $spn ) is gone " test $found -eq 0 || failed = $( expr $failed + 1)
2018-01-18 11:30:50 +00:00
2022-04-22 15:46:05 +02:00
testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed = $( expr $failed + 1)
2017-08-09 12:14:34 +02:00
2022-04-22 15:46:05 +02:00
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2017-03-13 16:34:05 +01:00
# Test with kerberos method = secrets and keytab
2022-10-27 14:30:48 +02:00
dedicated_keytab_file = " $BASEDIR / $WORKDIR /test_net_ads_dedicated_krb5.keytab "
2022-04-22 15:46:05 +02:00
testit "join (dedicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2017-03-13 16:34:05 +01:00
2022-04-22 15:46:05 +02:00
testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2017-03-13 16:34:05 +01:00
2018-01-17 17:18:15 +00:00
netbios = $( grep "netbios name" $BASEDIR /$WORKDIR /client.conf | cut -f2 -d= | awk '{$1=$1};1' )
uc_netbios = $( echo $netbios | tr '[:lower:]' '[:upper:]' )
lc_realm = $( echo $REALM | tr '[:upper:]' '[:lower:]' )
2019-08-30 00:22:15 +03:00
fqdn = " $netbios . $lc_realm "
2018-01-17 17:18:15 +00:00
krb_princ = " primary/instance@ $REALM "
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $krb_princ | wc -l)
2018-01-17 17:18:15 +00:00
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) at least one fully qualified krb5 principal that was added is present in keytab" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
machinename = "machine123"
2022-10-27 14:31:42 +02:00
testit "test (dedicated keytab) add a kerberos principal created from machinename to keytab" $VALGRIND $net_tool ads keytab add $machinename '$' -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
search_str = " $machinename \$@ $REALM "
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l)
testit " test (dedicated keytab) at least one krb5 principal created from $machinename added is present in keytab " test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
service = "nfs"
2022-04-22 15:46:05 +02:00
testit " test (dedicated keytab) add a $service service to keytab " $VALGRIND $net_tool ads keytab add $service -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
2019-08-30 00:22:15 +03:00
search_str = " $service / $fqdn @ $REALM "
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l)
testit "test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
search_str = " $service / $uc_netbios @ $REALM "
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l)
testit "test (dedicated keytab) at least one (shorter form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
spn_service = "random_srv"
spn_host = "somehost.subdomain.domain"
spn_port = "12345"
windows_spn = " $spn_service / $spn_host "
2022-04-22 15:46:05 +02:00
testit " test (dedicated keytab) add a $windows_spn windows style SPN to keytab " $VALGRIND $net_tool ads keytab add $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
search_str = " $spn_service / $spn_host @ $REALM "
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l)
testit "test (dedicated keytab) at least one krb5 principal created from windown SPN added is present in keytab" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
windows_spn = " $spn_service / $spn_host : $spn_port "
2022-04-22 15:46:05 +02:00
testit " test (dedicated keytab) add a $windows_spn windows style SPN to keytab " $VALGRIND $net_tool ads keytab add $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
search_str = " $spn_service / $spn_host @ $REALM "
2022-04-22 15:46:05 +02:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l)
testit "test (dedicated keytab) at least one krb5 principal created from windown SPN (with port) added is present in keytab" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
# keytab add shouldn't have written spn to AD
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $service | wc -l)
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) spn is not written to AD (using keytab add)" test $found -eq 0 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
ad_service = "writetoad"
2022-04-22 15:46:05 +02:00
testit " test (dedicated keytab) add a $ad_service service to keytab (using add_update_ads " $VALGRIND $net_tool ads keytab add_update_ads $ad_service -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $ad_service | wc -l)
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) spn is written to AD (using keytab add_update_ads)" test $found -eq 2 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
# test existence in keytab of service (previously added) pulled from SPN post
# 'keytab create' is now present in keytab file
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) keytab created succeeds" $VALGRIND $net_tool ads keytab create -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
found = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $ad_service | wc -l)
2022-04-22 15:46:05 +02:00
testit "test (dedicated keytab) spn service that exists in AD (created via add_update_ads) is added to keytab file" test $found -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
found_ad = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $service | wc -l)
2022-04-22 15:46:05 +02:00
found_keytab = $( $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $service | wc -l)
2018-01-17 17:18:15 +00:00
# test after create that a spn that exists in the keytab but shouldn't
# be written to the AD.
2022-04-22 15:46:05 +02:00
testit "test spn service doensn't exist in AD but is present in keytab file after keytab create" test $found_ad -eq 0 -a $found_keytab -gt 1 || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
# SPN parser is very basic but does detect some illegal combination
windows_spn = " $spn_service / $spn_host : "
2022-04-22 15:46:05 +02:00
testit_expect_failure "test (dedicated keytab) fail to parse windows spn with missing port" $VALGRIND $net_tool ads keytab add $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
windows_spn = " $spn_service / $spn_host / "
2022-04-22 15:46:05 +02:00
testit_expect_failure "test (dedicated keytab) fail to parse windows spn with missing servicename" $VALGRIND $net_tool ads keytab add $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2018-01-17 17:18:15 +00:00
2022-10-27 14:32:27 +02:00
# now delete the keytab entries again...
krb_princ = " primary/instance@ $REALM "
testit "test (dedicated keytab) delete a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab delete $krb_princ -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $krb_princ | wc -l`
testit "test (dedicated keytab) fully qualified krb5 principal was deleted and is no longer present in keytab" test $found -eq 0 || failed = $( expr $failed + 1)
machinename = "machine123"
testit "test (dedicated keytab) delete a kerberos principle created from machinename from keytab" $VALGRIND $net_tool ads keytab delete $machinename '$' -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
search_str = " $machinename \$@ $REALM "
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l`
testit " test (dedicated keytab) krb5 principal created from $machinename was deleted and is no longer present in keytab " test $found -eq 0 || failed = $( expr $failed + 1)
service = "nfs"
testit " test (dedicated keytab) delete a $service service to keytab " $VALGRIND $net_tool ads keytab delete $service -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
search_str = " $service "
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l`
testit "test (dedicated keytab) krb5 principal created from service was deleted and is no longer present in keytab" test $found -eq 0 || failed = $( expr $failed + 1)
spn_service = "random_srv"
spn_host = "somehost.subdomain.domain"
spn_port = "12345"
windows_spn = " $spn_service / $spn_host "
testit " test (dedicated keytab) delete a $windows_spn windows style SPN from keytab " $VALGRIND $net_tool ads keytab delete $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
search_str = " $spn_service / $spn_host @ $REALM "
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l`
testit "test (dedicated keytab) krb5 principal created from windown SPN was deleted and is no longer present in keytab" test $found -eq 0 || failed = $( expr $failed + 1)
windows_spn = " $spn_service / $spn_host : $spn_port "
testit " test (dedicated keytab) delete a $windows_spn windows style SPN to keytab " $VALGRIND $net_tool ads keytab delete $windows_spn -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
search_str = " $spn_service / $spn_host @ $REALM "
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l`
testit "test (dedicated keytab) krb5 principal created from windown SPN (with port) was deleted and is no longer present in keytab" test $found -eq 0 || failed = $( expr $failed + 1)
# keytab add shouldn't have written spn to AD
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $service | wc -l)
testit "test (dedicated keytab) spn is not written to AD (using keytab add)" test $found -eq 0 || failed = $( expr $failed + 1)
ad_service = "writetoad"
testit " test (dedicated keytab) delete a $ad_service service from keytab (used add_update_ads) " $VALGRIND $net_tool ads keytab delete $ad_service -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
search_str = " $ad_service "
found = ` $net_tool ads keytab list -U$DC_USERNAME %$DC_PASSWORD --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " | grep $search_str | wc -l`
testit "test (dedicated keytab) spn is written to AD (using keytab add_update_ads) was deleted and is no longer present in keytab" test $found -eq 0 || failed = $( expr $failed + 1)
# still in ad
found = $( $net_tool ads setspn list -U$DC_USERNAME %$DC_PASSWORD | grep $ad_service | wc -l)
testit "test (dedicated keytab) spn is written to AD (using keytab add_update_ads) is still in ad after deletion from keytab" test $found -eq 2 || failed = $( expr $failed + 1)
2022-04-22 15:46:05 +02:00
testit "changetrustpw (dedicated keytab)" $VALGRIND $net_tool ads changetrustpw || failed = $( expr $failed + 1)
2017-08-09 12:14:34 +02:00
2022-04-22 15:46:05 +02:00
testit "leave (dedicated keytab)" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2017-11-24 07:06:27 +00:00
# if there is no keytab, try and create it
if [ ! -f $dedicated_keytab_file ] ; then
2022-04-22 15:46:05 +02:00
if [ $( command -v ktutil) ] >/dev/null; then
printf " addent -password -p $DC_USERNAME @ $REALM -k 1 -e rc4-hmac\n $DC_PASSWORD \nwkt $dedicated_keytab_file \n " | ktutil
fi
2017-11-24 07:06:27 +00:00
fi
2022-04-22 15:46:05 +02:00
if [ -f $dedicated_keytab_file ] ; then
testit "keytab list (dedicated keytab)" $VALGRIND $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
testit "keytab list keytab specified on cmdline" $VALGRIND $net_tool ads keytab list $dedicated_keytab_file || failed = $( expr $failed + 1)
2017-11-24 07:06:27 +00:00
fi
2017-03-13 16:34:05 +01:00
rm -f $dedicated_keytab_file
2022-04-22 15:46:05 +02:00
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2016-06-30 11:55:20 +03:00
2022-04-22 15:46:05 +02:00
testit "join+kerberos" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD --use-kerberos= required || failed = $( expr $failed + 1)
2016-06-30 11:55:20 +03:00
2022-04-22 15:46:05 +02:00
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2016-06-30 11:55:20 +03:00
2022-04-22 15:46:05 +02:00
testit "leave+kerberos" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD --use-kerberos= required || failed = $( expr $failed + 1)
2016-06-30 11:55:20 +03:00
2022-04-22 15:46:05 +02:00
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos= required || failed = $( expr $failed + 1)
2015-11-04 07:32:57 +02:00
2022-04-22 15:46:05 +02:00
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD -S$DC_SERVER || failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit "leave+server" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD -S$DC_SERVER || failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit_expect_failure "join+invalid_server" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD -SINVALID && failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit_expect_failure "leave+invalid_server" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD -SINVALID && failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit "testjoin user+password" $VALGRIND $net_tool ads testjoin -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2015-10-20 15:54:39 +02:00
2022-04-22 15:46:05 +02:00
testit "leave+keep_account" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD --keep-account || failed = $( expr $failed + 1)
2018-06-28 11:08:27 -04:00
2019-08-22 16:31:30 +02:00
base_dn = "DC=addom,DC=samba,DC=example,DC=com"
computers_dn = " CN=Computers, $base_dn "
2022-04-22 15:46:05 +02:00
testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM --scope= base -b " cn= $HOSTNAME , $computers_dn " || failed = $( expr $failed + 1)
2018-06-28 11:08:27 -04:00
2019-09-13 10:56:10 +03:00
dns_alias1 = " ${ netbios } _alias1.other. ${ lc_realm } "
dns_alias2 = " ${ netbios } _alias2.other2. ${ lc_realm } "
2022-04-22 15:46:05 +02:00
testit "join" $VALGRIND $net_tool --option= additionaldnshostnames = $dns_alias1 ,$dns_alias2 ads join -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2018-06-28 11:08:27 -04:00
2022-04-22 15:46:05 +02:00
testit "testjoin" $VALGRIND $net_tool ads testjoin || failed = $( expr $failed + 1)
2018-06-28 11:08:27 -04:00
2022-04-22 15:46:05 +02:00
testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ dNSHostName || failed = $( expr $failed + 1)
testit_grep "check SPN" ${ uc_netbios } .${ lc_realm } $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
2019-08-30 00:22:15 +03:00
2022-04-22 15:46:05 +02:00
testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
2019-09-13 10:56:10 +03:00
2022-04-22 15:46:05 +02:00
testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ msDS-AdditionalDnsHostName || failed = $( expr $failed + 1)
testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ msDS-AdditionalDnsHostName || failed = $( expr $failed + 1)
2019-09-13 10:56:10 +03:00
2020-06-16 22:01:49 +03:00
# Test binary msDS-AdditionalDnsHostName like ones added by Windows DC
2022-10-27 14:30:48 +02:00
short_alias_file = " $BASEDIR / $WORKDIR /short_alias_file "
2022-04-22 15:46:05 +02:00
printf 'short_alias\0$' >$short_alias_file
2022-10-27 14:30:48 +02:00
cat >$BASEDIR /$WORKDIR /tmpldbmodify <<EOF
2020-06-16 22:01:49 +03:00
dn: CN = $HOSTNAME ,$computers_dn
changetype: modify
add: msDS-AdditionalDnsHostName
msDS-AdditionalDnsHostName:< file://$short_alias_file
EOF
2022-10-27 14:30:48 +02:00
testit "add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM $BASEDIR /$WORKDIR /tmpldbmodify || failed = $( expr $failed + 1)
2020-06-16 22:01:49 +03:00
2022-04-22 15:46:05 +02:00
testit_grep "addl short alias" short_alias $ldbsearch --show-binary -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM --scope= base -b " CN= $HOSTNAME ,CN=Computers, $base_dn " msDS-AdditionalDnsHostName || failed = $( expr $failed + 1)
2020-06-16 22:01:49 +03:00
2022-10-27 14:30:48 +02:00
rm -f $BASEDIR /$WORKDIR /tmpldbmodify $short_alias_file
2020-06-16 22:01:49 +03:00
2022-10-27 14:30:48 +02:00
dedicated_keytab_file = " $BASEDIR / $WORKDIR /test_dns_aliases_dedicated_krb5.keytab "
2020-05-27 17:55:12 +02:00
2022-04-22 15:46:05 +02:00
testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-05-27 17:55:12 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "dns alias1 check keytab" " host/ ${ dns_alias1 } @ $REALM " $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
testit_grep "dns alias2 check keytab" " host/ ${ dns_alias2 } @ $REALM " $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
testit_grep "addl short check keytab" " host/short_alias@ $REALM " $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-05-27 17:55:12 +02:00
rm -f $dedicated_keytab_file
2015-11-04 07:31:47 +02:00
##Goodbye...
2022-04-22 15:46:05 +02:00
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2015-11-04 07:31:47 +02:00
2020-05-27 16:50:45 +02:00
# netbios aliases tests
2022-04-22 15:46:05 +02:00
testit "join nb_alias" $VALGRIND $net_tool --option= netbiosaliases = nb_alias1,nb_alias2 ads join -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-05-27 16:50:45 +02:00
2022-04-22 15:46:05 +02:00
testit "testjoin nb_alias" $VALGRIND $net_tool ads testjoin || failed = $( expr $failed + 1)
2020-05-27 16:50:45 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "nb_alias check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ dNSHostName || failed = $( expr $failed + 1)
testit_grep "nb_alias check main SPN" ${ uc_netbios } .${ lc_realm } $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
2020-05-27 16:50:45 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "nb_alias1 SPN" nb_alias1 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
testit_grep "nb_alias2 SPN" nb_alias2 $VALGRIND $net_tool ads search -P samaccountname = $netbios \$ servicePrincipalName || failed = $( expr $failed + 1)
2020-05-27 16:50:45 +02:00
##Goodbye...
2022-04-22 15:46:05 +02:00
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-05-27 16:50:45 +02:00
2019-08-22 16:31:30 +02:00
#
# Test createcomputer option of 'net ads join'
#
testit " Create OU=Servers, $base_dn " $VALGRIND $ldbadd -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER <<EOF
dn: OU = Servers,$base_dn
objectClass: organizationalUnit
EOF
2022-04-22 15:46:05 +02:00
testit "join+createcomputer" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD createcomputer = Servers || failed = $( expr $failed + 1)
2019-08-22 16:31:30 +02:00
2022-04-22 15:46:05 +02:00
testit "ldb check for existence of machine account in OU=Servers" $ldbsearch -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM --scope= base -b " cn= $HOSTNAME ,OU=Servers, $base_dn " || failed = $( expr $failed + 1)
2019-08-22 16:31:30 +02:00
## Goodbye...
2022-04-22 15:46:05 +02:00
testit "leave+createcomputer" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2019-08-22 16:31:30 +02:00
testit "Remove OU=Servers" $VALGRIND $ldbdel -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER " OU=Servers, $base_dn "
2020-04-03 15:40:48 +02:00
#
# Test createupn option of 'net ads join'
#
2022-04-22 15:46:05 +02:00
testit "join+createupn" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD createupn = " host/test- $HOSTNAME @ $REALM " || failed = $( expr $failed + 1)
2020-04-03 15:40:48 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "checkupn" " userPrincipalName: host/test- $HOSTNAME @ $REALM " $ldbsearch -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM --scope= base -b " CN= $HOSTNAME ,CN=Computers, $base_dn " || failed = $( expr $failed + 1)
2020-04-03 15:40:48 +02:00
2022-10-27 14:30:48 +02:00
dedicated_keytab_file = " $BASEDIR / $WORKDIR /test_net_create_dedicated_krb5.keytab "
2020-04-03 15:40:48 +02:00
2022-04-22 15:46:05 +02:00
testit "create_keytab" $VALGRIND $net_tool ads keytab create --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-04-03 15:40:48 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "checkupn+keytab" " host/test- $HOSTNAME @ $REALM " $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-04-03 15:40:48 +02:00
rm -f $dedicated_keytab_file
2022-04-22 15:46:05 +02:00
testit "leave+createupn" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-04-03 15:40:48 +02:00
2020-05-27 15:54:12 +02:00
#
# Test dnshostname option of 'net ads join'
#
2022-04-22 15:46:05 +02:00
testit "join+dnshostname" $VALGRIND $net_tool ads join -U$DC_USERNAME %$DC_PASSWORD dnshostname = " alt.hostname. $HOSTNAME " || failed = $( expr $failed + 1)
2020-05-27 15:54:12 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "check dnshostname opt" " dNSHostName: alt.hostname. $HOSTNAME " $ldbsearch -U$DC_USERNAME %$DC_PASSWORD -H ldap://$SERVER .$REALM --scope= base -b " CN= $HOSTNAME ,CN=Computers, $base_dn " || failed = $( expr $failed + 1)
2020-05-27 15:54:12 +02:00
2022-04-22 15:46:05 +02:00
testit "create_keytab+dnshostname" $VALGRIND $net_tool ads keytab create --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-05-27 15:54:12 +02:00
2022-04-22 15:46:05 +02:00
testit_grep "check dnshostname+keytab" " host/alt.hostname. $HOSTNAME @ $REALM " $net_tool ads keytab list --option= "kerberosmethod=dedicatedkeytab" --option= " dedicatedkeytabfile= $dedicated_keytab_file " || failed = $( expr $failed + 1)
2020-05-27 15:54:12 +02:00
rm -f $dedicated_keytab_file
2022-04-22 15:46:05 +02:00
testit "leave+dnshostname" $VALGRIND $net_tool ads leave -U$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2020-05-27 15:54:12 +02:00
2015-11-04 07:31:47 +02:00
rm -rf $BASEDIR /$WORKDIR
2015-10-20 15:54:39 +02:00
exit $failed