sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-24 13:57:43 +03:00
Code

testprogs/blackbox: let test_rpcclient_schannel.sh explicitly use --option=clientusekrb5netlogon

Browse Source 
This also tests lsa over kerberos

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2024-11-07 18:31:25 +01:00
parent 0ca38918f6
commit 14e8af1fab
1 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
testprogs/blackbox/test_rpcclient_schannel.sh
View File

@ -30,16 +30,24 @@ samba_rpcclient="${samba_bindir}/rpcclient"
test_rpc_getusername()
{
cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c getusername 2>&1"
account="$1"
authority="$2"
shift 2
args="$@"
cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] $args --configfile=${CONFIGURATION} -c getusername 2>&1"
out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "account: ${account}"
echo "authority: ${authority}"
echo "args: ${args}"
echo "$cmd"
echo "Failed to connect! Error: $ret"
echo "$out"
return 1
fi
echo "$out" | grep -q "Account Name: ANONYMOUS LOGON, Authority Name: NT AUTHORITY"
echo "$out" | grep -q -- "Account Name: ${account}, Authority Name: ${authority}"
ret=$?
if [ $ret -ne 0 ]; then
echo "Incorrect account/authority name! Error: $ret"
@ -52,10 +60,13 @@ test_rpc_getusername()
test_rpc_lookupsids()
{
cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
args="$@"
cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] ${args} --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "args: ${args}"
echo "$cmd"
echo "Failed to connect! Error: $ret"
echo "$out"
return 1
@ -72,23 +83,45 @@ test_rpc_lookupsids()
return 0
}
testit "ncacn_np.getusername" \
test_rpc_getusername ||
testit "ncacn_np.getusername.schannel" \
test_rpc_getusername \
"ANONYMOUS.LOGON" "NT.AUTHORITY" \
"--machine-pass --option=clientusekrb5netlogon=no" || \
failed=$((failed + 1))
testit "ncacn_np.getusername.krb5" \
test_rpc_getusername \
'[0-9A-Za-z][0-9A-Za-z]*\$' "${DOMAIN}" \
"--machine-pass --option=clientusekrb5netlogon=yes" || \
failed=$((failed + 1))
if [[ "$TESTENV" == "ad_member_fips"* ]]; then
unset GNUTLS_FORCE_FIPS_MODE
testit "ncacn_np.getusername.fips" \
test_rpc_getusername ||
testit "ncacn_np.getusername.fips.schannel" \
test_rpc_getusername \
"ANONYMOUS.LOGON" "NT.AUTHORITY" \
"--machine-pass --option=clientusekrb5netlogon=no" || \
failed=$((failed + 1))
testit "ncacn_np.getusername.fips.krb5" \
test_rpc_getusername \
'[0-9A-Za-z][0-9A-Za-z]*\$' "${DOMAIN}" \
"--machine-pass --option=clientusekrb5netlogon=yes" || \
failed=$((failed + 1))
GNUTLS_FORCE_FIPS_MODE=1
export GNUTLS_FORCE_FIPS_MODE
fi
testit "ncacn_ip_tcp.lookupsids" \
test_rpc_lookupsids ||
testit "ncacn_ip_tcp.lookupsids.schannel" \
test_rpc_lookupsids \
"--machine-pass --option=clientusekrb5netlogon=no" || \
failed=$((failed + 1))
testit "ncacn_ip_tcp.lookupsids.krb5" \
test_rpc_lookupsids \
"--machine-pass --option=clientusekrb5netlogon=yes" || \
failed=$((failed + 1))
exit ${failed}