mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
testprogs: Use new kerberos options for smbclient(4) tests
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
b49a860556
commit
c01213471f
@ -16,6 +16,6 @@ ADDARGS="$*"
|
||||
|
||||
incdir=`dirname $0`/../../../testprogs/blackbox
|
||||
. $incdir/subunit.sh
|
||||
testit "smbclient" $VALGRIND $SMBCLIENT3 //$SERVER/tmp -c 'ls' -k $ADDARGS || failed=`expr $failed + 1`
|
||||
testit "smbclient" $VALGRIND $SMBCLIENT3 //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME $ADDARGS || failed=`expr $failed + 1`
|
||||
|
||||
testok $0 $failed
|
||||
|
@ -29,17 +29,17 @@ failed=0
|
||||
opt="--option=gensec:gse_krb5=yes -U${USERNAME}%${PASSWORD}"
|
||||
|
||||
# check kerberos access
|
||||
test_smbclient "test_krb5" "ls" "//$SERVER/tmp" $opt -k || failed=`expr $failed + 1`
|
||||
test_smbclient "test_krb5" "ls" "//$SERVER/tmp" $opt --use-kerberos=required || failed=`expr $failed + 1`
|
||||
|
||||
# disbale krb5 globally so smbd won't accept it
|
||||
global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf
|
||||
echo 'gensec:gse_krb5=no' > $global_inject_conf
|
||||
|
||||
# verify that kerberos fails
|
||||
test_smbclient_expect_failure "smbd_no_krb5" "ls" "//$SERVER/tmp" -k $opt || failed=`expr $failed + 1`
|
||||
test_smbclient_expect_failure "smbd_no_krb5" "ls" "//$SERVER/tmp" --use-kerberos=required $opt || failed=`expr $failed + 1`
|
||||
|
||||
# verify downgrade to ntlmssp
|
||||
test_smbclient "test_spnego_downgrade" "ls" "//$SERVER/tmp" $opt || failed=`expr $failed + 1`
|
||||
test_smbclient "test_spnego_downgrade" "ls" "//$SERVER/tmp" $opt --use-kerberos=disabled || failed=`expr $failed + 1`
|
||||
|
||||
echo '' > $global_inject_conf
|
||||
|
||||
|
@ -142,7 +142,7 @@ testit "Test login with PASSWD" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$S
|
||||
oldUSER=$USER
|
||||
USER="$USERNAME"
|
||||
export USER
|
||||
testit "Test login with USER and PASSWD" $VALGRIND $smbclient -k no -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" || failed=`expr $failed + 1`
|
||||
testit "Test login with USER and PASSWD" $VALGRIND $smbclient --use-kerberos=disabled -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" || failed=`expr $failed + 1`
|
||||
PASSWD=
|
||||
export PASSWD
|
||||
unset PASSWD
|
||||
|
@ -27,8 +27,8 @@ testit() {
|
||||
return $status
|
||||
}
|
||||
|
||||
testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass -k no
|
||||
testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=disabled
|
||||
|
||||
testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass -k yes
|
||||
testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=required
|
||||
|
||||
exit $failed
|
||||
|
@ -69,7 +69,7 @@ else
|
||||
fi
|
||||
|
||||
#This is important because it puts the ticket for the old KVNO and password into a local ccache
|
||||
test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
#check that drs bind works before we change the password (prime the ccache)
|
||||
test_drs bind "Test drs bind with with kerberos ccache" || failed=`expr $failed + 1`
|
||||
@ -80,7 +80,7 @@ test_drs options "Test drs options with with kerberos ccache" || failed=`expr $f
|
||||
testit "change dc password" $PYTHON $samba4srcdir/scripting/devel/chgtdcpass --configfile=$PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
|
||||
|
||||
#This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed
|
||||
test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
#check that drs bind works after we change the password
|
||||
test_drs bind "Test drs bind with new password" || failed=`expr $failed + 1`
|
||||
@ -92,7 +92,7 @@ testit "change dc password (2nd time)" $PYTHON $samba4srcdir/scripting/devel/chg
|
||||
|
||||
# This is important because it shows that the old ticket is discarded if the server rejects it (as it must) after the password was changed twice in succession.
|
||||
# This also ensures we handle the case where the domain is re-provisioned etc
|
||||
test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
#check that drs bind works after we change the password a 2nd time
|
||||
test_drs bind "Test drs bind after 2nd password change" || failed=`expr $failed + 1`
|
||||
@ -106,7 +106,7 @@ if [ $heimdal -eq 1 ]; then
|
||||
else
|
||||
testit "kinit with keytab" $samba4kinit -k -t $PROVDIR/private/secrets.keytab $USERNAME || failed=`expr $failed + 1`
|
||||
fi
|
||||
test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME
|
||||
|
||||
|
@ -86,11 +86,11 @@ export KRB5CCNAME
|
||||
|
||||
testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpadminccache"
|
||||
export KRB5CCNAME
|
||||
|
@ -109,11 +109,11 @@ KRB5CCNAME="$PREFIX/tmpuserccache"
|
||||
export KRB5CCNAME
|
||||
|
||||
testit "kinit with keytab as user" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $TEST_USER@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
|
||||
$samba_kdestroy
|
||||
|
||||
testit "kinit with keytab as user (one princ)" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-user-princ $TEST_USER@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
|
||||
$samba_kdestroy
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpadminccache"
|
||||
|
@ -67,17 +67,17 @@ testit "reset password policies beside of minimum password age of 0 days" $VALGR
|
||||
|
||||
echo $PASSWORD > $PREFIX/tmppassfile
|
||||
testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
|
||||
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
@ -110,7 +110,7 @@ export KRB5CCNAME
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
NEWUSERPASS=testPaSS@34%
|
||||
testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1`
|
||||
@ -119,20 +119,20 @@ echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
cat > $PREFIX/tmpldbmodify <<EOF
|
||||
dn: cn=nettestuser,cn=users,$BASEDN
|
||||
@ -145,7 +145,7 @@ testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
|
||||
USERPASS=$NEWUSERPASS
|
||||
@ -170,7 +170,7 @@ testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype -
|
||||
NEWUSERPASS=testPaSS@78%
|
||||
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
cat > $PREFIX/tmpkpasswdscript <<EOF
|
||||
expect New password
|
||||
@ -185,7 +185,7 @@ testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
NEWUSERPASS=testPaSS@910%
|
||||
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
|
||||
@ -202,7 +202,7 @@ testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFI
|
||||
|
||||
testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
cat > $PREFIX/tmpldbmodify <<EOF
|
||||
dn: cn=nettestuser,cn=users,$BASEDN
|
||||
@ -230,12 +230,12 @@ EOF
|
||||
|
||||
testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
|
||||
testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
@ -244,14 +244,14 @@ export KRB5CCNAME
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
|
||||
testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
|
||||
test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
|
||||
|
||||
|
@ -81,10 +81,10 @@ EOF
|
||||
###########################################################
|
||||
|
||||
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit renew ticket" $samba_kinit -R || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -93,11 +93,11 @@ $samba_kdestroy
|
||||
###########################################################
|
||||
|
||||
testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
# This does not work with MIT Kerberos 1.14 or older
|
||||
testit "kinit renew ticket (enterprise style)" $samba_kinit -R || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -155,7 +155,7 @@ send ${USERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
### Change password
|
||||
|
||||
@ -168,7 +168,7 @@ send ${NEWUSERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -177,12 +177,12 @@ $samba_kdestroy
|
||||
###########################################################
|
||||
|
||||
testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -200,7 +200,7 @@ EOF
|
||||
testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -209,7 +209,7 @@ $samba_kdestroy
|
||||
###########################################################
|
||||
|
||||
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
USERPASS=$NEWUSERPASS
|
||||
NEWUSERPASS=testPaSS@56%
|
||||
@ -235,7 +235,7 @@ send ${USERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
@ -272,7 +272,7 @@ send ${NEWUSERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
USERPASS=$NEWUSERPASS
|
||||
cat > $PREFIX/tmpkinituserpassscript <<EOF
|
||||
@ -281,7 +281,7 @@ send ${USERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Test login with lowercase realm
|
||||
@ -294,8 +294,8 @@ export KRB5CCNAME
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
|
||||
testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
@ -305,7 +305,7 @@ testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
|
||||
test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test machine account login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
|
||||
|
||||
|
@ -51,40 +51,40 @@ rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
echo $TRUST_PASSWORD > $PREFIX/tmppassfile
|
||||
testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
# Test with smbclient4
|
||||
smbclient="$samba4bindir/smbclient4"
|
||||
testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
smbclient="$samba4bindir/smbclient"
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
if test x"${TYPE}" = x"forest" ;then
|
||||
testit "kinit with password (upn enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
fi
|
||||
|
||||
testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
|
||||
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
|
||||
# Test the outgoing direction
|
||||
SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
|
||||
test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "setpassword should not work" $VALGRIND $PYTHON $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
|
||||
|
||||
@ -92,7 +92,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
|
||||
testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
|
||||
testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache
|
||||
exit $failed
|
||||
|
@ -76,49 +76,49 @@ EOF
|
||||
###########################################################
|
||||
|
||||
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
$samba_kdestroy
|
||||
|
||||
smbclient="$samba_bindir/smbclient4"
|
||||
|
||||
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
$samba_kdestroy
|
||||
|
||||
smbclient="$samba_bindir/smbclient"
|
||||
|
||||
testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
if test x"${TYPE}" = x"forest" ;then
|
||||
testit "kinit with password (enterprise UPN)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
fi
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "kinit renew ticket" $samba_kinit -R
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "check time with kerberos ccache" $VALGRIND $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
$samba_kdestroy
|
||||
|
||||
lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Test outgoing trust direction
|
||||
###########################################################
|
||||
|
||||
SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
|
||||
test_smbclient "Test user login with the first outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test user login with the first outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "setpassword should not work" $VALGRIND $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
|
||||
|
||||
@ -126,7 +126,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
|
||||
testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
|
||||
testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test user login with the changed outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test user login with the changed outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
### Cleanup
|
||||
|
||||
|
@ -71,7 +71,7 @@ testit "kinit with user password" \
|
||||
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" \
|
||||
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "change user password with 'samba-tool user password' (unforced)" \
|
||||
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
|
||||
@ -84,7 +84,7 @@ testit "kinit with user password" \
|
||||
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" \
|
||||
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### check that a password mismatch is detected
|
||||
@ -157,7 +157,7 @@ testit "kpasswd change user password" \
|
||||
TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@03%"
|
||||
|
||||
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Force password change at login
|
||||
@ -186,7 +186,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@05%"
|
||||
|
||||
test_smbclient "Test login with user kerberos" \
|
||||
"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Test kpasswd service via 'net ads password'
|
||||
@ -199,7 +199,7 @@ testit "change user password with 'net ads password', admin: $DOMAIN/$TEST_USERN
|
||||
#TEST_PASSWORD_NEW="testPaSS@06%"
|
||||
|
||||
#test_smbclient "Test login with smbclient (ntlm)" \
|
||||
# "ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
# "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Test kpasswd service via 'net ads password' as admin
|
||||
@ -212,7 +212,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@07%"
|
||||
|
||||
test_smbclient "Test login with smbclient (ntlm)" \
|
||||
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Cleanup
|
||||
|
@ -111,7 +111,7 @@ testit "kinit with user password" \
|
||||
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" \
|
||||
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
|
||||
@ -130,7 +130,7 @@ testit "kinit with user password" \
|
||||
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" \
|
||||
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
###########################################################
|
||||
### Change the users password
|
||||
@ -146,7 +146,7 @@ testit "kinit with user password" \
|
||||
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" \
|
||||
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
#
|
||||
# These tests demonstrate that a credential cache in the environment does not
|
||||
@ -154,9 +154,9 @@ test_smbclient "Test login with user kerberos ccache" \
|
||||
#
|
||||
|
||||
testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \
|
||||
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1`
|
||||
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1`
|
||||
testit_expect_failure "Test login with user kerberos ccache, but old password specified" \
|
||||
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1`
|
||||
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
|
||||
@ -172,7 +172,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@03%"
|
||||
|
||||
test_smbclient "Test login with user (ntlm)" \
|
||||
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=`expr $failed + 1`
|
||||
|
||||
@ -180,7 +180,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@04%"
|
||||
|
||||
test_smbclient_expect_failure "Test login with user (NT_STATUS_PASSWORD_MUST_CHANGE)" \
|
||||
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1`
|
||||
|
||||
testit "change user password with 'samba-tool user password' (after must change flag set)" \
|
||||
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
|
||||
@ -188,7 +188,7 @@ testit "change user password with 'samba-tool user password' (after must change
|
||||
TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@05%"
|
||||
|
||||
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
|
||||
@ -208,7 +208,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@06%"
|
||||
|
||||
test_smbclient "Test login with user kerberos" \
|
||||
"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
|
||||
@ -224,7 +224,7 @@ testit "try to set a non-complex password (command should succeed)" \
|
||||
TEST_PASSWORD=$TEST_PASSWORD_WEAK
|
||||
|
||||
test_smbclient "test login with non-complex password" \
|
||||
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "try to set a short password (command should not succeed)" \
|
||||
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=`expr $failed + 1`
|
||||
|
@ -73,7 +73,7 @@ testit_expect_failure "STEP1 Test wbinfo with password" $wbinfo --authenticate=$
|
||||
|
||||
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP1 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "STEP1 kinit with pkinit (wrong name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER not$USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
@ -81,7 +81,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong name specified 2) " $samba
|
||||
|
||||
testit "STEP1 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP1 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise not$USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
@ -89,7 +89,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified
|
||||
|
||||
testit "STEP1 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
|
||||
testit "STEP1 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
# STEP2:
|
||||
# We still have UF_SMARTCARD_REQUIRED, but with a known password
|
||||
@ -101,36 +101,36 @@ testit_expect_failure "STEP2 Test wbinfo with password" $wbinfo --authenticate=$
|
||||
|
||||
testit "STEP2 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP2 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP2 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP2 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP2 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
|
||||
testit "STEP2 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
# STEP3:
|
||||
# The account is a normal account without the UF_SMARTCARD_REQUIRED bit set
|
||||
testit "STEP3 samba-tool user setpassword $USERNAME --smartcard-required" $PYTHON ${samba_tool} user setpassword $USERNAME --newpassword=$PASSWORD --clear-smartcard-required || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP3 kinit with password" $samba4kinit $enctype --password-file=$PASSFILE_PATH --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with NTLM" 'ls' "$unc" -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
|
||||
testit "STEP3 Test wbinfo with password" $wbinfo --authenticate=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP3 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP3 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP3 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP3 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP3 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
|
||||
testit "STEP3 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
# STEP4:
|
||||
# Now we set the UF_SMARTCARD_REQUIRED bit
|
||||
@ -143,15 +143,15 @@ testit_expect_failure "STEP4 Test wbinfo with password" $wbinfo --authenticate=$
|
||||
|
||||
testit "STEP4 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP4 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP4 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP4 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
testit "STEP4 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
|
||||
testit "STEP4 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
|
||||
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
# STEP5:
|
||||
# disable the account
|
||||
|
Loading…
Reference in New Issue
Block a user