1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

testprogs: Use new kerberos options for smbclient(4) tests

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2020-11-19 17:43:58 +01:00 committed by Andrew Bartlett
parent b49a860556
commit c01213471f
14 changed files with 98 additions and 98 deletions

View File

@ -16,6 +16,6 @@ ADDARGS="$*"
incdir=`dirname $0`/../../../testprogs/blackbox incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh . $incdir/subunit.sh
testit "smbclient" $VALGRIND $SMBCLIENT3 //$SERVER/tmp -c 'ls' -k $ADDARGS || failed=`expr $failed + 1` testit "smbclient" $VALGRIND $SMBCLIENT3 //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME $ADDARGS || failed=`expr $failed + 1`
testok $0 $failed testok $0 $failed

View File

@ -29,17 +29,17 @@ failed=0
opt="--option=gensec:gse_krb5=yes -U${USERNAME}%${PASSWORD}" opt="--option=gensec:gse_krb5=yes -U${USERNAME}%${PASSWORD}"
# check kerberos access # check kerberos access
test_smbclient "test_krb5" "ls" "//$SERVER/tmp" $opt -k || failed=`expr $failed + 1` test_smbclient "test_krb5" "ls" "//$SERVER/tmp" $opt --use-kerberos=required || failed=`expr $failed + 1`
# disbale krb5 globally so smbd won't accept it # disbale krb5 globally so smbd won't accept it
global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf
echo 'gensec:gse_krb5=no' > $global_inject_conf echo 'gensec:gse_krb5=no' > $global_inject_conf
# verify that kerberos fails # verify that kerberos fails
test_smbclient_expect_failure "smbd_no_krb5" "ls" "//$SERVER/tmp" -k $opt || failed=`expr $failed + 1` test_smbclient_expect_failure "smbd_no_krb5" "ls" "//$SERVER/tmp" --use-kerberos=required $opt || failed=`expr $failed + 1`
# verify downgrade to ntlmssp # verify downgrade to ntlmssp
test_smbclient "test_spnego_downgrade" "ls" "//$SERVER/tmp" $opt || failed=`expr $failed + 1` test_smbclient "test_spnego_downgrade" "ls" "//$SERVER/tmp" $opt --use-kerberos=disabled || failed=`expr $failed + 1`
echo '' > $global_inject_conf echo '' > $global_inject_conf

View File

@ -142,7 +142,7 @@ testit "Test login with PASSWD" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$S
oldUSER=$USER oldUSER=$USER
USER="$USERNAME" USER="$USERNAME"
export USER export USER
testit "Test login with USER and PASSWD" $VALGRIND $smbclient -k no -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" || failed=`expr $failed + 1` testit "Test login with USER and PASSWD" $VALGRIND $smbclient --use-kerberos=disabled -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" || failed=`expr $failed + 1`
PASSWD= PASSWD=
export PASSWD export PASSWD
unset PASSWD unset PASSWD

View File

@ -27,8 +27,8 @@ testit() {
return $status return $status
} }
testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass -k no testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=disabled
testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass -k yes testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=required
exit $failed exit $failed

View File

@ -69,7 +69,7 @@ else
fi fi
#This is important because it puts the ticket for the old KVNO and password into a local ccache #This is important because it puts the ticket for the old KVNO and password into a local ccache
test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
#check that drs bind works before we change the password (prime the ccache) #check that drs bind works before we change the password (prime the ccache)
test_drs bind "Test drs bind with with kerberos ccache" || failed=`expr $failed + 1` test_drs bind "Test drs bind with with kerberos ccache" || failed=`expr $failed + 1`
@ -80,7 +80,7 @@ test_drs options "Test drs options with with kerberos ccache" || failed=`expr $f
testit "change dc password" $PYTHON $samba4srcdir/scripting/devel/chgtdcpass --configfile=$PROVDIR/etc/smb.conf || failed=`expr $failed + 1` testit "change dc password" $PYTHON $samba4srcdir/scripting/devel/chgtdcpass --configfile=$PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
#This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed #This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed
test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
#check that drs bind works after we change the password #check that drs bind works after we change the password
test_drs bind "Test drs bind with new password" || failed=`expr $failed + 1` test_drs bind "Test drs bind with new password" || failed=`expr $failed + 1`
@ -92,7 +92,7 @@ testit "change dc password (2nd time)" $PYTHON $samba4srcdir/scripting/devel/chg
# This is important because it shows that the old ticket is discarded if the server rejects it (as it must) after the password was changed twice in succession. # This is important because it shows that the old ticket is discarded if the server rejects it (as it must) after the password was changed twice in succession.
# This also ensures we handle the case where the domain is re-provisioned etc # This also ensures we handle the case where the domain is re-provisioned etc
test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
#check that drs bind works after we change the password a 2nd time #check that drs bind works after we change the password a 2nd time
test_drs bind "Test drs bind after 2nd password change" || failed=`expr $failed + 1` test_drs bind "Test drs bind after 2nd password change" || failed=`expr $failed + 1`
@ -106,7 +106,7 @@ if [ $heimdal -eq 1 ]; then
else else
testit "kinit with keytab" $samba4kinit -k -t $PROVDIR/private/secrets.keytab $USERNAME || failed=`expr $failed + 1` testit "kinit with keytab" $samba4kinit -k -t $PROVDIR/private/secrets.keytab $USERNAME || failed=`expr $failed + 1`
fi fi
test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $KRB5CCNAME rm -f $KRB5CCNAME

View File

@ -86,11 +86,11 @@ export KRB5CCNAME
testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpadminccache" KRB5CCNAME="$PREFIX/tmpadminccache"
export KRB5CCNAME export KRB5CCNAME

View File

@ -109,11 +109,11 @@ KRB5CCNAME="$PREFIX/tmpuserccache"
export KRB5CCNAME export KRB5CCNAME
testit "kinit with keytab as user" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $TEST_USER@$REALM || failed=`expr $failed + 1` testit "kinit with keytab as user" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $TEST_USER@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
testit "kinit with keytab as user (one princ)" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-user-princ $TEST_USER@$REALM || failed=`expr $failed + 1` testit "kinit with keytab as user (one princ)" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-user-princ $TEST_USER@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
KRB5CCNAME="$PREFIX/tmpadminccache" KRB5CCNAME="$PREFIX/tmpadminccache"

View File

@ -67,17 +67,17 @@ testit "reset password policies beside of minimum password age of 0 days" $VALGR
echo $PASSWORD > $PREFIX/tmppassfile echo $PASSWORD > $PREFIX/tmppassfile
testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
@ -110,7 +110,7 @@ export KRB5CCNAME
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@34% NEWUSERPASS=testPaSS@34%
testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1` testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1`
@ -119,20 +119,20 @@ echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1` testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1` testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
cat > $PREFIX/tmpldbmodify <<EOF cat > $PREFIX/tmpldbmodify <<EOF
dn: cn=nettestuser,cn=users,$BASEDN dn: cn=nettestuser,cn=users,$BASEDN
@ -145,7 +145,7 @@ testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org || failed=`expr $failed + 1` testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
@ -170,7 +170,7 @@ testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype -
NEWUSERPASS=testPaSS@78% NEWUSERPASS=testPaSS@78%
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
cat > $PREFIX/tmpkpasswdscript <<EOF cat > $PREFIX/tmpkpasswdscript <<EOF
expect New password expect New password
@ -185,7 +185,7 @@ testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@910% NEWUSERPASS=testPaSS@910%
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
@ -202,7 +202,7 @@ testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFI
testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
cat > $PREFIX/tmpldbmodify <<EOF cat > $PREFIX/tmpldbmodify <<EOF
dn: cn=nettestuser,cn=users,$BASEDN dn: cn=nettestuser,cn=users,$BASEDN
@ -230,12 +230,12 @@ EOF
testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=`expr $failed + 1` testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
KRB5CCNAME_PATH="$PREFIX/tmpccache" KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH" KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
@ -244,14 +244,14 @@ export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH rm -rf $KRB5CCNAME_PATH
lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1` testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`

View File

@ -81,10 +81,10 @@ EOF
########################################################### ###########################################################
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit renew ticket" $samba_kinit -R || failed=`expr $failed + 1` testit "kinit renew ticket" $samba_kinit -R || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -93,11 +93,11 @@ $samba_kdestroy
########################################################### ###########################################################
testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# This does not work with MIT Kerberos 1.14 or older # This does not work with MIT Kerberos 1.14 or older
testit "kinit renew ticket (enterprise style)" $samba_kinit -R || failed=`expr $failed + 1` testit "kinit renew ticket (enterprise style)" $samba_kinit -R || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -155,7 +155,7 @@ send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
### Change password ### Change password
@ -168,7 +168,7 @@ send ${NEWUSERPASS}\n
EOF EOF
testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -177,12 +177,12 @@ $samba_kdestroy
########################################################### ###########################################################
testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM || failed=`expr $failed + 1` testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM || failed=`expr $failed + 1` testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -200,7 +200,7 @@ EOF
testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes $@ || failed=`expr $failed + 1` testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes $@ || failed=`expr $failed + 1`
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org || failed=`expr $failed + 1` testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -209,7 +209,7 @@ $samba_kdestroy
########################################################### ###########################################################
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@56% NEWUSERPASS=testPaSS@56%
@ -235,7 +235,7 @@ send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
@ -272,7 +272,7 @@ send ${NEWUSERPASS}\n
EOF EOF
testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
cat > $PREFIX/tmpkinituserpassscript <<EOF cat > $PREFIX/tmpkinituserpassscript <<EOF
@ -281,7 +281,7 @@ send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1` testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
########################################################### ###########################################################
### Test login with lowercase realm ### Test login with lowercase realm
@ -294,8 +294,8 @@ export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH rm -rf $KRB5CCNAME_PATH
lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
@ -305,7 +305,7 @@ testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1` testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test machine account login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`

View File

@ -51,40 +51,40 @@ rm -rf $KRB5CCNAME_PATH
echo $TRUST_PASSWORD > $PREFIX/tmppassfile echo $TRUST_PASSWORD > $PREFIX/tmppassfile
testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -rf $KRB5CCNAME_PATH rm -rf $KRB5CCNAME_PATH
# Test with smbclient4 # Test with smbclient4
smbclient="$samba4bindir/smbclient4" smbclient="$samba4bindir/smbclient4"
testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -rf $KRB5CCNAME_PATH rm -rf $KRB5CCNAME_PATH
testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
smbclient="$samba4bindir/smbclient" smbclient="$samba4bindir/smbclient"
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
if test x"${TYPE}" = x"forest" ;then if test x"${TYPE}" = x"forest" ;then
testit "kinit with password (upn enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1` testit "kinit with password (upn enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
fi fi
testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]') lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
# Test the outgoing direction # Test the outgoing direction
SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp" SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
testit_expect_failure "setpassword should not work" $VALGRIND $PYTHON $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1` testit_expect_failure "setpassword should not work" $VALGRIND $PYTHON $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
@ -92,7 +92,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache
exit $failed exit $failed

View File

@ -76,49 +76,49 @@ EOF
########################################################### ###########################################################
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
smbclient="$samba_bindir/smbclient4" smbclient="$samba_bindir/smbclient4"
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
smbclient="$samba_bindir/smbclient" smbclient="$samba_bindir/smbclient"
testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
if test x"${TYPE}" = x"forest" ;then if test x"${TYPE}" = x"forest" ;then
testit "kinit with password (enterprise UPN)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1` testit "kinit with password (enterprise UPN)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
fi fi
$samba_kdestroy $samba_kdestroy
testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "kinit renew ticket" $samba_kinit -R testit "kinit renew ticket" $samba_kinit -R
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "check time with kerberos ccache" $VALGRIND $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` testit "check time with kerberos ccache" $VALGRIND $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
$samba_kdestroy $samba_kdestroy
lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]') lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
########################################################### ###########################################################
### Test outgoing trust direction ### Test outgoing trust direction
########################################################### ###########################################################
SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp" SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
test_smbclient "Test user login with the first outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` test_smbclient "Test user login with the first outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
testit_expect_failure "setpassword should not work" $VALGRIND $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1` testit_expect_failure "setpassword should not work" $VALGRIND $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
@ -126,7 +126,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1` testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
test_smbclient "Test user login with the changed outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1` test_smbclient "Test user login with the changed outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
### Cleanup ### Cleanup

View File

@ -71,7 +71,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "change user password with 'samba-tool user password' (unforced)" \ testit "change user password with 'samba-tool user password' (unforced)" \
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
@ -84,7 +84,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
########################################################### ###########################################################
### check that a password mismatch is detected ### check that a password mismatch is detected
@ -157,7 +157,7 @@ testit "kpasswd change user password" \
TEST_PASSWORD=$TEST_PASSWORD_NEW TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@03%" TEST_PASSWORD_NEW="testPaSS@03%"
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
########################################################### ###########################################################
### Force password change at login ### Force password change at login
@ -186,7 +186,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@05%" TEST_PASSWORD_NEW="testPaSS@05%"
test_smbclient "Test login with user kerberos" \ test_smbclient "Test login with user kerberos" \
"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
########################################################### ###########################################################
### Test kpasswd service via 'net ads password' ### Test kpasswd service via 'net ads password'
@ -199,7 +199,7 @@ testit "change user password with 'net ads password', admin: $DOMAIN/$TEST_USERN
#TEST_PASSWORD_NEW="testPaSS@06%" #TEST_PASSWORD_NEW="testPaSS@06%"
#test_smbclient "Test login with smbclient (ntlm)" \ #test_smbclient "Test login with smbclient (ntlm)" \
# "ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` # "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
########################################################### ###########################################################
### Test kpasswd service via 'net ads password' as admin ### Test kpasswd service via 'net ads password' as admin
@ -212,7 +212,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@07%" TEST_PASSWORD_NEW="testPaSS@07%"
test_smbclient "Test login with smbclient (ntlm)" \ test_smbclient "Test login with smbclient (ntlm)" \
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
########################################################### ###########################################################
### Cleanup ### Cleanup

View File

@ -111,7 +111,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
@ -130,7 +130,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
########################################################### ###########################################################
### Change the users password ### Change the users password
@ -146,7 +146,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# #
# These tests demonstrate that a credential cache in the environment does not # These tests demonstrate that a credential cache in the environment does not
@ -154,9 +154,9 @@ test_smbclient "Test login with user kerberos ccache" \
# #
testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \ testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1` $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1`
testit_expect_failure "Test login with user kerberos ccache, but old password specified" \ testit_expect_failure "Test login with user kerberos ccache, but old password specified" \
$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1` $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
@ -172,7 +172,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@03%" TEST_PASSWORD_NEW="testPaSS@03%"
test_smbclient "Test login with user (ntlm)" \ test_smbclient "Test login with user (ntlm)" \
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=`expr $failed + 1` testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=`expr $failed + 1`
@ -180,7 +180,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@04%" TEST_PASSWORD_NEW="testPaSS@04%"
test_smbclient_expect_failure "Test login with user (NT_STATUS_PASSWORD_MUST_CHANGE)" \ test_smbclient_expect_failure "Test login with user (NT_STATUS_PASSWORD_MUST_CHANGE)" \
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1`
testit "change user password with 'samba-tool user password' (after must change flag set)" \ testit "change user password with 'samba-tool user password' (after must change flag set)" \
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
@ -188,7 +188,7 @@ testit "change user password with 'samba-tool user password' (after must change
TEST_PASSWORD=$TEST_PASSWORD_NEW TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@05%" TEST_PASSWORD_NEW="testPaSS@05%"
test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
@ -208,7 +208,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@06%" TEST_PASSWORD_NEW="testPaSS@06%"
test_smbclient "Test login with user kerberos" \ test_smbclient "Test login with user kerberos" \
"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
@ -224,7 +224,7 @@ testit "try to set a non-complex password (command should succeed)" \
TEST_PASSWORD=$TEST_PASSWORD_WEAK TEST_PASSWORD=$TEST_PASSWORD_WEAK
test_smbclient "test login with non-complex password" \ test_smbclient "test login with non-complex password" \
"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1` "ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
testit_expect_failure "try to set a short password (command should not succeed)" \ testit_expect_failure "try to set a short password (command should not succeed)" \
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=`expr $failed + 1` $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=`expr $failed + 1`

View File

@ -73,7 +73,7 @@ testit_expect_failure "STEP1 Test wbinfo with password" $wbinfo --authenticate=$
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP1 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP1 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit_expect_failure "STEP1 kinit with pkinit (wrong name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER not$USERNAME@$REALM || failed=`expr $failed + 1` testit_expect_failure "STEP1 kinit with pkinit (wrong name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER not$USERNAME@$REALM || failed=`expr $failed + 1`
@ -81,7 +81,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong name specified 2) " $samba
testit "STEP1 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP1 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP1 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP1 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise not$USERNAME@$REALM || failed=`expr $failed + 1` testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise not$USERNAME@$REALM || failed=`expr $failed + 1`
@ -89,7 +89,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified
testit "STEP1 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1` testit "STEP1 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
testit "STEP1 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP1 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# STEP2: # STEP2:
# We still have UF_SMARTCARD_REQUIRED, but with a known password # We still have UF_SMARTCARD_REQUIRED, but with a known password
@ -101,36 +101,36 @@ testit_expect_failure "STEP2 Test wbinfo with password" $wbinfo --authenticate=$
testit "STEP2 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP2 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP2 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP2 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP2 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP2 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP2 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP2 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP2 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1` testit "STEP2 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
testit "STEP2 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP2 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# STEP3: # STEP3:
# The account is a normal account without the UF_SMARTCARD_REQUIRED bit set # The account is a normal account without the UF_SMARTCARD_REQUIRED bit set
testit "STEP3 samba-tool user setpassword $USERNAME --smartcard-required" $PYTHON ${samba_tool} user setpassword $USERNAME --newpassword=$PASSWORD --clear-smartcard-required || failed=`expr $failed + 1` testit "STEP3 samba-tool user setpassword $USERNAME --smartcard-required" $PYTHON ${samba_tool} user setpassword $USERNAME --newpassword=$PASSWORD --clear-smartcard-required || failed=`expr $failed + 1`
testit "STEP3 kinit with password" $samba4kinit $enctype --password-file=$PASSFILE_PATH --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP3 kinit with password" $samba4kinit $enctype --password-file=$PASSFILE_PATH --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
test_smbclient "STEP3 Test login with NTLM" 'ls' "$unc" -U$USERNAME%$PASSWORD || failed=`expr $failed + 1` test_smbclient "STEP3 Test login with NTLM" 'ls' "$unc" -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
testit "STEP3 Test wbinfo with password" $wbinfo --authenticate=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1` testit "STEP3 Test wbinfo with password" $wbinfo --authenticate=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
testit "STEP3 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP3 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP3 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP3 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP3 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP3 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP3 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP3 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP3 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1` testit "STEP3 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
testit "STEP3 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP3 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# STEP4: # STEP4:
# Now we set the UF_SMARTCARD_REQUIRED bit # Now we set the UF_SMARTCARD_REQUIRED bit
@ -143,15 +143,15 @@ testit_expect_failure "STEP4 Test wbinfo with password" $wbinfo --authenticate=$
testit "STEP4 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP4 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP4 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP4 kinit renew ticket (name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP4 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` testit "STEP4 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP4 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP4 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
testit "STEP4 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1` testit "STEP4 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
testit "STEP4 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1` testit "STEP4 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R || failed=`expr $failed + 1`
test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1` test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
# STEP5: # STEP5:
# disable the account # disable the account