1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

testprogs: Reformat test_kinit_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2023-03-21 08:39:47 +01:00 committed by Andreas Schneider
parent 715f7c46b9
commit deff466648

View File

@ -78,11 +78,20 @@ EOF
### Test kinit defaults ### Test kinit defaults
########################################################### ###########################################################
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=$(expr $failed + 1) testit "kinit with password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinitscript \
$samba_kinit $USERNAME@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
testit "kinit renew ticket" $samba_kinit -R || failed=$(expr $failed + 1) testit "kinit renew ticket" \
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_kinit -R || \
failed=$(expr $failed + 1)
test_smbclient "Test login with kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -90,12 +99,21 @@ $samba_kdestroy
### Test kinit with enterprice principal ### Test kinit with enterprice principal
########################################################### ###########################################################
testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM || failed=$(expr $failed + 1) testit "kinit with password (enterprise style)" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinitscript \
$samba_kinit -E $USERNAME@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
# This does not work with MIT Kerberos 1.14 or older # This does not work with MIT Kerberos 1.14 or older
testit "kinit renew ticket (enterprise style)" $samba_kinit -R || failed=$(expr $failed + 1) testit "kinit renew ticket (enterprise style)" \
test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_kinit -R || \
failed=$(expr $failed + 1)
test_smbclient "Test login with kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -103,15 +121,25 @@ $samba_kdestroy
### Tests with kinit default again ### Tests with kinit default again
########################################################### ###########################################################
testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM || failed=$(expr $failed + 1) testit "kinit with password" \
testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinitscript \
$samba_kinit $USERNAME@$REALM || \
failed=$(expr $failed + 1)
testit "check time with kerberos ccache" \
$VALGRIND $PYTHON $samba_tool time $SERVER \
$CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
USERPASS="testPass@12%" USERPASS="testPass@12%"
testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "add user with kerberos ccache" \
$VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS \
$CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
echo "Getting defaultNamingContext" echo "Getting defaultNamingContext"
BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base \
DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}')
cat >$PREFIX/tmpldbmodify <<EOF cat >$PREFIX/tmpldbmodify <<EOF
dn: cn=${TEST_USER},cn=users,$BASEDN dn: cn=${TEST_USER},cn=users,$BASEDN
@ -122,18 +150,31 @@ replace: userPrincipalName
userPrincipalName: nettest@$REALM userPrincipalName: nettest@$REALM
EOF EOF
testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "modify servicePrincipalName and userPrincpalName" \
$VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify \
--use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "set user password with kerberos ccache" \
$VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} \
--newpassword=$USERPASS $CONFIGURATION \
--use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
testit "enable user with kerberos cache" $VALGRIND $PYTHON $samba_enableaccount ${TEST_USER} -H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "enable user with kerberos cache" \
$VALGRIND $PYTHON $samba_enableaccount ${TEST_USER} \
-H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
########################################################### ###########################################################
### Test kinit with canonicalization ### Test kinit with canonicalization
########################################################### ###########################################################
upperusername=$(echo $USERNAME | tr '[a-z]' '[A-Z]') upperusername=$(echo $USERNAME | tr '[a-z]' '[A-Z]')
testit "kinit with canonicalize" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -C $upperusername@$REALM -S kadmin/changepw@$REALM || failed=$(expr $failed + 1) testit "kinit with canonicalize" \
$samba_texpect $PREFIX/tmpkinitscript \
$samba_kinit -C $upperusername@$REALM -S kadmin/changepw@$REALM || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -152,21 +193,35 @@ expect Password for
send ${USERPASS}\n send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit with user password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
### Change password ### Change password
NEWUSERPASS="testPaSS@34%" NEWUSERPASS="testPaSS@34%"
testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION --use-kerberos=off --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) testit "change user password with 'samba-tool user password' (rpc)" \
$VALGRIND $PYTHON $samba_tool user password \
-W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION --use-kerberos=off \
--newpassword=$NEWUSERPASS "$@" || \
failed=$(expr $failed + 1)
cat >$PREFIX/tmpkinituserpassscript <<EOF cat >$PREFIX/tmpkinituserpassscript <<EOF
expect Password for expect Password for
send ${NEWUSERPASS}\n send ${NEWUSERPASS}\n
EOF EOF
testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit with new user password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -174,13 +229,23 @@ $samba_kdestroy
### Test kinit with user credentials in special formats ### Test kinit with user credentials in special formats
########################################################### ###########################################################
testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM || failed=$(expr $failed + 1) testit "kinit with new (NT-Principal style) using UPN" \
test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit nettest@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache from NT UPN" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM || failed=$(expr $failed + 1) testit "kinit with new (enterprise style) using UPN" \
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit -E nettest@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache from enterprise UPN" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -195,10 +260,19 @@ replace: userPrincipalName
userPrincipalName: nettest@$REALM.org userPrincipalName: nettest@$REALM.org
EOF EOF
testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "modify userPrincipalName to be a different domain" \
$VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \
$PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \
--use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org || failed=$(expr $failed + 1) testit "kinit with new (enterprise style) using UPN" \
test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit -E nettest@$REALM.org || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache from enterprise UPN" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -206,8 +280,13 @@ $samba_kdestroy
### Test password change with kpasswd ### Test password change with kpasswd
########################################################### ###########################################################
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit with user password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@56% NEWUSERPASS=testPaSS@56%
@ -222,7 +301,10 @@ send ${NEWUSERPASS}\n
expect Password changed expect Password changed
EOF EOF
testit "change user password with kpasswd" $samba_texpect $PREFIX/tmpkpasswdscript $samba_kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "change user password with kpasswd" \
$samba_texpect $PREFIX/tmpkpasswdscript \
$samba_kpasswd ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -232,8 +314,13 @@ expect Password for
send ${USERPASS}\n send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit with user password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
$samba_kdestroy $samba_kdestroy
@ -257,7 +344,11 @@ EOF
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@911% NEWUSERPASS=testPaSS@911%
testit "modify pwdLastSet" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "modify pwdLastSet" \
$VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \
$PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \
--use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
cat >$PREFIX/tmpkinituserpassscript <<EOF cat >$PREFIX/tmpkinituserpassscript <<EOF
expect Password for expect Password for
@ -269,8 +360,13 @@ expect Enter it again
send ${NEWUSERPASS}\n send ${NEWUSERPASS}\n
EOF EOF
testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit (MIT) with user password for expired password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
USERPASS=$NEWUSERPASS USERPASS=$NEWUSERPASS
cat >$PREFIX/tmpkinituserpassscript <<EOF cat >$PREFIX/tmpkinituserpassscript <<EOF
@ -278,8 +374,13 @@ expect Password for
send ${USERPASS}\n send ${USERPASS}\n
EOF EOF
testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) testit "kinit with user password" \
test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_texpect $PREFIX/tmpkinituserpassscript \
$samba_kinit ${TEST_USER}@$REALM || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
########################################################### ###########################################################
### Test login with lowercase realm ### Test login with lowercase realm
@ -292,20 +393,41 @@ export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH rm -rf $KRB5CCNAME_PATH
lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos lowercase realm" \
test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) 'ls' --use-kerberos=required \
-U${TEST_USER}@$lowerrealm%$NEWUSERPASS || \
failed=$(expr $failed + 1)
test_smbclient "Test login with user kerberos lowercase realm 2" \
'ls' --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS \
--realm=$lowerrealm || \
failed=$(expr $failed + 1)
testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) testit "del user with kerberos ccache" \
$VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} \
$CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || \
failed=$(expr $failed + 1)
########################################################### ###########################################################
### Test login with machine account ### Test login with machine account
########################################################### ###########################################################
rm -f $KRB5CCNAME_PATH rm -f $KRB5CCNAME_PATH
testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) testit "kinit with machineaccountccache script" \
test_smbclient "Test machine account login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || \
failed=$(expr $failed + 1)
test_smbclient "Test machine account login with kerberos ccache" \
'ls' --use-krb5-ccache=$KRB5CCNAME || \
failed=$(expr $failed + 1)
testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1) testit "reset password policies" \
$VALGRIND $PYTHON $samba_tool domain passwordsettings set \
$ADMIN_LDBMODIFY_CONFIG \
--complexity=default \
--history-length=default \
--min-pwd-length=default \
--min-pwd-age=default \
--max-pwd-age=default || \
failed=$(expr $failed + 1)
########################################################### ###########################################################
### Test basic s4u2self request ### Test basic s4u2self request
@ -316,7 +438,9 @@ testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordse
MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM" MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM"
$samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT $samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT
# But we expect the KDC to be up and running still # But we expect the KDC to be up and running still
testit "kinit with machineaccountccache after s4u2self" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) testit "kinit with machineaccountccache after s4u2self" \
$machineaccountccache $CONFIGURATION $KRB5CCNAME || \
failed=$(expr $failed + 1)
### Cleanup ### Cleanup