| 1 | #!/bin/sh
|
|---|
| 2 | # Blackbox tests for kinit and kerberos integration with smbclient etc
|
|---|
| 3 | # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
|
|---|
| 4 | # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
|
|---|
| 5 |
|
|---|
| 6 | if [ $# -lt 4 ]; then
|
|---|
| 7 | cat <<EOF
|
|---|
| 8 | Usage: test_kinit.sh SERVER USERNAME REALM DOMAIN PREFIX
|
|---|
| 9 | EOF
|
|---|
| 10 | exit 1;
|
|---|
| 11 | fi
|
|---|
| 12 |
|
|---|
| 13 | SERVER=$1
|
|---|
| 14 | USERNAME=$2
|
|---|
| 15 | REALM=$3
|
|---|
| 16 | DOMAIN=$4
|
|---|
| 17 | PREFIX=$5
|
|---|
| 18 | ENCTYPE=$6
|
|---|
| 19 | PROVDIR=$7
|
|---|
| 20 | shift 7
|
|---|
| 21 | failed=0
|
|---|
| 22 |
|
|---|
| 23 | samba4bindir="$BUILDDIR/bin"
|
|---|
| 24 | samba4srcdir="$SRCDIR/source4"
|
|---|
| 25 | smbclient="$samba4bindir/smbclient$EXEEXT"
|
|---|
| 26 | samba4kinit="$samba4bindir/samba4kinit$EXEEXT"
|
|---|
| 27 |
|
|---|
| 28 | machineaccountccache="$samba4srcdir/scripting/bin/machineaccountccache"
|
|---|
| 29 |
|
|---|
| 30 | . `dirname $0`/subunit.sh
|
|---|
| 31 |
|
|---|
| 32 | test_smbclient() {
|
|---|
| 33 | name="$1"
|
|---|
| 34 | cmd="$2"
|
|---|
| 35 | shift
|
|---|
| 36 | shift
|
|---|
| 37 | echo "test: $name"
|
|---|
| 38 | $VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@
|
|---|
| 39 | status=$?
|
|---|
| 40 | if [ x$status = x0 ]; then
|
|---|
| 41 | echo "success: $name"
|
|---|
| 42 | else
|
|---|
| 43 | echo "failure: $name"
|
|---|
| 44 | fi
|
|---|
| 45 | return $status
|
|---|
| 46 | }
|
|---|
| 47 |
|
|---|
| 48 | enctype="-e $ENCTYPE"
|
|---|
| 49 |
|
|---|
| 50 | KRB5CCNAME="$PREFIX/tmpccache"
|
|---|
| 51 | export KRB5CCNAME
|
|---|
| 52 | rm -f $KRB5CCNAME
|
|---|
| 53 | testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1`
|
|---|
| 54 |
|
|---|
| 55 | #This is important because it puts the ticket for the old KVNO and password into a local ccache
|
|---|
| 56 | test_smbclient "Test login with kerberos ccache before password change" 'ls' -k yes || failed=`expr $failed + 1`
|
|---|
| 57 | testit "change dc password" $samba4srcdir/scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
|
|---|
| 58 |
|
|---|
| 59 | #This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed
|
|---|
| 60 | test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1`
|
|---|
| 61 |
|
|---|
| 62 | #This confirms that the DC password is valid for a kinit too
|
|---|
| 63 | testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1`
|
|---|
| 64 | test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' -k yes || failed=`expr $failed + 1`
|
|---|
| 65 | rm -f $KRB5CCNAME
|
|---|
| 66 |
|
|---|
| 67 | rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript
|
|---|
| 68 | exit $failed
|
|---|
