[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Apr 29 11:54:02 UTC 2020
The branch, master has been updated
via a454c9cd42e testprogs: Add client kerberos test
via 9596eefbd5e s4:torture: Print account and authority name
from 3abd92d7824 docs-xml: Fix usernames in pam_winbind manpages
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a454c9cd42e4ecc00a04886a781ad19c8bd641f9
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 19 12:35:57 2019 +0200
testprogs: Add client kerberos test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184
commit 9596eefbd5e7fe7fab8384656eb302fec7a8d355
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jul 18 14:18:57 2019 +0200
s4:torture: Print account and authority name
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/selftest/tests.py | 2 +
source4/torture/rpc/lsa.c | 5 +
testprogs/blackbox/test_client_kerberos.sh | 168 +++++++++++++++++++++++++++++
3 files changed, 175 insertions(+)
create mode 100755 testprogs/blackbox/test_client_kerberos.sh
Changeset truncated at 500 lines:
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 8162f5e1fbc..82c846dbab1 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -498,6 +498,8 @@ else:
plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH'])
+
plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 548ebf8a090..c342b4e67e6 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -4914,6 +4914,11 @@ static bool test_GetUserName(struct dcerpc_binding_handle *b,
torture_assert_not_null(tctx, r.out.authority_name, "r.out.authority_name");
torture_assert_not_null(tctx, *r.out.authority_name, "*r.out.authority_name");
+ torture_comment(tctx,
+ "Account Name: %s, Authority Name: %s\n",
+ (*r.out.account_name)->string,
+ (*r.out.authority_name)->string);
+
return true;
}
diff --git a/testprogs/blackbox/test_client_kerberos.sh b/testprogs/blackbox/test_client_kerberos.sh
new file mode 100755
index 00000000000..f56698603b8
--- /dev/null
+++ b/testprogs/blackbox/test_client_kerberos.sh
@@ -0,0 +1,168 @@
+#!/bin/sh
+# Blackbox tests for kerberos client options
+# Copyright (c) 2019 Andreas Schneider <asn at samba.org>
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+REALM=$2
+USERNAME=$3
+PASSWORD=$4
+SERVER=$5
+PREFIX=$6
+CONFIGURATION=$7
+shift 7
+
+failed=0
+
+. $(dirname $0)/subunit.sh
+. $(dirname $0)/common_test_fns.inc
+
+samba_bindir="$BINDIR"
+samba_rpcclient="$samba_bindir/rpcclient"
+samba_smbclient="$samba_bindir/smbclient"
+samba_smbtorture="$samba_bindir/smbtorture"
+
+samba_kinit=kinit
+if test -x ${samba_bindir}/samba4kinit; then
+ samba_kinit=${samba_bindir}/samba4kinit
+fi
+
+samba_kdestroy=kdestroy
+if test -x ${samba_bindir}/samba4kdestroy; then
+ samba_kinit=${samba_bindir}/samba4kdestroy
+fi
+
+test_rpc_getusername_legacy() {
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to connect! Error: $ret"
+ echo "$out"
+ return 1
+ fi
+
+ echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Incorrect account/authority name! Error: $ret"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+test_smbclient_legacy() {
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to connect! Error: $ret"
+ echo "$out"
+ fi
+
+ return $ret
+}
+
+### CHECK -k flag
+
+### RPCCLIENT
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm interactive" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy ntlm interactive with -U" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy kerberos" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
+testit "test rpcclient legacy kerberos ccache" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBTORTURE
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy default" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy ntlm (kerberos=no)" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy kerberos=yes" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit "test smbtorture legacy kerberos=yes ccache" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
+testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \
+ test_rpc_getusername_legacy || \
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+### SMBCLIENT
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm" \
+ test_smbclient_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm interactive" \
+ test_smbclient_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy ntlm interactive with -U" \
+ test_smbclient_legacy || \
+ failed=$(expr $failed + 1)
+
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy kerberos" \
+ test_smbclient_legacy || \
+ failed=$(expr $failed + 1)
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
+testit "test smbclient legacy kerberos ccache" \
+ test_smbclient_legacy || \
+ failed=$(expr $failed + 1)
+$samba_kdestroy
+
+exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list