The branch, master has been updated via a454c9cd42e testprogs: Add client kerberos test via 9596eefbd5e s4:torture: Print account and authority name from 3abd92d7824 docs-xml: Fix usernames in pam_winbind manpages
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a454c9cd42e4ecc00a04886a781ad19c8bd641f9 Author: Andreas Schneider <a...@samba.org> Date: Fri Jul 19 12:35:57 2019 +0200 testprogs: Add client kerberos test Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184 commit 9596eefbd5e7fe7fab8384656eb302fec7a8d355 Author: Andreas Schneider <a...@samba.org> Date: Thu Jul 18 14:18:57 2019 +0200 s4:torture: Print account and authority name Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/selftest/tests.py | 2 + source4/torture/rpc/lsa.c | 5 + testprogs/blackbox/test_client_kerberos.sh | 168 +++++++++++++++++++++++++++++ 3 files changed, 175 insertions(+) create mode 100755 testprogs/blackbox/test_client_kerberos.sh Changeset truncated at 500 lines: diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 8162f5e1fbc..82c846dbab1 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -498,6 +498,8 @@ else: plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4]) plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"]) +plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH']) + plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE']) plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE']) plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE']) diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 548ebf8a090..c342b4e67e6 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -4914,6 +4914,11 @@ static bool test_GetUserName(struct dcerpc_binding_handle *b, torture_assert_not_null(tctx, r.out.authority_name, "r.out.authority_name"); torture_assert_not_null(tctx, *r.out.authority_name, "*r.out.authority_name"); + torture_comment(tctx, + "Account Name: %s, Authority Name: %s\n", + (*r.out.account_name)->string, + (*r.out.authority_name)->string); + return true; } diff --git a/testprogs/blackbox/test_client_kerberos.sh b/testprogs/blackbox/test_client_kerberos.sh new file mode 100755 index 00000000000..f56698603b8 --- /dev/null +++ b/testprogs/blackbox/test_client_kerberos.sh @@ -0,0 +1,168 @@ +#!/bin/sh +# Blackbox tests for kerberos client options +# Copyright (c) 2019 Andreas Schneider <a...@samba.org> + +if [ $# -lt 6 ]; then +cat <<EOF +Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION +EOF +exit 1; +fi + +DOMAIN=$1 +REALM=$2 +USERNAME=$3 +PASSWORD=$4 +SERVER=$5 +PREFIX=$6 +CONFIGURATION=$7 +shift 7 + +failed=0 + +. $(dirname $0)/subunit.sh +. $(dirname $0)/common_test_fns.inc + +samba_bindir="$BINDIR" +samba_rpcclient="$samba_bindir/rpcclient" +samba_smbclient="$samba_bindir/smbclient" +samba_smbtorture="$samba_bindir/smbtorture" + +samba_kinit=kinit +if test -x ${samba_bindir}/samba4kinit; then + samba_kinit=${samba_bindir}/samba4kinit +fi + +samba_kdestroy=kdestroy +if test -x ${samba_bindir}/samba4kdestroy; then + samba_kinit=${samba_bindir}/samba4kdestroy +fi + +test_rpc_getusername_legacy() { + eval echo "$cmd" + out=$(eval $cmd) + ret=$? + if [ $ret -ne 0 ] ; then + echo "Failed to connect! Error: $ret" + echo "$out" + return 1 + fi + + echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN" + ret=$? + if [ $ret -ne 0 ] ; then + echo "Incorrect account/authority name! Error: $ret" + echo "$out" + return 1 + fi + + return 0 +} + +test_smbclient_legacy() { + eval echo "$cmd" + out=$(eval $cmd) + ret=$? + if [ $ret -ne 0 ] ; then + echo "Failed to connect! Error: $ret" + echo "$out" + fi + + return $ret +} + +### CHECK -k flag + +### RPCCLIENT +cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1' +testit "test rpcclient legacy ntlm" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1' +testit "test rpcclient legacy ntlm interactive" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1' +testit "test rpcclient legacy ntlm interactive with -U" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1' +testit "test rpcclient legacy kerberos" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1' +testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD} +cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1' +testit "test rpcclient legacy kerberos ccache" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) +$samba_kdestroy + +### SMBTORTURE + +cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1' +testit "test smbtorture legacy default" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1' +testit "test smbtorture legacy ntlm (kerberos=no)" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1' +testit "test smbtorture legacy kerberos=yes" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) + +kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD} +cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1' +testit "test smbtorture legacy kerberos=yes ccache" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) +$samba_kdestroy + +kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD} +cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1' +testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \ + test_rpc_getusername_legacy || \ + failed=$(expr $failed + 1) +$samba_kdestroy + +### SMBCLIENT +cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"' +testit "test smbclient legacy ntlm" \ + test_smbclient_legacy || \ + failed=$(expr $failed + 1) + +cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"' +testit "test smbclient legacy ntlm interactive" \ + test_smbclient_legacy || \ + failed=$(expr $failed + 1) + +cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"' +testit "test smbclient legacy ntlm interactive with -U" \ + test_smbclient_legacy || \ + failed=$(expr $failed + 1) + +cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"' +testit "test smbclient legacy kerberos" \ + test_smbclient_legacy || \ + failed=$(expr $failed + 1) + +kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD} +cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"' +testit "test smbclient legacy kerberos ccache" \ + test_smbclient_legacy || \ + failed=$(expr $failed + 1) +$samba_kdestroy + +exit $failed -- Samba Shared Repository