source3/script/tests/test_ntlm_auth_s3.sh

   1 #!/bin/sh
   2
   3 if [ $# -lt 2 ]; then
   4 cat <<EOF
   5 Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH
   6 EOF
   7 exit 1;
   8 fi
   9
  10 PYTHON=$1
  11 SRC3DIR=$2
  12 NTLM_AUTH=$3
  13 DOMAIN=$4
  14 USERNAME=$5
  15 PASSWORD=$6
  16 shift 6
  17 ADDARGS="$*"
  18
  19 incdir=`dirname $0`/../../../testprogs/blackbox
  20 . $incdir/subunit.sh
  21
  22 SID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1`
  23 BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
  24
  25 failed=0
  26
  27 test_ntlm_server_1_check_output()
  28 {
  29         tmpfile=$PREFIX/ntlm_commands
  30
  31         cat > $tmpfile <<EOF
  32 LANMAN-Challenge: 0123456789abcdef
  33 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
  34 NT-Domain: TEST
  35 Username: testuser
  36 Request-User-Session-Key: Yes
  37 .
  38 EOF
  39         cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1  --password=SecREt01< $tmpfile 2>&1'
  40         eval echo "$cmd"
  41         out=`eval $cmd`
  42         ret=$?
  43         rm -f $tmpfile
  44
  45         if [ $ret != 0 ] ; then
  46                 echo "$out"
  47                 echo "command failed"
  48                 false
  49                 return
  50         fi
  51
  52         echo "$out" | grep "User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4" >/dev/null 2>&1
  53
  54         if [ $? = 0 ] ; then
  55                 # authenticated .. succeed
  56                 true
  57         else
  58                 echo failed to get successful authentication
  59                 false
  60         fi
  61 }
  62
  63 test_ntlm_server_1_check_output_fail()
  64 {
  65         tmpfile=$PREFIX/ntlm_commands
  66
  67         # Break the password with a leading A on the challenge
  68         cat > $tmpfile <<EOF
  69 LANMAN-Challenge: A123456789abcdef
  70 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
  71 NT-Domain: TEST
  72 Username: testuser
  73 Request-User-Session-Key: Yes
  74 .
  75 EOF
  76         cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01 < $tmpfile 2>&1'
  77         eval echo "$cmd"
  78         out=`eval $cmd`
  79         ret=$?
  80         rm -f $tmpfile
  81
  82         if [ $ret != 0 ] ; then
  83                 echo "$out"
  84                 echo "command failed"
  85                 false
  86                 return
  87         fi
  88
  89         echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
  90
  91         if [ $? = 0 ] ; then
  92                 # failed to authenticate .. success
  93                 true
  94         else
  95                 echo "incorrectly gave a successful authentication"
  96                 false
  97         fi
  98 }
  99
 100 test_ntlm_server_1_check_winbind_output()
 101 {
 102         tmpfile=$PREFIX/ntlm_commands
 103
 104         # This isn't the correct password
 105         cat > $tmpfile <<EOF
 106 Password: $PASSWORD
 107 NT-Domain: $DOMAIN
 108 Username: $USERNAME
 109 Request-User-Session-Key: Yes
 110 .
 111 EOF
 112         cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$SID < $tmpfile 2>&1'
 113         eval echo "$cmd"
 114         out=`eval $cmd`
 115         ret=$?
 116         rm -f $tmpfile
 117
 118         if [ $ret != 0 ] ; then
 119                 echo "$out"
 120                 echo "command failed"
 121                 false
 122                 return
 123         fi
 124
 125         echo "$out" | grep "Authenticated: Yes" >/dev/null 2>&1
 126
 127         if [ $? = 0 ] ; then
 128                 # authenticated .. success
 129                 true
 130         else
 131                 echo "Failed to authenticate the user or match with SID $SID"
 132                 false
 133         fi
 134 }
 135
 136 test_ntlm_server_1_check_winbind_output_wrong_sid()
 137 {
 138         tmpfile=$PREFIX/ntlm_commands
 139
 140         # This isn't the correct password
 141         cat > $tmpfile <<EOF
 142 Password: $PASSWORD
 143 NT-Domain: $DOMAIN
 144 Username: $USERNAME
 145 Request-User-Session-Key: Yes
 146 .
 147 EOF
 148         cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$BADSID < $tmpfile 2>&1'
 149         eval echo "$cmd"
 150         out=`eval $cmd`
 151         ret=$?
 152         rm -f $tmpfile
 153
 154         if [ $ret != 0 ] ; then
 155                 echo "$out"
 156                 echo "command failed"
 157                 false
 158                 return
 159         fi
 160
 161         echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
 162
 163         if [ $? = 0 ] ; then
 164                 # failed to authenticate .. success
 165                 true
 166         else
 167                 echo "incorrectly gave a successful authentication"
 168                 false
 169         fi
 170 }
 171
 172 test_ntlm_server_1_check_winbind_output_fail()
 173 {
 174         tmpfile=$PREFIX/ntlm_commands
 175
 176         # This isn't the correct password
 177         cat > $tmpfile <<EOF
 178 LANMAN-Challenge: 0123456789abcdef
 179 NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
 180 NT-Domain: $DOMAIN
 181 Username: $USERNAME
 182 Request-User-Session-Key: Yes
 183 .
 184 EOF
 185         cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 < $tmpfile 2>&1'
 186         eval echo "$cmd"
 187         out=`eval $cmd`
 188         ret=$?
 189         rm -f $tmpfile
 190
 191         if [ $ret != 0 ] ; then
 192                 echo "$out"
 193                 echo "command failed"
 194                 false
 195                 return
 196         fi
 197
 198         echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
 199
 200         if [ $? = 0 ] ; then
 201                 # failed to authenticate .. success
 202                 true
 203         else
 204                 echo "incorrectly gave a successful authentication"
 205                 false
 206         fi
 207 }
 208
 209 # This should work even with NTLMv2
 210 testit "ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed=`expr $failed + 1`
 211 testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
 212 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
 213 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
 214 testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
 215
 216 testok $0 $failed