testprogs/blackbox: add test_trust_ntlm.sh

author Stefan Metzmacher <metze@samba.org>

Wed, 29 Mar 2017 09:41:31 +0000 (11:41 +0200)

committer Andrew Bartlett <abartlet@samba.org>

Sun, 9 Apr 2017 23:11:20 +0000 (01:11 +0200)
author Stefan Metzmacher <metze@samba.org>
Wed, 29 Mar 2017 09:41:31 +0000 (11:41 +0200)
committer Andrew Bartlett <abartlet@samba.org>
Sun, 9 Apr 2017 23:11:20 +0000 (01:11 +0200)
diff --git a/testprogs/blackbox/test_trust_ntlm.sh b/testprogs/blackbox/test_trust_ntlm.sh

new file mode 100755 (executable)

index 0000000..44946bb
--- /dev/null
+++ b/testprogs/blackbox/test_trust_ntlm.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+# Copyright (C) 2017 Stefan Metzmacher <metze@samba.org>
+
+if [ $# -lt 12 ]; then
+cat <<EOF
+Usage: $# test_trust_ntlm.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN TYPE UNTRUSTED TRUST_ERROR
+EOF
+exit 1;
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+REALM=$4
+DOMAIN=$5
+shift 5
+TRUST_USERNAME=$1
+TRUST_PASSWORD=$2
+TRUST_REALM=$3
+TRUST_DOMAIN=$4
+shift 4
+TYPE=$1
+UNTRUSTED=$2
+TRUST_ERROR=$3
+shift 3
+failed=0
+
+samba4bindir="$BINDIR"
+
+rpcclient="$samba4bindir/rpcclient"
+smbclient="$samba4bindir/smbclient"
+wbinfo="$samba4bindir/wbinfo"
+
+unc="//$SERVER/tmp"
+
+. `dirname $0`/subunit.sh
+. `dirname $0`/common_test_fns.inc
+
+CREDS="$DOMAIN\\$USERNAME%$PASSWORD"
+WBCREDS="$DOMAIN/$USERNAME%$PASSWORD"
+EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
+test_rpcclient_grep "Test01 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+test_smbclient "Test01 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+testit "Test01 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+
+CREDS="$REALM\\$USERNAME%$PASSWORD"
+WBCREDS="$REALM/$USERNAME%$PASSWORD"
+EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
+test_rpcclient_grep "Test02 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+test_smbclient "Test02 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+testit "Test02 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+
+CREDS="$USERNAME@$DOMAIN%$PASSWORD"
+WBCREDS="$USERNAME@$DOMAIN%$PASSWORD"
+if [ x"$TYPE" = x"member" ]; then
+       EXPFAIL="NT_STATUS_LOGON_FAILURE"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_expect_failure_grep "Fail03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
+       test_smbclient_expect_failure "Fail03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit_expect_failure "Fail03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+else
+       EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_grep "Test03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+       test_smbclient "Test03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit "Test03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+fi
+
+CREDS="$USERNAME@$REALM%$PASSWORD"
+WBCREDS="$USERNAME@$REALM%$PASSWORD"
+if [ x"$TYPE" = x"member" ]; then
+       EXPFAIL="NT_STATUS_LOGON_FAILURE"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_expect_failure_grep "Fail04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
+       test_smbclient_expect_failure "Fail04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit_expect_failure "Fail04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+else
+       EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_grep "Test04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+       test_smbclient "Test04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit "Test04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+fi
+
+CREDS="UNKNOWNDOMAIN\\$USERNAME%$PASSWORD"
+WBCREDS="UNKNOWNDOMAIN/$USERNAME%$PASSWORD"
+EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
+test_rpcclient_grep "Test05 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+test_smbclient "Test05 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+testit_expect_failure "Fail05 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+
+CREDS="$TRUST_DOMAIN\\$USERNAME%$PASSWORD"
+WBCREDS="$TRUST_DOMAIN/$USERNAME%$PASSWORD"
+EXPFAIL="$TRUST_ERROR"
+test_rpcclient_expect_failure_grep "Fail06 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
+test_smbclient_expect_failure "Fail06 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
+testit_expect_failure "Fail06 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+
+CREDS="$TRUST_DOMAIN\\$TRUST_USERNAME%$TRUST_PASSWORD"
+WBCREDS="$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"
+EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
+test_rpcclient_grep "Test07 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+test_smbclient "Test07 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+testit "Test07 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+
+CREDS="$TRUST_REALM\\$TRUST_USERNAME%$TRUST_PASSWORD"
+WBCREDS="$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD"
+EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
+test_rpcclient_grep "Test08 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+test_smbclient "Test08 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+testit "Test08 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+
+CREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
+WBCREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
+if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
+       # NT4 domain
+       EXPFAIL="NT_STATUS_LOGON_FAILURE"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_expect_failure_grep "Fail09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
+       test_smbclient_expect_failure "Fail09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit_expect_failure "Fail09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+else
+       EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_grep "Test09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+       test_smbclient "Test09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit "Test09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+fi
+
+CREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
+WBCREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
+if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
+       # NT4 domain
+       EXPFAIL="NT_STATUS_LOGON_FAILURE"
+       # rpcclient doesn't handle -Uuser@domain yet
+       #test_rpcclient_expect_failure_grep "Fail10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
+       test_smbclient_expect_failure "Fail10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit_expect_failure "Fail10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+else
+       EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
+       # rpcclient doesn't handle -Uuser@domain yet, maybe smbclient for now?
+       #test_rpcclient_grep "Test10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
+       test_smbclient "Test10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
+       # winbindd doesn't handle user@domain yet
+       #testit "Test10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
+fi
+
+lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
+
+if test x$TYPE = x"forest"; then
+
+fi
+
+if test x$UNTRUSTED = x"yes"; then
+
+fi
+exit $failed
author	Stefan Metzmacher <metze@samba.org>
	Wed, 29 Mar 2017 09:41:31 +0000 (11:41 +0200)
committer	Andrew Bartlett <abartlet@samba.org>
	Sun, 9 Apr 2017 23:11:20 +0000 (01:11 +0200)