testit "wbinfo --dc-info=$DOMAIN" $wbinfo --dc-info=$DOMAIN || failed=$(expr $failed + 1)
fi
-testit_expect_failure "wbinfo -a against $TARGET with invalid password" $wbinfo -a "$DOMAIN/$USERNAME%InvalidPassword" && failed=$(expr $failed + 1)
+testit_expect_failure "wbinfo -a against $TARGET with invalid password" $wbinfo -a "$DOMAIN/$USERNAME%InvalidPassword" || failed=$(expr $failed + 1)
-testit_expect_failure "wbinfo -K against $TARGET with invalid password" $wbinfo -K "$DOMAIN/$USERNAME%InvalidPassword" && failed=$(expr $failed + 1)
+testit_expect_failure "wbinfo -K against $TARGET with invalid password" $wbinfo -K "$DOMAIN/$USERNAME%InvalidPassword" || failed=$(expr $failed + 1)
rm -f $KRB5CCNAME_PATH
# encrypt=required" on the share "tmpenc" the server *must* reject the tcon.
# SMB1
-testit_expect_failure "smbclient //$SERVER/tmpenc" $SMBCLIENT -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient //$SERVER/tmpenc" $SMBCLIENT -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
# SMB3_02
-testit_expect_failure "smbclient -m smb3_02 //$SERVER/tmpenc" $SMBCLIENT -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient -m smb3_02 //$SERVER/tmpenc" $SMBCLIENT -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
# SMB3_11
-testit_expect_failure "smbclient -m smb3_11 //$SERVER/tmpenc" $SMBCLIENT -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient -m smb3_11 //$SERVER/tmpenc" $SMBCLIENT -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/tmpenc" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmpenc -c quit || failed=$(expr $failed + 1)
# These tests must fail, as the client requires encryption and it's off on the server
# SMB1
-testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit || failed=$(expr $failed + 1)
# SMB3_02
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_02 //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -m smb3_02 -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit || failed=$(expr $failed + 1)
# SMB3_11
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit && failed=$(expr $failed + 1)
-testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/enc_desired" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/enc_desired -c quit || failed=$(expr $failed + 1)
+testit_expect_failure "smbclient --client-protection=encrypt -m smb3_11 //$SERVER/tmp" $SMBCLIENT --client-protection=encrypt -m smb3_11 -U $USERNAME%$PASSWORD //$SERVER/tmp -c quit || failed=$(expr $failed + 1)
testok $0 $failed
TEST_USER=bogus_testuser
TEST_PWD=bogus_pass3#@
net="$BINDIR/net"
-testit_expect_failure "smbclient" $smbclient "//$SERVER/$SHARE" -W POUET -U$DC_USER%$DC_PWD -c "dir" && failed=$(expr $failed + 1)
+testit_expect_failure "smbclient" $smbclient "//$SERVER/$SHARE" -W POUET -U$DC_USER%$DC_PWD -c "dir" || failed=$(expr $failed + 1)
testit "net.user.add" $net rpc user add $TEST_USER $TEST_PWD -W $SERVER -U$SERVER\\$USER%$PWD -S $SERVER
testit "smbclient" $smbclient "//$SERVER/$SHARE" -W POUET -U$TEST_USER%$TEST_PWD -c "dir" || failed=$(expr $failed + 1)
testit "net.user.delete" $net rpc user delete $TEST_USER -W $SERVER -U$SERVER\\$USER%$PWD -S $SERVER
status=$?
if [ x$status = x0 ]; then
echo "$output" | subunit_fail_test "$name"
+ return 1
else
subunit_pass_test "$name"
+ return 0
fi
- return $status
}
# This returns 0 if the command gave a failure and the grep value was found
EOF
testit_expect_failure "kpasswd check password mismatch" \
- $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL && failed=$(expr $failed + 1)
+ $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=$(expr $failed + 1)
###########################################################
### check that a short password is rejected
EOF
testit_expect_failure "kpasswd check short user password" \
- $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL && failed=$(expr $failed + 1)
+ $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=$(expr $failed + 1)
###########################################################
### check that a weak password is rejected
EOF
testit_expect_failure "kpasswd check weak user password" \
- $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL && failed=$(expr $failed + 1)
+ $texpect $PREFIX/tmpkpasswdscript $samba_kpasswd $TEST_PRINCIPAL || failed=$(expr $failed + 1)
###########################################################
### check that a strong password is accepted
check "RootDSE (full)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER --scope=base '(objectClass=*)' || failed=$(expr $failed + 1)
check "RootDSE (extended)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER --scope=base '(objectClass=*)' --extended-dn || failed=$(expr $failed + 1)
if [ x$p = x"ldaps" ]; then
- testit_expect_failure "RootDSE over SSLv3 should fail" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER --scope=base DUMMY=x dnsHostName highestCommittedUSN --option='tlspriority=NONE:+VERS-SSL3.0:+MAC-ALL:+CIPHER-ALL:+RSA:+SIGN-ALL:+COMP-NULL' && failed=$(expr $failed + 1)
+ testit_expect_failure "RootDSE over SSLv3 should fail" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER --scope=base DUMMY=x dnsHostName highestCommittedUSN --option='tlspriority=NONE:+VERS-SSL3.0:+MAC-ALL:+CIPHER-ALL:+RSA:+SIGN-ALL:+COMP-NULL' || failed=$(expr $failed + 1)
fi
echo "Getting defaultNamingContext"
testit "leave+server" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=$(expr $failed + 1)
-testit_expect_failure "join+invalid_server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -SINVALID && failed=$(expr $failed + 1)
+testit_expect_failure "join+invalid_server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -SINVALID || failed=$(expr $failed + 1)
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
-testit_expect_failure "leave+invalid_server" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD -SINVALID && failed=$(expr $failed + 1)
+testit_expect_failure "leave+invalid_server" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD -SINVALID || failed=$(expr $failed + 1)
testit "testjoin user+password" $VALGRIND $net_tool ads testjoin -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
#Unprivileged users should not be able to overwrite other's names
testit_expect_failure \
"Unprivileged users should not be able to modify existing names" \
- $net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS &&
+ $net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS ||
failed=$(expr $failed + 1)
testit "We should be able to unregister the name $UNPRIVNAME.$REALM $IPADDRESS" \
#
testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \
- $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%invalidpass && failed=$(expr $failed + 1)
+ $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%invalidpass || failed=$(expr $failed + 1)
testit_expect_failure "Test login with user kerberos ccache, but old password specified" \
- $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=$(expr $failed + 1)
+ $VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD || failed=$(expr $failed + 1)
rm -f $KRB5CCNAME_PATH
rm -f $KRB5CCNAME_PATH
testit_expect_failure "try to set a non-complex password (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" || failed=$(expr $failed + 1)
testit "allow non-complex passwords" \
$VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --complexity=off || failed=$(expr $failed + 1)
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=$(expr $failed + 1)
testit_expect_failure "try to set a short password (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" || failed=$(expr $failed + 1)
testit "allow short passwords (length 1)" \
$VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --min-pwd-length=1 || failed=$(expr $failed + 1)
$VALGRIND $PYTHON $samba_tool domain passwordsettings show "${CONFIGURATION}" || failed=$(expr $failed + 1)
testit_expect_failure "try to change password too quickly (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_NEW" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_NEW" || failed=$(expr $failed + 1)
testit "reset password policies" \
$VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1)
testit "modify user - disabled" $VALGRIND $net sam set disabled $USER yes "$@" || failed=$(expr $failed + 1)
-testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -U$USER@%$USERPASS && failed=$(expr $failed + 1)
+testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -U$USER@%$USERPASS || failed=$(expr $failed + 1)
testit "modify user - enabled" $VALGRIND $net sam set disabled $USER no "$@" || failed=$(expr $failed + 1)
testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow $USER yes "$@" || failed=$(expr $failed + 1)
-testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -U$USER@%$USERPASS && failed=$(expr $failed + 1)
+testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -U$USER@%$USERPASS || failed=$(expr $failed + 1)
testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp $USER yes "$@" || failed=$(expr $failed + 1)
#test_rpcclient_expect_failure_grep "Fail03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
test_smbclient_expect_failure "Fail03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=$(expr $failed + 1)
# winbindd doesn't handle user@domain yet
- #testit_expect_failure "Fail03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+ #testit_expect_failure "Fail03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
else
EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
# rpcclient doesn't handle -Uuser@domain yet
#test_rpcclient_expect_failure_grep "Fail04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
test_smbclient_expect_failure "Fail04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=$(expr $failed + 1)
# winbindd doesn't handle user@domain yet
- #testit_expect_failure "Fail04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+ #testit_expect_failure "Fail04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
else
EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
# rpcclient doesn't handle -Uuser@domain yet
EXPFAIL="$TRUST_ERROR"
test_rpcclient_expect_failure_grep "Fail06 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=$(expr $failed + 1)
test_smbclient_expect_failure "Fail06 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=$(expr $failed + 1)
-testit_expect_failure "Fail06 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=$(expr $failed + 1)
+testit_expect_failure "Fail06 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=$(expr $failed + 1)
DNAME="$TRUST_DOMAIN"
NAME="$DNAME\\$TRUST_USERNAME"
#test_rpcclient_expect_failure_grep "Fail09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
test_smbclient_expect_failure "Fail09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=$(expr $failed + 1)
# winbindd doesn't handle user@domain yet
- #testit_expect_failure "Fail09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+ #testit_expect_failure "Fail09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
else
EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
# rpcclient doesn't handle -Uuser@domain yet
#test_rpcclient_expect_failure_grep "Fail10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
test_smbclient_expect_failure "Fail10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=$(expr $failed + 1)
# winbindd doesn't handle user@domain yet
- #testit_expect_failure "Fail10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
+ #testit_expect_failure "Fail10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
else
EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
# rpcclient doesn't handle -Uuser@domain yet, maybe smbclient for now?
testit "testparm-weak-crypto" test_weak_crypto_allowed || failed=$(expr $failed + 1)
# We should not be allowed to use NTLM for connecting
-testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:${SERVER_IP}[ntlm] -U$USERNAME%$PASSWORD -c "getusername" && failed=$(expr $failed + 1)
+testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:${SERVER_IP}[ntlm] -U$USERNAME%$PASSWORD -c "getusername" || failed=$(expr $failed + 1)
GNUTLS_FORCE_FIPS_MODE=1
export GNUTLS_FORCE_FIPS_MODE