diff options
author | Andreas Schneider <asn@samba.org> | 2023-03-21 08:31:03 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2023-04-06 13:45:35 +0000 |
commit | c5bf365d9230e65a278a297b5e9a8a7a18b8a11d (patch) | |
tree | 22429c54057ebd37b8aed303aba3cf4af0bec8a3 /testprogs | |
parent | b6cf609e9fd618eac7af88522fd02709123de2a0 (diff) | |
download | samba-c5bf365d9230e65a278a297b5e9a8a7a18b8a11d.tar.gz |
testprogs: Reformat test_kinit_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'testprogs')
-rwxr-xr-x | testprogs/blackbox/test_kinit_heimdal.sh | 250 |
1 files changed, 195 insertions, 55 deletions
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh index 9b90da28e4c..d6b52aef72b 100755 --- a/testprogs/blackbox/test_kinit_heimdal.sh +++ b/testprogs/blackbox/test_kinit_heimdal.sh @@ -60,30 +60,63 @@ ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH" export KRB5CCNAME rm -rf $KRB5CCNAME_PATH -testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=$(expr $failed + 1) +testit "reset password policies beside of minimum password age of 0 days" \ + $VALGRIND $PYTHON $samba_tool domain passwordsettings set \ + $ADMIN_LDBMODIFY_CONFIG \ + --complexity=default \ + --history-length=default \ + --min-pwd-length=default \ + --min-pwd-age=0 \ + --max-pwd-age=default || \ + failed=$(expr $failed + 1) echo $PASSWORD >$PREFIX/tmppassfile -testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R - -test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "kinit with password (initial)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmppassfile \ + --request-pac $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "kinit with password (enterprise style)" \ + $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile \ + --request-pac $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "kinit with password (windows style)" \ + $samba4kinit $enctype --renewable --windows \ + --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "kinit renew ticket" \ + $samba4kinit $enctype --request-pac -R + +test_smbclient "Test login with kerberos ccache" 'ls' "$unc" \ + --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "check time with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool time $SERVER \ + $CONFIGURATION -k yes "$@" || \ + failed=$(expr $failed + 1) USERPASS=testPass@12% echo $USERPASS >$PREFIX/tmpuserpassfile -testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "add user with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS \ + $CONFIGURATION -k yes "$@" || \ + failed=$(expr $failed + 1) echo "Getting defaultNamingContext" -BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') +BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base \ + DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') cat >$PREFIX/tmpldbmodify <<EOF dn: cn=${TEST_USER},cn=users,$BASEDN @@ -94,11 +127,19 @@ replace: userPrincipalName userPrincipalName: nettest@$REALM EOF -testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1) +testit "modify servicePrincipalName and userPrincpalName" \ + $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -k yes \ + "$@" || failed=$(expr $failed + 1) -testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "set user password with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} \ + --newpassword=$USERPASS $CONFIGURATION -k yes "$@" || \ + failed=$(expr $failed + 1) -testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount ${TEST_USER} -H ldap://$SERVER -k yes "$@" || failed=$(expr $failed + 1) +testit "enable user with kerberos cache" \ + $VALGRIND $PYTHON $enableaccount ${TEST_USER} -H ldap://$SERVER -k yes \ + "$@" || \ + failed=$(expr $failed + 1) KRB5CCNAME_PATH="$PREFIX/tmpuserccache" KRB5CCNAME="FILE:$KRB5CCNAME_PATH" @@ -106,30 +147,60 @@ samba4kinit="$samba4kinit_binary -c $KRB5CCNAME" export KRB5CCNAME rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after enable of user and password change)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) NEWUSERPASS=testPaSS@34% -testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) +testit "change user password with 'samba-tool user password' (rpc)" \ + $VALGRIND $PYTHON $samba_tool user password \ + -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION -k no \ + --newpassword=$NEWUSERPASS "$@" || \ + failed=$(expr $failed + 1) echo $NEWUSERPASS >$PREFIX/tmpuserpassfile rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after rpc password change)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password (NT-Principal style) using UPN" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac nettest@$REALM || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from enterprise UPN" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password (enterprise style) using UPN" \ + $samba4kinit $enctype --enterprise \ + --password-file=$PREFIX/tmpuserpassfile --request-pac \ + nettest@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from enterprise UPN" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password (windows style) using UPN" \ + $samba4kinit $enctype --renewable --windows \ + --password-file=$PREFIX/tmpuserpassfile --request-pac \ + nettest@$REALM || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from windows UPN" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmpldbmodify <<EOF dn: cn=${TEST_USER},cn=users,$BASEDN @@ -138,11 +209,21 @@ replace: userPrincipalName userPrincipalName: nettest@$REALM.org EOF -testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1) +testit "modify userPrincipalName to be a different domain" \ + $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \ + $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \ + -k yes "$@" || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +testit "kinit with password (enterprise style) using UPN" \ + $samba4kinit $enctype --enterprise \ + --password-file=$PREFIX/tmpuserpassfile --request-pac \ + nettest@$REALM.org || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) USERPASS=$NEWUSERPASS NEWUSERPASS=testPaSS@56% @@ -158,15 +239,23 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "change user password with kpasswd" \ + $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \ + ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after kpasswd change)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) NEWUSERPASS=testPaSS@78% echo $NEWUSERPASS >$PREFIX/tmpuserpassfile -test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache (after kpasswd change)" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmpkpasswdscript <<EOF expect New password @@ -176,10 +265,17 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "set user password with kpasswd" \ + $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \ + --cache=$ADMIN_KRB5CCNAME \ + ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after kpasswd set)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) @@ -194,11 +290,19 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "set user password with kpasswd and servicePrincipalName" \ + $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \ + --cache=$PREFIX/tmpccache host/${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after set with kpasswd and spn)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmpldbmodify <<EOF dn: cn=${TEST_USER},cn=users,$BASEDN @@ -210,7 +314,12 @@ EOF USERPASS=$NEWUSERPASS NEWUSERPASS=testPaSS@911% -testit "modify pwdLastSet" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1) +testit "modify pwdLastSet" \ + $VALGRIND $ldbmodify \ + $ADMIN_LDBMODIFY_CONFIG \ + $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \ + -k yes "$@" || \ + failed=$(expr $failed + 1) cat >$PREFIX/tmppasswordchange <<EOF expect ${TEST_USER}@${REALM}'s Password: @@ -224,14 +333,24 @@ send ${NEWUSERPASS}\n expect Success: Password changed EOF -testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac ${TEST_USER}@$REALM && failed=$(expr $failed + 1) +testit "kinit with user password for expired password" \ + $texpect $PREFIX/tmppasswordchange \ + $samba4kinit $enctype --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) echo $NEWUSERPASS >$PREFIX/tmpuserpassfile -testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after password change forced by expiration)" \ + $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \ + --request-pac ${TEST_USER}@$REALM || \ + failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) KRB5CCNAME_PATH="$PREFIX/tmpccache" KRB5CCNAME="FILE:$KRB5CCNAME_PATH" @@ -241,16 +360,37 @@ export KRB5CCNAME rm -rf $KRB5CCNAME_PATH lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') -test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) - -testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm" \ + 'ls' "$unc" --use-kerberos=required \ + -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || \ + failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm 2" \ + 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS \ + --realm=$lowerrealm || \ + failed=$(expr $failed + 1) + +testit "del user with kerberos ccache" \ + $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} \ + $CONFIGURATION -k yes "$@" || \ + failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) -test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) - -testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1) +testit "kinit with machineaccountccache script" \ + $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || \ + failed=$(expr $failed + 1) +test_smbclient "Test machine account login with kerberos ccache" \ + 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \ + failed=$(expr $failed + 1) + +testit "reset password policies" \ + $VALGRIND $PYTHON $samba_tool domain passwordsettings set \ + $ADMIN_LDBMODIFY_CONFIG \ + --complexity=default \ + --history-length=default \ + --min-pwd-length=default \ + --min-pwd-age=default \ + --max-pwd-age=default || \ + failed=$(expr $failed + 1) rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript exit $failed |