diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-06-24 09:42:40 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-06-29 16:59:31 +1000 |
commit | 48c8896f2ede1c441a1448c2e45106a317b64832 (patch) | |
tree | 120c1f56df8e1be144e50b2a5590439ac3f9c505 /testprogs/blackbox/test_pkinit.sh | |
parent | d76e4852ebf6ebaaa0e59b481c4b17ac15310aec (diff) | |
download | samba-48c8896f2ede1c441a1448c2e45106a317b64832.tar.gz samba-48c8896f2ede1c441a1448c2e45106a317b64832.tar.bz2 samba-48c8896f2ede1c441a1448c2e45106a317b64832.zip |
s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.
In particular, we need to assert that AES encryption is available in
the 2008 functional level.
Andrew Bartlett
Diffstat (limited to 'testprogs/blackbox/test_pkinit.sh')
-rwxr-xr-x | testprogs/blackbox/test_pkinit.sh | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/testprogs/blackbox/test_pkinit.sh b/testprogs/blackbox/test_pkinit.sh new file mode 100755 index 0000000000..e901f0f0db --- /dev/null +++ b/testprogs/blackbox/test_pkinit.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Blackbox tests for kinit and kerberos integration with smbclient etc +# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> +# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> + +if [ $# -lt 5 ]; then +cat <<EOF +Usage: test_kinit.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX +EOF +exit 1; +fi + +SERVER=$1 +USERNAME=$2 +PASSWORD=$3 +REALM=$4 +DOMAIN=$5 +PREFIX=$6 +ENCTYPE=$7 +shift 7 +failed=0 + +samba4bindir="$BUILDDIR/bin" +smbclient="$samba4bindir/smbclient$EXEEXT" +samba4kinit="$samba4bindir/samba4kinit$EXEEXT" +net="$samba4bindir/net$EXEEXT" +ldbmodify="$samba4bindir/ldbmodify$EXEEXT" +ldbsearch="$samba4bindir/ldbsearch$EXEEXT" +rkpty="$samba4bindir/rkpty$EXEEXT" +samba4kpasswd="$samba4bindir/samba4kpasswd$EXEEXT" +enableaccount="$samba4bindir/net enableaccount" +machineaccountccache="$BUILDDIR/scripting/bin/machineaccountccache" + +. `dirname $0`/subunit.sh + +test_smbclient() { + name="$1" + cmd="$2" + shift + shift + echo "test: $name" + $VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@ + status=$? + if [ x$status = x0 ]; then + echo "success: $name" + else + echo "failure: $name" + fi + return $status +} + +enctype="-e $ENCTYPE" + +KRB5CCNAME="$PREFIX/tmpccache" +export KRB5CCNAME + +testit "kinit with pkinit (name specified)" $samba4kinit $enctype --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem --enterprise $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincertupn.pem,$PREFIX/dc/private/tls/adminkey.pem --pk-enterprise || failed=`expr $failed + 1` +testit "kinit renew ticket" $samba4kinit --request-pac -R + +test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +rm -f $PREFIX/tmpccache +exit $failed |