diff options
Diffstat (limited to 'source4')
| -rwxr-xr-x | source4/scripting/bin/ktpass.sh | 93 | ||||
| -rwxr-xr-x | source4/selftest/tests.sh | 1 | ||||
| -rw-r--r-- | source4/torture/rpc/bind.c | 32 | ||||
| -rw-r--r-- | source4/torture/shell.c | 11 | ||||
| -rw-r--r-- | source4/wscript_build | 1 |
5 files changed, 128 insertions, 10 deletions
diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh new file mode 100755 index 0000000000..92b1976932 --- /dev/null +++ b/source4/scripting/bin/ktpass.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# vim: expandtab +# +# Copyright (C) Matthieu Patou <mat@matws.net> 2010 +# +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +name="ktpass.sh" +TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \ + -n "$name" -- "$@"` +eval set -- "$TEMP" + +function usage { + echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n" + echo -ne " [--host hostname] [--enc <encryption>]\n" + echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n" + echo -ne "\nEncoding should be one of:\n" + echo -ne " * des-cbc-crc\n" + echo -ne " * des-cbc-md5\n" + echo -ne " * rc4-hmac (default)\n" + echo -ne " * aes128-cts\n" + echo -ne " * aes256-cts\n" + exit 0 +} +while true ; do + case "$1" in + --out) outfile=$2 ; shift 2 ;; + --princ) princ=$2 ; shift 2 ;; + --pass) pass=$2 ; shift 2 ;; + --host) host=$2 ; shift 2 ;; + --ptype) shift 2 ;; + --enc) enc=$2; shift 2;; + --path-to-ldbsearch) path="$2/"; shift 2;; + -h) usage;; + --) shift ; break ;; + *) echo "Internal error!" ; exit 1 ;; + esac +done +#RC4-HMAC-NT|AES256-SHA1|AES128-SHA +if [ -z "$enc" ]; then + enc="rc4-hmac" +fi +if [ -z "$path" ]; then + path=`dirname $0`/../bin/ +fi +if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then + echo "At least one mandatory parameter (--out, --princ, --pass) was not specified" + usage +fi +if [ -z $host ]; then + host=`hostname` +fi +kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber` +if [ "$kvno" == "" ]; then + echo -ne "Unable to find kvno for principal $princ\n" + echo -ne " check that you are authentified with kerberos\n" + exit 1 +else + kvno=`echo $kvno | sed 's/^.*: //'` +fi + +if [ "$pass" == "*" ]; then + echo -n "Enter password for $princ: " + stty -echo + read pass + stty echo + echo "" +fi + +ktutil >/dev/null <<EOF +add_entry -password -p $princ -k $kvno -e $enc +$pass +wkt $outfile +EOF + +if [ $? -eq 0 ]; then + echo "Keytab file $outfile created with success" +else + echo "Error while creating the keytab file $outfile" +fi diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh index 52d1d3963e..1dd507eaed 100755 --- a/source4/selftest/tests.sh +++ b/source4/selftest/tests.sh @@ -368,6 +368,7 @@ plantestsuite "blackbox.pkinit" dc:local $bbdir/test_pkinit.sh "\$SERVER" "\$USE plantestsuite "blackbox.kinit" dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION plantestsuite "blackbox.kinit" fl2000dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" arcfour-hmac-md5 $CONFIGURATION plantestsuite "blackbox.kinit" fl2008r2dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION +plantestsuite "blackbox.ktpass" dc $bbdir/test_ktpass.sh $PREFIX plantestsuite "blackbox.passwords" dc:local $bbdir/test_passwords.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" plantestsuite "blackbox.export.keytab" dc:local $bbdir/test_export_keytab.sh "\$SERVER" "\$USERNAME" "\$REALM" "\$DOMAIN" "$PREFIX" plantestsuite "blackbox.cifsdd" dc $samba4srcdir/client/tests/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index b36e54cac0..f6470595e3 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -52,6 +52,7 @@ static bool test_bind(struct torture_context *tctx, torture_rpc_binding(tctx, &binding), "failed to parse binding string"); + binding->flags &= ~DCERPC_AUTH_OPTIONS; binding->flags |= *flags; torture_assert_ntstatus_ok(tctx, @@ -86,11 +87,32 @@ static void test_bind_op(struct torture_suite *suite, struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create(mem_ctx, "BIND"); - - test_bind_op(suite, "ntlm,sign", DCERPC_AUTH_NTLM | DCERPC_SIGN); - test_bind_op(suite, "ntlm,sign,seal", DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL); - test_bind_op(suite, "spnego,sign", DCERPC_AUTH_SPNEGO | DCERPC_SIGN); - test_bind_op(suite, "spnego,sign,seal", DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL); + struct { + const char *test_name; + uint32_t flags; + } tests[] = { + { + .test_name = "ntlm,sign", + .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN + },{ + .test_name = "ntlm,sign,seal", + .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL + },{ + .test_name = "spnego,sign", + .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN + },{ + .test_name = "spnego,sign,seal", + .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL + } + }; + int i; + + for (i=0; i < ARRAY_SIZE(tests); i++) { + test_bind_op(suite, tests[i].test_name, tests[i].flags); + } + for (i=0; i < ARRAY_SIZE(tests); i++) { + test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN); + } return suite; } diff --git a/source4/torture/shell.c b/source4/torture/shell.c index 7c313af178..03c670a902 100644 --- a/source4/torture/shell.c +++ b/source4/torture/shell.c @@ -175,8 +175,6 @@ static void shell_help(const struct shell_command * command, static void shell_set(const struct shell_command *command, struct torture_context *tctx, int argc, const char **argv) { - char * name; - switch (argc) { case 0: lpcfg_dump(tctx->lp_ctx, stdout, @@ -185,9 +183,12 @@ static void shell_set(const struct shell_command *command, break; case 2: - name = talloc_asprintf(NULL, "torture:%s", argv[0]); - lpcfg_set_cmdline(tctx->lp_ctx, name, argv[1]); - talloc_free(name); + /* We want to allow users to set any config option. Top level + * options will get checked against their static definition, but + * parametric options can't be checked and will just get stashed + * as they are provided. + */ + lpcfg_set_cmdline(tctx->lp_ctx, argv[0], argv[1]); break; default: diff --git a/source4/wscript_build b/source4/wscript_build index 6c1eac6905..090c914ae7 100644 --- a/source4/wscript_build +++ b/source4/wscript_build @@ -56,6 +56,7 @@ bld.RECURSE('cluster') bld.RECURSE('smbd') bld.RECURSE('libnet') bld.RECURSE('auth') +bld.RECURSE('../lib/iniparser/src') bld.RECURSE('../nsswitch') bld.RECURSE('../nsswitch/libwbclient') bld.RECURSE('lib/samba3') |