From 5f4d86f955d939e96ec9b81c8a9d080aab4354b6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 4 May 2006 10:03:41 +0000
Subject: r15426: Implement SPNEGO as the default RPC authentication mechanism.
  Where this isn't supported, fallback to NTLM.

Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS.  (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).

Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.

Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
---
 source4/script/tests/test_session_key.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'source4/script/tests/test_session_key.sh')

diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh
index 74de90f479..5dbb4052ee 100755
--- a/source4/script/tests/test_session_key.sh
+++ b/source4/script/tests/test_session_key.sh
@@ -2,7 +2,7 @@
 
 if [ $# -lt 4 ]; then
 cat <<EOF
-Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN
+Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN NETBIOSNAME
 EOF
 exit 1;
 fi
@@ -11,7 +11,8 @@ server="$1"
 username="$2"
 password="$3"
 domain="$4"
-shift 4
+netbios_name="$5"
+shift 5
 
 incdir=`dirname $0`
 . $incdir/test_functions.sh
@@ -33,13 +34,16 @@ for bindoptions in validate seal; do
         "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
         "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
         "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
-        "-k no --option=usespnego=no" \
-    ; do
+        "-k no --option=usespnego=no"; do
    name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions"
-   testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1`
+   testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain --option=gensec:target_hostname=$netbios_name RPC-SECRETS "$*" || failed=`expr $failed + 1`
   done
  done
  done
  done
+ name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos"
+ testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1`
+ name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos (use target principal)"
+ testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1`
 done
 testok $0 $failed
-- 
cgit