testprogs/blackbox/test_client_etypes.sh

   1 if [ $# -lt 6 ]; then
   2 cat <<EOF
   3 Usage: test_client_etypes.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS ETYPE_CONF EXPECTED
   4 EOF
   5 exit 1;
   6 fi
   7
   8 DC_SERVER=$1
   9 DC_USERNAME=$2
  10 DC_PASSWORD=$3
  11 BASEDIR=$4
  12 ETYPE_CONF=$5
  13 EXPECTED_ETYPES="$6"
  14
  15 # Load test functions
  16 . `dirname $0`/subunit.sh
  17
  18 KRB5CCNAME_PATH="$PREFIX/test_client_etypes_krb5ccname"
  19 rm -f $KRB5CCNAME_PATH
  20
  21 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
  22 export KRB5CCNAME
  23
  24 #requires tshark and sha1sum
  25 if ! which tshark > /dev/null 2>&1 || ! which sha1sum > /dev/null 2>&1 ; then
  26     subunit_start_test "client encryption types"
  27     subunit_skip_test "client encryption types" <<EOF
  28 Skipping tests - tshark or sha1sum not installed
  29 EOF
  30     exit 0
  31 fi
  32
  33 HOSTNAME=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10`
  34
  35 RUNDIR=`pwd`
  36 cd $BASEDIR
  37 WORKDIR=`mktemp -d -p .`
  38 WORKDIR=`basename $WORKDIR`
  39 cp -a client/* $WORKDIR/
  40 sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
  41 sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
  42 rm -f $WORKDIR/private/secrets.tdb
  43 cd $RUNDIR
  44
  45 failed=0
  46
  47 net_tool="$BINDIR/net -s $BASEDIR/$WORKDIR/client.conf --option=security=ads --option=kerberosencryptiontypes=$ETYPE_CONF"
  48 pcap_file=$BASEDIR/$WORKDIR/test.pcap
  49
  50 export SOCKET_WRAPPER_PCAP_FILE=$pcap_file
  51 testit "join" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
  52
  53 testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
  54
  55 #The leave command does not use the locally-generated
  56 #krb5.conf
  57 export SOCKET_WRAPPER_PCAP_FILE=
  58 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
  59
  60 #
  61 # Older versions of tshark do not support -Y option,
  62 # They use -R which cannot be used with recent versions...
  63 #
  64 if ! tshark -r $pcap_file  -nVY "kerberos" > /dev/null 2>&1 ; then
  65     subunit_start_test "client encryption types"
  66     subunit_skip_test "client encryption types" <<EOF
  67 Skipping tests - old version of tshark detected
  68 EOF
  69     exit 0
  70 fi
  71
  72 actual_types="`tshark -r $pcap_file  -nVY "kerberos" | \
  73         sed -rn -e 's/[[:space:]]*ENCTYPE:.*\(([^\)]*)\)$/\1/p' \
  74             -e 's/[[:space:]]*Encryption type:.*\(([^\)]*)\)$/\1/p' | \
  75         sort -u | tr '\n' '_' | sed s/_$//`"
  76
  77 testit "verify types" test "x$actual_types" = "x$EXPECTED_ETYPES" || failed=`expr $failed + 1`
  78
  79 rm -rf $BASEDIR/$WORKDIR
  80 rm -f $KRB5CCNAME_PATH
  81
  82
  83 exit $failed