ctdb-daemon: Consolidate basic CTDB context initialisation
[samba.git] / testprogs / blackbox / test_trust_ntlm.sh
1 #!/bin/sh
2 # Copyright (C) 2017 Stefan Metzmacher <metze@samba.org>
3
4 if [ $# -lt 12 ]; then
5 cat <<EOF
6 Usage: $# test_trust_ntlm.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN TYPE UNTRUSTED TRUST_ERROR
7 EOF
8 exit 1;
9 fi
10
11 SERVER=$1
12 USERNAME=$2
13 PASSWORD=$3
14 REALM=$4
15 DOMAIN=$5
16 shift 5
17 TRUST_USERNAME=$1
18 TRUST_PASSWORD=$2
19 TRUST_REALM=$3
20 TRUST_DOMAIN=$4
21 shift 4
22 TYPE=$1
23 UNTRUSTED=$2
24 TRUST_ERROR=$3
25 shift 3
26 failed=0
27
28 samba4bindir="$BINDIR"
29
30 rpcclient="$samba4bindir/rpcclient"
31 smbclient="$samba4bindir/smbclient"
32 wbinfo="$samba4bindir/wbinfo"
33
34 unc="//$SERVER/tmp"
35
36 . `dirname $0`/subunit.sh
37 . `dirname $0`/common_test_fns.inc
38
39 DNAME="$DOMAIN"
40 NAME="$DNAME\\$USERNAME"
41 WBNAME="$DNAME/$USERNAME"
42 CREDS="$NAME%$PASSWORD"
43 WBCREDS="$WBNAME%$PASSWORD"
44 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
45 EXPSID="(User: 1)"
46 EXPDSID="(Domain: 3)"
47 test_rpcclient_grep "Test01 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
48 test_smbclient "Test01 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
49 testit "Test01 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
50 test_rpcclient_grep "Test01 rpcclient lookupnames with $NAME" "lookupnames_level 1 '$NAME'" "$SERVER" "$EXPSID" -U$CREDS || failed=`expr $failed + 1`
51 testit "Test01 wbinfo -n with $WBNAME" $VALGRIND $wbinfo -n "$WBNAME" || failed=`expr $failed + 1`
52 test_rpcclient_grep "Test01 rpcclient lookupnames with $DNAME" "lookupnames_level 1 '$DNAME'" "$SERVER" "$EXPDSID" -U$CREDS || failed=`expr $failed + 1`
53
54 DNAME="$REALM"
55 NAME="$DNAME\\$USERNAME"
56 WBNAME="$DNAME/$USERNAME"
57 CREDS="$NAME%$PASSWORD"
58 WBCREDS="$WBNAME%$PASSWORD"
59 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
60 EXPSID="(User: 1)"
61 EXPDSID="(Domain: 3)"
62 test_rpcclient_grep "Test02 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
63 test_smbclient "Test02 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
64 testit "Test02 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
65 test_rpcclient_grep "Test02 rpcclient lookupnames with $NAME" "lookupnames_level 1 '$NAME'" "$SERVER" "$EXPSID" -U$CREDS || failed=`expr $failed + 1`
66 testit "Test02 wbinfo -n with $WBNAME" $VALGRIND $wbinfo -n "$WBNAME" || failed=`expr $failed + 1`
67 test_rpcclient_grep "Test02 rpcclient lookupnames with $DNAME" "lookupnames_level 1 '$DNAME'" "$SERVER" "$EXPDSID" -U$CREDS || failed=`expr $failed + 1`
68
69 CREDS="$USERNAME@$DOMAIN%$PASSWORD"
70 WBCREDS="$USERNAME@$DOMAIN%$PASSWORD"
71 if [ x"$TYPE" = x"member" ]; then
72         EXPFAIL="NT_STATUS_LOGON_FAILURE"
73         # rpcclient doesn't handle -Uuser@domain yet
74         #test_rpcclient_expect_failure_grep "Fail03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
75         test_smbclient_expect_failure "Fail03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
76         # winbindd doesn't handle user@domain yet
77         #testit_expect_failure "Fail03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
78 else
79         EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
80         # rpcclient doesn't handle -Uuser@domain yet
81         #test_rpcclient_grep "Test03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
82         test_smbclient "Test03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
83         # winbindd doesn't handle user@domain yet
84         #testit "Test03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
85 fi
86
87 CREDS="$USERNAME@$REALM%$PASSWORD"
88 WBCREDS="$USERNAME@$REALM%$PASSWORD"
89 if [ x"$TYPE" = x"member" ]; then
90         EXPFAIL="NT_STATUS_LOGON_FAILURE"
91         # rpcclient doesn't handle -Uuser@domain yet
92         #test_rpcclient_expect_failure_grep "Fail04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
93         test_smbclient_expect_failure "Fail04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
94         # winbindd doesn't handle user@domain yet
95         #testit_expect_failure "Fail04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
96 else
97         EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
98         # rpcclient doesn't handle -Uuser@domain yet
99         #test_rpcclient_grep "Test04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
100         test_smbclient "Test04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
101         # winbindd doesn't handle user@domain yet
102         #testit "Test04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
103 fi
104
105 DNAME="UNKNOWNDOMAIN"
106 NAME="$DNAME\\$USERNAME"
107 WBNAME="$DNAME/$USERNAME"
108 CREDS="$NAME%$PASSWORD"
109 WBCREDS="$WBNAME%$PASSWORD"
110 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
111 EXPSID="NT_STATUS_NONE_MAPPED"
112 EXPDSID="NT_STATUS_NONE_MAPPED"
113 test_rpcclient_grep "Test05 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
114 test_smbclient "Test05 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
115 testit_expect_failure "Fail05 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
116 test_rpcclient_expect_failure_grep "Test05 rpcclient lookupnames with $NAME" "lookupnames_level 1 '$NAME'" "$SERVER" "$EXPSID" -U$CREDS || failed=`expr $failed + 1`
117 testit_expect_failure "Test05 wbinfo -n with $WBNAME" $VALGRIND $wbinfo -n "$WBNAME" || failed=`expr $failed + 1`
118 test_rpcclient_expect_failure_grep "Test05 rpcclient lookupnames with $DNAME" "lookupnames_level 1 '$DNAME'" "$SERVER" "$EXPDSID" -U$CREDS || failed=`expr $failed + 1`
119
120 CREDS="$TRUST_DOMAIN\\$USERNAME%$PASSWORD"
121 WBCREDS="$TRUST_DOMAIN/$USERNAME%$PASSWORD"
122 EXPFAIL="$TRUST_ERROR"
123 test_rpcclient_expect_failure_grep "Fail06 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
124 test_smbclient_expect_failure "Fail06 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
125 testit_expect_failure "Fail06 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
126
127 DNAME="$TRUST_DOMAIN"
128 NAME="$DNAME\\$TRUST_USERNAME"
129 WBNAME="$DNAME/$TRUST_USERNAME"
130 CREDS="$NAME%$TRUST_PASSWORD"
131 WBCREDS="$WBNAME%$TRUST_PASSWORD"
132 EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
133 EXPSID="(User: 1)"
134 EXPDSID="(Domain: 3)"
135 test_rpcclient_grep "Test07 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
136 test_smbclient "Test07 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
137 testit "Test07 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
138 test_rpcclient_grep "Test07 rpcclient lookupnames with $NAME" "lookupnames_level 1 '$NAME'" "$SERVER" "$EXPSID" -U$CREDS || failed=`expr $failed + 1`
139 testit "Test07 wbinfo -n with $WBNAME" $VALGRIND $wbinfo -n "$WBNAME" || failed=`expr $failed + 1`
140 test_rpcclient_grep "Test07 rpcclient lookupnames with $DNAME" "lookupnames_level 1 '$DNAME'" "$SERVER" "$EXPDSID" -U$CREDS || failed=`expr $failed + 1`
141
142 DNAME="$TRUST_REALM"
143 NAME="$DNAME\\$TRUST_USERNAME"
144 WBNAME="$DNAME/$TRUST_USERNAME"
145 CREDS="$NAME%$TRUST_PASSWORD"
146 WBCREDS="$WBNAME%$TRUST_PASSWORD"
147 EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
148 EXPSID="(User: 1)"
149 EXPDSID="(Domain: 3)"
150 test_rpcclient_grep "Test08 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
151 test_smbclient "Test08 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
152 testit "Test08 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
153 test_rpcclient_grep "Test08 rpcclient lookupnames with $NAME" "lookupnames_level 1 '$NAME'" "$SERVER" "$EXPSID" -U$CREDS || failed=`expr $failed + 1`
154 testit "Test08 wbinfo -n with $WBNAME" $VALGRIND $wbinfo -n "$WBNAME" || failed=`expr $failed + 1`
155 test_rpcclient_grep "Test08 rpcclient lookupnames with $DNAME" "lookupnames_level 1 '$DNAME'" "$SERVER" "$EXPDSID" -U$CREDS || failed=`expr $failed + 1`
156
157 CREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
158 WBCREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
159 if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
160         # NT4 domain
161         EXPFAIL="NT_STATUS_LOGON_FAILURE"
162         # rpcclient doesn't handle -Uuser@domain yet
163         #test_rpcclient_expect_failure_grep "Fail09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
164         test_smbclient_expect_failure "Fail09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
165         # winbindd doesn't handle user@domain yet
166         #testit_expect_failure "Fail09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
167 else
168         EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
169         # rpcclient doesn't handle -Uuser@domain yet
170         #test_rpcclient_grep "Test09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
171         test_smbclient "Test09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
172         # winbindd doesn't handle user@domain yet
173         #testit "Test09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
174 fi
175
176 CREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
177 WBCREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
178 if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
179         # NT4 domain
180         EXPFAIL="NT_STATUS_LOGON_FAILURE"
181         # rpcclient doesn't handle -Uuser@domain yet
182         #test_rpcclient_expect_failure_grep "Fail10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
183         test_smbclient_expect_failure "Fail10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
184         # winbindd doesn't handle user@domain yet
185         #testit_expect_failure "Fail10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
186 else
187         EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
188         # rpcclient doesn't handle -Uuser@domain yet, maybe smbclient for now?
189         #test_rpcclient_grep "Test10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
190         test_smbclient "Test10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
191         # winbindd doesn't handle user@domain yet
192         #testit "Test10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
193 fi
194
195 lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
196
197 #if test x$TYPE = x"forest"; then
198 #
199 #fi
200 #
201 #if test x$UNTRUSTED = x"yes"; then
202 #
203 #fi
204
205 exit $failed