testprogs/blackbox: add test_trust_ntlm.sh
[samba.git] / testprogs / blackbox / test_trust_ntlm.sh
1 #!/bin/sh
2 # Copyright (C) 2017 Stefan Metzmacher <metze@samba.org>
3
4 if [ $# -lt 12 ]; then
5 cat <<EOF
6 Usage: $# test_trust_ntlm.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN TYPE UNTRUSTED TRUST_ERROR
7 EOF
8 exit 1;
9 fi
10
11 SERVER=$1
12 USERNAME=$2
13 PASSWORD=$3
14 REALM=$4
15 DOMAIN=$5
16 shift 5
17 TRUST_USERNAME=$1
18 TRUST_PASSWORD=$2
19 TRUST_REALM=$3
20 TRUST_DOMAIN=$4
21 shift 4
22 TYPE=$1
23 UNTRUSTED=$2
24 TRUST_ERROR=$3
25 shift 3
26 failed=0
27
28 samba4bindir="$BINDIR"
29
30 rpcclient="$samba4bindir/rpcclient"
31 smbclient="$samba4bindir/smbclient"
32 wbinfo="$samba4bindir/wbinfo"
33
34 unc="//$SERVER/tmp"
35
36 . `dirname $0`/subunit.sh
37 . `dirname $0`/common_test_fns.inc
38
39 CREDS="$DOMAIN\\$USERNAME%$PASSWORD"
40 WBCREDS="$DOMAIN/$USERNAME%$PASSWORD"
41 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
42 test_rpcclient_grep "Test01 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
43 test_smbclient "Test01 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
44 testit "Test01 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
45
46 CREDS="$REALM\\$USERNAME%$PASSWORD"
47 WBCREDS="$REALM/$USERNAME%$PASSWORD"
48 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
49 test_rpcclient_grep "Test02 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
50 test_smbclient "Test02 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
51 testit "Test02 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
52
53 CREDS="$USERNAME@$DOMAIN%$PASSWORD"
54 WBCREDS="$USERNAME@$DOMAIN%$PASSWORD"
55 if [ x"$TYPE" = x"member" ]; then
56         EXPFAIL="NT_STATUS_LOGON_FAILURE"
57         # rpcclient doesn't handle -Uuser@domain yet
58         #test_rpcclient_expect_failure_grep "Fail03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
59         test_smbclient_expect_failure "Fail03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
60         # winbindd doesn't handle user@domain yet
61         #testit_expect_failure "Fail03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
62 else
63         EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
64         # rpcclient doesn't handle -Uuser@domain yet
65         #test_rpcclient_grep "Test03 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
66         test_smbclient "Test03 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
67         # winbindd doesn't handle user@domain yet
68         #testit "Test03 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
69 fi
70
71 CREDS="$USERNAME@$REALM%$PASSWORD"
72 WBCREDS="$USERNAME@$REALM%$PASSWORD"
73 if [ x"$TYPE" = x"member" ]; then
74         EXPFAIL="NT_STATUS_LOGON_FAILURE"
75         # rpcclient doesn't handle -Uuser@domain yet
76         #test_rpcclient_expect_failure_grep "Fail04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
77         test_smbclient_expect_failure "Fail04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
78         # winbindd doesn't handle user@domain yet
79         #testit_expect_failure "Fail04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
80 else
81         EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
82         # rpcclient doesn't handle -Uuser@domain yet
83         #test_rpcclient_grep "Test04 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
84         test_smbclient "Test04 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
85         # winbindd doesn't handle user@domain yet
86         #testit "Test04 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
87 fi
88
89 CREDS="UNKNOWNDOMAIN\\$USERNAME%$PASSWORD"
90 WBCREDS="UNKNOWNDOMAIN/$USERNAME%$PASSWORD"
91 EXPCREDS="Account Name: $USERNAME, Authority Name: $DOMAIN"
92 test_rpcclient_grep "Test05 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
93 test_smbclient "Test05 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
94 testit_expect_failure "Fail05 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
95
96 CREDS="$TRUST_DOMAIN\\$USERNAME%$PASSWORD"
97 WBCREDS="$TRUST_DOMAIN/$USERNAME%$PASSWORD"
98 EXPFAIL="$TRUST_ERROR"
99 test_rpcclient_expect_failure_grep "Fail06 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
100 test_smbclient_expect_failure "Fail06 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
101 testit_expect_failure "Fail06 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
102
103 CREDS="$TRUST_DOMAIN\\$TRUST_USERNAME%$TRUST_PASSWORD"
104 WBCREDS="$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"
105 EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
106 test_rpcclient_grep "Test07 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
107 test_smbclient "Test07 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
108 testit "Test07 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
109
110 CREDS="$TRUST_REALM\\$TRUST_USERNAME%$TRUST_PASSWORD"
111 WBCREDS="$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD"
112 EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
113 test_rpcclient_grep "Test08 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
114 test_smbclient "Test08 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
115 testit "Test08 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
116
117 CREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
118 WBCREDS="$TRUST_USERNAME@$TRUST_DOMAIN%$TRUST_PASSWORD"
119 if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
120         # NT4 domain
121         EXPFAIL="NT_STATUS_LOGON_FAILURE"
122         # rpcclient doesn't handle -Uuser@domain yet
123         #test_rpcclient_expect_failure_grep "Fail09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
124         test_smbclient_expect_failure "Fail09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
125         # winbindd doesn't handle user@domain yet
126         #testit_expect_failure "Fail09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
127 else
128         EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
129         # rpcclient doesn't handle -Uuser@domain yet
130         #test_rpcclient_grep "Test09 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
131         test_smbclient "Test09 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
132         # winbindd doesn't handle user@domain yet
133         #testit "Test09 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
134 fi
135
136 CREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
137 WBCREDS="$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD"
138 if [ x"$TRUST_REALM" = x"$TRUST_DOMAIN" ]; then
139         # NT4 domain
140         EXPFAIL="NT_STATUS_LOGON_FAILURE"
141         # rpcclient doesn't handle -Uuser@domain yet
142         #test_rpcclient_expect_failure_grep "Fail10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPFAIL" -U$CREDS && failed=`expr $failed + 1`
143         test_smbclient_expect_failure "Fail10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS && failed=`expr $failed + 1`
144         # winbindd doesn't handle user@domain yet
145         #testit_expect_failure "Fail10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS && failed=`expr $failed + 1`
146 else
147         EXPCREDS="Account Name: $TRUST_USERNAME, Authority Name: $TRUST_DOMAIN"
148         # rpcclient doesn't handle -Uuser@domain yet, maybe smbclient for now?
149         #test_rpcclient_grep "Test10 rpcclient getusername with $CREDS" getusername "$SERVER" "$EXPCREDS" -U$CREDS || failed=`expr $failed + 1`
150         test_smbclient "Test10 smbclient with $CREDS" 'ls' "$unc" -U$CREDS || failed=`expr $failed + 1`
151         # winbindd doesn't handle user@domain yet
152         #testit "Test10 wbinfo -a with $WBCREDS" $VALGRIND $wbinfo -a $WBCREDS || failed=`expr $failed + 1`
153 fi
154
155 lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
156
157 if test x$TYPE = x"forest"; then
158
159 fi
160
161 if test x$UNTRUSTED = x"yes"; then
162
163 fi
164 exit $failed