search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: Start release notes for Samba 4.23.0pre1.
[samba4-gss.git] / testprogs / blackbox / test_trust_utils.sh
blob3bd375a1fbc9e7fe008263c4e6294d9557cc36b0
1 #!/bin/sh
2 # Copyright (C) 2015 Stefan Metzmacher <metze@samba.org>
3
4 if [ $# -lt 12 ]; then
5 cat <<EOF
6 Usage: $# test_trust_utils.sh SERVER USERNAME PASSWORD REALM DOMAIN TRUST_USERNAME TRUST_PASSWORD TRUST_REALM TRUST_DOMAIN PREFIX TYPE
7 EOF
8 exit 1
9 fi
10
11 SERVER=$1
12 USERNAME=$2
13 PASSWORD=$3
14 REALM=$4
15 DOMAIN=$5
16 shift 5
17 TRUST_SERVER=$1
18 TRUST_USERNAME=$2
19 TRUST_PASSWORD=$3
20 TRUST_REALM=$4
21 TRUST_DOMAIN=$5
22 shift 5
23 PREFIX=$1
24 TYPE=$2
25 shift 2
26 failed=0
27
28 samba4bindir="$BINDIR"
29
30 samba_tool="$samba4bindir/samba-tool"
31
32 . $(dirname $0)/subunit.sh
33
34 CREDS="${DOMAIN}\\${USERNAME}%${PASSWORD}"
35 TRUST_CREDS_DOMAIN="${TRUST_DOMAIN}\\${TRUST_USERNAME}%${TRUST_PASSWORD}"
36 TRUST_SERVER_CREDS_DOMAIN_ARGS="--local-dc-ipaddress ${TRUST_SERVER} --local-dc-username ${TRUST_CREDS_DOMAIN}"
37
38 TRUST_CREDS_REALM="${TRUST_REALM}\\${TRUST_USERNAME}%${TRUST_PASSWORD}"
39 TRUST_SERVER_CREDS_REALM_ARGS="--local-dc-ipaddress ${TRUST_SERVER} --local-dc-username ${TRUST_CREDS_REALM}"
40
41 list="$VALGRIND $PYTHON $samba_tool domain trust list"
42 testit "list domains default" $list || failed=$(expr $failed + 1)
43
44 # Show that the domain name and realm work
45 testit "list domains reverse (DOMAIN)" $list ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
46 testit "list domains reverse (REALM)" $list ${TRUST_SERVER_CREDS_REALM_ARGS} || failed=$(expr $failed + 1)
47
48 show="$VALGRIND $PYTHON $samba_tool domain trust show"
49 testit "show domains default realm" $show ${TRUST_REALM} || failed=$(expr $failed + 1)
50 testit "show domains reverse realm" $show ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
51 testit "show domains default netbios" $show ${TRUST_DOMAIN} || failed=$(expr $failed + 1)
52 testit "show domains reverse netbios" $show ${DOMAIN} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
53
54 validate="$VALGRIND $PYTHON $samba_tool domain trust validate"
55 testit "validate trust default both" $validate ${TRUST_REALM} -U${TRUST_CREDS_DOMAIN} || failed=$(expr $failed + 1)
56 testit "validate trust default local" $validate ${TRUST_REALM} --validate-location=local || failed=$(expr $failed + 1)
57 testit "validate trust reverse both" $validate ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} -U${CREDS} || failed=$(expr $failed + 1)
58 testit "validate trust reverse local" $validate ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --validate-location=local || failed=$(expr $failed + 1)
59
60 namespaces="$VALGRIND $PYTHON $samba_tool domain trust namespaces"
61 testit "namespaces own default" $namespaces || failed=$(expr $failed + 1)
62 testit "namespaces own reverse" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
63
64 DOMSID=$($namespaces | grep LocalDomain | sed -e 's!.*SID\[\(.*\)\].*!\1!')
65 #testit_expect_failure "namespaces domsid default" echo ${DOMSID} || failed=`expr $failed + 1`
66
67 TRUST_DOMSID=$($namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} | grep LocalDomain | sed -e 's!.*SID\[\(.*\)\].*!\1!')
68 #testit_expect_failure "namespaces domsid reverse" echo ${TRUST_DOMSID} || failed=`expr $failed + 1`
69
70 if test x$TYPE = x"forest"; then
71 testit "namespaces trust default realm 1" $namespaces ${TRUST_REALM} || failed=$(expr $failed + 1)
72 testit "namespaces trust reverse realm 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
73
74 testit "namespaces trust default domain 1" $namespaces ${TRUST_DOMAIN} || failed=$(expr $failed + 1)
75 testit "namespaces trust reverse domain 1" $namespaces ${DOMAIN} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
76
77 testit "namespaces own default add-upn-suffix 1" $namespaces --add-upn-suffix=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
78 testit "namespaces own reverse add-upn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-upn-suffix=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
79
80 testit "namespaces own default add-upn-suffix 2" $namespaces --add-upn-suffix=${TRUST_REALM} || failed=$(expr $failed + 1)
81 testit "namespaces own reverse add-upn-suffix 2" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-upn-suffix=${REALM} || failed=$(expr $failed + 1)
82
83 testit "namespaces own default add-spn-suffix 1" $namespaces --add-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
84 testit "namespaces own reverse add-spn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
85
86 testit "namespaces trust default check 1" $namespaces ${TRUST_REALM} --refresh=check || failed=$(expr $failed + 1)
87 testit "namespaces trust reverse check 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=check || failed=$(expr $failed + 1)
88
89 testit "namespaces trust default store 1" $namespaces ${TRUST_REALM} --refresh=store || failed=$(expr $failed + 1)
90 testit "namespaces trust reverse store 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=store || failed=$(expr $failed + 1)
91
92 testit "namespaces trust default enable-tln 1" $namespaces ${TRUST_REALM} --enable-tln=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
93 testit "namespaces trust reverse enable-tln 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
94
95 testit "namespaces trust default enable-tln 2" $namespaces ${TRUST_REALM} --enable-tln=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
96 testit "namespaces trust reverse enable-tln 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
97
98 testit "namespaces trust default enable-tln 3" $namespaces ${TRUST_REALM} --enable-tln=${TRUST_REALM} || failed=$(expr $failed + 1)
99 testit "namespaces trust reverse enable-tln 3" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-tln=${REALM} || failed=$(expr $failed + 1)
100
101 testit "namespaces trust default disable-nb 1" $namespaces ${TRUST_REALM} --disable-nb=${TRUST_DOMAIN} || failed=$(expr $failed + 1)
102 testit "namespaces trust reverse disable-nb 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-nb=${DOMAIN} || failed=$(expr $failed + 1)
103
104 testit "namespaces trust default disable-sid 1" $namespaces ${TRUST_REALM} --disable-sid=${TRUST_DOMSID} || failed=$(expr $failed + 1)
105 testit "namespaces trust reverse disable-sid 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-sid=${DOMSID} || failed=$(expr $failed + 1)
106
107 testit "namespaces trust default disable-tln 1" $namespaces ${TRUST_REALM} --disable-tln=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
108 testit "namespaces trust reverse disable-tln 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --disable-tln=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
109
110 testit "namespaces trust default add-tln-ex 1" $namespaces ${TRUST_REALM} --add-tln-ex=exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
111 testit "namespaces trust reverse add-tln-ex 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-tln-ex=exclude.${REALM} || failed=$(expr $failed + 1)
112
113 testit "namespaces trust default add-tln-ex 2" $namespaces ${TRUST_REALM} --add-tln-ex=sub.exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
114 testit "namespaces trust reverse add-tln-ex 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --add-tln-ex=sub.exclude.${REALM} || failed=$(expr $failed + 1)
115
116 testit "namespaces trust default realm 2" $namespaces ${TRUST_REALM} || failed=$(expr $failed + 1)
117 testit "namespaces trust reverse realm 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} || failed=$(expr $failed + 1)
118
119 testit "namespaces trust default delete-tln-ex 1" $namespaces ${TRUST_REALM} --delete-tln-ex=exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
120 testit "namespaces trust reverse delete-tln-ex 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-tln-ex=exclude.${REALM} || failed=$(expr $failed + 1)
121
122 testit "namespaces trust default delete-tln-ex 2" $namespaces ${TRUST_REALM} --delete-tln-ex=sub.exclude.${TRUST_REALM} || failed=$(expr $failed + 1)
123 testit "namespaces trust reverse delete-tln-ex 2" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-tln-ex=sub.exclude.${REALM} || failed=$(expr $failed + 1)
124
125 testit "namespaces own default delete-upn-suffix 1" $namespaces --delete-upn-suffix=default.test_trust_utils.example.com || failed=$(expr $failed + 1)
126 testit "namespaces own reverse delete-upn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-upn-suffix=reverse.test_trust_utils.example.com || failed=$(expr $failed + 1)
127
128 testit "namespaces own default delete-upn-suffix 2" $namespaces --delete-upn-suffix=${TRUST_REALM} || failed=$(expr $failed + 1)
129 testit "namespaces own reverse delete-upn-suffix 2" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-upn-suffix=${REALM} || failed=$(expr $failed + 1)
130
131 testit "namespaces own default delete-spn-suffix 1" $namespaces --delete-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
132 testit "namespaces own reverse delete-spn-suffix 1" $namespaces ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --delete-spn-suffix=spn.test_trust_utils.example.com || failed=$(expr $failed + 1)
133
134 testit "namespaces trust default enable-nb 1" $namespaces ${TRUST_REALM} --enable-nb=${TRUST_DOMAIN} || failed=$(expr $failed + 1)
135 testit "namespaces trust reverse enable-nb 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-nb=${DOMAIN} || failed=$(expr $failed + 1)
136
137 testit "namespaces trust default enable-sid 1" $namespaces ${TRUST_REALM} --enable-sid=${TRUST_DOMSID} || failed=$(expr $failed + 1)
138 testit "namespaces trust reverse enable-sid 1" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --enable-sid=${DOMSID} || failed=$(expr $failed + 1)
139
140 testit "namespaces trust default reset final" $namespaces ${TRUST_REALM} --refresh=store --enable-all || failed=$(expr $failed + 1)
141 testit "namespaces trust reverse reset final" $namespaces ${REALM} ${TRUST_SERVER_CREDS_DOMAIN_ARGS} --refresh=store --enable-all || failed=$(expr $failed + 1)
142 fi
143
144 exit $failed
GSS-enabled samba4