summaryrefslogtreecommitdiffstats
path: root/source4/script
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-05-04 10:03:41 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:05:36 -0500
commit5f4d86f955d939e96ec9b81c8a9d080aab4354b6 (patch)
treeb785a6c2aa092fea9bd64391cc45915788b31692 /source4/script
parent086c9cc5f4a9145ee93060db2eebb3badc325e44 (diff)
downloadsamba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.gz
samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.xz
samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.zip
r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
Diffstat (limited to 'source4/script')
-rwxr-xr-xsource4/script/tests/test_session_key.sh14
-rwxr-xr-xsource4/script/tests/test_w2k3.sh2
-rwxr-xr-xsource4/script/tests/tests_all.sh2
3 files changed, 11 insertions, 7 deletions
diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh
index 74de90f4796..5dbb4052eeb 100755
--- a/source4/script/tests/test_session_key.sh
+++ b/source4/script/tests/test_session_key.sh
@@ -2,7 +2,7 @@
if [ $# -lt 4 ]; then
cat <<EOF
-Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN
+Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN NETBIOSNAME
EOF
exit 1;
fi
@@ -11,7 +11,8 @@ server="$1"
username="$2"
password="$3"
domain="$4"
-shift 4
+netbios_name="$5"
+shift 5
incdir=`dirname $0`
. $incdir/test_functions.sh
@@ -33,13 +34,16 @@ for bindoptions in validate seal; do
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
"-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
"-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
- "-k no --option=usespnego=no" \
- ; do
+ "-k no --option=usespnego=no"; do
name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions"
- testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1`
+ testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain --option=gensec:target_hostname=$netbios_name RPC-SECRETS "$*" || failed=`expr $failed + 1`
done
done
done
done
+ name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos"
+ testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1`
+ name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos (use target principal)"
+ testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1`
done
testok $0 $failed
diff --git a/source4/script/tests/test_w2k3.sh b/source4/script/tests/test_w2k3.sh
index 3e7da590c0e..d3192e7bc92 100755
--- a/source4/script/tests/test_w2k3.sh
+++ b/source4/script/tests/test_w2k3.sh
@@ -31,7 +31,7 @@ failed=0
name="RPC-SPOOLSS on ncacn_np"
testit "$name" bin/smbtorture $TORTURE_OPTIONS ncacn_np:"$server" $OPTIONS RPC-SPOOLSS "$*" || failed=`expr $failed + 1`
-for bindoptions in padcheck connect sign seal spnego,sign spnego,seal validate bigendian; do
+for bindoptions in padcheck connect sign seal ntlm,sign ntlm,seal validate bigendian; do
for transport in ncacn_ip_tcp ncacn_np; do
case $transport in
ncacn_np) tests=$ncacn_np_tests ;;
diff --git a/source4/script/tests/tests_all.sh b/source4/script/tests/tests_all.sh
index d5d20d8f92b..a93614b91cf 100755
--- a/source4/script/tests/tests_all.sh
+++ b/source4/script/tests/tests_all.sh
@@ -3,7 +3,7 @@
$SRCDIR/script/tests/test_nbt.sh $SERVER || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD "" || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_rpc.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?`
- $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?`
+ $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN $NETBIOSNAME || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_binding_string.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_echo.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?`
$SRCDIR/script/tests/test_posix.sh //$SERVER/tmp $USERNAME $PASSWORD "" || failed=`expr $failed + $?`