1if [ $# -lt 6 ]; then 2cat <<EOF 3Usage: test_client_etypes.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS ETYPE_CONF EXPECTED 4EOF 5exit 1; 6fi 7 8DC_SERVER=$1 9DC_USERNAME=$2 10DC_PASSWORD=$3 11BASEDIR=$4 12ETYPE_CONF=$5 13EXPECTED_ETYPES="$6" 14 15# Load test functions 16. `dirname $0`/subunit.sh 17 18KRB5CCNAME_PATH="$PREFIX/test_client_etypes_krb5ccname" 19rm -f $KRB5CCNAME_PATH 20 21KRB5CCNAME="FILE:$KRB5CCNAME_PATH" 22export KRB5CCNAME 23 24#requires tshark and sha1sum 25if ! which tshark > /dev/null 2>&1 || ! which sha1sum > /dev/null 2>&1 ; then 26 subunit_start_test "client encryption types" 27 subunit_skip_test "client encryption types" <<EOF 28Skipping tests - tshark or sha1sum not installed 29EOF 30 exit 0 31fi 32 33HOSTNAME=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10` 34 35RUNDIR=`pwd` 36cd $BASEDIR 37WORKDIR=`mktemp -d -p .` 38WORKDIR=`basename $WORKDIR` 39cp -a client/* $WORKDIR/ 40sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf 41sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf 42rm -f $WORKDIR/private/secrets.tdb 43cd $RUNDIR 44 45failed=0 46 47net_tool="$BINDIR/net -s $BASEDIR/$WORKDIR/client.conf --option=security=ads --option=kerberosencryptiontypes=$ETYPE_CONF" 48pcap_file=$BASEDIR/$WORKDIR/test.pcap 49 50export SOCKET_WRAPPER_PCAP_FILE=$pcap_file 51testit "join" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` 52 53testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1` 54 55#The leave command does not use the locally-generated 56#krb5.conf 57export SOCKET_WRAPPER_PCAP_FILE= 58testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` 59 60# 61# Older versions of tshark do not support -Y option, 62# They use -R which cannot be used with recent versions... 63# 64if ! tshark -r $pcap_file -nVY "kerberos" > /dev/null 2>&1 ; then 65 subunit_start_test "client encryption types" 66 subunit_skip_test "client encryption types" <<EOF 67Skipping tests - old version of tshark detected 68EOF 69 exit 0 70fi 71 72actual_types="`tshark -r $pcap_file -nVY "kerberos" | \ 73 sed -rn -e 's/[[:space:]]*ENCTYPE:.*\(([^\)]*)\)$/\1/p' \ 74 -e 's/[[:space:]]*Encryption type:.*\(([^\)]*)\)$/\1/p' | \ 75 sort -u | tr '\n' '_' | sed s/_$//`" 76 77testit "verify types" test "x$actual_types" = "x$EXPECTED_ETYPES" || failed=`expr $failed + 1` 78 79rm -rf $BASEDIR/$WORKDIR 80rm -f $KRB5CCNAME_PATH 81 82 83exit $failed 84