1if [ $# -lt 6 ]; then
2cat <<EOF
3Usage: test_client_etypes.sh DC_SERVER DC_USERNAME DC_PASSWORD PREFIX_ABS ETYPE_CONF EXPECTED
4EOF
5exit 1;
6fi
7
8DC_SERVER=$1
9DC_USERNAME=$2
10DC_PASSWORD=$3
11BASEDIR=$4
12ETYPE_CONF=$5
13EXPECTED_ETYPES="$6"
14
15# Load test functions
16. `dirname $0`/subunit.sh
17
18KRB5CCNAME_PATH="$PREFIX/test_client_etypes_krb5ccname"
19rm -f $KRB5CCNAME_PATH
20
21KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
22export KRB5CCNAME
23
24#requires tshark and sha1sum
25if ! which tshark > /dev/null 2>&1 || ! which sha1sum > /dev/null 2>&1 ; then
26    subunit_start_test "client encryption types"
27    subunit_skip_test "client encryption types" <<EOF
28Skipping tests - tshark or sha1sum not installed
29EOF
30    exit 0
31fi
32
33HOSTNAME=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | sha1sum | cut -b 1-10`
34
35RUNDIR=`pwd`
36cd $BASEDIR
37WORKDIR=`mktemp -d -p .`
38WORKDIR=`basename $WORKDIR`
39cp -a client/* $WORKDIR/
40sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
41sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
42rm -f $WORKDIR/private/secrets.tdb
43cd $RUNDIR
44
45failed=0
46
47net_tool="$BINDIR/net -s $BASEDIR/$WORKDIR/client.conf --option=security=ads --option=kerberosencryptiontypes=$ETYPE_CONF"
48pcap_file=$BASEDIR/$WORKDIR/test.pcap
49
50export SOCKET_WRAPPER_PCAP_FILE=$pcap_file
51testit "join" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
52
53testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
54
55#The leave command does not use the locally-generated
56#krb5.conf
57export SOCKET_WRAPPER_PCAP_FILE=
58testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
59
60#
61# Older versions of tshark do not support -Y option,
62# They use -R which cannot be used with recent versions...
63#
64if ! tshark -r $pcap_file  -nVY "kerberos" > /dev/null 2>&1 ; then
65    subunit_start_test "client encryption types"
66    subunit_skip_test "client encryption types" <<EOF
67Skipping tests - old version of tshark detected
68EOF
69    exit 0
70fi
71
72actual_types="`tshark -r $pcap_file  -nVY "kerberos" | \
73	sed -rn -e 's/[[:space:]]*ENCTYPE:.*\(([^\)]*)\)$/\1/p' \
74	    -e 's/[[:space:]]*Encryption type:.*\(([^\)]*)\)$/\1/p' | \
75	sort -u | tr '\n' '_' | sed s/_$//`"
76
77testit "verify types" test "x$actual_types" = "x$EXPECTED_ETYPES" || failed=`expr $failed + 1`
78
79rm -rf $BASEDIR/$WORKDIR
80rm -f $KRB5CCNAME_PATH
81
82
83exit $failed
84