testprogs/blackbox: let test_rpcclient_schannel.sh explicitly use --option=clientusek...

This also tests lsa over kerberos

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

diff --git a/testprogs/blackbox/test_rpcclient_schannel.sh b/testprogs/blackbox/test_rpcclient_schannel.sh
index 798d23506a59faa20251fe567cfda332cfdfa617..829734466014549ad1ffdac7b9915532536630bb 100755 (executable)
--- a/testprogs/blackbox/test_rpcclient_schannel.sh
+++ b/testprogs/blackbox/test_rpcclient_schannel.sh
@@ -30,16 +30,24 @@ samba_rpcclient="${samba_bindir}/rpcclient"
 
 test_rpc_getusername()
 {
-       cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c getusername 2>&1"
+       account="$1"
+       authority="$2"
+       shift 2
+       args="$@"
+       cmd="$samba_rpcclient ncacn_np:${SERVER}[schannel] $args --configfile=${CONFIGURATION} -c getusername 2>&1"
        out=$(eval "$cmd")
        ret=$?
        if [ $ret -ne 0 ]; then
+               echo "account: ${account}"
+               echo "authority: ${authority}"
+               echo "args: ${args}"
+               echo "$cmd"
                echo "Failed to connect! Error: $ret"
                echo "$out"
                return 1
        fi
 
-       echo "$out" | grep -q "Account Name: ANONYMOUS LOGON, Authority Name: NT AUTHORITY"
+       echo "$out" | grep -q -- "Account Name: ${account}, Authority Name: ${authority}"
        ret=$?
        if [ $ret -ne 0 ]; then
                echo "Incorrect account/authority name! Error: $ret"
@@ -52,10 +60,13 @@ test_rpc_getusername()
 
 test_rpc_lookupsids()
 {
-       cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] --machine-pass --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
+       args="$@"
+       cmd="$samba_rpcclient ncacn_ip_tcp:${SERVER}[schannel] ${args} --configfile=${CONFIGURATION} -c 'lookupsids3 S-1-1-0' 2>&1"
        out=$(eval "$cmd")
        ret=$?
        if [ $ret -ne 0 ]; then
+               echo "args: ${args}"
+               echo "$cmd"
                echo "Failed to connect! Error: $ret"
                echo "$out"
                return 1
@@ -72,23 +83,45 @@ test_rpc_lookupsids()
        return 0
 }
 
-testit "ncacn_np.getusername" \
-       test_rpc_getusername ||
+testit "ncacn_np.getusername.schannel" \
+       test_rpc_getusername \
+       "ANONYMOUS.LOGON" "NT.AUTHORITY" \
+       "--machine-pass --option=clientusekrb5netlogon=no" || \
+       failed=$((failed + 1))
+
+testit "ncacn_np.getusername.krb5" \
+       test_rpc_getusername \
+       '[0-9A-Za-z][0-9A-Za-z]*\$' "${DOMAIN}" \
+       "--machine-pass --option=clientusekrb5netlogon=yes" || \
        failed=$((failed + 1))
 
 if [[ "$TESTENV" == "ad_member_fips"* ]]; then
        unset GNUTLS_FORCE_FIPS_MODE
 
-       testit "ncacn_np.getusername.fips" \
-               test_rpc_getusername ||
+       testit "ncacn_np.getusername.fips.schannel" \
+               test_rpc_getusername \
+               "ANONYMOUS.LOGON" "NT.AUTHORITY" \
+               "--machine-pass --option=clientusekrb5netlogon=no" || \
+               failed=$((failed + 1))
+
+       testit "ncacn_np.getusername.fips.krb5" \
+               test_rpc_getusername \
+               '[0-9A-Za-z][0-9A-Za-z]*\$' "${DOMAIN}" \
+               "--machine-pass --option=clientusekrb5netlogon=yes" || \
                failed=$((failed + 1))
 
        GNUTLS_FORCE_FIPS_MODE=1
        export GNUTLS_FORCE_FIPS_MODE
 fi
 
-testit "ncacn_ip_tcp.lookupsids" \
-       test_rpc_lookupsids ||
+testit "ncacn_ip_tcp.lookupsids.schannel" \
+       test_rpc_lookupsids \
+       "--machine-pass --option=clientusekrb5netlogon=no" || \
+       failed=$((failed + 1))
+
+testit "ncacn_ip_tcp.lookupsids.krb5" \
+       test_rpc_lookupsids \
+       "--machine-pass --option=clientusekrb5netlogon=yes" || \
        failed=$((failed + 1))
 
 exit ${failed}