testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt

This demonstrates the bug we currently have.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a)

2 files changed, 15 insertions, 0 deletions

diff --git a/selftest/knownfail.d/trust_user_account b/selftest/knownfail.d/trust_user_account
new file mode 100644
index 00000000000..1de5052b11d
--- /dev/null
+++ b/selftest/knownfail.d/trust_user_account
@@ -0,0 +1 @@
+^samba4.blackbox.trust_user_account.get.virtualKerberosSalt.for.TDA
diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh
index 9fbe25e16a3..b0dc8a9f773 100755
--- a/testprogs/blackbox/test_trust_user_account.sh
+++ b/testprogs/blackbox/test_trust_user_account.sh
@@ -37,6 +37,20 @@ export KRB5CCNAME
 
 rm -f $KRB5CCNAME
 
+EXPECTED_SALT="${OUR_REALM}krbtgt${REMOTE_FLAT}"
+#
+# Note the \$ is for the end of line in grep
+#
+# There must be no trailing '$' in the SALT string itself,
+# it's removed from the sAMAccountName value (which includes the trailing '$')
+# before construting the salt!
+#
+# Otherwise this would be:
+# "^virtualKerberosSalt: ${EXPECTED_SALT}\\\$\$"
+#
+EXPECTED_GREP="^virtualKerberosSalt: ${EXPECTED_SALT}\$"
+testit_grep "get virtualKerberosSalt for TDA of $REMOTE_FLAT\$" "$EXPECTED_GREP" $samba_tool user getpassword "$REMOTE_FLAT\$" $CONFIGURATION --attributes=virtualKerberosSalt || failed=`expr $failed + 1`
+
 testit "kinit with keytab for TDA of $REMOTE_REALM" $samba4kinit -t $KEYTAB "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME $KEYTAB