diff options
author | Alexander Bokovoy <ab@samba.org> | 2018-02-16 18:15:28 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-09-05 13:35:29 +0200 |
commit | f7b9267767c7989213fa2d20d356cd12756d6d89 (patch) | |
tree | d14ea9f23c46aab76d6f6dd723378ebf611432cb | |
parent | 38d7e58f4202b8cf27c5465fe64d870829813cf0 (diff) | |
download | samba-f7b9267767c7989213fa2d20d356cd12756d6d89.tar.gz |
s4:selftest: test kinit with the interdomain trust user account
To test it, add a blackbox test that ensures we pass a keytab-based
authentication with the trust user account for a trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7df505298f71432d5adbcffccde8f97c117a57a6)
-rwxr-xr-x | source4/selftest/tests.py | 1 | ||||
-rwxr-xr-x | testprogs/blackbox/test_trust_user_account.sh | 44 |
2 files changed, 45 insertions, 0 deletions
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 3c2e03d5262..70438903739 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -431,6 +431,7 @@ plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"]) plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs']) plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"]) +plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN']) plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"]) plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4]) plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh new file mode 100755 index 00000000000..9fbe25e16a3 --- /dev/null +++ b/testprogs/blackbox/test_trust_user_account.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +if [ $# -lt 1 ]; then +cat <<EOF +Usage: test_trust_user_account.sh PREFIX OUR_REALM OUR_FLAT REMOTE_REALM REMOTE_FLAT +EOF +exit 1; +fi + +PREFIX="$1" +OUR_REALM="$2" +OUR_FLAT="$3" +REMOTE_REALM="$4" +REMOTE_FLAT="$5" +shift 5 + +. `dirname $0`/subunit.sh + + +samba_tool="$BINDIR/samba-tool" +samba4bindir="$BINDIR" +samba4srcdir="$SRCDIR/source4" +samba4kinit="kinit -k" +if test -x $BINDIR/samba4kinit; then + samba4kinit="$BINDIR/samba4kinit --use-keytab" +fi + +KEYTAB="$PREFIX/tmptda.keytab" + +KRB5_TRACE=/dev/stderr +export KRB5_TRACE + +testit "retrieve keytab for TDA of $REMOTE_REALM" $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmptda.ccache" +export KRB5CCNAME + +rm -f $KRB5CCNAME + +testit "kinit with keytab for TDA of $REMOTE_REALM" $samba4kinit -t $KEYTAB "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1` + +rm -f $KRB5CCNAME $KEYTAB + +exit $failed |