diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-03-27 14:41:19 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-06-24 01:03:16 +0200 |
| commit | 0ba6e0dc2a96dd287ce5f82d620247312a2e86d9 (patch) | |
| tree | 6cd10ffd972ed1b09080baeb5368c8ac8f33bba0 /source4/torture/krb5 | |
| parent | 65355d694cbb8a6b77a2d0fd729d62821ea44770 (diff) | |
| download | samba-0ba6e0dc2a96dd287ce5f82d620247312a2e86d9.tar.gz | |
s4:torture/krb5: add a --option=torture:run_removedollar_test=true option to kdc-conon
With this option a machine account is tested without the trailing '$'
in the account name.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/torture/krb5')
| -rw-r--r-- | source4/torture/krb5/kdc-canon.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/source4/torture/krb5/kdc-canon.c b/source4/torture/krb5/kdc-canon.c index 20f0cf1b648..05514845c55 100644 --- a/source4/torture/krb5/kdc-canon.c +++ b/source4/torture/krb5/kdc-canon.c @@ -42,7 +42,8 @@ #define TEST_WIN2K 0x0000020 #define TEST_UPN 0x0000040 #define TEST_S4U2SELF 0x0000080 -#define TEST_ALL 0x00000FF +#define TEST_REMOVEDOLLAR 0x0000100 +#define TEST_ALL 0x00001FF struct test_data { const char *test_name; @@ -60,6 +61,7 @@ struct test_data { bool upn; bool other_upn_suffix; bool s4u2self; + bool removedollar; const char *krb5_service; const char *krb5_hostname; }; @@ -1445,6 +1447,12 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void * torture_skip(tctx, "This test needs a UPN specified as --option=torture:krb5-upn=user@example.com to run"); } + if (test_data->removedollar && + !torture_setting_bool(tctx, "run_removedollar_test", false)) + { + torture_skip(tctx, "--option=torture:run_removedollar_test=true not specified"); + } + if (test_data->netbios_realm) { test_data->realm = test_data->real_domain; } else { @@ -1501,6 +1509,16 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void * test_data->username = talloc_strdup(test_data, test_data->username); } + if (test_data->removedollar) { + char *p; + + p = strchr_m(test_data->username, '$'); + torture_assert(tctx, p != NULL, talloc_asprintf(tctx, + "username[%s] contains no '$'\n", + test_data->username)); + *p = '\0'; + } + principal_string = talloc_asprintf(test_data, "%s@%s", test_data->username, test_data->realm); /* @@ -2194,7 +2212,7 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) suite->description = talloc_strdup(suite, "Kerberos Canonicalisation tests"); for (i = 0; i < TEST_ALL; i++) { - char *name = talloc_asprintf(suite, "%s.%s.%s.%s.%s.%s.%s.%s", + char *name = talloc_asprintf(suite, "%s.%s.%s.%s.%s.%s.%s.%s.%s", (i & TEST_CANONICALIZE) ? "canon" : "no-canon", (i & TEST_ENTERPRISE) ? "enterprise" : "no-enterprise", (i & TEST_UPPER_REALM) ? "uc-realm" : "lc-realm", @@ -2202,7 +2220,8 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) (i & TEST_NETBIOS_REALM) ? "netbios-realm" : "krb5-realm", (i & TEST_WIN2K) ? "win2k" : "no-win2k", (i & TEST_UPN) ? "upn" : "no-upn", - (i & TEST_S4U2SELF) ? "s4u2self" : "normal"); + (i & TEST_S4U2SELF) ? "s4u2self" : "normal", + (i & TEST_REMOVEDOLLAR) ? "removedollar" : "keepdollar"); struct test_data *test_data = talloc_zero(suite, struct test_data); @@ -2220,6 +2239,7 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) test_data->win2k = (i & TEST_WIN2K) != 0; test_data->upn = (i & TEST_UPN) != 0; test_data->s4u2self = (i & TEST_S4U2SELF) != 0; + test_data->removedollar = (i & TEST_REMOVEDOLLAR) != 0; torture_suite_add_simple_tcase_const(suite, name, torture_krb5_as_req_canon, test_data); |