diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-01-05 14:54:45 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2015-01-23 05:42:07 +0100 |
commit | 9a0aa6f6f7217399eaac34aa8ac82b49d953175a (patch) | |
tree | a97836cfaf45a0a4af89251b56f2f2184b77d2ca /source4/torture/krb5 | |
parent | 7afff0c52e6b1af7534fc7b410bcd67611a5a08f (diff) | |
download | samba-9a0aa6f6f7217399eaac34aa8ac82b49d953175a.tar.gz |
torture: Start a new testsuite for krb5 and KDC behaviour
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/torture/krb5')
-rw-r--r-- | source4/torture/krb5/kdc.c | 118 | ||||
-rw-r--r-- | source4/torture/krb5/wscript_build | 11 |
2 files changed, 129 insertions, 0 deletions
diff --git a/source4/torture/krb5/kdc.c b/source4/torture/krb5/kdc.c new file mode 100644 index 00000000000..9dcee40e0d7 --- /dev/null +++ b/source4/torture/krb5/kdc.c @@ -0,0 +1,118 @@ +/* + Unix SMB/CIFS implementation. + + Validate the krb5 pac generation routines + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2015 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "system/kerberos.h" +#include "torture/smbtorture.h" +#include "torture/winbind/proto.h" +#include "auth/credentials/credentials.h" +#include "lib/cmdline/popt_common.h" +#include "source4/auth/kerberos/kerberos.h" +#include "source4/auth/kerberos/kerberos_util.h" +#include "lib/util/util_net.h" + +static bool torture_krb5_init_context(struct torture_context *tctx, + struct smb_krb5_context **smb_krb5_context) +{ + const char *host = torture_setting_string(tctx, "host", NULL); + krb5_error_code k5ret; + bool ok; + struct addrinfo *server; + + k5ret = smb_krb5_init_context(tctx, tctx->lp_ctx, smb_krb5_context); + torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed"); + + ok = interpret_string_addr_internal(&server, host, AI_NUMERICHOST); + torture_assert(tctx, ok, "Failed to parse target server"); + + set_sockaddr_port(server->ai_addr, 88); + + k5ret = krb5_set_send_to_kdc_func((*smb_krb5_context)->krb5_context, + smb_krb5_send_and_recv_func_forced, + server); + torture_assert_int_equal(tctx, k5ret, 0, "krb5_set_send_to_kdc_func failed"); + return true; +} + +static bool torture_krb5_as_req_1(struct torture_context *tctx) +{ + krb5_error_code k5ret; + bool ok; + krb5_creds my_creds; + krb5_principal principal; + struct smb_krb5_context *smb_krb5_context; + enum credentials_obtained obtained; + const char *error_string; + const char *password = cli_credentials_get_password(cmdline_credentials); + + ok = torture_krb5_init_context(tctx, &smb_krb5_context); + torture_assert(tctx, ok, "torture_krb5_init_context failed"); + + k5ret = principal_from_credentials(tctx, cmdline_credentials, smb_krb5_context, &principal, &obtained, &error_string); + torture_assert_int_equal(tctx, k5ret, 0, error_string); + + k5ret = krb5_get_init_creds_password(smb_krb5_context->krb5_context, &my_creds, principal, + password, NULL, NULL, 0, + NULL, NULL); + torture_assert_int_equal(tctx, k5ret, 0, "krb5_get_init_creds_password failed"); + + torture_assert_int_equal(tctx, + krb5_principal_get_type(smb_krb5_context->krb5_context, + my_creds.client), KRB5_NT_PRINCIPAL, + "smb_krb5_init_context gave incorrect client->name.name_type"); + + torture_assert(tctx, krb5_principal_compare(smb_krb5_context->krb5_context, + principal, my_creds.client), + "krb5_get_init_creds_password returned a different principal"); + + torture_assert_int_equal(tctx, + krb5_principal_get_type(smb_krb5_context->krb5_context, + my_creds.server), KRB5_NT_SRV_INST, + "smb_krb5_init_context gave incorrect client->name.name_type"); + + torture_assert_str_equal(tctx, krb5_principal_get_comp_string(smb_krb5_context->krb5_context, + my_creds.server, 0), + "krbtgt", + "smb_krb5_init_context gave incorrect my_creds.server->name.name_string[0]"); + + k5ret = krb5_free_cred_contents(smb_krb5_context->krb5_context, &my_creds); + torture_assert_int_equal(tctx, k5ret, 0, "krb5_free_creds failed"); + + return true; +} + +NTSTATUS torture_krb5_init(void); +NTSTATUS torture_krb5_init(void) +{ + struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "krb5"); + struct torture_suite *kdc_suite = torture_suite_create(suite, "kdc"); + suite->description = talloc_strdup(suite, "Kerberos tests"); + kdc_suite->description = talloc_strdup(kdc_suite, "Kerberos KDC tests"); + + torture_suite_add_simple_test(kdc_suite, "as-req-1", + torture_krb5_as_req_1); + + torture_suite_add_suite(suite, kdc_suite); + + torture_register_suite(suite); + return NT_STATUS_OK; +} diff --git a/source4/torture/krb5/wscript_build b/source4/torture/krb5/wscript_build new file mode 100644 index 00000000000..963c3a33f37 --- /dev/null +++ b/source4/torture/krb5/wscript_build @@ -0,0 +1,11 @@ +#!/usr/bin/env python +if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'): + bld.SAMBA_MODULE('TORTURE_KRB5', + source='kdc.c', + autoproto='proto.h', + subsystem='smbtorture', + init_function='torture_krb5_init', + deps='authkrb5 popt POPT_CREDENTIALS torture KERBEROS_UTIL', + internal_module=True + ) + |