diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-03-28 21:57:15 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-03-28 21:57:15 +1100 |
| commit | 727ef40c2b56910028ef3c1092b8eab1bfa6ce63 (patch) | |
| tree | 7fee466b2aafea1d0873dababd20df7d01ea6cbd /testprogs | |
| parent | ebe5e8399422eb7e2ff4deb546338823e2718907 (diff) | |
| download | samba-727ef40c2b56910028ef3c1092b8eab1bfa6ce63.tar.gz | |
Fix and test python scripts and kerberos
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
Diffstat (limited to 'testprogs')
| -rwxr-xr-x | testprogs/blackbox/test_kinit.sh | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh index d4eff07c8de..dbcdcf11126 100755 --- a/testprogs/blackbox/test_kinit.sh +++ b/testprogs/blackbox/test_kinit.sh @@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin smbclient=$samba4bindir/smbclient samba4kinit=$samba4bindir/samba4kinit net=$samba4bindir/net +enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount" testit() { name="$1" @@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache" export KRB5CCNAME echo $PASSWORD > ./tmppassfile +#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` -testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit renew ticket" $samba4kinit --request-pac -R test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` @@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` USERPASS=testPass@12% +echo $USERPASS > ./tmpuserpassfile testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -#KRB5CCNAME=`pwd`/tmpuserccache -#export KRB5CCNAME -# -#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` -# -#KRB5CCNAME=`pwd`/tmpccache -#export KRB5CCNAME +testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1` -testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` +KRB5CCNAME="$PREFIX/tmpuserccache" +export KRB5CCNAME + +testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` + +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmpccache" +export KRB5CCNAME + +testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -rm -f tmpccfile tmppassfile tmpuserccache +rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache exit $failed |