From 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 4 Sep 2018 10:53:52 +0200
Subject: testprogs/blackbox: let test_trust_user_account.sh check the correct
 kerberos salt

This demonstrates the bug we currently have.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 testprogs/blackbox/test_trust_user_account.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'testprogs')

diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh
index 9fbe25e16a3..b0dc8a9f773 100755
--- a/testprogs/blackbox/test_trust_user_account.sh
+++ b/testprogs/blackbox/test_trust_user_account.sh
@@ -37,6 +37,20 @@ export KRB5CCNAME
 
 rm -f $KRB5CCNAME
 
+EXPECTED_SALT="${OUR_REALM}krbtgt${REMOTE_FLAT}"
+#
+# Note the \$ is for the end of line in grep
+#
+# There must be no trailing '$' in the SALT string itself,
+# it's removed from the sAMAccountName value (which includes the trailing '$')
+# before construting the salt!
+#
+# Otherwise this would be:
+# "^virtualKerberosSalt: ${EXPECTED_SALT}\\\$\$"
+#
+EXPECTED_GREP="^virtualKerberosSalt: ${EXPECTED_SALT}\$"
+testit_grep "get virtualKerberosSalt for TDA of $REMOTE_FLAT\$" "$EXPECTED_GREP" $samba_tool user getpassword "$REMOTE_FLAT\$" $CONFIGURATION --attributes=virtualKerberosSalt || failed=`expr $failed + 1`
+
 testit "kinit with keytab for TDA of $REMOTE_REALM" $samba4kinit -t $KEYTAB "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME $KEYTAB
-- 
cgit v1.2.1