From 3e5ad20260f8366f1b1bc954f0199b7fd812bec7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Sep 2018 20:26:17 +1200
Subject: selftest/samba4.blackbox.export.keytab: Update to use a principal
 with SPN as UPN

The ability the kinit with an SPN (not also being a UPN) has gone away as
windows doesn't offer this functionality.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---
 testprogs/blackbox/test_export_keytab_heimdal.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'testprogs')

diff --git a/testprogs/blackbox/test_export_keytab_heimdal.sh b/testprogs/blackbox/test_export_keytab_heimdal.sh
index 608d78a0dd5..529961ea894 100755
--- a/testprogs/blackbox/test_export_keytab_heimdal.sh
+++ b/testprogs/blackbox/test_export_keytab_heimdal.sh
@@ -24,7 +24,8 @@ samba_tool="$samba4bindir/samba-tool"
 samba4ktutil="$BINDIR/samba4ktutil"
 newuser="$samba_tool user create"
 
-SERVER_FQDN="$SERVER.$(echo $REALM | tr '[:upper:]' '[:lower:]')"
+DNSDOMAIN=$(echo $REALM | tr '[:upper:]' '[:lower:]')
+SERVER_FQDN="$SERVER.$DNSDOMAIN"
 
 samba4kinit=kinit
 if test -x $BINDIR/samba4kinit; then
@@ -77,6 +78,9 @@ test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-2" "
 testit "dump keytab from domain for user principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-2 --principal=nettestuser@$REALM $@ || failed=`expr $failed + 1`
 test_keytab "dump keytab from domain for user principal (2nd time)" "$PREFIX/tmpkeytab-2" "nettestuser@$REALM" 5
 
+testit "dump keytab from domain for user principal with SPN as UPN" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-3 --principal=http/testupnspn.$DNSDOMAIN $@ || failed=`expr $failed + 1`
+test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-3" "http/testupnspn.$DNSDOMAIN@$REALM" 5
+
 KRB5CCNAME="$PREFIX/tmpuserccache"
 export KRB5CCNAME
 
@@ -93,11 +97,14 @@ export KRB5CCNAME
 
 testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
 
-KRB5CCNAME="$PREFIX/tmpserverccache"
+KRB5CCNAME="$PREFIX/tmpspnupnccache"
+export KRB5CCNAME
+testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-3 http/testupnspn.$DNSDOMAIN || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpadminccache"
 export KRB5CCNAME
-testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-server cifs/$SERVER_FQDN || failed=`expr $failed + 1`
 
 testit "del user" $VALGRIND $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
 
-rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-server
+rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-server $PREFIX/tmpspnupnccache
 exit $failed
-- 
cgit v1.2.1