aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2018-02-16 18:15:28 +0200
committerStefan Metzmacher <metze@samba.org>2018-09-05 13:31:45 +0200
commit0534104e0b9634cde370275da6ed0032281385d8 (patch)
tree0de77376f8f87e011bb062774c0366b9caeab1b4
parentd39a80ce89403abf2fa8d5702cbf8332b23866a0 (diff)
downloadsamba-0534104e0b9634cde370275da6ed0032281385d8.tar.gz
samba-0534104e0b9634cde370275da6ed0032281385d8.tar.xz
samba-0534104e0b9634cde370275da6ed0032281385d8.zip
s4:selftest: test kinit with the interdomain trust user account
To test it, add a blackbox test that ensures we pass a keytab-based authentication with the trust user account for a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7df505298f71432d5adbcffccde8f97c117a57a6)
-rwxr-xr-xsource4/selftest/tests.py1
-rwxr-xr-xtestprogs/blackbox/test_trust_user_account.sh44
2 files changed, 45 insertions, 0 deletions
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 39d66d7f918..fd9475156d9 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -435,6 +435,7 @@ plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local
plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh
new file mode 100755
index 00000000000..9fbe25e16a3
--- /dev/null
+++ b/testprogs/blackbox/test_trust_user_account.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: test_trust_user_account.sh PREFIX OUR_REALM OUR_FLAT REMOTE_REALM REMOTE_FLAT
+EOF
+exit 1;
+fi
+
+PREFIX="$1"
+OUR_REALM="$2"
+OUR_FLAT="$3"
+REMOTE_REALM="$4"
+REMOTE_FLAT="$5"
+shift 5
+
+. `dirname $0`/subunit.sh
+
+
+samba_tool="$BINDIR/samba-tool"
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+samba4kinit="kinit -k"
+if test -x $BINDIR/samba4kinit; then
+ samba4kinit="$BINDIR/samba4kinit --use-keytab"
+fi
+
+KEYTAB="$PREFIX/tmptda.keytab"
+
+KRB5_TRACE=/dev/stderr
+export KRB5_TRACE
+
+testit "retrieve keytab for TDA of $REMOTE_REALM" $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmptda.ccache"
+export KRB5CCNAME
+
+rm -f $KRB5CCNAME
+
+testit "kinit with keytab for TDA of $REMOTE_REALM" $samba4kinit -t $KEYTAB "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
+
+rm -f $KRB5CCNAME $KEYTAB
+
+exit $failed