diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-07-27 22:39:10 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-07-27 22:41:43 +1000 |
| commit | cdd7a5208fbcb65e4a75ee08f8f015530f418c15 (patch) | |
| tree | dbb0f62bc7eaf986486de8170d3eec2a07089cdd | |
| parent | a40ce5d0d9d06f592a8885162bbaf644006b9f0f (diff) | |
| download | samba-cdd7a5208fbcb65e4a75ee08f8f015530f418c15.tar.gz samba-cdd7a5208fbcb65e4a75ee08f8f015530f418c15.tar.bz2 samba-cdd7a5208fbcb65e4a75ee08f8f015530f418c15.zip | |
s4:kerberos Add test to show that we actually export the keytab
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
| -rw-r--r-- | selftest/target/Samba4.pm | 2 | ||||
| -rwxr-xr-x | source4/selftest/tests.sh | 1 | ||||
| -rwxr-xr-x | testprogs/blackbox/test_export_keytab.sh | 67 |
3 files changed, 69 insertions, 1 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 781c9f3ae8..7833bf4479 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -488,7 +488,7 @@ sub provision_raw_prepare($$$$$$$) $ctx->{kdc_ipv4} = $kdc_ipv4; $ctx->{server_loglevel} = 1; - $ctx->{username} = "administrator"; + $ctx->{username} = "Administrator"; $ctx->{domain} = "SAMBADOMAIN"; $ctx->{realm} = "SAMBA.EXAMPLE.COM"; $ctx->{dnsname} = "samba.example.com"; diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh index f4da198645..1b575a978b 100755 --- a/source4/selftest/tests.sh +++ b/source4/selftest/tests.sh @@ -329,6 +329,7 @@ plantest "blackbox.ndrdump" none $samba4srcdir/librpc/tests/test_ndrdump.sh plantest "blackbox.net" dc $samba4srcdir/utils/tests/test_net.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION plantest "blackbox.passwords" dc $bbdir/test_passwords.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" --configfile=st/dc/etc/smb.conf +plantest "blackbox.export.keytab" dc $bbdir/test_export_keytab.sh "\$SERVER" "\$USERNAME" "\$REALM" "\$DOMAIN" "$PREFIX" --configfile=st/dc/etc/smb.conf plantest "blackbox.cifsdd" dc $samba4srcdir/client/tests/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" diff --git a/testprogs/blackbox/test_export_keytab.sh b/testprogs/blackbox/test_export_keytab.sh new file mode 100755 index 0000000000..80235d3255 --- /dev/null +++ b/testprogs/blackbox/test_export_keytab.sh @@ -0,0 +1,67 @@ +#!/bin/sh +# Blackbox tests for kinit and kerberos integration with smbclient etc +# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> +# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> + +if [ $# -lt 5 ]; then +cat <<EOF +Usage: test_extract_keytab.sh SERVER USERNAME REALM DOMAIN PREFIX +EOF +exit 1; +fi + +SERVER=$1 +USERNAME=$2 +REALM=$3 +DOMAIN=$4 +PREFIX=$5 +shift 5 +failed=0 + +samba4bindir="$BUILDDIR/bin" +smbclient="$samba4bindir/smbclient$EXEEXT" +samba4kinit="$samba4bindir/samba4kinit$EXEEXT" +net="$samba4bindir/net$EXEEXT" +newuser="$PYTHON `dirname $0`/../../source4/setup/newuser" + +. `dirname $0`/subunit.sh + +test_smbclient() { + name="$1" + cmd="$2" + shift + shift + echo "test: $name" + $VALGRIND $smbclient //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@ + status=$? + if [ x$status = x0 ]; then + echo "success: $name" + else + echo "failure: $name" + fi + return $status +} + +USERPASS=testPaSS@01% + +testit "create user locally" $VALGRIND $newuser nettestuser $USERPASS $@ || failed=`expr $failed + 1` + +testit "export keytab from domain" $VALGRIND $net export keytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1` +testit "export keytab from domain (2nd time)" $VALGRIND $net export keytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmpuserccache" +export KRB5CCNAME + +testit "kinit with keytab as user" $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1` + +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmpadminccache" +export KRB5CCNAME + +testit "kinit with keytab as $USERNAME" $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` + +testit "del user" $VALGRIND $net user delete nettestuser -k yes $@ || failed=`expr $failed + 1` + +rm -f tmpadminccache tmpuserccache tmpkeytab +exit $failed |