summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-04-06 09:12:15 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-04-06 05:24:48 +0200
commitd84a8d534374072fc96fd5da34e0021c81005f1a (patch)
treeb3ed60d281051387b209edd44b9a7ad709d48b09
parent0415a5736e7e68f076fcf63dc16a7d33da4e569d (diff)
downloadsamba-d84a8d534374072fc96fd5da34e0021c81005f1a.tar.gz
samba-d84a8d534374072fc96fd5da34e0021c81005f1a.tar.bz2
samba-d84a8d534374072fc96fd5da34e0021c81005f1a.zip
s3-selftest Add tests to show kerberos works across a password change
It is important that a machine account password change does not invalidate existing tickets. This is only for the default kerberos method with a password in secrets.tdb. The keytab based methods are still not tested. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 6 05:24:48 CEST 2011 on sn-devel-104
-rw-r--r--selftest/target/Samba3.pm18
-rw-r--r--source3/selftest/ktest-krb5_ccache-2 (renamed from source3/selftest/ktest-krb5_ccache)bin11966 -> 11966 bytes
-rw-r--r--source3/selftest/ktest-krb5_ccache-3bin0 -> 6031 bytes
-rw-r--r--source3/selftest/ktest-secrets.tdbbin45056 -> 45056 bytes
-rwxr-xr-xsource3/selftest/tests.py5
5 files changed, 18 insertions, 5 deletions
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 66f7a4403e..b6c851a49d 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -298,19 +298,29 @@ $ret->{USERNAME} = KTEST\\Administrator
# ticket_lifetime = 799718400
# renew_lifetime = 799718400
#
-# The commands run were:
+# The commands for the -2 keytab where were:
# kinit administrator@KTEST.SAMBA.EXAMPLE.COM
# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM
# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM
#
-# This creates a credential cache with a very long lifetime (2036 at at 2011-04)
+# and then for the -3 keytab, I did
+#
+# net changetrustpw; kdestroy and the same again.
+#
+# This creates a credential cache with a very long lifetime (2036 at
+# at 2011-04), and shows that running 'net changetrustpw' does not
+# break existing logins (for the secrets.tdb method at least).
+#
$ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
- system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache");
- chmod 0600, "$prefix/krb5_ccache";
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
+ chmod 0600, "$prefix/krb5_ccache-2";
+
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
+ chmod 0600, "$prefix/krb5_ccache-3";
$self->check_or_start($ret,
($ENV{SMBD_MAXTIME} or 2700),
diff --git a/source3/selftest/ktest-krb5_ccache b/source3/selftest/ktest-krb5_ccache-2
index 15102226f3..15102226f3 100644
--- a/source3/selftest/ktest-krb5_ccache
+++ b/source3/selftest/ktest-krb5_ccache-2
Binary files differ
diff --git a/source3/selftest/ktest-krb5_ccache-3 b/source3/selftest/ktest-krb5_ccache-3
new file mode 100644
index 0000000000..a056beb355
--- /dev/null
+++ b/source3/selftest/ktest-krb5_ccache-3
Binary files differ
diff --git a/source3/selftest/ktest-secrets.tdb b/source3/selftest/ktest-secrets.tdb
index c09c315288..cf5c3d05dc 100644
--- a/source3/selftest/ktest-secrets.tdb
+++ b/source3/selftest/ktest-secrets.tdb
Binary files differ
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 826b84fa3b..3fd44c52ca 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -219,7 +219,10 @@ if sub.returncode == 0:
e = ""
a = ""
binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e)
- options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache"
+ options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
+ plansmbtorturetestsuite(test, "ktest", options, 'over kerberos with old ccache ncacn_np with [%s%s%s%s] ' % (a, s, z, e))
+
+ options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
plansmbtorturetestsuite(test, "ktest", options, 'over kerberos ncacn_np with [%s%s%s%s] ' % (a, s, z, e))