diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-04-04 19:13:17 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-04 19:48:57 +1000 |
| commit | 6351dee4d810bfa20c3a892d0eba3b2ac828e193 (patch) | |
| tree | 85d70f906fc1a8820ad1bbd289bfbb7db1c8f84a /selftest | |
| parent | 55134c9a9e4a47c6a8ed89ef10c95c0fa0d4daaf (diff) | |
| download | samba-6351dee4d810bfa20c3a892d0eba3b2ac828e193.tar.gz samba-6351dee4d810bfa20c3a892d0eba3b2ac828e193.tar.bz2 samba-6351dee4d810bfa20c3a892d0eba3b2ac828e193.zip | |
s3-selftest Add testing of kerberos login
This uses a pre-calculated credentials cache, that should be valid
until 2036.
Andrew Bartlett
Diffstat (limited to 'selftest')
| -rw-r--r-- | selftest/target/Samba3.pm | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 6cb01d678b..de3fffbc93 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -102,6 +102,8 @@ sub setup_env($$$) return $self->setup_dc("$path/dc"); } elsif ($envname eq "secshare") { return $self->setup_secshare("$path/secshare"); + } elsif ($envname eq "ktest") { + return $self->setup_ktest("$path/ktest"); } elsif ($envname eq "secserver") { if (not defined($self->{vars}->{dc})) { $self->setup_dc("$path/dc"); @@ -255,6 +257,69 @@ sub setup_secserver($$$) return $ret; } +sub setup_ktest($$$) +{ + my ($self, $prefix, $dcvars) = @_; + + print "PROVISIONING server with security=ads..."; + + my $ktest_options = " + workgroup = KTEST + realm = ktest.samba.example.com + security = ads + username map = $prefix/lib/username.map +"; + + my $ret = $self->provision($prefix, + "LOCALKTEST6", + 5, + "localktest6pass", + $ktest_options); + + $ret or die("Unable to provision"); + + open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); + print USERMAP " +$ret->{USERNAME} = KTEST\\Administrator +"; + close(USERMAP); + +#This is the secrets.tdb created by 'net ads join' from Samba3 to a +#Samba4 DC with the same parameters as are being used here. The +#domain SID is S-1-5-21-1071277805-689288055-3486227160 + + system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); + chmod 0600, "$prefix/private/secrets.tdb"; + +#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: +# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232" +# +#and having in krb5.conf: +# ticket_lifetime = 799718400 +# renew_lifetime = 799718400 +# +# The commands run were: +# kinit administrator@KTEST.SAMBA.EXAMPLE.COM +# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# +# This creates a credential cache with a very long lifetime (2036 at at 2011-04) + + $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache"); + chmod 0600, "$prefix/krb5_ccache"; + + $self->check_or_start($ret, + ($ENV{SMBD_MAXTIME} or 2700), + "yes", "no", "yes"); + + $self->wait_for_start($ret); + return $ret; +} + sub stop_sig_term($$) { my ($self, $pid) = @_; kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); |