summaryrefslogtreecommitdiff
path: root/testprogs/blackbox/test_kinit.sh
AgeCommit message (Collapse)AuthorFilesLines
2012-05-31s4:selftest: change the blackbox.kinit test to use a binary mapping for ↵Michael Adam1-3/+3
smbclient
2012-05-24auth/credentials: 'workgroup' set via command line will not drop existing ccacheAlexander Bokovoy1-1/+0
The root cause for existing ccache being invalidated was use of global loadparm with 'workgroup' value set as if from command line. However, we don't really need to take 'workgroup' parameter value's nature into account when invalidating existing ccache. When -U is used on the command line, one can specify a password to force ccache invalidation. The commit also reverts previous fix now that root cause is clear.
2012-05-23blackbox: fix samba4.blackbox.kinit testAlexander Bokovoy1-0/+1
This deserves some explanation. With commit 518232d4578d700f5f5ea1609275a6cd1de3a1e7 samba4.blackbox.kinit test set was wrapped with password settings reset before and after the tests with an idea to maintain reliable state for the tests. As result, the resetting of the password settings was done after the test that tried to use smbclient with a Kerberos ticket obtained with machine account credentials. However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(), never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module always re-kinited even if existing credentials were available in the ccache. This had an effect on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test. When the issue of not using already initialized credentials from ccache was fixed with d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly re-used already obtained credentials from ccaches. This caused failure of the test 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account has no permissions to modify password settings. Thus, the correct fix is to reset ccache state before performing the test. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104
2012-02-01selftest: Remove unused support for --exeextAndrew Bartlett1-7/+7
2011-10-23s4: samba-tool subcommand rename - change samba-tool user add to samba-tool ↵Theresa Halloran1-1/+1
user create Signed-off-by: Theresa Halloran <thallora@linux.vnet.ibm.com> Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2011-10-18s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett1-1/+1
If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
2011-07-28tests-blackbox: Revert the test to use user-level change password commandAmitay Isaacs1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28test-blackbox: Remove 'domain\' from username for samba-tool user setpasswordAmitay Isaacs1-2/+2
Python version of samba-tool does not require 'domain\' prefix for username. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28test-blackbox: Rearrange the arguments in required order for samba-tool timeAmitay Isaacs1-1/+1
Python version of samba-tool requires the command and the subcommand to be specified before the options. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28samba-tool: update test suite to reflect the move from password to "user ↵Giampaolo Lauria1-2/+2
setpassword" This is part of the work to reflect the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21samba-tool: update test suite for the new domain objectGiampaolo Lauria1-2/+2
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-01samba-tool: update tests for new 'user enable' syntaxAndrew Tridgell1-1/+1
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 1 10:37:50 CEST 2011 on sn-devel-104
2011-04-16selftest: Remove duplication between BUILDIR and BINDIRAndrew Bartlett1-1/+1
Just have BINDIR, and have it default to ./bin Andrew Bartlett
2011-02-07blackbox: removed assumption of build directoryAndrew Tridgell1-1/+2
this fixes the blackbox tests for a top level build Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-24testprogs:test_kinit: create tmp files under $PREFIXStefan Metzmacher1-22/+22
metze
2010-11-16s4-test_kinit Add tests for lowercase realm combinationsAndrew Bartlett1-0/+4
This tests that the handling of lowercase realms works in our KDC and libraries. Andrew Bartlett
2010-10-28s4 net: rename to samba-tool in order to not clash with s3 netKai Blin1-9/+9
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-15s4-test: fixed a typo in test_kinit.shAndrew Tridgell1-1/+1
too many Ts Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104
2010-10-15s4-test: fixed test_kinit.sh time command testAndrew Tridgell1-1/+1
passing -W breaks -k yes
2010-07-16s4:testprogs Operate the blackbox kinit and net tests using the :local configAndrew Bartlett1-1/+0
This :local tells selftest.pl to use the local smb.conf for the test environment, not the generic client smb.conf This then makes the rest work properly - otherwise, it may attempt to connect to the wrong KDC for example. The only problem is that we can't test the 'net join' with this set, so this is removed from the test. The member server test environment checks this anyway. Andrew Bartlett
2010-07-03s4:kinit blackbox test - set/reset also here the "minPwdAge"Matthias Dieter Wallnöfer1-0/+7
2010-06-29s4:selftest Split out PKINIT tests from test_kinit.sh and test enc typesAndrew Bartlett1-14/+14
This allows us to run the PKINIT tests only against the main DC (for which the certificates were generated), while testing the available encryption types in each functional level. In particular, we need to assert that AES encryption is available in the 2008 functional level. Andrew Bartlett
2010-05-09s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" ↵Matthias Dieter Wallnöfer1-1/+1
syntax
2010-04-13testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make testStefan Metzmacher1-1/+1
metze
2010-03-27s4:testprogs Update test to match current HeimdalAndrew Bartlett1-1/+1
2010-03-27s4:testprogs Fix kinit test for updated HeimdalAndrew Bartlett1-2/+2
2010-03-25s4:selftest Add testing of kpasswd password set on servicePrincipalNameAndrew Bartlett1-0/+31
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett1-1/+6
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2009-12-31net: Fix tests and documentation of setexpiry.Jelmer Vernooij1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-09-21Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter"Matthias Dieter Wallnöfer1-1/+1
This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b. This revert changed the behaviour which I didn't expect. Thanks abartlet to point this out!
2009-09-20blackbox:test_kinit - Remove the "-H" (hive) parameterMatthias Dieter Wallnöfer1-1/+1
The "enableaccount" script works only on local LDB anymore - therefore remove this parameter.
2009-07-28s4:kerberos Add support for user principal names in certificatesAndrew Bartlett1-1/+3
This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-06-30s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookupsAndrew Bartlett1-0/+2
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail list user principal name) in an AS-REQ. Evidence from the wild (Win2k8 reportadely) indicates that this is instead valid for all types of requests. While this is now handled in heimdal/kdc/misc.c, a flag is now defined in Heimdal's hdb so that we can take over this handling in future (once we start using a system Heimdal, and if we find out there is more to be done here). Andrew Bartlett
2009-06-18s4:testprogs Don't specify a username/password when checking the ccacheAndrew Bartlett1-1/+1
The purpose of this test is to ensure that the Kerberos credentials cache is valid. If the username and password is specified, this overrides the very thing we are trying to test. Andrew Bartlett
2009-02-03s4:selftest: avoid hardcoded pathes in blackbox testsStefan Metzmacher1-10/+12
metze
2008-10-20Actually test the kpasswd serverAndrew Bartlett1-3/+41
This uses kpasswd operated as a blackbox, assisted by the newly imported rkpty tool. Andrew Bartlett
2008-09-14blackbox: fix source => source4Stefan Metzmacher1-2/+2
metze
2008-05-21Fix reference to removed smbpython.Jelmer Vernooij1-1/+1
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
2008-04-16Use the subunit shell library.Jelmer Vernooij1-15/+1
(This used to be commit 49367e044e3ab94639ab3209bfd06c6286b44b59)
2008-04-15Test password change with 'net password change'.Andrew Bartlett1-0/+8
Andrew Bartlett (This used to be commit 695cee0349f561625e4bbfa3a142a5e35f7eb4bf)
2008-03-28Fix and test python scripts and kerberosAndrew Bartlett1-10/+18
This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
2008-02-08Put temporary test files in test directory.Jelmer Vernooij1-1/+1
(This used to be commit 16382999bebf158996e16219e7053ef4821550c1)
2007-10-10r24876: Use more absolute paths to samba4 binaries.Jelmer Vernooij1-8/+13
(This used to be commit 8616bfa0ae5762ae45b8339c84b8e4ae499f5897)
2007-10-10r23965: Add testing the 'net time' command to the script.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 4fab53432a3599cf62a7ebef977bc33ef5a5f734)
2007-10-10r23964: Update blackbox selftest scripts to cover more code, and to moreAndrew Bartlett1-8/+44
consistantly report errors. (Some were being lost due to the "echo foo | cmd" calling convention). Andrew Bartlett (This used to be commit d0a994d0ce7b1d4a33bbca5348c2da868401971f)
2007-10-10r22284: Make this script executableAndrew Bartlett1-0/+0
(This used to be commit b0cbf169366e3624f4d8c2b1a65e478e72734871)
2007-10-10r22235: Test kinit, and PKINIT functionality by means of a new blackbox test.Andrew Bartlett1-0/+45
Andrew Bartlett (This used to be commit 7f27bfc3568bc09b2b9cb9ba03aae55a03e08f9a)