Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
"minPwdAge" != 0
|
|
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.
In particular, we need to assert that AES encryption is available in
the 2008 functional level.
Andrew Bartlett
|
|
syntax
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
|
|
|
|
|
|
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
|
|
metze
|
|
metze
|
|
Need to pass correct config file to tests
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b.
This revert changed the behaviour which I didn't expect. Thanks abartlet to
point this out!
|
|
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
|
|
attributes and classes
metze
|
|
The added tests include basic validation that the script runs and accepts all
custom arguments. The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
|
|
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic. This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
|
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
|
|
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
|
|
In particular, ensure that we can acutally change the password under
these circumstances.
Andrew Bartlett
|
|
The purpose of this test is to ensure that the Kerberos credentials
cache is valid. If the username and password is specified, this
overrides the very thing we are trying to test.
Andrew Bartlett
|
|
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses kpasswd operated as a blackbox, assisted by the newly
imported rkpty tool.
Andrew Bartlett
|
|
metze
|
|
by ubuntu)
fixed spelling of 'wellknown'
|
|
metze
|
|
|
|
|
|
metze
|
|
(This used to be commit c9b2e2aa861ccc01e5d92cfe468be1f6324ed294)
|
|
(This used to be commit 0e8f946ed02a6d2d9469f9ccab5f3342b2b80725)
|
|
Added a blackbox test which looks for $WINTEST_CONF_DIR,
gets configuration vars from *.conf in that dir, disables
smbwrapper, and runs RAW-OPEN torture test.
Scripts are coming to startup/shutdown vm's.
(This used to be commit 74a0a9bb54b2583dde7a5fbadd4d10858de12ee7)
|
|
Previously, the output from $cmdline was never captured. In case of a
failure, there was no output being passed to the subunit_fail_test() function,
but that function contains a call to "cat -". This caused the script to hang
indefinitely waiting for input.
We now capture $cmdline output (including mapping stderr to stdout) using
backticks, and then pipe that output to the subunit_fail_test() if there is
a failure.
(This used to be commit c0234d13192c1871971b45121249395ef15c5ae5)
|
|
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
|
|
(This used to be commit 18dd8120cc35fe3d1cd4455c1f6a32b503274d97)
|
|
The problems here were that we did not bind to the LSA pipe, and we
did not consider it possible to have 0 trusted domains.
Andrew Bartlett
(This used to be commit 86694d429d62940882ac9b7af83b3e7d00e67c5a)
|
|
(This used to be commit 49367e044e3ab94639ab3209bfd06c6286b44b59)
|
|
(This used to be commit 690924dc7f43b69b9c4cfc1dd0c9c6e83d333518)
|
|
(This used to be commit 4f0954905a902381e66eec74fd30ff7adde232b8)
|
|
git://git.samba.org/kai/samba/kai-work-in-progress into v4-0-selftest
(This used to be commit 56340a5fa1b075001bba829686861a59406e1f5d)
|