Age | Commit message (Collapse) | Author | Files | Lines |
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
|
|
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
|
|
In particular, ensure that we can acutally change the password under
these circumstances.
Andrew Bartlett
|
|
The purpose of this test is to ensure that the Kerberos credentials
cache is valid. If the username and password is specified, this
overrides the very thing we are trying to test.
Andrew Bartlett
|
|
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses kpasswd operated as a blackbox, assisted by the newly
imported rkpty tool.
Andrew Bartlett
|
|
metze
|
|
by ubuntu)
fixed spelling of 'wellknown'
|
|
metze
|
|
|
|
|
|
metze
|
|
(This used to be commit c9b2e2aa861ccc01e5d92cfe468be1f6324ed294)
|
|
(This used to be commit 0e8f946ed02a6d2d9469f9ccab5f3342b2b80725)
|
|
Added a blackbox test which looks for $WINTEST_CONF_DIR,
gets configuration vars from *.conf in that dir, disables
smbwrapper, and runs RAW-OPEN torture test.
Scripts are coming to startup/shutdown vm's.
(This used to be commit 74a0a9bb54b2583dde7a5fbadd4d10858de12ee7)
|
|
Previously, the output from $cmdline was never captured. In case of a
failure, there was no output being passed to the subunit_fail_test() function,
but that function contains a call to "cat -". This caused the script to hang
indefinitely waiting for input.
We now capture $cmdline output (including mapping stderr to stdout) using
backticks, and then pipe that output to the subunit_fail_test() if there is
a failure.
(This used to be commit c0234d13192c1871971b45121249395ef15c5ae5)
|
|
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
|
|
(This used to be commit 18dd8120cc35fe3d1cd4455c1f6a32b503274d97)
|
|
The problems here were that we did not bind to the LSA pipe, and we
did not consider it possible to have 0 trusted domains.
Andrew Bartlett
(This used to be commit 86694d429d62940882ac9b7af83b3e7d00e67c5a)
|
|
(This used to be commit 49367e044e3ab94639ab3209bfd06c6286b44b59)
|
|
(This used to be commit 690924dc7f43b69b9c4cfc1dd0c9c6e83d333518)
|
|
(This used to be commit 4f0954905a902381e66eec74fd30ff7adde232b8)
|
|
git://git.samba.org/kai/samba/kai-work-in-progress into v4-0-selftest
(This used to be commit 56340a5fa1b075001bba829686861a59406e1f5d)
|
|
(This used to be commit a3f0e4151bd87399a8bab9b71bad36bdc53c365c)
|
|
(This used to be commit 0a2942f6e948177fcc671eae705e6e61644de81c)
|
|
Andrew Bartlett
(This used to be commit 695cee0349f561625e4bbfa3a142a5e35f7eb4bf)
|
|
(This used to be commit 24a2409d725953ed5f62c652acc929ee7ddf9a19)
|
|
segfault.
Andrew Bartlett
(This used to be commit d2fe61a13a8368ceae30c6e7320c8d3d62fbc485)
|
|
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
|
|
(This used to be commit 716345fd38dfd8c6e610fbd6ba84c4f33e3edbb9)
|
|
(This used to be commit 05a110123df2372418e2ef2fd8f269b92054069c)
|
|
(This used to be commit 625ea49a95cbdb507ea5b191f75ffa27e25cdb90)
|
|
(This used to be commit af6484f78d273407dd9b264bc4adb33497eee48b)
|
|
(This used to be commit 3f24136b56d281580410bf69841c6dece5508d17)
|
|
(This used to be commit 16382999bebf158996e16219e7053ef4821550c1)
|
|
Andrew Bartlett
(This used to be commit 89053bc564f1d736da48fbe20e7f8f244b0c67fa)
|
|
(This used to be commit 9ad2de6e9900aadc3171c5376972ce4d3ed3fb24)
|
|
blackbox.smbclient test.
(This used to be commit 1d703dcf3a888e4c8301a4f53a289ff18bf89f75)
|
|
MMC uses.
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
(This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
|
|
(This used to be commit 8616bfa0ae5762ae45b8339c84b8e4ae499f5897)
|
|
(This used to be commit aeb2e714f22abe68f89218967a55d7abd2d04ae1)
|
|
Andrew Bartlett
(This used to be commit 9f45b5553a53d2e8a1c2643bf58fb90db8217b66)
|
|
(This used to be commit c3a138627487ec0ed5a4c4c4457df35275f4cada)
|
|
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
|
|
(This used to be commit f4ff4c5f61189c71ab60a5455272302add9e1d97)
|
|
(This used to be commit 18ea767d396bf6d956fd83ee3d2687d98897ae36)
|