From dcfb34fbb4b7484bdaa70fbe9ae9fd84738ab469 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 23 May 2012 17:34:24 +0300 Subject: blackbox: fix samba4.blackbox.kinit test This deserves some explanation. With commit 518232d4578d700f5f5ea1609275a6cd1de3a1e7 samba4.blackbox.kinit test set was wrapped with password settings reset before and after the tests with an idea to maintain reliable state for the tests. As result, the resetting of the password settings was done after the test that tried to use smbclient with a Kerberos ticket obtained with machine account credentials. However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(), never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module always re-kinited even if existing credentials were available in the ccache. This had an effect on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test. When the issue of not using already initialized credentials from ccache was fixed with d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly re-used already obtained credentials from ccaches. This caused failure of the test 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account has no permissions to modify password settings. Thus, the correct fix is to reset ccache state before performing the test. Autobuild-User: Alexander Bokovoy Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104 --- testprogs/blackbox/test_kinit.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'testprogs') diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh index 981987d03f..14f1e62c9e 100755 --- a/testprogs/blackbox/test_kinit.sh +++ b/testprogs/blackbox/test_kinit.sh @@ -174,6 +174,7 @@ rm -f $KRB5CCNAME testit "kinit with machineaccountccache script" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1` test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` +rm -f $KRB5CCNAME testit "reset password policies" $VALGRIND $samba_tool domain passwordsettings $PWSETCONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript -- cgit