From 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 4 Sep 2018 10:53:52 +0200 Subject: [PATCH] testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt This demonstrates the bug we currently have. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- selftest/knownfail.d/trust_user_account | 1 + testprogs/blackbox/test_trust_user_account.sh | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 selftest/knownfail.d/trust_user_account diff --git a/selftest/knownfail.d/trust_user_account b/selftest/knownfail.d/trust_user_account new file mode 100644 index 00000000000..1de5052b11d --- /dev/null +++ b/selftest/knownfail.d/trust_user_account @@ -0,0 +1 @@ +^samba4.blackbox.trust_user_account.get.virtualKerberosSalt.for.TDA diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh index 9fbe25e16a3..b0dc8a9f773 100755 --- a/testprogs/blackbox/test_trust_user_account.sh +++ b/testprogs/blackbox/test_trust_user_account.sh @@ -37,6 +37,20 @@ export KRB5CCNAME rm -f $KRB5CCNAME +EXPECTED_SALT="${OUR_REALM}krbtgt${REMOTE_FLAT}" +# +# Note the \$ is for the end of line in grep +# +# There must be no trailing '$' in the SALT string itself, +# it's removed from the sAMAccountName value (which includes the trailing '$') +# before construting the salt! +# +# Otherwise this would be: +# "^virtualKerberosSalt: ${EXPECTED_SALT}\\\$\$" +# +EXPECTED_GREP="^virtualKerberosSalt: ${EXPECTED_SALT}\$" +testit_grep "get virtualKerberosSalt for TDA of $REMOTE_FLAT\$" "$EXPECTED_GREP" $samba_tool user getpassword "$REMOTE_FLAT\$" $CONFIGURATION --attributes=virtualKerberosSalt || failed=`expr $failed + 1` + testit "kinit with keytab for TDA of $REMOTE_REALM" $samba4kinit -t $KEYTAB "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1` rm -f $KRB5CCNAME $KEYTAB