mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use. The kerberos_kinit() shell function uses this internally. -c is the common option between MIT and Heimdal, and is equivilant to --cache Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
This commit is contained in:
parent
0388a8f33b
commit
7c3bb491ba
@ -98,7 +98,7 @@ kerberos_kinit() {
|
||||
if [ "${kbase}" = "samba4kinit" ]; then
|
||||
kpassfile=$(mktemp)
|
||||
echo $password > ${kpassfile}
|
||||
$kinit_tool --password-file=${kpassfile} $principal $@
|
||||
$kinit_tool -c ${KRB5CCNAME} --password-file=${kpassfile} $principal $@
|
||||
status=$?
|
||||
rm -f ${kpassfile}
|
||||
else
|
||||
|
@ -24,11 +24,11 @@ failed=0
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
heimdal=0
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
heimdal=1
|
||||
samba4kinit=bin/samba4kinit
|
||||
samba4kinit_binary=bin/samba4kinit
|
||||
fi
|
||||
|
||||
|
||||
@ -59,6 +59,7 @@ test_drs() {
|
||||
enctype="-e $ENCTYPE"
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
rm -f $KRB5CCNAME
|
||||
|
||||
|
@ -27,9 +27,9 @@ newuser="$samba_tool user create"
|
||||
DNSDOMAIN=$(echo $REALM | tr '[:upper:]' '[:lower:]')
|
||||
SERVER_FQDN="$SERVER.$DNSDOMAIN"
|
||||
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
. `dirname $0`/subunit.sh
|
||||
@ -82,6 +82,7 @@ testit "dump keytab from domain for user principal with SPN as UPN" $VALGRIND $P
|
||||
test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-3" "http/testupnspn.$DNSDOMAIN@$REALM" 3
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpuserccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
@ -93,15 +94,18 @@ testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/t
|
||||
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpadminccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpspnupnccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-3 http/testupnspn.$DNSDOMAIN || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpadminccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
testit "del user" $VALGRIND $PYTHON $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
|
||||
|
@ -23,9 +23,9 @@ failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
samba_tool="$samba4bindir/samba-tool"
|
||||
@ -59,6 +59,7 @@ export ADMIN_LDBMODIFY_CONFIG
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
export KRB5CCNAME
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
@ -105,6 +106,7 @@ testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount nettes
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpuserccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
@ -239,6 +241,7 @@ test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-cca
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
@ -27,9 +27,9 @@ shift 3
|
||||
failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4kinit=kinit
|
||||
if test -x $samba4bindir/samba4kinit; then
|
||||
samba4kinit=$samba4bindir/samba4kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
smbclient="$samba4bindir/smbclient"
|
||||
@ -46,6 +46,7 @@ enctype="-e $ENCTYPE"
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
|
@ -42,8 +42,7 @@ do_kinit() {
|
||||
password="$2"
|
||||
shift
|
||||
shift
|
||||
echo $password > $PREFIX/tmppassfile
|
||||
$samba_kinit --password-file=$PREFIX/tmppassfile $principal $@
|
||||
kerberos_kinit "$samba_kinit" "$principal" "$password" $@
|
||||
}
|
||||
|
||||
UID_WRAPPER_ROOT=1
|
||||
|
@ -16,9 +16,9 @@ shift 1
|
||||
samba_tool="$BINDIR/samba-tool"
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
CONFIG="--configfile=$PREFIX/etc/smb.conf"
|
||||
@ -28,6 +28,7 @@ TESTUSER="ktpassUser"
|
||||
testit "user create" $PYTHON $samba_tool user create $CONFIG $TESTUSER testp@ssw0Rd || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
echo "testp@ssw0Rd" >$PREFIX/tmppassfile
|
||||
testit "kinit with passwd" $samba4kinit -e arcfour-hmac-md5 --password-file=$PREFIX/tmppassfile $TESTUSER@SAMBA.EXAMPLE.COM || failed=`expr $failed + 1`
|
||||
|
@ -20,19 +20,11 @@ shift 6
|
||||
failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4kinit=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
samba_tool="$samba4bindir/samba-tool"
|
||||
net_tool="$samba4bindir/net"
|
||||
smbpasswd="$samba4bindir/smbpasswd"
|
||||
texpect="$samba4bindir/texpect"
|
||||
samba4kpasswd=kpasswd
|
||||
if test -x $BINDIR/samba4kpasswd; then
|
||||
samba4kpasswd=$BINDIR/samba4kpasswd
|
||||
fi
|
||||
ldbsearch="$samba4bindir/ldbsearch"
|
||||
ldbmodify="$samba4bindir/ldbmodify"
|
||||
|
||||
|
@ -44,12 +44,7 @@ do_kinit() {
|
||||
password="$2"
|
||||
shift
|
||||
shift
|
||||
if test -x $samba_bindir/samba4kinit; then
|
||||
echo $password > $PREFIX/tmpuserpassfile
|
||||
$samba_kinit --password-file=$PREFIX/tmpuserpassfile $principal $@
|
||||
else
|
||||
echo $password | $samba_kinit $principal $@
|
||||
fi
|
||||
kerberos_kinit "$samba_kinit" "$principal" "$password" $@
|
||||
}
|
||||
|
||||
test_smbpasswd()
|
||||
|
@ -23,9 +23,9 @@ failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
samba_tool="$samba4bindir/samba-tool"
|
||||
@ -53,6 +53,7 @@ unc="//$SERVER/tmp"
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
PASSFILE_PATH="$PREFIX/tmppassfile"
|
||||
|
@ -21,9 +21,9 @@ failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
smbtorture4="$samba4bindir/smbtorture --basedir=$SELFTEST_TMPDIR"
|
||||
@ -36,18 +36,15 @@ unc="//$SERVER/tmp"
|
||||
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
PASSFILE_PATH="$PREFIX/tmppassfile"
|
||||
rm -f $PASSFILE_PATH
|
||||
echo $PASSWORD > $PASSFILE_PATH
|
||||
|
||||
USER_PRINCIPAL_NAME=`echo "${USERNAME}@${REALM}" | tr A-Z a-z`
|
||||
PKUSER="--pk-user=FILE:$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
|
||||
|
||||
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable --cache=$KRB5CCNAME $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "STEP1 remote.pac verification" $smbtorture4 ncacn_np:$SERVER rpc.pac --workgroup=$DOMAIN -U$USERNAME%$PASSWORD --option=torture:pkinit_ccache=$KRB5CCNAME || failed=`expr $failed + 1`
|
||||
|
||||
rm -f $PASSFILE_PATH
|
||||
rm -f $KRB5CCNAME_PATH
|
||||
exit $failed
|
||||
|
@ -24,9 +24,9 @@ failed=0
|
||||
|
||||
samba_tool="$VALGRIND $PYTHON $BINDIR/samba-tool"
|
||||
|
||||
samba4kinit=kinit
|
||||
samba4kinit_binary=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
samba4kinit_binary=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
samba4kgetcred=kgetcred
|
||||
@ -40,6 +40,7 @@ fi
|
||||
ocache="$PREFIX/tmpoutcache"
|
||||
KRB5CCNAME_PATH="$PREFIX/tmpccache"
|
||||
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
rm -rf $KRB5CCNAME_PATH
|
||||
|
||||
|
@ -19,10 +19,6 @@ failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit=kinit
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit=$BINDIR/samba4kinit
|
||||
fi
|
||||
|
||||
|
||||
. `dirname $0`/subunit.sh
|
||||
|
@ -20,9 +20,9 @@ shift 5
|
||||
samba_tool="$BINDIR/samba-tool"
|
||||
samba4bindir="$BINDIR"
|
||||
samba4srcdir="$SRCDIR/source4"
|
||||
samba4kinit="kinit -k"
|
||||
samba4kinit_binary="kinit -k"
|
||||
if test -x $BINDIR/samba4kinit; then
|
||||
samba4kinit="$BINDIR/samba4kinit --use-keytab"
|
||||
samba4kinit_binary="$BINDIR/samba4kinit --use-keytab"
|
||||
fi
|
||||
|
||||
KEYTAB="$PREFIX/tmptda.keytab"
|
||||
@ -33,6 +33,7 @@ export KRB5_TRACE
|
||||
testit "retrieve keytab for TDA of $REMOTE_REALM" $PYTHON $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmptda.ccache"
|
||||
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
|
||||
export KRB5CCNAME
|
||||
|
||||
rm -f $KRB5CCNAME
|
||||
|
Loading…
Reference in New Issue
Block a user