1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

testprogs: Consistantly use kinit -c $KRB5CCNAME

We want to be really clear which credentials cache we use.

The kerberos_kinit() shell function uses this internally.

-c is the common option between MIT and Heimdal, and is
equivilant to --cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 23:51:43 UTC 2021 on sn-devel-184
This commit is contained in:
Stefan Metzmacher 2020-04-03 16:29:36 +02:00 committed by Andrew Bartlett
parent 0388a8f33b
commit 7c3bb491ba
14 changed files with 37 additions and 45 deletions

View File

@ -98,7 +98,7 @@ kerberos_kinit() {
if [ "${kbase}" = "samba4kinit" ]; then
kpassfile=$(mktemp)
echo $password > ${kpassfile}
$kinit_tool --password-file=${kpassfile} $principal $@
$kinit_tool -c ${KRB5CCNAME} --password-file=${kpassfile} $principal $@
status=$?
rm -f ${kpassfile}
else

View File

@ -24,11 +24,11 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
samba4kinit_binary=kinit
heimdal=0
if test -x $BINDIR/samba4kinit; then
heimdal=1
samba4kinit=bin/samba4kinit
samba4kinit_binary=bin/samba4kinit
fi
@ -59,6 +59,7 @@ test_drs() {
enctype="-e $ENCTYPE"
KRB5CCNAME="$PREFIX/tmpccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME

View File

@ -27,9 +27,9 @@ newuser="$samba_tool user create"
DNSDOMAIN=$(echo $REALM | tr '[:upper:]' '[:lower:]')
SERVER_FQDN="$SERVER.$DNSDOMAIN"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
. `dirname $0`/subunit.sh
@ -82,6 +82,7 @@ testit "dump keytab from domain for user principal with SPN as UPN" $VALGRIND $P
test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-3" "http/testupnspn.$DNSDOMAIN@$REALM" 3
KRB5CCNAME="$PREFIX/tmpuserccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
@ -93,15 +94,18 @@ testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/t
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpadminccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpspnupnccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-3 http/testupnspn.$DNSDOMAIN || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpadminccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "del user" $VALGRIND $PYTHON $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`

View File

@ -23,9 +23,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
samba_tool="$samba4bindir/samba-tool"
@ -59,6 +59,7 @@ export ADMIN_LDBMODIFY_CONFIG
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH
@ -105,6 +106,7 @@ testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount nettes
KRB5CCNAME_PATH="$PREFIX/tmpuserccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
@ -239,6 +241,7 @@ test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-cca
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH

View File

@ -27,9 +27,9 @@ shift 3
failed=0
samba4bindir="$BINDIR"
samba4kinit=kinit
if test -x $samba4bindir/samba4kinit; then
samba4kinit=$samba4bindir/samba4kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit_binary=$BINDIR/samba4kinit
fi
smbclient="$samba4bindir/smbclient"
@ -46,6 +46,7 @@ enctype="-e $ENCTYPE"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH

View File

@ -42,8 +42,7 @@ do_kinit() {
password="$2"
shift
shift
echo $password > $PREFIX/tmppassfile
$samba_kinit --password-file=$PREFIX/tmppassfile $principal $@
kerberos_kinit "$samba_kinit" "$principal" "$password" $@
}
UID_WRAPPER_ROOT=1

View File

@ -16,9 +16,9 @@ shift 1
samba_tool="$BINDIR/samba-tool"
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
CONFIG="--configfile=$PREFIX/etc/smb.conf"
@ -28,6 +28,7 @@ TESTUSER="ktpassUser"
testit "user create" $PYTHON $samba_tool user create $CONFIG $TESTUSER testp@ssw0Rd || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
echo "testp@ssw0Rd" >$PREFIX/tmppassfile
testit "kinit with passwd" $samba4kinit -e arcfour-hmac-md5 --password-file=$PREFIX/tmppassfile $TESTUSER@SAMBA.EXAMPLE.COM || failed=`expr $failed + 1`

View File

@ -20,19 +20,11 @@ shift 6
failed=0
samba4bindir="$BINDIR"
samba4kinit=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
fi
samba_tool="$samba4bindir/samba-tool"
net_tool="$samba4bindir/net"
smbpasswd="$samba4bindir/smbpasswd"
texpect="$samba4bindir/texpect"
samba4kpasswd=kpasswd
if test -x $BINDIR/samba4kpasswd; then
samba4kpasswd=$BINDIR/samba4kpasswd
fi
ldbsearch="$samba4bindir/ldbsearch"
ldbmodify="$samba4bindir/ldbmodify"

View File

@ -44,12 +44,7 @@ do_kinit() {
password="$2"
shift
shift
if test -x $samba_bindir/samba4kinit; then
echo $password > $PREFIX/tmpuserpassfile
$samba_kinit --password-file=$PREFIX/tmpuserpassfile $principal $@
else
echo $password | $samba_kinit $principal $@
fi
kerberos_kinit "$samba_kinit" "$principal" "$password" $@
}
test_smbpasswd()

View File

@ -23,9 +23,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
samba_tool="$samba4bindir/samba-tool"
@ -53,6 +53,7 @@ unc="//$SERVER/tmp"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
PASSFILE_PATH="$PREFIX/tmppassfile"

View File

@ -21,9 +21,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
smbtorture4="$samba4bindir/smbtorture --basedir=$SELFTEST_TMPDIR"
@ -36,18 +36,15 @@ unc="//$SERVER/tmp"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
PASSFILE_PATH="$PREFIX/tmppassfile"
rm -f $PASSFILE_PATH
echo $PASSWORD > $PASSFILE_PATH
USER_PRINCIPAL_NAME=`echo "${USERNAME}@${REALM}" | tr A-Z a-z`
PKUSER="--pk-user=FILE:$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable --cache=$KRB5CCNAME $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP1 remote.pac verification" $smbtorture4 ncacn_np:$SERVER rpc.pac --workgroup=$DOMAIN -U$USERNAME%$PASSWORD --option=torture:pkinit_ccache=$KRB5CCNAME || failed=`expr $failed + 1`
rm -f $PASSFILE_PATH
rm -f $KRB5CCNAME_PATH
exit $failed

View File

@ -24,9 +24,9 @@ failed=0
samba_tool="$VALGRIND $PYTHON $BINDIR/samba-tool"
samba4kinit=kinit
samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
samba4kinit_binary=$BINDIR/samba4kinit
fi
samba4kgetcred=kgetcred
@ -40,6 +40,7 @@ fi
ocache="$PREFIX/tmpoutcache"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH

View File

@ -19,10 +19,6 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit=kinit
if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
fi
. `dirname $0`/subunit.sh

View File

@ -20,9 +20,9 @@ shift 5
samba_tool="$BINDIR/samba-tool"
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
samba4kinit="kinit -k"
samba4kinit_binary="kinit -k"
if test -x $BINDIR/samba4kinit; then
samba4kinit="$BINDIR/samba4kinit --use-keytab"
samba4kinit_binary="$BINDIR/samba4kinit --use-keytab"
fi
KEYTAB="$PREFIX/tmptda.keytab"
@ -33,6 +33,7 @@ export KRB5_TRACE
testit "retrieve keytab for TDA of $REMOTE_REALM" $PYTHON $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmptda.ccache"
samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME