1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

107 Commits

Author SHA1 Message Date
Andrew Tridgell
1ee67df307 s4-test: fixed usage message on renamedc.sh 2011-07-13 12:51:05 +02:00
Andrew Tridgell
9bd695c83f samba-tool: update tests for new 'user enable' syntax
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun  1 10:37:50 CEST 2011 on sn-devel-104
2011-06-01 10:37:50 +02:00
Matthieu Patou
49c99d0515 s4: add blackbox test for rename
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 21 09:50:34 CEST 2011 on sn-devel-104
2011-05-21 09:50:34 +02:00
Andrew Bartlett
4fd6ebf544 selftest: Remove duplication between BUILDIR and BINDIR
Just have BINDIR, and have it default to ./bin

Andrew Bartlett
2011-04-16 11:43:04 +02:00
Michael Adam
7c72ce9f48 testprogs/blackbox/subunit: add testok() for easier integration of s3 tests. 2011-02-16 12:56:40 +01:00
Andrew Tridgell
b49973404c blackbox: removed assumption of build directory
this fixes the blackbox tests for a top level build

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-07 13:22:00 +11:00
Stefan Metzmacher
769425662e testprogs:test_kinit: create tmp files under $PREFIX
metze
2010-12-24 17:31:06 +01:00
Jelmer Vernooij
d237698850 blackbox.ldb: Support using system ldbsearch.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Nov 27 04:32:11 CET 2010 on sn-devel-104
2010-11-27 04:32:11 +01:00
Andrew Bartlett
b8631597f5 s4-test_kinit Add tests for lowercase realm combinations
This tests that the handling of lowercase realms works in our KDC and
libraries.

Andrew Bartlett
2010-11-16 16:01:19 +11:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Andrew Tridgell
006111646c s4-test: fixed a typo in test_kinit.sh
too many Ts

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104
2010-10-15 10:14:27 +00:00
Andrew Tridgell
d59a342c71 s4-test: fixed test_kinit.sh time command test
passing -W breaks -k yes
2010-10-15 09:32:03 +00:00
Stefan Metzmacher
34692556be s4:blackblock/ktpass: use test specific user name
metze
2010-07-31 11:22:15 +02:00
Matthieu Patou
e461e29cd9 s4 unittests: add blackblox test for ktpass 2010-07-17 17:56:16 +04:00
Andrew Bartlett
0e212acd32 s4:testprogs Operate the blackbox kinit and net tests using the :local config
This :local tells selftest.pl to use the local smb.conf for the test
environment, not the generic client smb.conf

This then makes the rest work properly - otherwise, it may attempt to
connect to the wrong KDC for example.

The only problem is that we can't test the 'net join' with this set,
so this is removed from the test.  The member server test environment
checks this anyway.

Andrew Bartlett
2010-07-16 07:08:41 +10:00
Andrew Bartlett
8769e75a61 s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.

Andrew Bartlett
2010-07-15 22:08:22 +10:00
Andrew Bartlett
5d61b477c6 s4:testprogs Prove kerberos still works after a password change
Changing the machine account password should not prevent connections
with a current, valid CCACHE.  This is because when the password is
changed, the server-side keytab keeps one old password around.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:22 +10:00
Matthieu Patou
0496af8341 s4: Unit test update_machine_account_password through kinit
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
22dfb16d73 testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.

We need a discussion on the mailing list how to handle this
in a nicer way.

This should fix some random failures in the blackbox tests.

metze
2010-07-10 09:35:04 +02:00
Matthias Dieter Wallnöfer
518232d457 s4:kinit blackbox test - set/reset also here the "minPwdAge" 2010-07-03 16:08:24 +02:00
Matthias Dieter Wallnöfer
73c69a195a s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0 2010-07-03 11:38:49 +02:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Matthias Dieter Wallnöfer
088a25912e s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax 2010-05-09 19:14:47 +02:00
Andrew Tridgell
48330c828e s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-16 14:12:44 +10:00
Stefan Metzmacher
16d4d0346d testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make test
metze
2010-04-13 10:09:18 +02:00
Andrew Bartlett
df7fbf28ee s4:testprogs Update test to match current Heimdal 2010-03-27 12:23:21 +11:00
Andrew Bartlett
6798543842 s4:testprogs Fix kinit test for updated Heimdal 2010-03-27 11:53:49 +11:00
Andrew Bartlett
0a65bb57a1 s4:selftest Add testing of kpasswd password set on servicePrincipalName 2010-03-25 16:32:04 +11:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00
Stefan Metzmacher
1525e59886 blackbox/test_export_keytab.sh: correctly remove temporary files
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
5df8b33ddc blackbox/test_export_keytab.sh: use VALGRIND for samba4kinit
metze
2010-01-04 09:36:25 +01:00
Andrew Tridgell
9d6411d9dd s4-testpasswords: fixed CONFIG and quoting
Need to pass correct config file to tests
2009-12-31 17:33:34 +11:00
Jelmer Vernooij
9e5ef916d4 net: Move 'newuser' to 'net newuser'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f net: Fix tests and documentation of setexpiry.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:25 +11:00
Jelmer Vernooij
b531696a5b net: Move 'setpassword' to 'net setpassword'.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:22 +11:00
Jelmer Vernooij
797977ac53 blackbox.passwords: Use convenience variable for net.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:19 +11:00
Jelmer Vernooij
18d221342b Fix commands in password tests.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:18 +11:00
Matthias Dieter Wallnöfer
0af3b06824 Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter"
This reverts commit d4389a230b.

This revert changed the behaviour which I didn't expect. Thanks abartlet to
point this out!
2009-09-21 11:33:13 +02:00
Matthias Dieter Wallnöfer
d4389a230b blackbox:test_kinit - Remove the "-H" (hive) parameter
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
2009-09-20 23:07:22 +02:00
Stefan Metzmacher
c5d38fd45a blackbox/test_ldb.sh: test searching using OIDs instead of names for attributes and classes
metze
2009-09-20 06:44:19 +02:00
Andrew Kroeger
e3a2a22451 s4:pwsettings: Added blackbox tests.
The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
2009-09-10 01:09:56 +02:00
Andrew Kroeger
67a8a8c9e6 testprogs:subunit.sh: Add function for expected failures.
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
2009-09-10 01:09:56 +02:00
Andrew Bartlett
8ff1f50b0c s4:kerberos Add support for user principal names in certificates
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).

Andrew Bartlett
2009-07-28 14:10:47 +10:00
Andrew Bartlett
cdd7a5208f s4:kerberos Add test to show that we actually export the keytab
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.

We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.

Andrew Bartlett
2009-07-27 22:41:43 +10:00
Andrew Bartlett
89a074b784 s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ.  Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.

While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).

Andrew Bartlett
2009-06-30 12:11:14 +10:00
Andrew Bartlett
1e6fb7d730 s4: Add tests and 'must change password' flags in setpassword and newuser
In particular, ensure that we can acutally change the password under
these circumstances.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Andrew Bartlett
033e25fdce s4:testprogs Don't specify a username/password when checking the ccache
The purpose of this test is to ensure that the Kerberos credentials
cache is valid.  If the username and password is specified, this
overrides the very thing we are trying to test.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Stefan Metzmacher
d52e813117 s4:blackbox/test_ldb: make use of the $VALGRIND envvar
metze
2009-03-04 08:32:32 +01:00
Stefan Metzmacher
8b408f7819 s4:selftest: avoid hardcoded pathes in blackbox tests
metze
2009-02-03 16:31:04 +01:00
Stefan Metzmacher
bb45bf6347 s4:blackbox: don't remove newlines in the subunit failure output
metze
2009-01-08 15:59:09 +01:00