1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

98 Commits

Author SHA1 Message Date
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Andrew Tridgell
006111646c s4-test: fixed a typo in test_kinit.sh
too many Ts

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104
2010-10-15 10:14:27 +00:00
Andrew Tridgell
d59a342c71 s4-test: fixed test_kinit.sh time command test
passing -W breaks -k yes
2010-10-15 09:32:03 +00:00
Stefan Metzmacher
34692556be s4:blackblock/ktpass: use test specific user name
metze
2010-07-31 11:22:15 +02:00
Matthieu Patou
e461e29cd9 s4 unittests: add blackblox test for ktpass 2010-07-17 17:56:16 +04:00
Andrew Bartlett
0e212acd32 s4:testprogs Operate the blackbox kinit and net tests using the :local config
This :local tells selftest.pl to use the local smb.conf for the test
environment, not the generic client smb.conf

This then makes the rest work properly - otherwise, it may attempt to
connect to the wrong KDC for example.

The only problem is that we can't test the 'net join' with this set,
so this is removed from the test.  The member server test environment
checks this anyway.

Andrew Bartlett
2010-07-16 07:08:41 +10:00
Andrew Bartlett
8769e75a61 s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.

Andrew Bartlett
2010-07-15 22:08:22 +10:00
Andrew Bartlett
5d61b477c6 s4:testprogs Prove kerberos still works after a password change
Changing the machine account password should not prevent connections
with a current, valid CCACHE.  This is because when the password is
changed, the server-side keytab keeps one old password around.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:22 +10:00
Matthieu Patou
0496af8341 s4: Unit test update_machine_account_password through kinit
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
22dfb16d73 testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.

We need a discussion on the mailing list how to handle this
in a nicer way.

This should fix some random failures in the blackbox tests.

metze
2010-07-10 09:35:04 +02:00
Matthias Dieter Wallnöfer
518232d457 s4:kinit blackbox test - set/reset also here the "minPwdAge" 2010-07-03 16:08:24 +02:00
Matthias Dieter Wallnöfer
73c69a195a s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0 2010-07-03 11:38:49 +02:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Matthias Dieter Wallnöfer
088a25912e s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax 2010-05-09 19:14:47 +02:00
Andrew Tridgell
48330c828e s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-16 14:12:44 +10:00
Stefan Metzmacher
16d4d0346d testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make test
metze
2010-04-13 10:09:18 +02:00
Andrew Bartlett
df7fbf28ee s4:testprogs Update test to match current Heimdal 2010-03-27 12:23:21 +11:00
Andrew Bartlett
6798543842 s4:testprogs Fix kinit test for updated Heimdal 2010-03-27 11:53:49 +11:00
Andrew Bartlett
0a65bb57a1 s4:selftest Add testing of kpasswd password set on servicePrincipalName 2010-03-25 16:32:04 +11:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00
Stefan Metzmacher
1525e59886 blackbox/test_export_keytab.sh: correctly remove temporary files
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
5df8b33ddc blackbox/test_export_keytab.sh: use VALGRIND for samba4kinit
metze
2010-01-04 09:36:25 +01:00
Andrew Tridgell
9d6411d9dd s4-testpasswords: fixed CONFIG and quoting
Need to pass correct config file to tests
2009-12-31 17:33:34 +11:00
Jelmer Vernooij
9e5ef916d4 net: Move 'newuser' to 'net newuser'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f net: Fix tests and documentation of setexpiry.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:25 +11:00
Jelmer Vernooij
b531696a5b net: Move 'setpassword' to 'net setpassword'.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:22 +11:00
Jelmer Vernooij
797977ac53 blackbox.passwords: Use convenience variable for net.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:19 +11:00
Jelmer Vernooij
18d221342b Fix commands in password tests.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:18 +11:00
Matthias Dieter Wallnöfer
0af3b06824 Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter"
This reverts commit d4389a230b.

This revert changed the behaviour which I didn't expect. Thanks abartlet to
point this out!
2009-09-21 11:33:13 +02:00
Matthias Dieter Wallnöfer
d4389a230b blackbox:test_kinit - Remove the "-H" (hive) parameter
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
2009-09-20 23:07:22 +02:00
Stefan Metzmacher
c5d38fd45a blackbox/test_ldb.sh: test searching using OIDs instead of names for attributes and classes
metze
2009-09-20 06:44:19 +02:00
Andrew Kroeger
e3a2a22451 s4:pwsettings: Added blackbox tests.
The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
2009-09-10 01:09:56 +02:00
Andrew Kroeger
67a8a8c9e6 testprogs:subunit.sh: Add function for expected failures.
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
2009-09-10 01:09:56 +02:00
Andrew Bartlett
8ff1f50b0c s4:kerberos Add support for user principal names in certificates
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).

Andrew Bartlett
2009-07-28 14:10:47 +10:00
Andrew Bartlett
cdd7a5208f s4:kerberos Add test to show that we actually export the keytab
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.

We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.

Andrew Bartlett
2009-07-27 22:41:43 +10:00
Andrew Bartlett
89a074b784 s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ.  Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.

While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).

Andrew Bartlett
2009-06-30 12:11:14 +10:00
Andrew Bartlett
1e6fb7d730 s4: Add tests and 'must change password' flags in setpassword and newuser
In particular, ensure that we can acutally change the password under
these circumstances.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Andrew Bartlett
033e25fdce s4:testprogs Don't specify a username/password when checking the ccache
The purpose of this test is to ensure that the Kerberos credentials
cache is valid.  If the username and password is specified, this
overrides the very thing we are trying to test.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Stefan Metzmacher
d52e813117 s4:blackbox/test_ldb: make use of the $VALGRIND envvar
metze
2009-03-04 08:32:32 +01:00
Stefan Metzmacher
8b408f7819 s4:selftest: avoid hardcoded pathes in blackbox tests
metze
2009-02-03 16:31:04 +01:00
Stefan Metzmacher
bb45bf6347 s4:blackbox: don't remove newlines in the subunit failure output
metze
2009-01-08 15:59:09 +01:00
Andrew Bartlett
fc7e41d6ff s4:testprogs: improve extended dn testing of the ldb blackbox tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:30 +11:00
Andrew Bartlett
22eb64f056 Actually test the kpasswd server
This uses kpasswd operated as a blackbox, assisted by the newly
imported rkpty tool.

Andrew Bartlett
2008-10-20 20:07:09 +11:00
Stefan Metzmacher
bb4e9d72dd s4:blackbox/test_ldb: test search by <GUID=...> and <SID=...>
metze
2008-10-06 09:07:37 +02:00
Andrew Tridgell
e13270d7ac fixed the ldb blackbox test to work with non-bourne shells (as needed
by ubuntu)

fixed spelling of 'wellknown'
2008-10-03 17:08:39 -07:00
Stefan Metzmacher
a25fac13eb s4:blackblox/test_ldb: test searches via wellknownObjects
metze
2008-10-02 18:56:09 +02:00
Jelmer Vernooij
d7a0c26af4 Move torture/ blackbox tests closer to code they're testing. 2008-09-16 18:30:24 +02:00
Jelmer Vernooij
aa09d8a75f Move ndrdump tests closer to the code they test. 2008-09-16 18:16:49 +02:00
Stefan Metzmacher
b295dca7a0 blackbox: fix source => source4
metze
2008-09-14 23:08:45 +02:00
Jelmer Vernooij
26e9194e3a Move blackbox tests closer to what they're testing.
(This used to be commit c9b2e2aa86)
2008-06-26 10:56:59 +02:00