1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

91 Commits

Author SHA1 Message Date
Andrew Bartlett
5d61b477c6 s4:testprogs Prove kerberos still works after a password change
Changing the machine account password should not prevent connections
with a current, valid CCACHE.  This is because when the password is
changed, the server-side keytab keeps one old password around.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:22 +10:00
Matthieu Patou
0496af8341 s4: Unit test update_machine_account_password through kinit
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
22dfb16d73 testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.

We need a discussion on the mailing list how to handle this
in a nicer way.

This should fix some random failures in the blackbox tests.

metze
2010-07-10 09:35:04 +02:00
Matthias Dieter Wallnöfer
518232d457 s4:kinit blackbox test - set/reset also here the "minPwdAge" 2010-07-03 16:08:24 +02:00
Matthias Dieter Wallnöfer
73c69a195a s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0 2010-07-03 11:38:49 +02:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Matthias Dieter Wallnöfer
088a25912e s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax 2010-05-09 19:14:47 +02:00
Andrew Tridgell
48330c828e s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-16 14:12:44 +10:00
Stefan Metzmacher
16d4d0346d testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make test
metze
2010-04-13 10:09:18 +02:00
Andrew Bartlett
df7fbf28ee s4:testprogs Update test to match current Heimdal 2010-03-27 12:23:21 +11:00
Andrew Bartlett
6798543842 s4:testprogs Fix kinit test for updated Heimdal 2010-03-27 11:53:49 +11:00
Andrew Bartlett
0a65bb57a1 s4:selftest Add testing of kpasswd password set on servicePrincipalName 2010-03-25 16:32:04 +11:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00
Stefan Metzmacher
1525e59886 blackbox/test_export_keytab.sh: correctly remove temporary files
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
5df8b33ddc blackbox/test_export_keytab.sh: use VALGRIND for samba4kinit
metze
2010-01-04 09:36:25 +01:00
Andrew Tridgell
9d6411d9dd s4-testpasswords: fixed CONFIG and quoting
Need to pass correct config file to tests
2009-12-31 17:33:34 +11:00
Jelmer Vernooij
9e5ef916d4 net: Move 'newuser' to 'net newuser'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f net: Fix tests and documentation of setexpiry.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:25 +11:00
Jelmer Vernooij
b531696a5b net: Move 'setpassword' to 'net setpassword'.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:22 +11:00
Jelmer Vernooij
797977ac53 blackbox.passwords: Use convenience variable for net.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:19 +11:00
Jelmer Vernooij
18d221342b Fix commands in password tests.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:18 +11:00
Matthias Dieter Wallnöfer
0af3b06824 Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter"
This reverts commit d4389a230b.

This revert changed the behaviour which I didn't expect. Thanks abartlet to
point this out!
2009-09-21 11:33:13 +02:00
Matthias Dieter Wallnöfer
d4389a230b blackbox:test_kinit - Remove the "-H" (hive) parameter
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
2009-09-20 23:07:22 +02:00
Stefan Metzmacher
c5d38fd45a blackbox/test_ldb.sh: test searching using OIDs instead of names for attributes and classes
metze
2009-09-20 06:44:19 +02:00
Andrew Kroeger
e3a2a22451 s4:pwsettings: Added blackbox tests.
The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
2009-09-10 01:09:56 +02:00
Andrew Kroeger
67a8a8c9e6 testprogs:subunit.sh: Add function for expected failures.
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
2009-09-10 01:09:56 +02:00
Andrew Bartlett
8ff1f50b0c s4:kerberos Add support for user principal names in certificates
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).

Andrew Bartlett
2009-07-28 14:10:47 +10:00
Andrew Bartlett
cdd7a5208f s4:kerberos Add test to show that we actually export the keytab
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.

We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.

Andrew Bartlett
2009-07-27 22:41:43 +10:00
Andrew Bartlett
89a074b784 s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ.  Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.

While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).

Andrew Bartlett
2009-06-30 12:11:14 +10:00
Andrew Bartlett
1e6fb7d730 s4: Add tests and 'must change password' flags in setpassword and newuser
In particular, ensure that we can acutally change the password under
these circumstances.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Andrew Bartlett
033e25fdce s4:testprogs Don't specify a username/password when checking the ccache
The purpose of this test is to ensure that the Kerberos credentials
cache is valid.  If the username and password is specified, this
overrides the very thing we are trying to test.

Andrew Bartlett
2009-06-18 13:49:30 +10:00
Stefan Metzmacher
d52e813117 s4:blackbox/test_ldb: make use of the $VALGRIND envvar
metze
2009-03-04 08:32:32 +01:00
Stefan Metzmacher
8b408f7819 s4:selftest: avoid hardcoded pathes in blackbox tests
metze
2009-02-03 16:31:04 +01:00
Stefan Metzmacher
bb45bf6347 s4:blackbox: don't remove newlines in the subunit failure output
metze
2009-01-08 15:59:09 +01:00
Andrew Bartlett
fc7e41d6ff s4:testprogs: improve extended dn testing of the ldb blackbox tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:30 +11:00
Andrew Bartlett
22eb64f056 Actually test the kpasswd server
This uses kpasswd operated as a blackbox, assisted by the newly
imported rkpty tool.

Andrew Bartlett
2008-10-20 20:07:09 +11:00
Stefan Metzmacher
bb4e9d72dd s4:blackbox/test_ldb: test search by <GUID=...> and <SID=...>
metze
2008-10-06 09:07:37 +02:00
Andrew Tridgell
e13270d7ac fixed the ldb blackbox test to work with non-bourne shells (as needed
by ubuntu)

fixed spelling of 'wellknown'
2008-10-03 17:08:39 -07:00
Stefan Metzmacher
a25fac13eb s4:blackblox/test_ldb: test searches via wellknownObjects
metze
2008-10-02 18:56:09 +02:00
Jelmer Vernooij
d7a0c26af4 Move torture/ blackbox tests closer to code they're testing. 2008-09-16 18:30:24 +02:00
Jelmer Vernooij
aa09d8a75f Move ndrdump tests closer to the code they test. 2008-09-16 18:16:49 +02:00
Stefan Metzmacher
b295dca7a0 blackbox: fix source => source4
metze
2008-09-14 23:08:45 +02:00
Jelmer Vernooij
26e9194e3a Move blackbox tests closer to what they're testing.
(This used to be commit c9b2e2aa86)
2008-06-26 10:56:59 +02:00
Jim McDonough
f3fb381952 Missed these on the last commit
(This used to be commit 0e8f946ed0)
2008-06-12 07:06:07 -04:00
Jim McDonough
0410dcb32d Initial automated wintest.
Added a blackbox test which looks for $WINTEST_CONF_DIR,
gets configuration vars from *.conf in that dir, disables
smbwrapper, and runs RAW-OPEN torture test.

Scripts are coming to startup/shutdown vm's.
(This used to be commit 74a0a9bb54)
2008-06-12 07:02:14 -04:00
Andrew Kroeger
fe17acfa82 subunit.sh: Properly capture and pass on the command output.
Previously, the output from $cmdline was never captured.  In case of a
failure, there was no output being passed to the subunit_fail_test() function,
but that function contains a call to "cat -".  This caused the script to hang
indefinitely waiting for input.

We now capture $cmdline output (including mapping stderr to stdout) using
backticks, and then pipe that output to the subunit_fail_test() if there is
a failure.
(This used to be commit c0234d1319)
2008-05-21 20:46:14 -05:00
Jelmer Vernooij
1929675813 Fix reference to removed smbpython.
(This used to be commit 58f956dc45)
2008-05-21 15:39:00 +02:00
Andrew Bartlett
9586462b8f Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit 18dd8120cc)
2008-04-16 16:12:58 +02:00
Andrew Bartlett
008c8adfe3 Fix wbinfo --trusted-domains.
The problems here were that we did not bind to the LSA pipe, and we
did not consider it possible to have 0 trusted domains.

Andrew Bartlett
(This used to be commit 86694d429d)
2008-04-16 16:10:16 +02:00
Jelmer Vernooij
228f342b1f Use the subunit shell library.
(This used to be commit 49367e044e)
2008-04-16 14:52:29 +02:00