1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

132 Commits

Author SHA1 Message Date
Alexander Bokovoy
dc3f74a953 auth/credentials: 'workgroup' set via command line will not drop existing ccache
The root cause for existing ccache being invalidated was use of global loadparm with
'workgroup' value set as if from command line. However, we don't really need to take
'workgroup' parameter value's nature into account when invalidating existing ccache.
When -U is used on the command line, one can specify a password to force ccache
invalidation.

The commit also reverts previous fix now that root cause is clear.
2012-05-24 16:21:26 +02:00
Andrew Bartlett
22cd4bcc9e s4-selftest: Always delete the user at the end of test_passwords.sh
If this test is run in the "dc" environment (rather than "dc:local") is would not delete the
test user.

Andrew Bartlett
2012-05-24 09:59:04 +02:00
Alexander Bokovoy
dcfb34fbb4 blackbox: fix samba4.blackbox.kinit test
This deserves some explanation.

With commit 518232d457 samba4.blackbox.kinit test set
was wrapped with password settings reset before and after the tests with an idea to
maintain reliable state for the tests. As result, the resetting of the password
settings was done after the test that tried to use smbclient with a Kerberos ticket
obtained with machine account credentials.

However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(),
never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module
always re-kinited even if existing credentials were available in the ccache. This had an effect
on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to
never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test.

When the issue of not using already initialized credentials from ccache was fixed with
d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache
when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly
re-used already obtained credentials from ccaches. This caused failure of the test
'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account
has no permissions to modify password settings.

Thus, the correct fix is to reset ccache state before performing the test.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104
2012-05-23 18:46:12 +02:00
Andrew Bartlett
95976d4ec2 selftest: Rework samba4.blackbox.bogusdomain to use a temporary user
This avoids leaving an account in the test environment after the test is run
and therefore avoids issues with interations with other tests.

Also, we now use the local administrator account in the member server to
add the test account.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Mar  2 14:44:36 CET 2012 on sn-devel-104
2012-03-02 14:44:36 +01:00
Andrew Bartlett
eecf2ac4c8 selftest: Remove unused support for --exeext 2012-02-01 02:45:07 +01:00
Matthieu Patou
7350d99409 s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
2012-01-30 08:23:11 -08:00
Andrew Bartlett
bbacd901cd selftest: Add test for smbpasswd against pdb_samba4
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 24 11:05:09 CET 2012 on sn-devel-104
2012-01-24 11:05:09 +01:00
Andrew Bartlett
2da506ee66 s4-selftest re-enable nsstest on libnss_winbind.so 2011-12-07 03:09:08 +01:00
Andrew Bartlett
2bff209128 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.

Based on a request by Gémes Géza <geza@kzsdabas.hu>

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-29 09:20:54 +01:00
Theresa Halloran
b26a4f6232 s4: samba-tool subcommand rename - change samba-tool user add to samba-tool user create
Signed-off-by: Theresa Halloran <thallora@linux.vnet.ibm.com>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2011-10-23 15:23:28 -07:00
Andrew Bartlett
f8c6219188 s4-selftest When testing for a credentials cache, do not specify a domain
If we specify a domain, then we indicate that we must use that domain
which overrides the credentials cache we found in the environment.

Andrew Bartlett
2011-10-18 13:13:30 +11:00
Amitay Isaacs
6c1cbfb232 tests-blackbox: Revert the test to use user-level change password command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
fca7062d2a test-blackbox: use python version of change password command
Replace the "samba-tool user setpassword" command with user level
"samba-tool user password" command.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
db151ee3c0 test-blackbox: Rearrange arguments for samba-tool user setpassword command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
c876993901 test-blackbox: Remove 'domain\' from username for samba-tool user setpassword
Python version of samba-tool does not require 'domain\' prefix for username.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
94976ee2ef test-blackbox: Rearrange the arguments in required order for samba-tool time
Python version of samba-tool requires the command and the subcommand to
be specified before the options.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Giampaolo Lauria
901959d9ca samba-tool: updated test suite to account for newuser change
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Giampaolo Lauria
2e082853fb samba-tool: update test suite to reflect the move from password to "user setpassword"
This is part of the work to reflect the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Andrew Tridgell
88df1da2b2 s4-test: don't fix broken objects during dbcheck test
this leaves the database as-is, which makes it easier to examine the
problem
2011-07-21 11:44:33 +10:00
Andrew Tridgell
bba7dc5092 dbcheck: test the --reindex option
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:32 +10:00
Andrew Tridgell
190ec87964 s4-test: added dbcheck run to test suite
This should catch corruption that happens during a test run

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:32 +10:00
Andrew Tridgell
7d399376b8 samba-tool: use 'exportkeytab' instead of 'dumpkeys'
a 'keytab' is a particular format known to administrators, whereas
'keys' is a bit too vague

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:31 +10:00
Giampaolo Lauria
9f32f86018 samba-tool: updated test suite for the new domain dumpkeys option
The test suite has been changed to reflect the move from export to "domain dumpkeys" to reflect the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
8c7718ac16 samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
c4a92292c1 samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:22 +10:00
Andrew Tridgell
1ee67df307 s4-test: fixed usage message on renamedc.sh 2011-07-13 12:51:05 +02:00
Andrew Tridgell
9bd695c83f samba-tool: update tests for new 'user enable' syntax
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun  1 10:37:50 CEST 2011 on sn-devel-104
2011-06-01 10:37:50 +02:00
Matthieu Patou
49c99d0515 s4: add blackbox test for rename
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 21 09:50:34 CEST 2011 on sn-devel-104
2011-05-21 09:50:34 +02:00
Andrew Bartlett
4fd6ebf544 selftest: Remove duplication between BUILDIR and BINDIR
Just have BINDIR, and have it default to ./bin

Andrew Bartlett
2011-04-16 11:43:04 +02:00
Michael Adam
7c72ce9f48 testprogs/blackbox/subunit: add testok() for easier integration of s3 tests. 2011-02-16 12:56:40 +01:00
Andrew Tridgell
b49973404c blackbox: removed assumption of build directory
this fixes the blackbox tests for a top level build

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-07 13:22:00 +11:00
Stefan Metzmacher
769425662e testprogs:test_kinit: create tmp files under $PREFIX
metze
2010-12-24 17:31:06 +01:00
Jelmer Vernooij
d237698850 blackbox.ldb: Support using system ldbsearch.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Nov 27 04:32:11 CET 2010 on sn-devel-104
2010-11-27 04:32:11 +01:00
Andrew Bartlett
b8631597f5 s4-test_kinit Add tests for lowercase realm combinations
This tests that the handling of lowercase realms works in our KDC and
libraries.

Andrew Bartlett
2010-11-16 16:01:19 +11:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Andrew Tridgell
006111646c s4-test: fixed a typo in test_kinit.sh
too many Ts

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104
2010-10-15 10:14:27 +00:00
Andrew Tridgell
d59a342c71 s4-test: fixed test_kinit.sh time command test
passing -W breaks -k yes
2010-10-15 09:32:03 +00:00
Stefan Metzmacher
34692556be s4:blackblock/ktpass: use test specific user name
metze
2010-07-31 11:22:15 +02:00
Matthieu Patou
e461e29cd9 s4 unittests: add blackblox test for ktpass 2010-07-17 17:56:16 +04:00
Andrew Bartlett
0e212acd32 s4:testprogs Operate the blackbox kinit and net tests using the :local config
This :local tells selftest.pl to use the local smb.conf for the test
environment, not the generic client smb.conf

This then makes the rest work properly - otherwise, it may attempt to
connect to the wrong KDC for example.

The only problem is that we can't test the 'net join' with this set,
so this is removed from the test.  The member server test environment
checks this anyway.

Andrew Bartlett
2010-07-16 07:08:41 +10:00
Andrew Bartlett
8769e75a61 s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.

Andrew Bartlett
2010-07-15 22:08:22 +10:00
Andrew Bartlett
5d61b477c6 s4:testprogs Prove kerberos still works after a password change
Changing the machine account password should not prevent connections
with a current, valid CCACHE.  This is because when the password is
changed, the server-side keytab keeps one old password around.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:22 +10:00
Matthieu Patou
0496af8341 s4: Unit test update_machine_account_password through kinit
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
22dfb16d73 testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.

We need a discussion on the mailing list how to handle this
in a nicer way.

This should fix some random failures in the blackbox tests.

metze
2010-07-10 09:35:04 +02:00
Matthias Dieter Wallnöfer
518232d457 s4:kinit blackbox test - set/reset also here the "minPwdAge" 2010-07-03 16:08:24 +02:00
Matthias Dieter Wallnöfer
73c69a195a s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0 2010-07-03 11:38:49 +02:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Matthias Dieter Wallnöfer
088a25912e s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax 2010-05-09 19:14:47 +02:00
Andrew Tridgell
48330c828e s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-16 14:12:44 +10:00
Stefan Metzmacher
16d4d0346d testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make test
metze
2010-04-13 10:09:18 +02:00