[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Sat Oct 12 17:40:05 UTC 2019
The branch, master has been updated
via 123584294cf s3:libads: Do not turn on canonicalization flag for MIT Kerberos
via 93c2b446755 testprogs: Add test for kinit with canonicalization
via 0cad882380c s4:selftest: Do not print the target env twice
via 46068d5f289 gitlab-ci: Run several AD tests with MIT KDC
via a06889f6d77 s4:selftest: Do not print the target env twice
via d888655244b lib:krb5_wrap: Do not create a temporary file for MEMORY keytabs
from 23ea12e98ed spnego: fix server handling of no optimistic exchange
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 123584294cfd153acc2d9a5be9d71c395c847a25
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 9 16:32:47 2019 +0200
s3:libads: Do not turn on canonicalization flag for MIT Kerberos
This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155
Pair-Programmed-With: Isaac Boukris <iboukris at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 17:39:13 UTC 2019 on sn-devel-184
commit 93c2b446755bd89c7ace8c6ee0445a361f8e17ca
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 9 16:59:59 2019 +0200
testprogs: Add test for kinit with canonicalization
Pair-Programmed-With: Isaac Boukris <iboukris at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0cad882380cc361a4106dc12aeb0582a6dccdd88
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 9 16:57:11 2019 +0200
s4:selftest: Do not print the target env twice
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 46068d5f289948a7d478c23391e0036f69d693a4
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 9 15:55:50 2019 +0200
gitlab-ci: Run several AD tests with MIT KDC
This will avoid introducing regressions in either client or server code.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a06889f6d774ba62be2103da2340b98b3ada6654
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 10 09:14:24 2019 +0200
s4:selftest: Do not print the target env twice
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d888655244b4d8ec7a69a042e0ff3c074585b0de
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 9 20:11:03 2019 +0200
lib:krb5_wrap: Do not create a temporary file for MEMORY keytabs
The autobuild cleanup script fails with:
The tree has 3 new uncommitted files!!!
git clean -n
Would remove MEMORY:tmp_smb_creds_SK98Lv
Would remove MEMORY:tmp_smb_creds_kornU6
Would remove MEMORY:tmp_smb_creds_ljR828
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 16 +++++++---
lib/krb5_wrap/krb5_samba.c | 19 +++++-------
script/autobuild.py | 58 +++++++++++++++++++++++++++---------
selftest/knownfail.d/kinit_mit | 1 +
source3/libads/krb5_setpw.c | 15 ++++++++++
source4/selftest/tests.py | 34 ++++++++++-----------
testprogs/blackbox/test_kinit_mit.sh | 13 ++++++++
7 files changed, 110 insertions(+), 46 deletions(-)
create mode 100644 selftest/knownfail.d/kinit_mit
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 62a3c7fcb5d..66f92f4436a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -119,9 +119,6 @@ samba-nopython:
samba-nopython-py2:
extends: .shared_template
-samba-systemkrb5:
- extends: .shared_template
-
samba-xc:
extends: .shared_template
@@ -158,6 +155,12 @@ samba-ctdb:
samba-ad-dc-ntvfs:
extends: .shared_template
+samba-ad-member-mitkrb5:
+ extends: .shared_template
+
+samba-ad-dc-4-mitkrb5:
+ extends: .shared_template
+
.private_template:
extends: .shared_template
tags:
@@ -189,6 +192,9 @@ samba-nt4:
samba-schemaupgrade:
extends: .private_template
+samba-ad-dc-1-mitkrb5:
+ extends: .private_template
+
# 'pages' is a special job which can publish artifacts in `public` dir to gitlab pages
pages:
image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
@@ -199,14 +205,17 @@ pages:
dependencies: # tell gitlab to download artifacts for these jobs
- samba
- samba-ad-dc-1
+ - samba-ad-dc-1-mitkrb5
- samba-ad-dc-2
- samba-ad-dc-3
- samba-ad-dc-4
+ - samba-ad-dc-4-mitkrb5
- samba-ad-dc-5
- samba-ad-dc-6
- samba-ad-dc-backup
- samba-ad-dc-ntvfs
- samba-ad-member
+ - samba-ad-member-mitkrb5
- samba-ctdb
- samba-fileserver
- samba-libs
@@ -216,7 +225,6 @@ pages:
- samba-nt4
- samba-schemaupgrade
- samba-static
- - samba-systemkrb5
- samba-xc
# - ctdb # TODO
- others
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index a4e73c64f00..5aceae44eec 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2002,26 +2002,23 @@ krb5_error_code smb_krb5_kinit_keyblock_ccache(krb5_context ctx,
krb_options);
#elif defined(HAVE_KRB5_GET_INIT_CREDS_KEYTAB)
{
-#define SMB_CREDS_KEYTAB "MEMORY:tmp_smb_creds_XXXXXX"
- char tmp_name[sizeof(SMB_CREDS_KEYTAB)];
+#define SMB_CREDS_KEYTAB "MEMORY:tmp_kinit_keyblock_ccache"
+ char tmp_name[64] = {0};
krb5_keytab_entry entry;
krb5_keytab keytab;
- int tmpfd;
- mode_t mask;
+ int rc;
memset(&entry, 0, sizeof(entry));
entry.principal = principal;
*(KRB5_KT_KEY(&entry)) = *keyblock;
- memcpy(tmp_name, SMB_CREDS_KEYTAB, sizeof(SMB_CREDS_KEYTAB));
- mask = umask(S_IRWXO | S_IRWXG);
- tmpfd = mkstemp(tmp_name);
- umask(mask);
- if (tmpfd == -1) {
- DBG_ERR("Failed to mkstemp %s\n", tmp_name);
+ rc = snprintf(tmp_name, sizeof(tmp_name),
+ "%s-%p",
+ SMB_CREDS_KEYTAB,
+ &my_creds);
+ if (rc < 0) {
return KRB5_KT_BADNAME;
}
- close(tmpfd);
code = krb5_kt_resolve(ctx, tmp_name, &keytab);
if (code) {
return code;
diff --git a/script/autobuild.py b/script/autobuild.py
index 29e6234ded9..e4a36aab34e 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -125,6 +125,7 @@ builddirs = {
"samba-nt4": ".",
"samba-fileserver": ".",
"samba-ad-member": ".",
+ "samba-ad-member-mitkrb5": ".",
"samba-xc": ".",
"samba-o3": ".",
"samba-ctdb": ".",
@@ -132,14 +133,15 @@ builddirs = {
"samba-static": ".",
"samba-none-env": ".",
"samba-ad-dc-1": ".",
+ "samba-ad-dc-1-mitkrb5": ".",
"samba-ad-dc-2": ".",
"samba-ad-dc-3": ".",
"samba-ad-dc-4": ".",
+ "samba-ad-dc-4-mitkrb5": ".",
"samba-ad-dc-5": ".",
"samba-ad-dc-6": ".",
"samba-ad-dc-ntvfs": ".",
"samba-ad-dc-backup": ".",
- "samba-systemkrb5": ".",
"samba-nopython": ".",
"samba-nopython-py2": ".",
"samba-schemaupgrade": ".",
@@ -427,6 +429,47 @@ tasks = {
("check-clean-tree", "script/clean-source-tree.sh"),
],
+ "samba-ad-member-mitkrb5": [
+ ("random-sleep", random_sleep(300, 900)),
+ ("configure", "./configure.developer --with-selftest-prefix=./bin/ab --with-system-mitkrb5 --with-experimental-mit-ad-dc" + samba_configure_params),
+ ("make", "make -j"),
+ ("test", make_test(include_envs=[
+ "ad_member",
+ "ad_member_idmap_rid",
+ "ad_member_idmap_ad",
+ "ad_member_rfc2307",
+ ])),
+ ("lcov", LCOV_CMD),
+ ("check-clean-tree", "script/clean-source-tree.sh"),
+ ],
+
+ "samba-ad-dc-1-mitkrb5": [
+ ("random-sleep", random_sleep(1, 1)),
+ ("configure", "./configure.developer --with-selftest-prefix=./bin/ab --with-system-mitkrb5 --with-experimental-mit-ad-dc" + samba_configure_params),
+ ("make", "make -j"),
+ ("test", make_test(include_envs=[
+ "ad_dc",
+ "ad_dc_no_nss",
+ "ad_dc_no_ntlm",
+ ])),
+ ("lcov", LCOV_CMD),
+ ("check-clean-tree", "script/clean-source-tree.sh"),
+ ],
+
+ "samba-ad-dc-4-mitkrb5": [
+ ("random-sleep", random_sleep(1, 1)),
+ ("configure", "./configure.developer --with-selftest-prefix=./bin/ab --with-system-mitkrb5 --with-experimental-mit-ad-dc" + samba_configure_params),
+ ("make", "make -j"),
+ ("test", make_test(include_envs=[
+ "fl2000dc",
+ "fl2003dc",
+ "fl2008dc",
+ "fl2008r2dc",
+ ])),
+ ("lcov", LCOV_CMD),
+ ("check-clean-tree", "script/clean-source-tree.sh"),
+ ],
+
"samba-test-only": [
("configure", "./configure.developer --with-selftest-prefix=./bin/ab --abi-check-disable" + samba_configure_params),
("make", "make -j"),
@@ -538,19 +581,6 @@ tasks = {
("nonshared-make", "make -j"),
],
- "samba-systemkrb5": [
- ("random-sleep", random_sleep(900, 1500)),
- ("configure", "./configure.developer " + samba_configure_params + " --with-system-mitkrb5 --with-experimental-mit-ad-dc"),
- ("make", "make -j"),
- # we currently cannot run a full make test, a limited list of tests could be run
- # via "make test TESTS=sometests"
- ("test", make_test(include_envs=["ktest"])),
- ("lcov", LCOV_CMD),
- ("install", "make install"),
- ("check-clean-tree", "script/clean-source-tree.sh"),
- ("clean", "make clean"),
- ],
-
# Test Samba without python still builds. When this test fails
# due to more use of Python, the expectations is that the newly
# failing part of the code should be disabled when
diff --git a/selftest/knownfail.d/kinit_mit b/selftest/knownfail.d/kinit_mit
new file mode 100644
index 00000000000..ef1a3d5aa91
--- /dev/null
+++ b/selftest/knownfail.d/kinit_mit
@@ -0,0 +1 @@
+^samba4.blackbox.kinit.kinit.with.canonicalize
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ee352bf0893..8f638dcdb8e 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -206,7 +206,22 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
krb5_get_init_creds_opt_set_win2k(context, opts, true);
krb5_get_init_creds_opt_set_canonicalize(context, opts, true);
#else /* MIT */
+#if 0
+ /*
+ * FIXME
+ *
+ * Due to an upstream MIT Kerberos bug, this feature is not
+ * not working. Affection versions (2019-10-09): <= 1.17
+ *
+ * Reproducer:
+ * kinit -C aDmInIsTrAtOr at ACME.COM -S kadmin/changepw at ACME.COM
+ *
+ * This is NOT a problem if the service is a krbtgt.
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=14155
+ */
krb5_get_init_creds_opt_set_canonicalize(opts, true);
+#endif
#endif /* MIT */
/* note that heimdal will fill in the local addresses if the addresses
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 2c5a754e89e..642dc680fa4 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -449,23 +449,23 @@ plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join
if have_heimdal_support:
for env in ["ad_dc_ntvfs", "ad_dc"]:
- plantestsuite("samba4.blackbox.pkinit(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])
- plantestsuite("samba4.blackbox.pkinit_pac(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_pac_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", configuration])
- plantestsuite("samba4.blackbox.kinit(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "arcfour-hmac-md5", smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit_trust(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest", "aes256-cts-hmac-sha1-96"])
- plantestsuite("samba4.blackbox.kinit_trust(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"])
- plantestsuite("samba4.blackbox.export.keytab(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
- plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+ plantestsuite("samba4.blackbox.pkinit", "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])
+ plantestsuite("samba4.blackbox.pkinit_pac", "%s:local" % env, [os.path.join(bbdir, "test_pkinit_pac_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", configuration])
+ plantestsuite("samba4.blackbox.kinit", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "arcfour-hmac-md5", smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit_trust", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest", "aes256-cts-hmac-sha1-96"])
+ plantestsuite("samba4.blackbox.kinit_trust", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"])
+ plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
+ plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
else:
- plantestsuite("samba4.blackbox.kinit(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit_trust(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
- plantestsuite("samba4.blackbox.kinit_trust(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
- plantestsuite("samba4.blackbox.export.keytab(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
- plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+ plantestsuite("samba4.blackbox.kinit", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
+ plantestsuite("samba4.blackbox.kinit_trust", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
+ plantestsuite("samba4.blackbox.kinit_trust", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
+ plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
+ plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
@@ -487,7 +487,7 @@ plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.jo
plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient4])
plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
-plantestsuite("samba4.blackbox.net_ads(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh
index 57d0f74d28d..d28caecd603 100755
--- a/testprogs/blackbox/test_kinit_mit.sh
+++ b/testprogs/blackbox/test_kinit_mit.sh
@@ -130,6 +130,19 @@ testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool us
testit "enable user with kerberos cache" $VALGRIND $PYTHON $samba_enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
+###########################################################
+### Test kinit with canonicalization
+###########################################################
+
+# This is currently not working due to an upstream bug in MIT Kerberos. The
+# test will ensure that we get notified when we can turn on canonicalization
+# in ads_krb5_chg_password().
+# https://bugzilla.samba.org/show_bug.cgi?id=14155
+upperusername=$(echo $USERNAME | tr '[a-z]' '[A-Z]')
+testit "kinit with canonicalize" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -C $upperusername@$REALM -S kadmin/changepw@$REALM || failed=`expr $failed + 1`
+
+$samba_kdestroy
+
###########################################################
### Test kinit with user credentials
###########################################################
--
Samba Shared Repository
More information about the samba-cvs
mailing list