git.samba.org / asn / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0388a8f)
testprogs: Consistantly use kinit -c $KRB5CCNAME
authorStefan Metzmacher <metze@samba.org>
Fri, 3 Apr 2020 14:29:36 +0000 (16:29 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 5 Jul 2021 23:51:43 +0000 (23:51 +0000)
We want to be really clear which credentials cache we use.

The kerberos_kinit() shell function uses this internally.

-c is the common option between MIT and Heimdal, and is
equivilant to --cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 23:51:43 UTC 2021 on sn-devel-184

14 files changed:
testprogs/blackbox/common_test_fns.inc patch | blob | history
testprogs/blackbox/test_chgdcpass.sh patch | blob | history
testprogs/blackbox/test_export_keytab_heimdal.sh patch | blob | history
testprogs/blackbox/test_kinit_heimdal.sh patch | blob | history
testprogs/blackbox/test_kinit_trusts_heimdal.sh patch | blob | history
testprogs/blackbox/test_kpasswd_heimdal.sh patch | blob | history
testprogs/blackbox/test_ktpass.sh patch | blob | history
testprogs/blackbox/test_net_ads_dns.sh patch | blob | history
testprogs/blackbox/test_password_settings.sh patch | blob | history
testprogs/blackbox/test_pkinit_heimdal.sh patch | blob | history
testprogs/blackbox/test_pkinit_pac_heimdal.sh patch | blob | history
testprogs/blackbox/test_s4u_heimdal.sh patch | blob | history
testprogs/blackbox/test_samba_upgradedns.sh patch | blob | history
testprogs/blackbox/test_trust_user_account.sh patch | blob | history

diff --git a/testprogs/blackbox/common_test_fns.inc b/testprogs/blackbox/common_test_fns.inc
index 7b421e9eb08781cccdad7f36d71db2e1018b1f1c..1c988f439a7f61aed7f7931017cfda258fcdff32 100755 (executable)
--- a/testprogs/blackbox/common_test_fns.inc
+++ b/testprogs/blackbox/common_test_fns.inc
@@ -98,7 +98,7 @@ kerberos_kinit() {
        if [ "${kbase}" = "samba4kinit" ]; then
                kpassfile=$(mktemp)
                echo $password > ${kpassfile}
-               $kinit_tool --password-file=${kpassfile} $principal $@
+               $kinit_tool -c ${KRB5CCNAME} --password-file=${kpassfile} $principal $@
                status=$?
                rm -f ${kpassfile}
        else
diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh
index 54137b980caa9d1796c26be7135d1cbe73435dbe..d7d1d030c19a0cb6597f305870c4c66f23c89d31 100755 (executable)
--- a/testprogs/blackbox/test_chgdcpass.sh
+++ b/testprogs/blackbox/test_chgdcpass.sh
@@ -24,11 +24,11 @@ failed=0
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
 
-samba4kinit=kinit
+samba4kinit_binary=kinit
 heimdal=0
 if test -x $BINDIR/samba4kinit; then
        heimdal=1
-       samba4kinit=bin/samba4kinit
+       samba4kinit_binary=bin/samba4kinit
 fi
 
 
@@ -59,6 +59,7 @@ test_drs() {
 enctype="-e $ENCTYPE"
 
 KRB5CCNAME="$PREFIX/tmpccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 rm -f $KRB5CCNAME
 
diff --git a/testprogs/blackbox/test_export_keytab_heimdal.sh b/testprogs/blackbox/test_export_keytab_heimdal.sh
index d595650e46b22c2dc355c4c9a4a886f32e631e18..a621b71eebec94ab347c31ff4f5b9d7fa150763b 100755 (executable)
--- a/testprogs/blackbox/test_export_keytab_heimdal.sh
+++ b/testprogs/blackbox/test_export_keytab_heimdal.sh
@@ -27,9 +27,9 @@ newuser="$samba_tool user create"
 DNSDOMAIN=$(echo $REALM | tr '[:upper:]' '[:lower:]')
 SERVER_FQDN="$SERVER.$DNSDOMAIN"
 
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 . `dirname $0`/subunit.sh
@@ -82,6 +82,7 @@ testit "dump keytab from domain for user principal with SPN as UPN" $VALGRIND $P
 test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-3" "http/testupnspn.$DNSDOMAIN@$REALM" 3
 
 KRB5CCNAME="$PREFIX/tmpuserccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
@@ -93,15 +94,18 @@ testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/t
 test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc"  --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmpadminccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmpspnupnccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-3 http/testupnspn.$DNSDOMAIN || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmpadminccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 testit "del user" $VALGRIND $PYTHON $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh
index 99fcb5482a2ac4a55cdb1fae82ae13c7019a8258..7a3ff6841353d7b600650dd8bdd19af58904c022 100755 (executable)
--- a/testprogs/blackbox/test_kinit_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_heimdal.sh
@@ -23,9 +23,9 @@ failed=0
 
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 samba_tool="$samba4bindir/samba-tool"
@@ -59,6 +59,7 @@ export ADMIN_LDBMODIFY_CONFIG
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
 export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
@@ -105,6 +106,7 @@ testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount nettes
 
 KRB5CCNAME_PATH="$PREFIX/tmpuserccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 rm -f $KRB5CCNAME_PATH
@@ -239,6 +241,7 @@ test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-cca
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 rm -rf $KRB5CCNAME_PATH
diff --git a/testprogs/blackbox/test_kinit_trusts_heimdal.sh b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
index f971a8fcde24ce1fd7cc5ad8d7976b0a12052d47..f0529667cf889d5b6470c0ba08e47cf8ac8d79c0 100755 (executable)
--- a/testprogs/blackbox/test_kinit_trusts_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
@@ -27,9 +27,9 @@ shift 3
 failed=0
 
 samba4bindir="$BINDIR"
-samba4kinit=kinit
-if test -x $samba4bindir/samba4kinit; then
-       samba4kinit=$samba4bindir/samba4kinit
+samba4kinit_binary=kinit
+if test -x $BINDIR/samba4kinit; then
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 smbclient="$samba4bindir/smbclient"
@@ -46,6 +46,7 @@ enctype="-e $ENCTYPE"
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh
index 7351ce022d13613eb627c00ad5e42e448b70c086..1cf61e5d07db903f9f8e05703d7c5629c72c9359 100755 (executable)
--- a/testprogs/blackbox/test_kpasswd_heimdal.sh
+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh
@@ -42,8 +42,7 @@ do_kinit() {
        password="$2"
        shift
        shift
-       echo $password > $PREFIX/tmppassfile
-       $samba_kinit --password-file=$PREFIX/tmppassfile $principal $@
+       kerberos_kinit "$samba_kinit" "$principal" "$password" $@
 }
 
 UID_WRAPPER_ROOT=1
diff --git a/testprogs/blackbox/test_ktpass.sh b/testprogs/blackbox/test_ktpass.sh
index bb4c36d7fb2d942fc35b8c60728b614638889b55..94b7760559d11834e9e665df0b449d47e7ee678e 100755 (executable)
--- a/testprogs/blackbox/test_ktpass.sh
+++ b/testprogs/blackbox/test_ktpass.sh
@@ -16,9 +16,9 @@ shift 1
 samba_tool="$BINDIR/samba-tool"
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 CONFIG="--configfile=$PREFIX/etc/smb.conf"
@@ -28,6 +28,7 @@ TESTUSER="ktpassUser"
 testit "user create" $PYTHON $samba_tool user create $CONFIG $TESTUSER testp@ssw0Rd || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmpccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 echo "testp@ssw0Rd" >$PREFIX/tmppassfile
 testit "kinit with passwd" $samba4kinit -e arcfour-hmac-md5 --password-file=$PREFIX/tmppassfile   $TESTUSER@SAMBA.EXAMPLE.COM   || failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_net_ads_dns.sh b/testprogs/blackbox/test_net_ads_dns.sh
index 0a9deef455a2caa09c2c15ed2c016a53aa3b1f16..12d3941450a5030340e0b47f0807eef3fc5c1755 100755 (executable)
--- a/testprogs/blackbox/test_net_ads_dns.sh
+++ b/testprogs/blackbox/test_net_ads_dns.sh
@@ -20,19 +20,11 @@ shift 6
 failed=0
 
 samba4bindir="$BINDIR"
-samba4kinit=kinit
-if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
-fi
 
 samba_tool="$samba4bindir/samba-tool"
 net_tool="$samba4bindir/net"
 smbpasswd="$samba4bindir/smbpasswd"
 texpect="$samba4bindir/texpect"
-samba4kpasswd=kpasswd
-if test -x $BINDIR/samba4kpasswd; then
-       samba4kpasswd=$BINDIR/samba4kpasswd
-fi
 ldbsearch="$samba4bindir/ldbsearch"
 ldbmodify="$samba4bindir/ldbmodify"
 
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 8c2ca188d3a7f6b12a496ad1e1a442c10de03bd0..9a4846a8094af0097030e56e438e4fc5267c920b 100755 (executable)
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -44,12 +44,7 @@ do_kinit() {
        password="$2"
        shift
        shift
-       if test -x $samba_bindir/samba4kinit; then
-               echo $password > $PREFIX/tmpuserpassfile
-               $samba_kinit --password-file=$PREFIX/tmpuserpassfile $principal $@
-       else
-               echo $password | $samba_kinit $principal $@
-       fi
+       kerberos_kinit "$samba_kinit" "$principal" "$password" $@
 }
 
 test_smbpasswd()
diff --git a/testprogs/blackbox/test_pkinit_heimdal.sh b/testprogs/blackbox/test_pkinit_heimdal.sh
index 02faa4fccea809ca291492b8adacfe695dc98400..08ebc7497c43b76af7e4e160d4b3b5d2dc28a3a8 100755 (executable)
--- a/testprogs/blackbox/test_pkinit_heimdal.sh
+++ b/testprogs/blackbox/test_pkinit_heimdal.sh
@@ -23,9 +23,9 @@ failed=0
 
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 samba_tool="$samba4bindir/samba-tool"
@@ -53,6 +53,7 @@ unc="//$SERVER/tmp"
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 rm -f $KRB5CCNAME_PATH
 PASSFILE_PATH="$PREFIX/tmppassfile"
diff --git a/testprogs/blackbox/test_pkinit_pac_heimdal.sh b/testprogs/blackbox/test_pkinit_pac_heimdal.sh
index 45edb7e6cb41dd577730391b9f22209f9e12a177..eb0a5d6c8feb06f089cdd80cf28ad0741441c2d0 100755 (executable)
--- a/testprogs/blackbox/test_pkinit_pac_heimdal.sh
+++ b/testprogs/blackbox/test_pkinit_pac_heimdal.sh
@@ -21,9 +21,9 @@ failed=0
 
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 smbtorture4="$samba4bindir/smbtorture --basedir=$SELFTEST_TMPDIR"
@@ -36,18 +36,15 @@ unc="//$SERVER/tmp"
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 rm -f $KRB5CCNAME_PATH
-PASSFILE_PATH="$PREFIX/tmppassfile"
-rm -f $PASSFILE_PATH
-echo $PASSWORD > $PASSFILE_PATH
 
 USER_PRINCIPAL_NAME=`echo "${USERNAME}@${REALM}" | tr A-Z a-z`
 PKUSER="--pk-user=FILE:$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
 
-testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable --cache=$KRB5CCNAME $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP1 remote.pac verification" $smbtorture4 ncacn_np:$SERVER rpc.pac --workgroup=$DOMAIN -U$USERNAME%$PASSWORD --option=torture:pkinit_ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
-rm -f $PASSFILE_PATH
 rm -f $KRB5CCNAME_PATH
 exit $failed
diff --git a/testprogs/blackbox/test_s4u_heimdal.sh b/testprogs/blackbox/test_s4u_heimdal.sh
index c63eeaa2e30d0c38f7dafcb7cbb906d1d064e9ea..f27c7d6010477143557a9e801c558de5e9fafe03 100755 (executable)
--- a/testprogs/blackbox/test_s4u_heimdal.sh
+++ b/testprogs/blackbox/test_s4u_heimdal.sh
@@ -24,9 +24,9 @@ failed=0
 
 samba_tool="$VALGRIND $PYTHON $BINDIR/samba-tool"
 
-samba4kinit=kinit
+samba4kinit_binary=kinit
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
+       samba4kinit_binary=$BINDIR/samba4kinit
 fi
 
 samba4kgetcred=kgetcred
@@ -40,6 +40,7 @@ fi
 ocache="$PREFIX/tmpoutcache"
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
diff --git a/testprogs/blackbox/test_samba_upgradedns.sh b/testprogs/blackbox/test_samba_upgradedns.sh
index ef3023af10d1f895fd4cc98bb8509d9c72bdc4f7..93799d4866f72e2733979b835fc0c22e4bafe0a0 100755 (executable)
--- a/testprogs/blackbox/test_samba_upgradedns.sh
+++ b/testprogs/blackbox/test_samba_upgradedns.sh
@@ -19,10 +19,6 @@ failed=0
 
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
-if test -x $BINDIR/samba4kinit; then
-       samba4kinit=$BINDIR/samba4kinit
-fi
 
 
 . `dirname $0`/subunit.sh
diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh
index 1b2ba6d38116c8389458082aad25fd520ade5e97..63024a9b158eed1eafd1a919aed302db772f516c 100755 (executable)
--- a/testprogs/blackbox/test_trust_user_account.sh
+++ b/testprogs/blackbox/test_trust_user_account.sh
@@ -20,9 +20,9 @@ shift 5
 samba_tool="$BINDIR/samba-tool"
 samba4bindir="$BINDIR"
 samba4srcdir="$SRCDIR/source4"
-samba4kinit="kinit -k"
+samba4kinit_binary="kinit -k"
 if test -x $BINDIR/samba4kinit; then
-       samba4kinit="$BINDIR/samba4kinit --use-keytab"
+       samba4kinit_binary="$BINDIR/samba4kinit --use-keytab"
 fi
 
 KEYTAB="$PREFIX/tmptda.keytab"
@@ -33,6 +33,7 @@ export KRB5_TRACE
 testit "retrieve keytab for TDA of $REMOTE_REALM" $PYTHON $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmptda.ccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 rm -f $KRB5CCNAME
guru meditation