CVE-2018-16853: Add a test to verify s4u2self doesn't crash

[kai/samba-autobuild/.git] / testprogs / blackbox / test_kinit_mit.sh

diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh
index 3739cda28298bbbe36210f5123b4aad21e88736e..57d0f74d28d9b50f99024741ba59789083b2fd0f 100755 (executable)
--- a/testprogs/blackbox/test_kinit_mit.sh
+++ b/testprogs/blackbox/test_kinit_mit.sh
@@ -24,6 +24,7 @@ samba_srcdir="$SRCDIR/source4"
 samba_kinit=kinit
 samba_kdestroy=kdestroy
 samba_kpasswd=kpasswd
+samba_kvno=kvno
 
 samba_tool="$samba_bindir/samba-tool"
 samba_texpect="$samba_bindir/texpect"
@@ -299,6 +300,17 @@ test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes ||
 
 testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
 
+###########################################################
+### Test basic s4u2self request
+###########################################################
+
+# Use previous acquired machine creds to request a ticket for self.
+# We expect it to fail for now.
+MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM"
+$samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT
+# But we expect the KDC to be up and running still
+testit "kinit with machineaccountccache after s4u2self" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
+
 ### Cleanup
 
 $samba_kdestroy