git.samba.org - samba.git/commit

author	Volker Lendecke <vl@samba.org>
	Thu, 13 Aug 2020 12:59:58 +0000 (14:59 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 31 Aug 2020 08:12:23 +0000 (08:12 +0000)
commit	6fca7ca8977918500c7c307dfc32e52a27bc83e2
tree	5d36af6e61eb47254d7ff7526c73bf0d1f82a939	tree
parent	df35c04f46fb7b0d9cb8d3899ef8f39c2ecad81f	commit \| diff

test: Test winbind idmap_ad ticket expiry behaviour

We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.

This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a4ecd112e7754ab25bcae749594952a28c4c8905)

nsswitch/tests/test_ticket_expiry.sh	[new file with mode: 0755]	blob
selftest/knownfail.d/ticket_expiry	[new file with mode: 0644]	blob
selftest/target/Samba3.pm		diff \| blob \| history
selftest/target/Samba4.pm		diff \| blob \| history
source3/selftest/tests.py		diff \| blob \| history