Add a test with old msDS-SupportedEncryptionTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 07399831794e28c7c2cf0140d0f1d1b5538b5f60)

diff --git a/selftest/knownfail.d/old_enctypes b/selftest/knownfail.d/old_enctypes
new file mode 100644 (file)
index 0000000..b8dde6f
--- /dev/null
+++ b/selftest/knownfail.d/old_enctypes
@@ -0,0 +1 @@
+^samba4.blackbox.test_old_enctypes.Export keytab while old enctypes are supported\(fl2003dc:local\)

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 0e219f94d041b2002218e4ee485bcdc3df6b392b..f4d91520a121749bc7f03867499bf976f75075d5 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -494,6 +494,8 @@ plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdi
 
 plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
 
+plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
+
 if have_heimdal_support:
     for env in ["ad_dc_ntvfs", "ad_dc"]:
         plantestsuite("samba4.blackbox.pkinit", "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient3, configuration])

diff --git a/testprogs/blackbox/test_old_enctypes.sh b/testprogs/blackbox/test_old_enctypes.sh
new file mode 100755 (executable)
index 0000000..794a265
--- /dev/null
+++ b/testprogs/blackbox/test_old_enctypes.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: test_primary_group.sh SERVER USERNAME PASSWORD NETBIOSNAME PREFIX_ABS
+EOF
+exit 1;
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+NETBIOSNAME=$4
+PREFIX_ABS=$5
+shift 5
+failed=0
+
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+
+samba_tool="$samba4bindir/samba-tool"
+
+ldbmodify="ldbmodify"
+if [ -x "$samba4bindir/ldbmodify" ]; then
+       ldbmodify="$samba4bindir/ldbmodify"
+fi
+
+ldbsearch="ldbsearch"
+if [ -x "$samba4bindir/ldbsearch" ]; then
+       ldbsearch="$samba4bindir/ldbsearch"
+fi
+
+. `dirname $0`/subunit.sh
+. `dirname $0`/common_test_fns.inc
+
+out="${PREFIX_ABS}/tmpldbsearch.out"
+$ldbsearch -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 sAMAccountName="$NETBIOSNAME\$" dn msDS-SupportedEncryptionTypes > $out
+testit_grep "find my dn" msDS-SupportedEncryptionTypes cat $out || failed=`expr $failed + 1`
+
+my_dn=$(cat $out | sed -n 's/^dn: //p')
+my_encs=$(cat $out | sed -n 's/^msDS-SupportedEncryptionTypes: //p')
+my_test_encs=`expr $my_encs + 3`
+
+ldif="${PREFIX_ABS}/tmpldbmodify.ldif"
+
+cat > $ldif <<EOF
+dn: $my_dn
+changetype: modify
+replace: msDS-SupportedEncryptionTypes
+msDS-SupportedEncryptionTypes: $my_test_encs
+EOF
+
+testit "Change msDS-SupportedEncryptionTypes to $my_test_encs" $VALGRIND $ldbmodify -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 < $ldif || failed=`expr $failed + 1`
+kt=${PREFIX_ABS}/tmp_host_out_keytab
+testit "Export keytab while old enctypes are supported" $samba_tool domain exportkeytab --principal=$NETBIOSNAME\$ $kt
+
+cat > $ldif <<EOF
+dn: $my_dn
+changetype: modify
+replace: msDS-SupportedEncryptionTypes
+msDS-SupportedEncryptionTypes: $my_encs
+EOF
+
+testit "Change msDS-SupportedEncryptionTypes back to $my_encs" $VALGRIND $ldbmodify -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 < $ldif || failed=`expr $failed + 1`
+
+rm -rf $kt $out $ldif
+
+exit $failed