s4:torture/smb2/session: Fix expire tests
authorJustin Stephenson <jstephen@redhat.com>
Tue, 11 Dec 2018 15:43:13 +0000 (10:43 -0500)
committerAndreas Schneider <asn@cryptomilk.org>
Wed, 12 Dec 2018 11:51:24 +0000 (12:51 +0100)
When run with MIT kerberos, the smb2 session expire tests fail when run
against the ad_member test environment. The krb5 library initializes
values from the private krb5.conf profile
st/ad_member/lockdir/smb_krb5/krb5.conf.ADDOMAIN, this file does not
contain a defined clockskew setting. The expire tests require a low
clockskew value that is set in st/ad_member/lib/krb5.conf.

This patch disables the creation of the private krb5.conf for the
ad_member_idmap_rid testenv, and runs the smb2.session tests
against ad_member_idmap_rid instead of ad_member.

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 12 12:51:24 CET 2018 on sn-devel-144

selftest/target/Samba3.pm
source3/selftest/tests.py

index 2234c11..63c2437 100755 (executable)
@@ -604,6 +604,9 @@ sub setup_ad_member_idmap_rid
        idmap config * : range = 1000000-1999999
        idmap config $dcvars->{DOMAIN} : backend = rid
        idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+       # Prevent overridding the provisioned lib/krb5.conf which sets certain
+       # values required for tests to succeed
+       create krb5 conf = no
 ";
 
        my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
index 065a418..e7b4ebd 100755 (executable)
@@ -515,7 +515,9 @@ for t in tests:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmpenc -U$USERNAME%$PASSWORD', 'enc')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -k no -U$USERNAME%$PASSWORD', 'ntlm')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -k yes -U$USERNAME%$PASSWORD', 'krb5')
-        plansmbtorture4testsuite(t, "ad_member", '//$SERVER/tmp -k yes -U$DC_USERNAME@$REALM%$DC_PASSWORD', 'krb5')
+        # Certain tests fail when run against ad_member with MIT kerberos because the private krb5.conf overrides the provisioned lib/krb5.conf,
+        # ad_member_idmap_rid sets "create krb5.conf = no"
+        plansmbtorture4testsuite(t, "ad_member_idmap_rid", '//$SERVER/tmp -k yes -U$DC_USERNAME@$REALM%$DC_PASSWORD', 'krb5')
     elif t == "rpc.lsa":
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'over ncacn_np ')
         plansmbtorture4testsuite(t, "nt4_dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')