diff options
author | Andreas Schneider <asn@samba.org> | 2023-02-08 08:29:33 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-02-24 08:56:14 +0000 |
commit | 67639f6d9ad481c4c15555d6202db8aa0132c0de (patch) | |
tree | 6e205d0b40ca10cdd6e862e6a7f5a568f48f8b51 | |
parent | b2d0a83414903bccb2d20514818ef12668b0bad6 (diff) | |
download | samba-67639f6d9ad481c4c15555d6202db8aa0132c0de.tar.gz |
testprogs: Use random usernames for kinit tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 93c7bbf4d2db73116e5de564b428d6d30504bd5c)
-rwxr-xr-x | testprogs/blackbox/test_kinit_heimdal.sh | 46 | ||||
-rwxr-xr-x | testprogs/blackbox/test_kinit_mit.sh | 38 |
2 files changed, 44 insertions, 40 deletions
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh index 8e507e3ad93..c7d3cfa87bc 100755 --- a/testprogs/blackbox/test_kinit_heimdal.sh +++ b/testprogs/blackbox/test_kinit_heimdal.sh @@ -47,6 +47,8 @@ ldbsearch=$(system_or_builddir_binary ldbsearch "${BINDIR}") enctype="-e $ENCTYPE" unc="//$SERVER/tmp" +TEST_USER="$(mktemp -u kinittestuserXXXXXX)" + ADMIN_LDBMODIFY_CONFIG="-H ldap://$SERVER -U$USERNAME%$PASSWORD" export ADMIN_LDBMODIFY_CONFIG @@ -77,25 +79,25 @@ testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SER USERPASS=testPass@12% echo $USERPASS >$PREFIX/tmpuserpassfile -testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create nettestuser $USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) echo "Getting defaultNamingContext" BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify add: servicePrincipalName -servicePrincipalName: host/nettestuser +servicePrincipalName: host/${TEST_USER} replace: userPrincipalName userPrincipalName: nettest@$REALM EOF testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1) -testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword nettestuser --newpassword=$USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) -testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount nettestuser -H ldap://$SERVER -k yes "$@" || failed=$(expr $failed + 1) +testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount ${TEST_USER} -H ldap://$SERVER -k yes "$@" || failed=$(expr $failed + 1) KRB5CCNAME_PATH="$PREFIX/tmpuserccache" KRB5CCNAME="FILE:$KRB5CCNAME_PATH" @@ -103,16 +105,16 @@ samba4kinit="$samba4kinit_binary -c $KRB5CCNAME" export KRB5CCNAME rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) NEWUSERPASS=testPaSS@34% -testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) +testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) echo $NEWUSERPASS >$PREFIX/tmpuserpassfile rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) @@ -129,7 +131,7 @@ testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --r test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify replace: userPrincipalName userPrincipalName: nettest@$REALM.org @@ -155,10 +157,10 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=$(expr $failed + 1) +testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) NEWUSERPASS=testPaSS@78% echo $NEWUSERPASS >$PREFIX/tmpuserpassfile @@ -173,10 +175,10 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME nettestuser@$REALM || failed=$(expr $failed + 1) +testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME ${TEST_USER}@$REALM || failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH -testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) @@ -191,14 +193,14 @@ send ${NEWUSERPASS}\n expect Success EOF -testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/nettestuser@$REALM || failed=$(expr $failed + 1) +testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/${TEST_USER}@$REALM || failed=$(expr $failed + 1) -testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify replace: pwdLastSet pwdLastSet: 0 @@ -210,7 +212,7 @@ NEWUSERPASS=testPaSS@911% testit "modify pwdLastSet" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1) cat >$PREFIX/tmppasswordchange <<EOF -expect nettestuser@${REALM}'s Password: +expect ${TEST_USER}@${REALM}'s Password: send ${USERPASS}\n expect Your password will expire at expect Changing password @@ -221,12 +223,12 @@ send ${NEWUSERPASS}\n expect Success: Password changed EOF -testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=$(expr $failed + 1) +testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac ${TEST_USER}@$REALM && failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) echo $NEWUSERPASS >$PREFIX/tmpuserpassfile -testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) @@ -238,10 +240,10 @@ export KRB5CCNAME rm -rf $KRB5CCNAME_PATH lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') -test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) -testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) +testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1) rm -f $KRB5CCNAME_PATH testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1) diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh index 99111f60de7..ba349e59076 100755 --- a/testprogs/blackbox/test_kinit_mit.sh +++ b/testprogs/blackbox/test_kinit_mit.sh @@ -55,6 +55,8 @@ test_smbclient() return $status } +TEST_USER="$(mktemp -u kinittestuserXXXXXX)" + ADMIN_LDBMODIFY_CONFIG="-H ldap://$SERVER -U$USERNAME%$PASSWORD" export ADMIN_LDBMODIFY_CONFIG @@ -105,25 +107,25 @@ testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SER USERPASS="testPass@12%" -testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create nettestuser $USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) echo "Getting defaultNamingContext" BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}') cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify add: servicePrincipalName -servicePrincipalName: host/nettestuser +servicePrincipalName: host/${TEST_USER} replace: userPrincipalName userPrincipalName: nettest@$REALM EOF testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) -testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword nettestuser --newpassword=$USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) -testit "enable user with kerberos cache" $VALGRIND $PYTHON $samba_enableaccount nettestuser -H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "enable user with kerberos cache" $VALGRIND $PYTHON $samba_enableaccount ${TEST_USER} -H ldap://$SERVER --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) ########################################################### ### Test kinit with canonicalization @@ -149,20 +151,20 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) ### Change password NEWUSERPASS="testPaSS@34%" -testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION --use-kerberos=off --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) +testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION --use-kerberos=off --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1) cat >$PREFIX/tmpkinituserpassscript <<EOF expect Password for send ${NEWUSERPASS}\n EOF -testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_kdestroy @@ -186,7 +188,7 @@ $samba_kdestroy ########################################################### cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify replace: userPrincipalName userPrincipalName: nettest@$REALM.org @@ -203,7 +205,7 @@ $samba_kdestroy ### Test password change with kpasswd ########################################################### -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) USERPASS=$NEWUSERPASS @@ -219,7 +221,7 @@ send ${NEWUSERPASS}\n expect Password changed EOF -testit "change user password with kpasswd" $samba_texpect $PREFIX/tmpkpasswdscript $samba_kpasswd nettestuser@$REALM || failed=$(expr $failed + 1) +testit "change user password with kpasswd" $samba_texpect $PREFIX/tmpkpasswdscript $samba_kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1) $samba_kdestroy @@ -229,7 +231,7 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) $samba_kdestroy @@ -245,7 +247,7 @@ $samba_kdestroy ########################################################### cat >$PREFIX/tmpldbmodify <<EOF -dn: cn=nettestuser,cn=users,$BASEDN +dn: cn=${TEST_USER},cn=users,$BASEDN changetype: modify replace: pwdLastSet pwdLastSet: 0 @@ -266,7 +268,7 @@ expect Enter it again send ${NEWUSERPASS}\n EOF -testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) USERPASS=$NEWUSERPASS @@ -275,7 +277,7 @@ expect Password for send ${USERPASS}\n EOF -testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=$(expr $failed + 1) +testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit ${TEST_USER}@$REALM || failed=$(expr $failed + 1) test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1) ########################################################### @@ -289,10 +291,10 @@ export KRB5CCNAME rm -rf $KRB5CCNAME_PATH lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]') -test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) -test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1) +test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1) -testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) +testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION --use-krb5-ccache="${KRB5CCNAME}" "$@" || failed=$(expr $failed + 1) ########################################################### ### Test login with machine account |