diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-03-09 11:12:01 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2015-03-09 12:10:09 +0100 |
| commit | 02f6cfd14c8ac15b5d8a55783bb98a87557394d5 (patch) | |
| tree | 073be7aafbb38f9cb061f318179e75adce68fd00 | |
| parent | a1ddee8d2f9e58e04f3203db9afa576354dd2079 (diff) | |
| download | samba-02f6cfd14c8ac15b5d8a55783bb98a87557394d5.tar.gz samba-02f6cfd14c8ac15b5d8a55783bb98a87557394d5.tar.xz samba-02f6cfd14c8ac15b5d8a55783bb98a87557394d5.zip | |
torture-krb5: Add an initial test for s4u2self behaviour
This test only checks for S4U2Self of the same user, but shows
that a user account is not a valid service for this purpose.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 9 12:10:09 CET 2015 on sn-devel-104
| -rw-r--r-- | source4/torture/krb5/kdc-canon.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/source4/torture/krb5/kdc-canon.c b/source4/torture/krb5/kdc-canon.c index 312c7b5937..49c6c26eb5 100644 --- a/source4/torture/krb5/kdc-canon.c +++ b/source4/torture/krb5/kdc-canon.c @@ -37,7 +37,8 @@ #define TEST_NETBIOS_REALM 0x0000010 #define TEST_WIN2K 0x0000020 #define TEST_UPN 0x0000040 -#define TEST_ALL 0x000007F +#define TEST_S4U2SELF 0x0000080 +#define TEST_ALL 0x00000FF struct test_data { const char *test_name; @@ -54,6 +55,7 @@ struct test_data { bool win2k; bool upn; bool other_upn_suffix; + bool s4u2self; const char *krb5_service; const char *krb5_hostname; }; @@ -1665,6 +1667,14 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void * opt, KRB5_GC_NO_STORE); + if (test_data->s4u2self) { + torture_assert_int_equal(tctx, + krb5_get_creds_opt_set_impersonate(k5_context, + opt, + principal), + 0, "krb5_get_creds_opt_set_impersonate failed"); + } + /* Confirm if we can get a ticket to our own name */ k5ret = krb5_get_creds(k5_context, opt, ccache, principal, &server_creds); @@ -2051,14 +2061,15 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) suite->description = talloc_strdup(suite, "Kerberos Canonicalisation tests"); for (i = 0; i < TEST_ALL; i++) { - char *name = talloc_asprintf(suite, "%s.%s.%s.%s.%s.%s.%s", + char *name = talloc_asprintf(suite, "%s.%s.%s.%s.%s.%s.%s.%s", (i & TEST_CANONICALIZE) ? "canon" : "no-canon", (i & TEST_ENTERPRISE) ? "enterprise" : "no-enterprise", (i & TEST_UPPER_REALM) ? "uc-realm" : "lc-realm", (i & TEST_UPPER_USERNAME) ? "uc-user" : "lc-user", (i & TEST_NETBIOS_REALM) ? "netbios-realm" : "krb5-realm", (i & TEST_WIN2K) ? "win2k" : "no-win2k", - (i & TEST_UPN) ? "upn" : "no-upn"); + (i & TEST_UPN) ? "upn" : "no-upn", + (i & TEST_S4U2SELF) ? "s4u2self" : "normal"); struct test_data *test_data = talloc_zero(suite, struct test_data); @@ -2075,6 +2086,7 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) test_data->netbios_realm = (i & TEST_NETBIOS_REALM) != 0; test_data->win2k = (i & TEST_WIN2K) != 0; test_data->upn = (i & TEST_UPN) != 0; + test_data->s4u2self = (i & TEST_S4U2SELF) != 0; torture_suite_add_simple_tcase_const(suite, name, torture_krb5_as_req_canon, test_data); |