diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-01-23 14:28:28 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-01-23 05:42:08 +0100 |
| commit | 62905cd6d21d457a54faa2a14e9713dcf280dbe5 (patch) | |
| tree | c6d9128e57ef715f47d9319a5dc88bfe1f23a022 /source4 | |
| parent | 89b868f67761fbcf1319229c2f09502bdf16086e (diff) | |
torture-krb5: Split the expected behaviour of the RODC up
The expectations of the cached accounts are different to those of the RODC in general.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
| -rwxr-xr-x | source4/selftest/tests.py | 13 | ||||
| -rw-r--r-- | source4/torture/krb5/kdc-canon.c | 2 | ||||
| -rw-r--r-- | source4/torture/krb5/kdc.c | 6 |
3 files changed, 14 insertions, 7 deletions
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 62d5473b45..ec202b4881 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -549,12 +549,19 @@ for env in ["dc", "s4member", "rodc", "promoted_dc", "plugin_s4_dc", "s3member"] plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env]) for env in ["dc", "rodc", "promoted_dc", "plugin_s4_dc", "fl2000dc", "fl2003dc", "fl2008r2dc"]: - plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'], + if env == "rodc": + extra_options = ['--option=torture:expect_rodc=true'] + else: + extra_options = [] + + plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, "samba4.krb5.kdc with specified account") - plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'], + plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, "samba4.krb5.kdc with account DENIED permission to replicate to an RODC") + + # These last two tests are for users cached at the RODC if env == "rodc": - extra_options = ['--option=torture:expect_rodc=true'] + extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true'] else: extra_options = [] diff --git a/source4/torture/krb5/kdc-canon.c b/source4/torture/krb5/kdc-canon.c index a20f9f97a6..3103d94536 100644 --- a/source4/torture/krb5/kdc-canon.c +++ b/source4/torture/krb5/kdc-canon.c @@ -149,7 +149,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex torture_assert(test_context->tctx, test_context->as_rep.ticket.enc_part.kvno, "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno"); - if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) { + if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) { torture_assert_int_not_equal(test_context->tctx, *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000, 0, "Did not get a RODC number in the KVNO"); diff --git a/source4/torture/krb5/kdc.c b/source4/torture/krb5/kdc.c index 405b45f883..cf8c39b99b 100644 --- a/source4/torture/krb5/kdc.c +++ b/source4/torture/krb5/kdc.c @@ -122,7 +122,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex torture_assert(test_context->tctx, test_context->as_rep.ticket.enc_part.kvno, "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno"); - if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) { + if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) { torture_assert_int_not_equal(test_context->tctx, *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000, 0, "Did not get a RODC number in the KVNO"); @@ -437,8 +437,8 @@ static bool torture_krb5_as_req_win2k(struct torture_context *tctx) static bool torture_krb5_as_req_pac_request(struct torture_context *tctx) { - if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) { - return torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users"); + if (torture_setting_bool(tctx, "expect_rodc", false)) { + torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users"); } return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_PAC_REQUEST); } |