summaryrefslogtreecommitdiffstats
path: root/source4/torture/krb5
Commit message (Collapse)AuthorAgeFilesLines
* torture-krb5: Add an initial test for s4u2self behaviourAndrew Bartlett2015-03-091-3/+15
| | | | | | | | | | | | | This test only checks for S4U2Self of the same user, but shows that a user account is not a valid service for this purpose. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 9 12:10:09 CET 2015 on sn-devel-104
* torture-krb5: Provide a generic handler to catch and print unexpected ↵Andrew Bartlett2015-02-081-10/+22
| | | | | | | | | | | | | KRB_ERROR packets This may aid debugging in the future. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Feb 8 10:37:23 CET 2015 on sn-devel-104
* torture-krb5: Add test for TGS-REQ with type KRB5_NT_PRINCIPAL, ↵Andrew Bartlett2015-02-081-24/+152
| | | | | | | | KRB5_NT_SRV_INST, KRB5_NT_SRV_HST Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add test in for normal TGS-REQAndrew Bartlett2015-02-081-1/+172
| | | | | | | | For example, host/server Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Split out TEST_AS_REQ_SELF recv testing routineAndrew Bartlett2015-02-081-50/+186
| | | | | | | | This duplicates more code, but re-using the callbacks makes it much, much harder to debug Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add additional assertions for non-canon TGS-REPAndrew Bartlett2015-02-081-0/+9
| | | | | | | | This confirms that the KDC does not modify the returned principal in a TGS-REP unconditionally. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Further test improvements to cover KRB5_GC_CANONICALIZE on krbtgt/Andrew Bartlett2015-02-081-16/+243
| | | | | | | | This covers more of the protocol, and confirms which tests actually send network packets (and so actually run the assertions in the send_and_recv handlers. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Add tests for AS-REQ to our own nameAndrew Bartlett2015-02-081-29/+166
| | | | | | | | | | This allows us to probe the behaviour of AS-REQ requests against a principal other than krbtgt/ This alos allows verification of behaviour of principals of type KRB5_NT_ENTERPRISE_PRINCIPAL Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Improve the assertions in our KDC tests to be more explicitAndrew Bartlett2015-02-081-0/+11
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Reformat and re-work test to be easier to followAndrew Bartlett2015-02-081-282/+573
| | | | | | | | | | | | | | | | The behaviour is the same as in the previous commit, but it is much easier to follow as the main test code now indicates to the send_and_recv callbacks what stage of the test we are at, and resets the packet counter between stages. This also re-orders the code so that the send and recv callbacks for each stage are next to each other, and uses a case statement in the main send_and_recv driver for clarity. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Add tests for the canonicalise TGS-REQ caseAndrew Bartlett2015-02-081-26/+173
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: add TGS-REQ testing to krb5.kdc.canon testsuiteAndrew Bartlett2015-02-081-25/+294
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* torture-krb5: Do not do post-recv checks if the packet recv failedAndrew Bartlett2015-02-082-2/+8
| | | | | | | | | This may be the cause of the flapping tests in this code previously, as the recv_buf would be 0 length. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* s4-torture: the new krb5 kdc tests are heimdal, not dc specific.Günther Deschner2015-01-261-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* torture-krb5: Check for UPN hanlding in krb5.kdc.canon testAndrew Bartlett2015-01-231-18/+90
| | | | | | | | | This allows us to confirm correct behaviour when a UPN is in use, particularly with the canonicalize flag and with enterprise principal names Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Move checking of server and client names to krb5.kdc.canonAndrew Bartlett2015-01-232-20/+25
| | | | | | | | This keeps this test in one place, rather than duplicated between krb5.kdc and krb5.kdc.canon Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Move test of krb5_get_init_creds_opt_set_win2k to krb5.kdc.canonAndrew Bartlett2015-01-232-25/+11
| | | | | | | | | | This allows the impact of this to be verified with the other options we are setting This also removes duplication in the kdc.c testsuite. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Split the expected behaviour of the RODC upAndrew Bartlett2015-01-232-4/+4
| | | | | | | | The expectations of the cached accounts are different to those of the RODC in general. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-kdc: Skip the request-pac behaviour for now against an RODCAndrew Bartlett2015-01-231-0/+3
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Add commentsAndrew Bartlett2015-01-232-0/+79
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture-krb5: Add tests for combinations of enterprise, cannon, and ↵Andrew Bartlett2015-01-233-2/+404
| | | | | | | | | | | different input principals This combinational test confirms the interactions between a number of differnet kerberos flags and principal types. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* torture: Extend krb5.kdc test to confirm correct RODC proxy behaviourAndrew Bartlett2015-01-231-1/+18
| | | | | | | | | | | The RODC should answer some requests locally, and others it should defer to the main DC. We can tell which KDC we talk do by the KVNO of the encrypted parts that are returned to the KDC. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Extend KDC test to cover more options and modesAndrew Bartlett2015-01-231-7/+147
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Decode expected packets and test KDC behaviour for wrong passwordsAndrew Bartlett2015-01-231-9/+164
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Run new testsuite for krb5 and KDC behaviour with machine account alsoAndrew Bartlett2015-01-231-5/+11
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* torture: Start a new testsuite for krb5 and KDC behaviourAndrew Bartlett2015-01-232-0/+129
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-02 15:05:42 +0000