def test_authentication_with_smb_cifs_principal_alias(self):
"""Test that we can auth as NetBIOS alias
cifs/... principal on SMB server side has NetBIOS name of the SMB
server as its alias. Test that we can actually initialize credentials
using this alias. We don't need to use it anywhere in Samba, just
verify that alias works.
Test for https://pagure.io/freeipa/issue/8291"""
netbiosname = self.smbserver.hostname.split('.')[0].upper() + '$'
copier = tasks.KerberosKeyCopier(self.smbserver)
principal = 'cifs/{hostname}@{realm}'.format(
hostname=self.smbserver.hostname, realm=copier.realm)
alias = '{netbiosname}@{realm}'.format(netbiosname=netbiosname,
realm=copier.realm)
replacement = {principal: alias}
tmpname = tasks.create_temp_file(self.smbserver, create_file=False)
try:
copier.copy_keys(paths.SAMBA_KEYTAB,
tmpname,
principal=principal,
replacement=replacement)
self.smbserver.run_command(['kinit', '-kt', tmpname, netbiosname])
finally:
self.smbserver.run_command(['rm', '-f', tmpname])
def smb_cifs_principal_alias_check(self):
netbiosname = self.smbserver.hostname.split('.')[0].upper() + '$'
copier = tasks.KerberosKeyCopier(self.smbserver)
principal = 'cifs/{hostname}@{realm}'.format(
hostname=self.smbserver.hostname, realm=copier.realm)
alias = '{netbiosname}@{realm}'.format(
netbiosname=netbiosname, realm=copier.realm)
replacement = {principal: alias}
result = self.smbserver.run_command(['mktemp'])
# klist/ktutil will fail with 0-sized file
# so we just use the temporary file as a prefix
tmpname = result.stdout_text.strip() + '.keytab'
copier.copy_keys('/etc/samba/samba.keytab',
tmpname, principal=principal, replacement=replacement)
self.smbserver.run_command(['kinit', '-kt', tmpname, netbiosname],
raiseonerr=True)
self.smbserver.run_command(['rm', '-f', tmpname])
self.smbserver.run_command(['rm', '-f', tmpname[:-7]])