From 378bb04835a377699a8ff254c0ec633ac63a41de Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 5 Jan 2015 16:07:42 +1300
Subject: [PATCH] torture: Run new testsuite for krb5 and KDC behaviour with
 machine account also

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/selftest/tests.py  |  5 ++++-
 source4/torture/krb5/kdc.c | 16 +++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 5208774d702..64fb243c772 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -549,7 +549,10 @@ for env in ["dc", "s4member", "rodc", "promoted_dc", "plugin_s4_dc", "s3member"]
     plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
 
 for env in ["dc", "rodc", "promoted_dc", "plugin_s4_dc"]:
-    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME@$REALM%$PASSWORD', '--workgroup=$DOMAIN'])
+    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME@$REALM%$PASSWORD', '--workgroup=$DOMAIN'],
+                             "samba4.krb5.kdc with specified account")
+    plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'],
+                             "samba4.krb5.kdc with machine account")
 
 
 # TODO: Verifying the databases really should be a part of the
diff --git a/source4/torture/krb5/kdc.c b/source4/torture/krb5/kdc.c
index 9dcee40e0d7..c9014cf56e2 100644
--- a/source4/torture/krb5/kdc.c
+++ b/source4/torture/krb5/kdc.c
@@ -53,7 +53,8 @@ static bool torture_krb5_init_context(struct torture_context *tctx,
 	return true;
 }
 
-static bool torture_krb5_as_req_1(struct torture_context *tctx)
+static bool torture_krb5_as_req_creds(struct torture_context *tctx,
+				      struct cli_credentials *credentials)
 {
 	krb5_error_code k5ret;
 	bool ok;
@@ -62,12 +63,12 @@ static bool torture_krb5_as_req_1(struct torture_context *tctx)
 	struct smb_krb5_context *smb_krb5_context;
 	enum credentials_obtained obtained;
 	const char *error_string;
-	const char *password = cli_credentials_get_password(cmdline_credentials);
+	const char *password = cli_credentials_get_password(credentials);
 	
 	ok = torture_krb5_init_context(tctx, &smb_krb5_context);
 	torture_assert(tctx, ok, "torture_krb5_init_context failed");
 	
-	k5ret = principal_from_credentials(tctx, cmdline_credentials, smb_krb5_context, &principal, &obtained,  &error_string);
+	k5ret = principal_from_credentials(tctx, credentials, smb_krb5_context, &principal, &obtained,  &error_string);
 	torture_assert_int_equal(tctx, k5ret, 0, error_string);
 
 	k5ret = krb5_get_init_creds_password(smb_krb5_context->krb5_context, &my_creds, principal,
@@ -100,6 +101,11 @@ static bool torture_krb5_as_req_1(struct torture_context *tctx)
 	return true;
 }
 
+static bool torture_krb5_as_req_cmdline(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx, cmdline_credentials);
+}
+
 NTSTATUS torture_krb5_init(void);
 NTSTATUS torture_krb5_init(void)
 {
@@ -108,8 +114,8 @@ NTSTATUS torture_krb5_init(void)
 	suite->description = talloc_strdup(suite, "Kerberos tests");
 	kdc_suite->description = talloc_strdup(kdc_suite, "Kerberos KDC tests");
 
-	torture_suite_add_simple_test(kdc_suite, "as-req-1", 
-				      torture_krb5_as_req_1);
+	torture_suite_add_simple_test(kdc_suite, "as-req-cmdline", 
+				      torture_krb5_as_req_cmdline);
 
 	torture_suite_add_suite(suite, kdc_suite);
 
-- 
2.11.4.GIT