From 62905cd6d21d457a54faa2a14e9713dcf280dbe5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 23 Jan 2015 14:28:28 +1300
Subject: [PATCH] torture-krb5: Split the expected behaviour of the RODC up

The expectations of the cached accounts are different to those of the RODC in general.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/selftest/tests.py        | 13 ++++++++++---
 source4/torture/krb5/kdc-canon.c |  2 +-
 source4/torture/krb5/kdc.c       |  6 +++---
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 62d5473b456..ec202b48812 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -549,12 +549,19 @@ for env in ["dc", "s4member", "rodc", "promoted_dc", "plugin_s4_dc", "s3member"]
     plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
 
 for env in ["dc", "rodc", "promoted_dc", "plugin_s4_dc", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
-    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
+    if env == "rodc":
+        extra_options = ['--option=torture:expect_rodc=true']
+    else:
+        extra_options = []
+
+    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options,
                              "samba4.krb5.kdc with specified account")
-    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
+    plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options,
                              "samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
+
+    # These last two tests are for users cached at the RODC
     if env == "rodc":
-        extra_options = ['--option=torture:expect_rodc=true']
+        extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
     else:
         extra_options = []
 
diff --git a/source4/torture/krb5/kdc-canon.c b/source4/torture/krb5/kdc-canon.c
index a20f9f97a60..3103d945363 100644
--- a/source4/torture/krb5/kdc-canon.c
+++ b/source4/torture/krb5/kdc-canon.c
@@ -149,7 +149,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
 		torture_assert(test_context->tctx,
 			       test_context->as_rep.ticket.enc_part.kvno,
 			       "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno");
-		if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) {
+		if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) {
 			torture_assert_int_not_equal(test_context->tctx,
 						     *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
 						     0, "Did not get a RODC number in the KVNO");
diff --git a/source4/torture/krb5/kdc.c b/source4/torture/krb5/kdc.c
index 405b45f8838..cf8c39b99b9 100644
--- a/source4/torture/krb5/kdc.c
+++ b/source4/torture/krb5/kdc.c
@@ -122,7 +122,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
 			torture_assert(test_context->tctx,
 				       test_context->as_rep.ticket.enc_part.kvno,
 				       "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno");
-			if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) {
+			if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) {
 				torture_assert_int_not_equal(test_context->tctx,
 							     *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
 							     0, "Did not get a RODC number in the KVNO");
@@ -437,8 +437,8 @@ static bool torture_krb5_as_req_win2k(struct torture_context *tctx)
 
 static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
 {
-	if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) {
-		return torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users");
+	if (torture_setting_bool(tctx, "expect_rodc", false)) {
+		torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users");
 	}
 	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_PAC_REQUEST);
 }
-- 
2.11.4.GIT