From 6a4bedd36ad9877f35489ffa28eb38a458d4f01b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2014 21:14:51 +1300
Subject: [PATCH] torture-samr: Add test for lockout with and without a
 password history

Change-Id: I6f4b3e92feabe4ff09839329b0db3d33cc6c73b4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/torture/rpc/samr.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 551cd4539fd..ff96dc52428 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -4115,13 +4115,13 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 				  const char *comment,
 				  bool disable,
 				  bool interactive,
+				  uint32_t password_history_length,
 				  NTSTATUS expected_success_status,
 				  struct samr_DomInfo1 *info1,
 				  struct samr_DomInfo12 *info12)
 {
 	union samr_DomainInfo info;
 	uint32_t badpwdcount;
-	uint32_t password_history_length = 1;
 	uint64_t lockout_threshold = 1;
 	uint32_t lockout_seconds = 5;
 	uint64_t delta_time_factor = 10 * 1000 * 1000;
@@ -4137,7 +4137,7 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 
 	info.info1 = *info1;
 
-	torture_comment(tctx, "setting password history length.\n");
+	torture_comment(tctx, "setting password history length to %d.\n", password_history_length);
 	info.info1.password_history_length = password_history_length;
 
 	torture_comment(tctx, "setting min password again.\n");
@@ -4315,6 +4315,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
 		const char *comment;
 		bool disabled;
 		bool interactive;
+		uint32_t password_history_length;
 		NTSTATUS expected_success_status;
 	} creds[] = {
 		{
@@ -4330,6 +4331,13 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
 			.expected_success_status= NT_STATUS_OK
 		},
 		{
+			.comment		= "network logon (enabled account, history len = 1)",
+			.disabled		= false,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_OK,
+			.password_history_length = 1
+		},
+		{
 			.comment		= "interactive logon (disabled account)",
 			.disabled		= true,
 			.interactive		= true,
@@ -4341,6 +4349,13 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
 			.interactive		= true,
 			.expected_success_status= NT_STATUS_OK
 		},
+		{
+			.comment		= "interactive logon (enabled account, history len = 1)",
+			.disabled		= false,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_OK,
+			.password_history_length = 1
+		},
 	};
 
 	torture_assert(tctx, setup_schannel_netlogon_pipe(tctx, machine_credentials, &np), "");
@@ -4380,6 +4395,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
 					     creds[i].comment,
 					     creds[i].disabled,
 					     creds[i].interactive,
+					     creds[i].password_history_length,
 					     creds[i].expected_success_status,
 					     &_info1, &_info12);
 		ret &= test_passed;
-- 
2.11.4.GIT