diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-01-21 15:57:40 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-01-23 05:42:08 +0100 |
| commit | 03d07ed58bb4ebad41260a35f8952a18c8cf3e6d (patch) | |
| tree | 25d335ad65c983fd6546851cb127bbfef0021657 /source4/torture/krb5 | |
| parent | c1280569a97be772549debbecb374c53a6cdf796 (diff) | |
| download | samba-03d07ed58bb4ebad41260a35f8952a18c8cf3e6d.tar.gz | |
torture: Extend krb5.kdc test to confirm correct RODC proxy behaviour
The RODC should answer some requests locally, and others it should defer to the main DC.
We can tell which KDC we talk do by the KVNO of the encrypted parts that are returned
to the KDC.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/torture/krb5')
| -rw-r--r-- | source4/torture/krb5/kdc.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/source4/torture/krb5/kdc.c b/source4/torture/krb5/kdc.c index edf1ecdc74e..4f760018d78 100644 --- a/source4/torture/krb5/kdc.c +++ b/source4/torture/krb5/kdc.c @@ -96,7 +96,24 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex decode_AS_REP(recv_buf->data, recv_buf->length, &test_context->as_rep, &used), 0, "decode_AS_REP failed"); torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch"); - torture_assert_int_equal(test_context->tctx, test_context->as_rep.pvno, 5, "Got wrong as_rep->pvno"); + torture_assert_int_equal(test_context->tctx, + test_context->as_rep.pvno, 5, + "Got wrong as_rep->pvno"); + torture_assert_int_equal(test_context->tctx, + test_context->as_rep.ticket.tkt_vno, 5, + "Got wrong as_rep->ticket.tkt_vno"); + torture_assert(test_context->tctx, + test_context->as_rep.ticket.enc_part.kvno, + "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno"); + if (torture_setting_bool(test_context->tctx, "expect_rodc", false)) { + torture_assert_int_not_equal(test_context->tctx, + *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000, + 0, "Did not get a RODC number in the KVNO"); + } else { + torture_assert_int_equal(test_context->tctx, + *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000, + 0, "Unexpecedly got a RODC number in the KVNO"); + } free_AS_REP(&test_context->as_rep); } torture_assert(test_context->tctx, test_context->packet_count < 3, "too many packets"); |