2 files changed, 60 insertions, 19 deletions

diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index 77666bb664..ab7edde85d 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -364,24 +364,6 @@ int main(int argc, char **argv)
 					get_friendly_nt_error_msg(rv));
 	}
 
-	pdb->setsampwent(pdb, False, 0);
-	while (NT_STATUS_IS_OK(pdb->getsampwent(pdb, out))) {
-		if (pdb_get_username(out) == NULL) {
-			fprintf(stderr, "Got bad username through getsampwent()\n");
-			error = True;
-			break;
-		}
-		if (NT_STATUS_IS_ERR(pdb->getsampwnam(pdb, in, pdb_get_username(out)))) {
-			fprintf(stderr, "Error getting samu through getsampwnam() of an account we got through getsampwent!\n");
-			error = True;
-			continue;
-		}
-		if (!samu_correct(out, in)) {
-			printf("Record gotten through getsampwnam() differs from same record through getsampwent()\n");
-		}
-	}
-	pdb->endsampwent(pdb);
-	
 	TALLOC_FREE(ctx);
 
 	if (error) {
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 082949e0af..05b41413b4 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -37,6 +37,7 @@ static const char *client_txt = "client_oplocks.txt";
 static bool use_kerberos;
 static fstring multishare_conn_fname;
 static bool use_multishare_conn = False;
+static bool do_encrypt;
 
 bool torture_showall = False;
 
@@ -95,6 +96,57 @@ void *shm_setup(int size)
 	return ret;
 }
 
+/********************************************************************
+ Ensure a connection is encrypted.
+********************************************************************/
+
+static bool force_cli_encryption(struct cli_state *c,
+			const char *sharename)
+{
+	uint16 major, minor;
+	uint32 caplow, caphigh;
+	NTSTATUS status;
+
+	if (!SERVER_HAS_UNIX_CIFS(c)) {
+		d_printf("Encryption required and "
+			"server that doesn't support "
+			"UNIX extensions - failing connect\n");
+			return false;
+	}
+
+	if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) {
+		d_printf("Encryption required and "
+			"can't get UNIX CIFS extensions "
+			"version from server.\n");
+		return false;
+	}
+
+	if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
+		d_printf("Encryption required and "
+			"share %s doesn't support "
+			"encryption.\n", sharename);
+		return false;
+	}
+
+	if (c->use_kerberos) {
+		status = cli_gss_smb_encryption_start(c);
+	} else {
+		status = cli_raw_ntlm_smb_encryption_start(c,
+						username,
+						password,
+						workgroup);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Encryption required and "
+			"setup failed with error %s.\n",
+			nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
 
 static struct cli_state *open_nbt_connection(void)
 {
@@ -235,6 +287,10 @@ static bool torture_open_connection_share(struct cli_state **c,
 	if (use_level_II_oplocks) (*c)->use_level_II_oplocks = True;
 	(*c)->timeout = 120000; /* set a really long timeout (2 minutes) */
 
+	if (do_encrypt) {
+		return force_cli_encryption(*c,
+					sharename);
+	}
 	return True;
 }
 
@@ -5425,7 +5481,7 @@ static void usage(void)
 
 	fstrcpy(workgroup, lp_workgroup());
 
-	while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Ac:ks:b:")) != EOF) {
+	while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Aec:ks:b:")) != EOF) {
 		switch (opt) {
 		case 'p':
 			port_to_use = atoi(optarg);
@@ -5463,6 +5519,9 @@ static void usage(void)
 		case 'c':
 			client_txt = optarg;
 			break;
+		case 'e':
+			do_encrypt = true;
+			break;
 		case 'k':
 #ifdef HAVE_KRB5
 			use_kerberos = True;