From 0eab44c2978553bda303c43875d626fddf32363d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 24 Jun 2012 18:16:48 +1000
Subject: selftest: Test unix.whoami with kerberos on plugin_s4_dc

This also tests the comparison with LDAP on anonymous connections
and marks this as knownfail, while we investigate the correct
behaviour here.

Andrew Bartlett
---
 selftest/knownfail            |  1 +
 source3/selftest/tests.py     |  7 +++++--
 source4/torture/unix/whoami.c | 20 ++++----------------
 3 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index 4206aa7acb..d7078d6e04 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -39,6 +39,7 @@
 ^samba3.raw.samba3checkfsp.samba3checkfsp\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.acls.generic\(s3dc\) # This fails against smbd
+^samba3.unix.whoami anonymous connection.whoami\(plugin_s4_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
 # these show that we still have some differences between our system
 # with our internal iconv because it passes except when we bypass our
 # internal iconv modules
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 11056b9c8a..4aedbf852a 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -303,8 +303,11 @@ for t in tests:
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
     elif t == "unix.whoami":
-        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
-        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:addc=true')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U%', description='anonymous connection')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:addc=true')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -k yes -U$USERNAME%$PASSWORD --option=torture:addc=true', description='kerberos connection')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U% --option=torture:addc=true', description='anonymous connection')
     elif t == "raw.samba3posixtimedlock":
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 302282752a..8f608a8f67 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -297,7 +297,6 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
 bool torture_unix_whoami(struct torture_context *torture)
 {
 	struct smbcli_state *cli;
-	struct cli_credentials *anon_credentials;
 	struct smb_whoami whoami;
 	bool ret;
 	struct ldb_context *ldb;
@@ -335,26 +334,15 @@ bool torture_unix_whoami(struct torture_context *torture)
 
 	smbcli_tdis(cli);
 
-	torture_comment(torture, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection\n");
-	anon_credentials = cli_credentials_init_anon(torture);
-
-	cli = connect_to_server(torture, anon_credentials);
-	torture_assert(torture, cli, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
-
-	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
-								cli, &whoami, 0xFFFF), ret, fail,
-			    "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
-
-	smbcli_tdis(cli);
-
 	/* Check that our anonymous login mapped us to guest on the server, but
 	 * only if the server supports this.
 	 */
 	if (whoami.mapping_mask & SMB_WHOAMI_GUEST) {
+		bool guest = whoami.mapping_flags & SMB_WHOAMI_GUEST;
 		printf("checking whether we were logged in as guest... %s\n",
-			whoami.mapping_flags & SMB_WHOAMI_GUEST ? "YES" : "NO");
-		torture_assert(torture, whoami.mapping_flags & SMB_WHOAMI_GUEST,
-				"anonymous login did not map to guest");
+			guest ? "YES" : "NO");
+		torture_assert(torture, cli_credentials_is_anonymous(cmdline_credentials) == guest,
+			       "login did not credentials map to guest");
 	} else {
 		printf("server does not support SMB_WHOAMI_GUEST flag\n");
 	}
-- 
cgit