const char *error_string = NULL;
const char *workstation = cli_credentials_get_workstation(credentials);
const char *password = cli_credentials_get_password(credentials);
+#ifndef USING_EMBEDDED_HEIMDAL
const struct samr_Password *nthash = NULL;
const struct samr_Password *old_nthash = NULL;
+#endif
const char *old_password = cli_credentials_get_old_password(credentials);
+#ifndef USING_EMBEDDED_HEIMDAL
int kvno = cli_credentials_get_kvno(credentials);
int expected_kvno = 0;
krb5uint32 t_kvno = 0;
+#endif
const char *host = torture_setting_string(tctx, "host", NULL);
krb5_error_code k5ret;
krb5_boolean k5ok;
realm = cli_credentials_get_realm(credentials);
trusted_realm_name = strupper_talloc(tctx, trusted_dns_name);
+#ifndef USING_EMBEDDED_HEIMDAL
nthash = cli_credentials_get_nt_hash(credentials, ctx);
old_nthash = cli_credentials_get_old_nt_hash(credentials, ctx);
+#endif
k5ret = smb_krb5_init_context(ctx, tctx->lp_ctx, &ctx->smb_krb5_context);
torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+ torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_realm_string, assertion_message);
+#else
torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
ZERO_STRUCT(ctx->counts);
torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+ torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_dns_string, assertion_message);
+#else
torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
ZERO_STRUCT(ctx->counts);
torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+ torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+ torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_netbios_string, assertion_message);
+#else
torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
torture_comment(tctx, "(%s:%s) password[%s] old_password[%s]\n",
trusted->trust_type,
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#endif
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
/* Confirm if we can do a TGS for krbtgt/trusted_dns no CANON */
ZERO_STRUCT(ctx->counts);
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#endif
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
ctx->krbtgt_trust_dns_creds->server,
+#ifdef USING_EMBEDDED_HEIMDAL
+ ctx->krbtgt_trust_dns);
+#else
ctx->krbtgt_trust_realm);
+#endif
torture_assert(tctx, k5ok, assertion_message);
type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
ctx->krbtgt_trust_dns_creds->server);
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
/* Confirm if we can do a TGS for krbtgt/NETBIOS with CANON */
ZERO_STRUCT(ctx->counts);
trusted->trust_type,
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#endif
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
/* Confirm if we can do a TGS for krbtgt/NETBIOS no CANON */
ZERO_STRUCT(ctx->counts);
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#endif
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
ctx->krbtgt_trust_netbios_creds->server,
+#ifdef USING_EMBEDDED_HEIMDAL
+ ctx->krbtgt_trust_netbios);
+#else
ctx->krbtgt_trust_realm);
+#endif
torture_assert(tctx, k5ok, assertion_message);
type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
ctx->krbtgt_trust_netbios_creds->server);
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
cifs_trust_dns_string = talloc_asprintf(ctx, "cifs/%s@%s",
trusted_dns_name, realm);
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
/* Confirm if we have the referral ticket in the cache */
krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
cifs_trust_netbios_string = talloc_asprintf(ctx, "cifs/%s@%s",
trusted_netbios_name, realm);
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
/* Confirm if we have the referral ticket in the cache */
krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
drs_trust_dns_string = talloc_asprintf(ctx,
"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
/* Confirm if we have the referral ticket in the cache */
krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
drs_trust_netbios_string = talloc_asprintf(ctx,
"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
/* Confirm if we have the referral ticket in the cache */
krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
k5ret,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
k5ret, ctx));
torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
four_trust_dns_string = talloc_asprintf(ctx, "four/tree/two/%s@%s",
trusted_dns_name, realm);
trusted->trust_attributes,
ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+ torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+ torture_assert_int_equal(tctx, ctx->counts.error_io, 2, assertion_message);
+#else
torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
torture_assert_int_equal(tctx, ctx->counts.error_io, 1, assertion_message);
+#endif
torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 7, assertion_message);
/* Confirm if we have no referral ticket in the cache */