s4:torture:dlz_bind9: fix spnego tests

The dlz_bind9 module uses the special dns-${NETBIOSNAME} account,
and this is only available under the dns/hostname.domain SPN, not
host/hostname.

Also the dlz_ssumatch() function returns isc_boolean_t instead
of isc_result_t. As ISC_R_SUCCESS and ISC_FALSE have the same value
we didn't notice this problem.

Change-Id: I48539c3f48f5dde9eaa2fff6da0f3be2f9f66311
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 76943bf0ac259fb8855bd123fe4bc85a103ba418)

diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index 88ca27cd8e6b7ed6df49cc2fa979c931d355060a..0c5b1539ee8970cba83e97c5a8ead07b4d86ae41 100644 (file)
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -158,9 +158,19 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
        torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
 
-       status = gensec_set_target_hostname(gensec_client_context, torture_setting_string(tctx, "host", NULL));
+       /*
+        * dlz_bind9 use the special dns/host.domain account
+        */
+       status = gensec_set_target_hostname(gensec_client_context,
+                                           talloc_asprintf(tctx,
+                               "%s.%s",
+                               torture_setting_string(tctx, "host", NULL),
+                               lpcfg_dnsdomain(tctx->lp_ctx)));
        torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
 
+       status = gensec_set_target_service(gensec_client_context, "dns");
+       torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
+
        status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
        torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
@@ -181,7 +191,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
                                                    client_to_server.length,
                                                    client_to_server.data,
                                                    dbdata),
-                                ISC_R_SUCCESS,
+                                ISC_TRUE,
                                 "Failed to check key for update rights samba_dlz");
 
        dlz_destroy(dbdata);