selftest: Add test for gss_krb5/ntlmssp -> SPNEGO

These bare mechs are permitted to go direct to SPNEGO, which must cope with them

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/python/samba/tests/gensec.py b/python/samba/tests/gensec.py
index fe87aa22222c0fa0dadc03f7fac7db3702851ba4..9cb6eea93aba9236bb535142183e43f633ea6f93 100644 (file)
--- a/python/samba/tests/gensec.py
+++ b/python/samba/tests/gensec.py
@@ -46,7 +46,7 @@ class GensecTests(samba.tests.TestCase):
     def test_info_uninitialized(self):
         self.assertRaises(RuntimeError, self.gensec.session_info)
 
-    def _test_update(self, mech):
+    def _test_update(self, mech, client_mech=None):
         """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
 
         """Start up a client and server GENSEC instance to test things with"""
@@ -54,7 +54,10 @@ class GensecTests(samba.tests.TestCase):
         self.gensec_client = gensec.Security.start_client(self.settings)
         self.gensec_client.set_credentials(self.get_credentials())
         self.gensec_client.want_feature(gensec.FEATURE_SEAL)
-        self.gensec_client.start_mech_by_sasl_name(mech)
+        if client_mech is not None:
+            self.gensec_client.start_mech_by_name(client_mech)
+        else:
+            self.gensec_client.start_mech_by_sasl_name(mech)
 
         self.gensec_server = gensec.Security.start_server(settings=self.settings,
                                                           auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
@@ -139,6 +142,12 @@ class GensecTests(samba.tests.TestCase):
 
         self._test_update("GSS-SPNEGO")
 
+    def test_update_gss_krb5_to_spnego(self):
+        self._test_update("GSS-SPNEGO", "gssapi_krb5")
+
+    def test_update_ntlmssp_to_spnego(self):
+        self._test_update("GSS-SPNEGO", "ntlmssp")
+
 
     def test_max_update_size(self):
         """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""