From c5bf365d9230e65a278a297b5e9a8a7a18b8a11d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 21 Mar 2023 08:31:03 +0100
Subject: testprogs: Reformat test_kinit_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 testprogs/blackbox/test_kinit_heimdal.sh | 250 ++++++++++++++++++++++++-------
 1 file changed, 195 insertions(+), 55 deletions(-)

(limited to 'testprogs')

diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh
index 9b90da28e4c..d6b52aef72b 100755
--- a/testprogs/blackbox/test_kinit_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_heimdal.sh
@@ -60,30 +60,63 @@ ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
 export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
-testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=$(expr $failed + 1)
+testit "reset password policies beside of minimum password age of 0 days" \
+	$VALGRIND $PYTHON $samba_tool domain passwordsettings set \
+	$ADMIN_LDBMODIFY_CONFIG \
+	--complexity=default \
+	--history-length=default \
+	--min-pwd-length=default \
+	--min-pwd-age=0 \
+	--max-pwd-age=default || \
+	failed=$(expr $failed + 1)
 
 echo $PASSWORD >$PREFIX/tmppassfile
-testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
-
-testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
-
-testit "kinit with password (windows style)" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
-
-testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
-
-test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
-
-testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1)
+testit "kinit with password (initial)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmppassfile \
+	--request-pac $USERNAME@$REALM || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+
+testit "kinit with password (enterprise style)" \
+	$samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile \
+	--request-pac $USERNAME@$REALM || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+
+testit "kinit with password (windows style)" \
+	$samba4kinit $enctype --renewable --windows \
+	--password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+
+testit "kinit renew ticket" \
+	$samba4kinit $enctype --request-pac -R
+
+test_smbclient "Test login with kerberos ccache" 'ls' "$unc" \
+	--use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+
+testit "check time with kerberos ccache" \
+	$VALGRIND $PYTHON $samba_tool time $SERVER \
+	$CONFIGURATION -k yes "$@" || \
+	failed=$(expr $failed + 1)
 
 USERPASS=testPass@12%
 echo $USERPASS >$PREFIX/tmpuserpassfile
-testit "add user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1)
+testit "add user with kerberos ccache" \
+	$VALGRIND $PYTHON $samba_tool user create ${TEST_USER} $USERPASS \
+	$CONFIGURATION -k yes "$@" || \
+	failed=$(expr $failed + 1)
 
 echo "Getting defaultNamingContext"
-BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}')
+BASEDN=$($ldbsearch $options --basedn='' -H ldap://$SERVER --scope=base \
+	DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}')
 
 cat >$PREFIX/tmpldbmodify <<EOF
 dn: cn=${TEST_USER},cn=users,$BASEDN
@@ -94,11 +127,19 @@ replace: userPrincipalName
 userPrincipalName: nettest@$REALM
 EOF
 
-testit "modify servicePrincipalName and userPrincpalName" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1)
+testit "modify servicePrincipalName and userPrincpalName" \
+	$VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -k yes \
+	"$@" || failed=$(expr $failed + 1)
 
-testit "set user password with kerberos ccache" $VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} --newpassword=$USERPASS $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1)
+testit "set user password with kerberos ccache" \
+	$VALGRIND $PYTHON $samba_tool user setpassword ${TEST_USER} \
+	--newpassword=$USERPASS $CONFIGURATION -k yes "$@" || \
+	failed=$(expr $failed + 1)
 
-testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount ${TEST_USER} -H ldap://$SERVER -k yes "$@" || failed=$(expr $failed + 1)
+testit "enable user with kerberos cache" \
+	$VALGRIND $PYTHON $enableaccount ${TEST_USER} -H ldap://$SERVER -k yes \
+	"$@" || \
+	failed=$(expr $failed + 1)
 
 KRB5CCNAME_PATH="$PREFIX/tmpuserccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
@@ -106,30 +147,60 @@ samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
 export KRB5CCNAME
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after enable of user and password change)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 NEWUSERPASS=testPaSS@34%
-testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS "$@" || failed=$(expr $failed + 1)
+testit "change user password with 'samba-tool user password' (rpc)" \
+	$VALGRIND $PYTHON $samba_tool user password \
+	-W$DOMAIN -U${TEST_USER}%$USERPASS $CONFIGURATION -k no \
+	--newpassword=$NEWUSERPASS "$@" || \
+	failed=$(expr $failed + 1)
 
 echo $NEWUSERPASS >$PREFIX/tmpuserpassfile
 rm -f $KRB5CCNAME_PATH
-testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after rpc password change)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+testit "kinit with password (NT-Principal style) using UPN" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac nettest@$REALM || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+testit "kinit with password (enterprise style) using UPN" \
+	$samba4kinit $enctype --enterprise \
+	--password-file=$PREFIX/tmpuserpassfile --request-pac \
+	nettest@$REALM || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with password (windows style) using UPN" $samba4kinit $enctype --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+testit "kinit with password (windows style) using UPN" \
+	$samba4kinit $enctype --renewable --windows \
+	--password-file=$PREFIX/tmpuserpassfile --request-pac \
+	nettest@$REALM || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache from windows UPN" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 cat >$PREFIX/tmpldbmodify <<EOF
 dn: cn=${TEST_USER},cn=users,$BASEDN
@@ -138,11 +209,21 @@ replace: userPrincipalName
 userPrincipalName: nettest@$REALM.org
 EOF
 
-testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1)
+testit "modify userPrincipalName to be a different domain" \
+	$VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG \
+	$PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \
+	-k yes "$@" || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+testit "kinit with password (enterprise style) using UPN" \
+	$samba4kinit $enctype --enterprise \
+	--password-file=$PREFIX/tmpuserpassfile --request-pac \
+	nettest@$REALM.org || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 USERPASS=$NEWUSERPASS
 NEWUSERPASS=testPaSS@56%
@@ -158,15 +239,23 @@ send ${NEWUSERPASS}\n
 expect Success
 EOF
 
-testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "change user password with kpasswd" \
+	$texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \
+	${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after kpasswd change)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
 NEWUSERPASS=testPaSS@78%
 echo $NEWUSERPASS >$PREFIX/tmpuserpassfile
 
-test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache (after kpasswd change)" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 cat >$PREFIX/tmpkpasswdscript <<EOF
 expect New password
@@ -176,10 +265,17 @@ send ${NEWUSERPASS}\n
 expect Success
 EOF
 
-testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "set user password with kpasswd" \
+	$texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \
+	--cache=$ADMIN_KRB5CCNAME \
+	${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after kpasswd set)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
 test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
 
@@ -194,11 +290,19 @@ send ${NEWUSERPASS}\n
 expect Success
 EOF
 
-testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "set user password with kpasswd and servicePrincipalName" \
+	$texpect $PREFIX/tmpkpasswdscript $samba4kpasswd \
+	--cache=$PREFIX/tmpccache host/${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after set with kpasswd and spn)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 cat >$PREFIX/tmpldbmodify <<EOF
 dn: cn=${TEST_USER},cn=users,$BASEDN
@@ -210,7 +314,12 @@ EOF
 USERPASS=$NEWUSERPASS
 NEWUSERPASS=testPaSS@911%
 
-testit "modify pwdLastSet" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes "$@" || failed=$(expr $failed + 1)
+testit "modify pwdLastSet" \
+	$VALGRIND $ldbmodify \
+	$ADMIN_LDBMODIFY_CONFIG \
+	$PREFIX/tmpldbmodify $PREFIX/tmpldbmodify \
+	-k yes "$@" || \
+	failed=$(expr $failed + 1)
 
 cat >$PREFIX/tmppasswordchange <<EOF
 expect ${TEST_USER}@${REALM}'s Password:
@@ -224,14 +333,24 @@ send ${NEWUSERPASS}\n
 expect Success: Password changed
 EOF
 
-testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac ${TEST_USER}@$REALM && failed=$(expr $failed + 1)
+testit "kinit with user password for expired password" \
+	$texpect $PREFIX/tmppasswordchange \
+	$samba4kinit $enctype --request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 echo $NEWUSERPASS >$PREFIX/tmpuserpassfile
-testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac ${TEST_USER}@$REALM || failed=$(expr $failed + 1)
+testit "kinit with user password (after password change forced by expiration)" \
+	$samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile \
+	--request-pac ${TEST_USER}@$REALM || \
+	failed=$(expr $failed + 1)
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
@@ -241,16 +360,37 @@ export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
 lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
-test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$lowerrealm%$NEWUSERPASS || failed=$(expr $failed + 1)
-test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=$(expr $failed + 1)
-
-testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} $CONFIGURATION -k yes "$@" || failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos lowercase realm" \
+	'ls' "$unc" --use-kerberos=required \
+	-U${TEST_USER}@$lowerrealm%$NEWUSERPASS || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test login with user kerberos lowercase realm 2" \
+	'ls' "$unc" --use-kerberos=required -U${TEST_USER}@$REALM%$NEWUSERPASS \
+	--realm=$lowerrealm || \
+	failed=$(expr $failed + 1)
+
+testit "del user with kerberos ccache" \
+	$VALGRIND $PYTHON $samba_tool user delete ${TEST_USER} \
+	$CONFIGURATION -k yes "$@" || \
+	failed=$(expr $failed + 1)
 
 rm -f $KRB5CCNAME_PATH
-testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=$(expr $failed + 1)
-test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=$(expr $failed + 1)
-
-testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1)
+testit "kinit with machineaccountccache script" \
+	$PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+test_smbclient "Test machine account login with kerberos ccache" \
+	'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || \
+	failed=$(expr $failed + 1)
+
+testit "reset password policies" \
+	$VALGRIND $PYTHON $samba_tool domain passwordsettings set \
+	$ADMIN_LDBMODIFY_CONFIG \
+	--complexity=default \
+	--history-length=default \
+	--min-pwd-length=default \
+	--min-pwd-age=default \
+	--max-pwd-age=default || \
+	failed=$(expr $failed + 1)
 
 rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript
 exit $failed
-- 
cgit v1.2.1