s4:torture:dlz_bind9: fix spnego tests

The dlz_bind9 module uses the special dns-${NETBIOSNAME} account,
and this is only available under the dns/hostname.domain SPN, not
host/hostname.

Also the dlz_ssumatch() function returns isc_boolean_t instead
of isc_result_t. As ISC_R_SUCCESS and ISC_FALSE have the same value
we didn't notice this problem.

Change-Id: I48539c3f48f5dde9eaa2fff6da0f3be2f9f66311
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source4/torture/dns/dlz_bind9.c

@@ -158,9 +158,19 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
 	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
 
-	status = gensec_set_target_hostname(gensec_client_context, torture_setting_string(tctx, "host", NULL));
+	/*
+	 * dlz_bind9 use the special dns/host.domain account
+	 */
+	status = gensec_set_target_hostname(gensec_client_context,
+					    talloc_asprintf(tctx,
+				"%s.%s",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx)));
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
 
+	status = gensec_set_target_service(gensec_client_context, "dns");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
+
 	status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
@@ -181,7 +191,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 						    client_to_server.length,
 						    client_to_server.data,
 						    dbdata),
-				 ISC_R_SUCCESS,
+				 ISC_TRUE,
 				 "Failed to check key for update rights samba_dlz");
 
 	dlz_destroy(dbdata);