python:tests/krb5: let netlogon.py check for NETLOGON_NTLMV2_ENABLED

It's there for network_samlogon and interactive_samlogon,
but not in ticket_samlogon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15783

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/python/samba/tests/krb5/netlogon.py b/python/samba/tests/krb5/netlogon.py
index 7ada1a01d52e938d8b2ca149ea93239d9f603d71..6320a2bd5425d77f5925ff008653bb032f12b38a 100755 (executable)
--- a/python/samba/tests/krb5/netlogon.py
+++ b/python/samba/tests/krb5/netlogon.py
@@ -1556,6 +1556,9 @@ class NetlogonSchannel(KDCBaseTest):
                                            expect_send_encrypted,
                                            expect_recv_encrypted)
         self.assertNotEqual(validationRef_n6.base.rid, 0)
+        self.assertEqual(validationRef_n6.base.user_flags &
+                         netlogon.NETLOGON_NTLMV2_ENABLED,
+                         netlogon.NETLOGON_NTLMV2_ENABLED)
         self.assertNotEqual(validationRef_n6.base.key.key, list(b'\x00' *16))
         self.assertEqual(validationRef_n6.base.LMSessKey.key, list(b'\x00' *8))
 
@@ -1567,6 +1570,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_n2.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationWF_n2.base.user_flags, validationRef_n6.base.user_flags)
         if expect_broken_nt_crypto:
             self.assertNotEqual(validationWF_n2.base.key.key, list(b'\x00' *16))
             self.assertNotEqual(validationWF_n2.base.key.key, validationRef_n6.base.key.key)
@@ -1583,6 +1587,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_n2.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationEx_n2.base.user_flags, validationRef_n6.base.user_flags)
         if expect_broken_nt_crypto:
             self.assertNotEqual(validationEx_n2.base.key.key, list(b'\x00' *16))
             self.assertNotEqual(validationEx_n2.base.key.key, validationRef_n6.base.key.key)
@@ -1602,6 +1607,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_n3.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationWF_n3.base.user_flags, validationRef_n6.base.user_flags)
         if expect_broken_nt_crypto:
             self.assertNotEqual(validationWF_n3.base.key.key, list(b'\x00' *16))
             self.assertNotEqual(validationWF_n3.base.key.key, validationRef_n6.base.key.key)
@@ -1618,6 +1624,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_n3.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationEx_n3.base.user_flags, validationRef_n6.base.user_flags)
         if expect_broken_nt_crypto:
             self.assertNotEqual(validationEx_n3.base.key.key, list(b'\x00' *16))
             self.assertNotEqual(validationEx_n3.base.key.key, validationRef_n6.base.key.key)
@@ -1637,6 +1644,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_n6.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationWF_n6.base.user_flags, validationRef_n6.base.user_flags)
         self.assertEqual(validationWF_n6.base.key.key, validationRef_n6.base.key.key)
         validationEx_n6 = self.do_LogonEx(ncreds, conn,
                                           logon_type_n, logon_info_n,
@@ -1644,6 +1652,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_n6.base.rid, validationRef_n6.base.rid)
+        self.assertEqual(validationEx_n6.base.user_flags, validationRef_n6.base.user_flags)
         self.assertEqual(validationEx_n6.base.key.key, validationRef_n6.base.key.key)
 
         self.do_CheckCapabilities(ncreds, conn)
@@ -1703,6 +1712,9 @@ class NetlogonSchannel(KDCBaseTest):
             self.do_CheckCapabilities(ncreds, conn)
             return
         self.assertNotEqual(validationRef_i6.base.rid, 0)
+        self.assertEqual(validationRef_i6.base.user_flags &
+                         netlogon.NETLOGON_NTLMV2_ENABLED,
+                         netlogon.NETLOGON_NTLMV2_ENABLED)
         self.assertEqual(validationRef_i6.base.key.key, list(b'\x00' *16))
         self.assertEqual(validationRef_i6.base.LMSessKey.key, list(b'\x00' *8))
 
@@ -1714,6 +1726,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_i2.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationWF_i2.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationWF_i2.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationWF_i2.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
         validationEx_i2 = self.do_LogonEx(ncreds, conn,
@@ -1722,6 +1735,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_i2.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationEx_i2.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationEx_i2.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationEx_i2.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
 
@@ -1733,6 +1747,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_i3.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationWF_i3.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationWF_i3.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationWF_i3.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
         validationEx_i3 = self.do_LogonEx(ncreds, conn,
@@ -1741,6 +1756,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_i3.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationEx_i3.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationEx_i3.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationEx_i3.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
 
@@ -1752,6 +1768,7 @@ class NetlogonSchannel(KDCBaseTest):
                                                  expect_send_encrypted,
                                                  expect_recv_encrypted)
         self.assertEqual(validationWF_i6.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationWF_i6.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationWF_i6.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationWF_i6.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
         validationEx_i6 = self.do_LogonEx(ncreds, conn,
@@ -1760,6 +1777,7 @@ class NetlogonSchannel(KDCBaseTest):
                                           expect_send_encrypted,
                                           expect_recv_encrypted)
         self.assertEqual(validationEx_i6.base.rid, validationRef_i6.base.rid)
+        self.assertEqual(validationEx_i6.base.user_flags, validationRef_i6.base.user_flags)
         self.assertEqual(validationEx_i6.base.key.key, validationRef_i6.base.key.key)
         self.assertEqual(validationEx_i6.base.LMSessKey.key, validationRef_i6.base.LMSessKey.key)
 
@@ -1911,6 +1929,8 @@ class NetlogonSchannel(KDCBaseTest):
             self.assertIsNotNone(validationEx.user_information)
             self.assertNotEqual(validationEx.user_information.base.rid, 0)
             self.assertEqual(validationEx.user_information.base.key.key, list(b'\x00' *16))
+            self.assertEqual(validationEx.user_information.base.user_flags &
+                             netlogon.NETLOGON_NTLMV2_ENABLED, 0)
             self.assertIsNone(validationEx.device_information)
 
         expect_send_encrypted = False
@@ -1939,6 +1959,8 @@ class NetlogonSchannel(KDCBaseTest):
             self.assertEqual(validationWF.user_information.base.rid,
                              validationEx.user_information.base.rid)
             self.assertEqual(validationWF.user_information.base.key.key, list(b'\x00' *16))
+            self.assertEqual(validationWF.user_information.base.user_flags,
+                             validationEx.user_information.base.user_flags)
             self.assertIsNone(validationWF.device_information)
 
         self.do_CheckCapabilities(ncreds, conn)

diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon
index dc2304c116218f73c7e7862ed3f553e9064430ee..fa8cc1d3d327ba64dbe8e6fb12bd35d8806de3ff 100644 (file)
--- a/selftest/knownfail.d/samba.tests.krb5.netlogon
+++ b/selftest/knownfail.d/samba.tests.krb5.netlogon
@@ -1,2 +1,22 @@
 # This is not implemented yet
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon
+# We don't add NETLOGON_NTLMV2_ENABLED yet
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_interactive_samlogon_.*_auth3_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_interactive_samlogon_.*_auth3_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_interactive_samlogon_.*_auth3_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_interactive_samlogon_.*_authK_80000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_interactive_samlogon_.*_authK_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_auth3_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_auth3_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_auth3_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_00000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_00000004
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_00004000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_01004004
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_400001ff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_413fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_603fbffb
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_80000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_network_samlogon_.*_authK_e13fffff