From: Andrew Bartlett Date: Mon, 28 Feb 2022 00:19:58 +0000 (+1300) Subject: torture: Do not expect LM passwords to be accepted except by samba3 X-Git-Tag: tevent-0.12.0~395 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb691c51ee2e4b0a2d64234383dffddba00bb257;p=thirdparty%2Fsamba.git torture: Do not expect LM passwords to be accepted except by samba3 This allows Samba as an AD DC (compared with the fileserver/NT4-like DC mode) to match windows and refuse all LM passwords, no matter what. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 9523fd9cf3b..632c4efc2ec 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -357,6 +357,12 @@ static bool test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm if (break_which == NO_NT && !lm_good) { return true; } + /* for modern servers, the LM password is invalid */ + if (break_which == NO_NT + && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) { + return true; + } + /* for 'old' passwords, we allow the server to be OK or wrong password */ if (samlogon_state->old_password) { return true; @@ -384,6 +390,13 @@ static bool test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm return false; } + /* for modern servers, the LM password is invalid */ + if (break_which == NO_NT + && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) { + *error_string = strdup("LM password is OK but should have failed against a modern server"); + return false; + } + if (!all_zero(lm_key, sizeof(lm_key)) != 0) { torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n"); torture_comment(samlogon_state->tctx, "lm_key:\n"); @@ -1241,6 +1254,12 @@ static bool test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea if (break_which == NO_NT && !lm_good) { return true; } + /* for modern servers, the LM password is invalid */ + if (break_which == NO_NT + && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) { + return true; + } + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); @@ -1264,6 +1283,13 @@ static bool test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea return false; } + /* for modern servers, the LM password is invalid */ + if (break_which == NO_NT + && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) { + *error_string = strdup("LM password is OK but should have failed against a modern server"); + return false; + } + return true; }