s3:selftest: add samba3.blackbox.smb1_lanman_plaintext tests

This demonstrates that we currently have problems with
plaintext and lanman authentication. In both domain member
and standalone setups.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext b/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext
new file mode 100644 (file)
index 0000000..e45d92c
--- /dev/null
+++ b/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext
@@ -0,0 +1,4 @@
+^samba3.blackbox.smb1_lanman_plaintext.test_lm_ok.simpleserver
+^samba3.blackbox.smb1_lanman_plaintext.test_plaintext_ok.simpleserver
+^samba3.blackbox.smb1_lanman_plaintext.test_lm_ok.nt4_member
+^samba3.blackbox.smb1_lanman_plaintext.test_plaintext_ok.nt4_member

diff --git a/source3/script/tests/test_smb1_lanman_plaintext.sh b/source3/script/tests/test_smb1_lanman_plaintext.sh
new file mode 100755 (executable)
index 0000000..669a22e
--- /dev/null
+++ b/source3/script/tests/test_smb1_lanman_plaintext.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+if [ $# -lt 3 ]; then
+       cat <<EOF
+Usage: test_smb1_lanman_plaintext.sh SERVER USERNAME PASSWORD
+EOF
+       exit 1
+fi
+
+# This is used by test_smbclient()
+# shellcheck disable=2034
+smbclient=$1
+SERVER=$2
+USERNAME=$3
+PASSWORD=$4
+shift 4
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+. $incdir/common_test_fns.inc
+
+failed=0
+
+opt="-W ${SERVER} -U${USERNAME}%${PASSWORD}"
+
+# check
+test_smbclient "test_default" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1)
+
+global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf
+cat > $global_inject_conf << _EOF
+    server min protocol = LANMAN1
+    client min protocol = LANMAN1
+    lanman auth = no
+_EOF
+
+opt="--option=clientminprotocol=LANMAN1 -m LANMAN1 -c ls --option=clientNTLMv2auth=no --option=clientlanmanauth=yes -W ${SERVER} -U${USERNAME}%${PASSWORD}"
+test_smbclient_expect_failure "test_lm_fail" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1)
+
+cat > $global_inject_conf << _EOF
+    server min protocol = LANMAN1
+    client min protocol = LANMAN1
+    lanman auth = yes
+    ntlm auth = yes
+_EOF
+
+test_smbclient "test_lm_ok" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1)
+
+cat > $global_inject_conf << _EOF
+    server min protocol = LANMAN1
+    client min protocol = LANMAN1
+    lanman auth = yes
+    ntlm auth = yes
+    encrypt passwords = no
+_EOF
+
+test_smbclient_expect_failure "test_plaintext_fail_local" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1)
+
+opt="--option=clientminprotocol=LANMAN1 -m LANMAN1 -c ls --option=clientNTLMv2auth=no --option=clientlanmanauth=yes --option=clientplaintextauth=yes -W ${SERVER} -U${USERNAME}%${PASSWORD}"
+test_smbclient "test_plaintext_ok" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1)
+
+echo '' >$global_inject_conf
+
+testok $0 $failed

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 790551245acaa43606522373d99a03618b6e96a7..772dfa8672f07c0eb06edaef5b03f55a8966fa83 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1615,6 +1615,14 @@ plantestsuite("samba3.blackbox.smbd_no_krb5", "ad_member:local",
               [os.path.join(samba3srcdir, "script/tests/test_smbd_no_krb5.sh"),
                smbclient3, '$SERVER', "$DC_USERNAME", "$DC_PASSWORD", "$PREFIX"])
 
+plantestsuite("samba3.blackbox.smb1_lanman_plaintext", "simpleserver:local",
+              [os.path.join(samba3srcdir, "script/tests/test_smb1_lanman_plaintext.sh"),
+               smbclient3, '$SERVER', "$USERNAME", "$PASSWORD"])
+
+plantestsuite("samba3.blackbox.smb1_lanman_plaintext", "nt4_member:local",
+              [os.path.join(samba3srcdir, "script/tests/test_smb1_lanman_plaintext.sh"),
+               smbclient3, '$SERVER', "$USERNAME", "$PASSWORD"])
+
 plantestsuite("samba3.blackbox.winbind_ignore_domain", "ad_member_idmap_ad:local",
               [os.path.join(samba3srcdir, "script/tests/test_winbind_ignore_domains.sh")])