From: Stefan Metzmacher Date: Mon, 15 Jul 2024 16:32:42 +0000 (+0200) Subject: s3:selftest: add samba3.blackbox.smb1_lanman_plaintext tests X-Git-Tag: tdb-1.4.11~110 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8e35933ceb5bcede2b45d8223766bd8b2ebd7ef1;p=thirdparty%2Fsamba.git s3:selftest: add samba3.blackbox.smb1_lanman_plaintext tests This demonstrates that we currently have problems with plaintext and lanman authentication. In both domain member and standalone setups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext b/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext new file mode 100644 index 00000000000..e45d92c32ed --- /dev/null +++ b/selftest/knownfail.d/samba3.blackbox.smb1_lanman_plaintext @@ -0,0 +1,4 @@ +^samba3.blackbox.smb1_lanman_plaintext.test_lm_ok.simpleserver +^samba3.blackbox.smb1_lanman_plaintext.test_plaintext_ok.simpleserver +^samba3.blackbox.smb1_lanman_plaintext.test_lm_ok.nt4_member +^samba3.blackbox.smb1_lanman_plaintext.test_plaintext_ok.nt4_member diff --git a/source3/script/tests/test_smb1_lanman_plaintext.sh b/source3/script/tests/test_smb1_lanman_plaintext.sh new file mode 100755 index 00000000000..669a22e5f4c --- /dev/null +++ b/source3/script/tests/test_smb1_lanman_plaintext.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +if [ $# -lt 3 ]; then + cat < $global_inject_conf << _EOF + server min protocol = LANMAN1 + client min protocol = LANMAN1 + lanman auth = no +_EOF + +opt="--option=clientminprotocol=LANMAN1 -m LANMAN1 -c ls --option=clientNTLMv2auth=no --option=clientlanmanauth=yes -W ${SERVER} -U${USERNAME}%${PASSWORD}" +test_smbclient_expect_failure "test_lm_fail" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1) + +cat > $global_inject_conf << _EOF + server min protocol = LANMAN1 + client min protocol = LANMAN1 + lanman auth = yes + ntlm auth = yes +_EOF + +test_smbclient "test_lm_ok" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1) + +cat > $global_inject_conf << _EOF + server min protocol = LANMAN1 + client min protocol = LANMAN1 + lanman auth = yes + ntlm auth = yes + encrypt passwords = no +_EOF + +test_smbclient_expect_failure "test_plaintext_fail_local" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1) + +opt="--option=clientminprotocol=LANMAN1 -m LANMAN1 -c ls --option=clientNTLMv2auth=no --option=clientlanmanauth=yes --option=clientplaintextauth=yes -W ${SERVER} -U${USERNAME}%${PASSWORD}" +test_smbclient "test_plaintext_ok" "ls" "//$SERVER/tmp" $opt || failed=$(expr $failed + 1) + +echo '' >$global_inject_conf + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 790551245ac..772dfa8672f 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1615,6 +1615,14 @@ plantestsuite("samba3.blackbox.smbd_no_krb5", "ad_member:local", [os.path.join(samba3srcdir, "script/tests/test_smbd_no_krb5.sh"), smbclient3, '$SERVER', "$DC_USERNAME", "$DC_PASSWORD", "$PREFIX"]) +plantestsuite("samba3.blackbox.smb1_lanman_plaintext", "simpleserver:local", + [os.path.join(samba3srcdir, "script/tests/test_smb1_lanman_plaintext.sh"), + smbclient3, '$SERVER', "$USERNAME", "$PASSWORD"]) + +plantestsuite("samba3.blackbox.smb1_lanman_plaintext", "nt4_member:local", + [os.path.join(samba3srcdir, "script/tests/test_smb1_lanman_plaintext.sh"), + smbclient3, '$SERVER', "$USERNAME", "$PASSWORD"]) + plantestsuite("samba3.blackbox.winbind_ignore_domain", "ad_member_idmap_ad:local", [os.path.join(samba3srcdir, "script/tests/test_winbind_ignore_domains.sh")])