From: Stefan Metzmacher Date: Thu, 7 Dec 2017 12:00:10 +0000 (+0100) Subject: s4:selftest: replace --option=usespnego= with --option=clientusespnego= X-Git-Tag: talloc-2.1.11~22 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b6d55eefa21c548f962a0c5f290eb23c219f3bff;p=thirdparty%2Fsamba.git s4:selftest: replace --option=usespnego= with --option=clientusespnego= I guess that's what we try to test here, as 'use spnego' was only evaluated on in the smb server part. The basically tests the 'raw NTLMv2 auth' option, we set it to yes on some environments, but keep a knownfail for the ad_member. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/selftest/knownfail.d/ntlmv2-restrictions b/selftest/knownfail.d/ntlmv2-restrictions new file mode 100644 index 00000000000..eb50b134982 --- /dev/null +++ b/selftest/knownfail.d/ntlmv2-restrictions @@ -0,0 +1,2 @@ +# 'raw NTLMv2 auth' is not enabled on ad_member +^samba4.smb.signing.disabled.on.with.-k.no.--option=clientusespnego=no.--signing=off.domain-creds.xcopy\(ad_member\) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index e2e78abd0bb..8c17d778bd0 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1031,6 +1031,7 @@ winbindd:use external pipes = true # the source4 smb server doesn't allow signing by default server signing = enabled +raw NTLMv2 auth = yes rpc_server:default = external rpc_server:svcctl = embedded @@ -1461,6 +1462,7 @@ sub provision_ad_dc_ntvfs($$) server services = +winbind -winbindd ldap server require strong auth = allow_sasl_over_tls allow nt4 crypto = yes + raw NTLMv2 auth = yes lsa over netlogon = yes rpc server port = 1027 auth event notification = true diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 91f8a5cec68..73bdce61873 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -219,18 +219,18 @@ for t in net_tests: transport = "ncacn_np" for env in ["ad_dc_ntvfs", "nt4_dc"]: for ntlmoptions in [ - "-k no --option=usespnego=yes", - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no", - "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes", - "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no", - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no", - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes", - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no", - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", - "-k no --option=usespnego=no --option=clientntlmv2auth=yes", + "-k no --option=clientusespnego=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes", "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes", - "-k no --option=usespnego=no"]: + "-k no --option=clientusespnego=no"]: name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions) plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name) plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration]) @@ -452,7 +452,7 @@ plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', # Tests SMB signing for mech in [ "-k no", - "-k no --option=usespnego=no", + "-k no --option=clientusespnego=no", "-k no --option=gensec:spengo=no", "-k yes", "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]: @@ -463,7 +463,7 @@ for mech in [ for mech in [ "-k no", - "-k no --option=usespnego=no", + "-k no --option=clientusespnego=no", "-k no --option=gensec:spengo=no", "-k yes"]: signoptions = "%s --signing=off" % mech @@ -477,7 +477,7 @@ for mech in [ plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient4]) for mech in [ "-k no", - "-k no --option=usespnego=no", + "-k no --option=clientusespnego=no", "-k no --option=gensec:spengo=no"]: signoptions = "%s --signing=off" % mech plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)