2025-03-20 22:50:26 +03:00 · 2017-07-05 14:03:17 +12:00 · 2017-07-05 14:03:17 +12:00 · 1a1c4ad71c
commit 1a1c4ad71c
parent 82c17bc9fa
4 changed files with 43 additions and 7 deletions
--- a/selftest/knownfail
+++ b/selftest/knownfail
@ -334,5 +334,7 @@
 ^samba.tests.netlogonsvc.python\(fileserver\)
 # NTLM authentication is (intentionally) disabled in ktest
 ^samba.tests.ntlmauth.python\(ktest\).ntlmauth.NtlmAuthTests.test_ntlm_connection\(ktest\)
+^samba.tests.ntlmauth.python\(ad_dc_no_ntlm\).ntlmauth.NtlmAuthTests.test_samr_change_password\(ad_dc_no_ntlm\)
 # Disabling NTLM means you can't use samr to change the password
 ^samba.tests.ntlmauth.python\(ktest\).ntlmauth.NtlmAuthTests.test_samr_change_password\(ktest\)
+^samba.tests.ntlmauth.python\(ad_dc_no_ntlm\).ntlmauth.NtlmAuthTests.test_ntlm_connection\(ad_dc_no_ntlm\)
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@ -346,6 +346,7 @@ sub get_interface($)

    # 11-16 used by selftest.pl for client interfaces

+    $interfaces{"addc_no_ntlm"} = 18;
    $interfaces{"idmapadmember"} = 19;
    $interfaces{"idmapridmember"} = 20;
    $interfaces{"localdc"} = 21;
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@ -1757,9 +1757,9 @@ sub read_config_h($)
 	return \%ret;
 }

-sub provision_ad_dc($$)
+sub provision_ad_dc($$$$$$)
 {
-	my ($self, $prefix) = @_;
+	my ($self, $prefix, $hostname, $domain, $realm, $smbconf_args) = @_;

 	my $prefix_abs = abs_path($prefix);

@ -1823,6 +1823,7 @@ sub provision_ad_dc($$)
 	print notify backchannel = yes

        auth event notification = true
+        $smbconf_args
 ";

 	my $extra_smbconf_shares = "
@ -1867,9 +1868,9 @@ sub provision_ad_dc($$)
 	print "PROVISIONING AD DC...\n";
 	my $ret = $self->provision($prefix,
 				   "domain controller",
-				   "addc",
-				   "ADDOMAIN",
-				   "addom.samba.example.com",
+				   $hostname,
+				   $domain,
+				   $realm,
 				   "2008",
 				   "locDCpass1",
 				   undef,
@ -2127,6 +2128,8 @@ sub setup_env($$$)
 		return $self->setup_ad_dc("$path/ad_dc");
 	} elsif ($envname eq "ad_dc_no_nss") {
 		return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
+	} elsif ($envname eq "ad_dc_no_ntlm") {
+		return $self->setup_ad_dc_no_ntlm("$path/ad_dc_no_ntlm");
 	} elsif ($envname eq "ad_member_rfc2307") {
 		if (not defined($self->{vars}->{ad_dc_ntvfs})) {
 			$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
@ -2506,7 +2509,8 @@ sub setup_ad_dc($$)
 	       return "UNKNOWN";
 	}

-	my $env = $self->provision_ad_dc($path);
+	my $env = $self->provision_ad_dc($path, "addc", "ADDOMAIN",
+					 "addom.samba.example.com", "");
 	unless ($env) {
 		return undef;
 	}
@ -2529,6 +2533,35 @@ sub setup_ad_dc($$)
 	return $env;
 }

+sub setup_ad_dc_no_ntlm($$)
+{
+	my ($self, $path) = @_;
+
+	# If we didn't build with ADS, pretend this env was never available
+	if (not $self->{target3}->have_ads()) {
+	       return "UNKNOWN";
+	}
+
+	my $env = $self->provision_ad_dc($path, "addc_no_ntlm", "ADNONTLMDOMAIN",
+					 "adnontlmdom.samba.example.com",
+					 "ntlm auth = disabled");
+	unless ($env) {
+		return undef;
+	}
+
+	if (not defined($self->check_or_start($env, "single"))) {
+	    return undef;
+	}
+
+	my $upn_array = ["$env->{REALM}.upn"];
+	my $spn_array = ["$env->{REALM}.spn"];
+
+	$self->setup_namespaces($env, $upn_array, $spn_array);
+
+	$self->{vars}->{ad_dc_no_ntlm} = $env;
+	return $env;
+}
+
 sub setup_none($$)
 {
 	my ($self, $path) = @_;
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@ -964,7 +964,7 @@ for env in [ "simpleserver", "fileserver", "nt4_dc", "ad_dc", "ad_dc_ntvfs", "ad
                           extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
                           name="samba.tests.netlogonsvc.python(%s)" % env)

-for env in [ "ktest", "ad_member"]:
+for env in [ "ktest", "ad_member", "ad_dc_no_ntlm" ]:
    planoldpythontestsuite(env, "ntlmauth",
                           extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
                           name="samba.tests.ntlmauth.python(%s)" % env)