tests: Remove explicit SOCKET_WRAPPER usage from auth_log tests

The auth-logging tests are an odd combination of server and client
behaviour. On the one hand we want a IRPC connection to see the auth
events being logged on the server. On the other hand, we want the auth
events to appear to be happening on a client. Currently we hardcode in
the use of a SOCKET_WRAPPER interface to make this happen.

We can avoid this explicit socket wrapper usage by using the server
smb.conf instead in the one place we actually want to act like the
server (creating the IRPC connection). Then we can switch from using
the 'ad_dc*:local' testenvs to use 'ad_dc*', in order to act like a
client by default. The SERVERCONFFILE environment variable has already
been added for the few cases where a test needs explicit access to the
server's smb.conf.

However, for samba.tests.auth_log, the samlogon test cases are still
reliant on being run on the :local testenv, and so we can't switch them
over just yet. This is because the samlogon is using the DC's machine
creds underneath, which will fail on the non-local testenv. We could
create separate machine creds for the client and use those, but this is
a non-trivial rework of the test code.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/audit_log_base.py

@@ -22,6 +22,7 @@ from __future__ import print_function
 import samba.tests
 from samba.messaging import Messaging
 from samba.dcerpc.messaging import MSG_AUTH_LOG, AUTH_EVENT_NAME
+from samba.param import LoadParm
 import time
 import json
 import os
@@ -41,7 +42,15 @@ class AuditLogTestBase(samba.tests.TestCase):
 
     def setUp(self):
         super(AuditLogTestBase, self).setUp()
-        lp_ctx = self.get_loadparm()
+
+        # connect to the server's messaging bus (we need to explicitly load a
+        # different smb.conf here, because in all other respects this test
+        # wants to act as a separate remote client)
+        server_conf = os.getenv('SERVERCONFFILE')
+        if server_conf:
+            lp_ctx = LoadParm(filename_for_non_global_lp=server_conf)
+        else:
+            lp_ctx = self.get_loadparm()
         self.msg_ctx = Messaging((1,), lp_ctx=lp_ctx)
         self.msg_ctx.irpc_add_name(self.event_type)
 

python/samba/tests/auth_log_base.py

@@ -22,6 +22,7 @@ from __future__ import print_function
 import samba.tests
 from samba.messaging import Messaging
 from samba.dcerpc.messaging import MSG_AUTH_LOG, AUTH_EVENT_NAME
+from samba.param import LoadParm
 import time
 import json
 import os
@@ -34,7 +35,14 @@ class AuthLogTestBase(samba.tests.TestCase):
 
     def setUp(self):
         super(AuthLogTestBase, self).setUp()
-        lp_ctx = self.get_loadparm()
+        # connect to the server's messaging bus (we need to explicitly load a
+        # different smb.conf here, because in all other respects this test
+        # wants to act as a separate remote client)
+        server_conf = os.getenv('SERVERCONFFILE')
+        if server_conf:
+            lp_ctx = LoadParm(filename_for_non_global_lp=server_conf)
+        else:
+            lp_ctx = self.get_loadparm()
         self.msg_ctx = Messaging((1,), lp_ctx=lp_ctx)
         global msg_ctxs
         msg_ctxs.append(self.msg_ctx)

selftest/knownfail

@@ -339,9 +339,9 @@
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing
 #
-# rap password tests don't function in the ad_dc_ntvfs:local environment
+# rap password tests don't function in the ad_dc_ntvfs environment
 #
-^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs:local\)
+^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs\)
 # We currently don't send referrals for LDAP modify of non-replicated attrs
 ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
 ^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos

source4/selftest/tests.py

@@ -718,12 +718,10 @@ if have_heimdal_support:
     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
                            environ={'CLIENT_IP': '127.0.0.11',
                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
-    planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
-                           environ={'CLIENT_IP': '127.0.0.11',
-                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
-    planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
-                           environ={'CLIENT_IP': '127.0.0.11',
-                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
+    planoldpythontestsuite("ad_dc", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
+                           environ={'CLIENT_IP': '127.0.0.11'})
+    planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
+                           environ={'CLIENT_IP': '127.0.0.11'})
 
     # these tests use a NCA local RPC connection, so always run on the
     # :local testenv, and so don't need to fake a client connection
@@ -739,18 +737,15 @@ if have_heimdal_support:
     planoldpythontestsuite("ad_member:local",
                            "samba.tests.auth_log_winbind",
                            extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
-    planoldpythontestsuite("ad_dc:local", "samba.tests.audit_log_pass_change",
+    planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
                            extra_args=['-U"$USERNAME%$PASSWORD"'],
-                           environ={'CLIENT_IP': '127.0.0.11',
-                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
-    planoldpythontestsuite("ad_dc:local", "samba.tests.audit_log_dsdb",
+                           environ={'CLIENT_IP': '127.0.0.11'})
+    planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
                            extra_args=['-U"$USERNAME%$PASSWORD"'],
-                           environ={'CLIENT_IP': '127.0.0.11',
-                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
-    planoldpythontestsuite("ad_dc:local", "samba.tests.group_audit",
+                           environ={'CLIENT_IP': '127.0.0.11'})
+    planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
                            extra_args=['-U"$USERNAME%$PASSWORD"'],
-                           environ={'CLIENT_IP': '127.0.0.11',
-                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
+                           environ={'CLIENT_IP': '127.0.0.11'})
 
 planoldpythontestsuite("fl2008r2dc:local",
                        "samba.tests.getdcname",