sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

s4:selftest: replace --option=usespnego= with --option=clientusespnego=

Browse Source 
I guess that's what we try to test here, as 'use spnego' was only evaluated
on in the smb server part.

The basically tests the 'raw NTLMv2 auth' option, we set it to yes on
some environments, but keep a knownfail for the ad_member.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Stefan Metzmacher 2017-12-07 13:00:10 +01:00 committed by Ralph Boehme
parent bb3944c608
commit b6d55eefa2
3 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
selftest/knownfail.d/ntlmv2-restrictions Normal file
View File

@ -0,0 +1,2 @@
# 'raw NTLMv2 auth' is not enabled on ad_member
^samba4.smb.signing.disabled.on.with.-k.no.--option=clientusespnego=no.--signing=off.domain-creds.xcopy\(ad_member\)

2
selftest/target/Samba4.pm
View File

@ -1031,6 +1031,7 @@ winbindd:use external pipes = true
# the source4 smb server doesn't allow signing by default
server signing = enabled
raw NTLMv2 auth = yes
rpc_server:default = external
rpc_server:svcctl = embedded
@ -1461,6 +1462,7 @@ sub provision_ad_dc_ntvfs($$)
server services = +winbind -winbindd
ldap server require strong auth = allow_sasl_over_tls
allow nt4 crypto = yes
raw NTLMv2 auth = yes
lsa over netlogon = yes
rpc server port = 1027
auth event notification = true

28
source4/selftest/tests.py
View File

@ -219,18 +219,18 @@ for t in net_tests:
transport = "ncacn_np"
for env in ["ad_dc_ntvfs", "nt4_dc"]:
for ntlmoptions in [
"-k no --option=usespnego=yes",
"-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no",
"-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes",
"-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no",
"-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes",
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=usespnego=no --option=clientntlmv2auth=yes",
"-k no --option=clientusespnego=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
"-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
"-k no --option=usespnego=no"]:
"-k no --option=clientusespnego=no"]:
name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
@ -452,7 +452,7 @@ plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME',
# Tests SMB signing
for mech in [
"-k no",
"-k no --option=usespnego=no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no",
"-k yes",
"-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
@ -463,7 +463,7 @@ for mech in [
for mech in [
"-k no",
"-k no --option=usespnego=no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no",
"-k yes"]:
signoptions = "%s --signing=off" % mech
@ -477,7 +477,7 @@ for mech in [
plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient4])
for mech in [
"-k no",
"-k no --option=usespnego=no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no"]:
signoptions = "%s --signing=off" % mech
plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)