s4:selftest: replace --option=usespnego= with --option=clientusespnego=

I guess that's what we try to test here, as 'use spnego' was only evaluated
on in the smb server part.

The basically tests the 'raw NTLMv2 auth' option, we set it to yes on
some environments, but keep a knownfail for the ad_member.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/selftest/knownfail.d/ntlmv2-restrictions b/selftest/knownfail.d/ntlmv2-restrictions
new file mode 100644 (file)
index 0000000..eb50b13
--- /dev/null
+++ b/selftest/knownfail.d/ntlmv2-restrictions
@@ -0,0 +1,2 @@
+# 'raw NTLMv2 auth' is not enabled on ad_member
+^samba4.smb.signing.disabled.on.with.-k.no.--option=clientusespnego=no.--signing=off.domain-creds.xcopy\(ad_member\)

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index e2e78abd0bb402c841d54b5f6d4fcdb7fe5966e9..8c17d778bd0b7553f33aa1302d1d938ed24c94f3 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1031,6 +1031,7 @@ winbindd:use external pipes = true
 
 # the source4 smb server doesn't allow signing by default
 server signing = enabled
+raw NTLMv2 auth = yes
 
 rpc_server:default = external
 rpc_server:svcctl = embedded
@@ -1461,6 +1462,7 @@ sub provision_ad_dc_ntvfs($$)
         server services = +winbind -winbindd
        ldap server require strong auth = allow_sasl_over_tls
        allow nt4 crypto = yes
+       raw NTLMv2 auth = yes
        lsa over netlogon = yes
         rpc server port = 1027
         auth event notification = true

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 91f8a5cec687fcb9360c148fc6d0e266daafa1c3..73bdce61873b7f2e7afddb981870d5bcd15fc19b 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -219,18 +219,18 @@ for t in net_tests:
 transport = "ncacn_np"
 for env in ["ad_dc_ntvfs", "nt4_dc"]:
     for ntlmoptions in [
-        "-k no --option=usespnego=yes",
-        "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no",
-        "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes",
-        "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no",
-        "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
-        "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
-        "-k no --option=usespnego=yes --option=clientntlmv2auth=yes",
-        "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
-        "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
-        "-k no --option=usespnego=no --option=clientntlmv2auth=yes",
+        "-k no --option=clientusespnego=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
         "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
-        "-k no --option=usespnego=no"]:
+        "-k no --option=clientusespnego=no"]:
         name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
         plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
     plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
@@ -452,7 +452,7 @@ plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME',
 # Tests SMB signing
 for mech in [
     "-k no",
-    "-k no --option=usespnego=no",
+    "-k no --option=clientusespnego=no",
     "-k no --option=gensec:spengo=no",
     "-k yes",
     "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
@@ -463,7 +463,7 @@ for mech in [
 
 for mech in [
     "-k no",
-    "-k no --option=usespnego=no",
+    "-k no --option=clientusespnego=no",
     "-k no --option=gensec:spengo=no",
     "-k yes"]:
     signoptions = "%s --signing=off" % mech
@@ -477,7 +477,7 @@ for mech in [
 plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient4])
 for mech in [
     "-k no",
-    "-k no --option=usespnego=no",
+    "-k no --option=clientusespnego=no",
     "-k no --option=gensec:spengo=no"]:
     signoptions = "%s --signing=off" % mech
     plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)