From 1a1c4ad71c268b143f59b7995099c63adf4ceda7 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale@catalyst.net.nz>
Date: Wed, 5 Jul 2017 14:03:17 +1200
Subject: [PATCH] selftest: Add new AD DC testenv with NTLM disabled

This is so that we test the source4 case as well. Currently the only
testenv with NTLM disabled is ktest, and that only exercises the source3
code.

I've tried to support the new test environment with minimal changes to the
Samba4.pm setup code.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 selftest/knownfail        |  2 ++
 selftest/target/Samba.pm  |  1 +
 selftest/target/Samba4.pm | 45 +++++++++++++++++++++++++++++++++------
 source4/selftest/tests.py |  2 +-
 4 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index 953b1812c18e..80de242b14db 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -334,5 +334,7 @@
 ^samba.tests.netlogonsvc.python\(fileserver\)
 # NTLM authentication is (intentionally) disabled in ktest
 ^samba.tests.ntlmauth.python\(ktest\).ntlmauth.NtlmAuthTests.test_ntlm_connection\(ktest\)
+^samba.tests.ntlmauth.python\(ad_dc_no_ntlm\).ntlmauth.NtlmAuthTests.test_samr_change_password\(ad_dc_no_ntlm\)
 # Disabling NTLM means you can't use samr to change the password
 ^samba.tests.ntlmauth.python\(ktest\).ntlmauth.NtlmAuthTests.test_samr_change_password\(ktest\)
+^samba.tests.ntlmauth.python\(ad_dc_no_ntlm\).ntlmauth.NtlmAuthTests.test_ntlm_connection\(ad_dc_no_ntlm\)
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 596877226172..dc6b3d518bf8 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -346,6 +346,7 @@ sub get_interface($)
 
     # 11-16 used by selftest.pl for client interfaces
 
+    $interfaces{"addc_no_ntlm"} = 18;
     $interfaces{"idmapadmember"} = 19;
     $interfaces{"idmapridmember"} = 20;
     $interfaces{"localdc"} = 21;
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7930a4ec8a8c..be43bae83cfe 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1757,9 +1757,9 @@ sub read_config_h($)
 	return \%ret;
 }
 
-sub provision_ad_dc($$)
+sub provision_ad_dc($$$$$$)
 {
-	my ($self, $prefix) = @_;
+	my ($self, $prefix, $hostname, $domain, $realm, $smbconf_args) = @_;
 
 	my $prefix_abs = abs_path($prefix);
 
@@ -1823,6 +1823,7 @@ sub provision_ad_dc($$)
 	print notify backchannel = yes
 
         auth event notification = true
+        $smbconf_args
 ";
 
 	my $extra_smbconf_shares = "
@@ -1867,9 +1868,9 @@ sub provision_ad_dc($$)
 	print "PROVISIONING AD DC...\n";
 	my $ret = $self->provision($prefix,
 				   "domain controller",
-				   "addc",
-				   "ADDOMAIN",
-				   "addom.samba.example.com",
+				   $hostname,
+				   $domain,
+				   $realm,
 				   "2008",
 				   "locDCpass1",
 				   undef,
@@ -2127,6 +2128,8 @@ sub setup_env($$$)
 		return $self->setup_ad_dc("$path/ad_dc");
 	} elsif ($envname eq "ad_dc_no_nss") {
 		return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
+	} elsif ($envname eq "ad_dc_no_ntlm") {
+		return $self->setup_ad_dc_no_ntlm("$path/ad_dc_no_ntlm");
 	} elsif ($envname eq "ad_member_rfc2307") {
 		if (not defined($self->{vars}->{ad_dc_ntvfs})) {
 			$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
@@ -2506,7 +2509,8 @@ sub setup_ad_dc($$)
 	       return "UNKNOWN";
 	}
 
-	my $env = $self->provision_ad_dc($path);
+	my $env = $self->provision_ad_dc($path, "addc", "ADDOMAIN",
+					 "addom.samba.example.com", "");
 	unless ($env) {
 		return undef;
 	}
@@ -2529,6 +2533,35 @@ sub setup_ad_dc($$)
 	return $env;
 }
 
+sub setup_ad_dc_no_ntlm($$)
+{
+	my ($self, $path) = @_;
+
+	# If we didn't build with ADS, pretend this env was never available
+	if (not $self->{target3}->have_ads()) {
+	       return "UNKNOWN";
+	}
+
+	my $env = $self->provision_ad_dc($path, "addc_no_ntlm", "ADNONTLMDOMAIN",
+					 "adnontlmdom.samba.example.com",
+					 "ntlm auth = disabled");
+	unless ($env) {
+		return undef;
+	}
+
+	if (not defined($self->check_or_start($env, "single"))) {
+	    return undef;
+	}
+
+	my $upn_array = ["$env->{REALM}.upn"];
+	my $spn_array = ["$env->{REALM}.spn"];
+
+	$self->setup_namespaces($env, $upn_array, $spn_array);
+
+	$self->{vars}->{ad_dc_no_ntlm} = $env;
+	return $env;
+}
+
 sub setup_none($$)
 {
 	my ($self, $path) = @_;
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index f8d2229aab23..c7150d05c145 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -964,7 +964,7 @@ for env in [ "simpleserver", "fileserver", "nt4_dc", "ad_dc", "ad_dc_ntvfs", "ad
                            extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
                            name="samba.tests.netlogonsvc.python(%s)" % env)
 
-for env in [ "ktest", "ad_member"]:
+for env in [ "ktest", "ad_member", "ad_dc_no_ntlm" ]:
     planoldpythontestsuite(env, "ntlmauth",
                            extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
                            name="samba.tests.ntlmauth.python(%s)" % env)
-- 
2.34.1