diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2022-03-31 21:16:03 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2022-05-05 00:27:33 +0000 |
| commit | 127fe361b83326d351944f9d641d75a5cee9deaa (patch) | |
| tree | a3a7cabdfc53b33b2b525984ca78e7935b52325e | |
| parent | a9caf760b6f952461ecd4894b0cab1c2648f1e96 (diff) | |
| download | samba-127fe361b83326d351944f9d641d75a5cee9deaa.tar.gz | |
selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
| -rw-r--r-- | python/samba/tests/samba_tool/user.py | 16 | ||||
| -rw-r--r-- | selftest/knownfail.d/nt-hash-support-gone | 2 | ||||
| -rwxr-xr-x | source4/selftest/tests.py | 18 |
3 files changed, 27 insertions, 9 deletions
diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py index 0a1fbfeb82d..4563bb2d9a3 100644 --- a/python/samba/tests/samba_tool/user.py +++ b/python/samba/tests/samba_tool/user.py @@ -211,6 +211,8 @@ class UserCmdTestCase(SambaToolCmdTest): self.assertEqual(nidx, sc.sub.num_packages, "Unknown packages found") def test_setpassword(self): + expect_nt_hash = bool(int(os.environ.get("EXPECT_NT_HASH", "1"))) + for user in self.users: newpasswd = self.random_password(16) (result, out, err) = self.runsubcmd("user", "setpassword", @@ -278,8 +280,11 @@ class UserCmdTestCase(SambaToolCmdTest): "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out)) self.assertMatch(out, "# unicodePwd::: REDACTED SECRET ATTRIBUTE", "getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]" % out) - self.assertMatch(out, "unicodePwd:: %s" % unicodePwd, - "getpassword unicodePwd: out[%s]" % out) + if expect_nt_hash: + self.assertMatch(out, "unicodePwd:: %s" % unicodePwd, + "getpassword unicodePwd: out[%s]" % out) + else: + self.assertNotIn("unicodePwd:: %s" % unicodePwd, out) self.assertMatch(out, "# supplementalCredentials::: REDACTED SECRET ATTRIBUTE", "getpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]" % out) self.assertMatch(out, "supplementalCredentials:: ", @@ -301,8 +306,11 @@ class UserCmdTestCase(SambaToolCmdTest): self.assertMatch(out, "Got password OK", "getpassword without url") self.assertMatch(out, "sAMAccountName: %s" % (user["name"]), "getpassword: 'sAMAccountName': %s out[%s]" % (user["name"], out)) - self.assertMatch(out, "unicodePwd:: %s" % unicodePwd, - "getpassword unicodePwd: out[%s]" % out) + if expect_nt_hash: + self.assertMatch(out, "unicodePwd:: %s" % unicodePwd, + "getpassword unicodePwd: out[%s]" % out) + else: + self.assertNotIn("unicodePwd:: %s" % unicodePwd, out) self.assertMatch(out, "supplementalCredentials:: ", "getpassword supplementalCredentials: out[%s]" % out) self._verify_supplementalCredentials(out.replace("\nGot password OK\n", "")) diff --git a/selftest/knownfail.d/nt-hash-support-gone b/selftest/knownfail.d/nt-hash-support-gone new file mode 100644 index 00000000000..6cda102ee92 --- /dev/null +++ b/selftest/knownfail.d/nt-hash-support-gone @@ -0,0 +1,2 @@ +^samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_setpassword.ad_dc_no_ntlm:local +^samba4.ldap.login_basics.python.ad_dc_no_ntlm..__main__.BasicUserAuthTests.test_login_basics_ntlm.ad_dc_no_ntlm diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index bc3cddbbafb..a01e188bcd1 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -928,12 +928,18 @@ for env in ["ad_dc_ntvfs", "ad_dc"]: planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts") planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes") + planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user") -planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.user_wdigest") -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.user") -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.user_virtualCryptSHA_userPassword") -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.user_virtualCryptSHA_gpg") +for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]: + planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest") +for env, nt_hash in [("ad_dc:local", True), + ("ad_dc_no_ntlm:local", False)]: + planpythontestsuite(env, "samba.tests.samba_tool.user", + environ={"EXPECT_NT_HASH": int(nt_hash)}) + planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword") + planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg") planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script") + planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group") planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou") planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer") @@ -1377,6 +1383,8 @@ for env in all_fl_envs + ["schema_dc"]: plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"]) plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]: if env != "fl2000dc": # This test makes excessive use of the "userPassword" attribute which # isn't available on DCs with Windows 2000 domain function level - @@ -1400,7 +1408,7 @@ for env in ["ad_dc_slowtests"]: extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) # this is a basic sanity-check of Kerberos/NTLM user login -for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc"]: +for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]: plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", |