torture: Do not expect LM passwords to be accepted except by samba3

This allows Samba as an AD DC (compared with the fileserver/NT4-like DC mode) to match
windows and refuse all LM passwords, no matter what.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 9523fd9cf3b14252d643c8bd65dff506ac7ecddb..632c4efc2ec30ba8c87468213a45debf8f1a419c 100644 (file)
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -357,6 +357,12 @@ static bool test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm
                if (break_which == NO_NT && !lm_good) {
                        return true;
                }
+               /* for modern servers, the LM password is invalid */
+               if (break_which == NO_NT
+                   && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+                       return true;
+               }
+
                /* for 'old' passwords, we allow the server to be OK or wrong password */
                if (samlogon_state->old_password) {
                        return true;
@@ -384,6 +390,13 @@ static bool test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm
                return false;
        }
 
+       /* for modern servers, the LM password is invalid */
+       if (break_which == NO_NT
+           && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+               *error_string = strdup("LM password is OK but should have failed against a modern server");
+               return false;
+       }
+
        if (!all_zero(lm_key, sizeof(lm_key)) != 0) {
                torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
                torture_comment(samlogon_state->tctx, "lm_key:\n");
@@ -1241,6 +1254,12 @@ static bool test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea
                if (break_which == NO_NT && !lm_good) {
                        return true;
                }
+               /* for modern servers, the LM password is invalid */
+               if (break_which == NO_NT
+                   && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+                       return true;
+               }
+
                return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
        } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
                return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT));
@@ -1264,6 +1283,13 @@ static bool test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea
                return false;
        }
 
+       /* for modern servers, the LM password is invalid */
+       if (break_which == NO_NT
+           && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+               *error_string = strdup("LM password is OK but should have failed against a modern server");
+               return false;
+       }
+
        return true;
 }