s3:selftest: add some tests against a share the requires encryption

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 16:34:26 CEST 2012 on sn-devel-104

diff --git a/selftest/knownfail b/selftest/knownfail
index da3d93c908c2910bbe86b76875fbff4ab8cfbf94..9376264a3cdffd337183c41e84251858ac0b9c54 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -21,6 +21,11 @@
 ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).SMB2-SESSION-REAUTH # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).SMB2-SESSION-RECONNECT # Fails against the s4 ntvfs server
+ ^samba3.smbtorture_s3.crypt_server\(s3dc\).SMB2-SESSION-REAUTH # expected to give ACCESS_DENIED SMB2.1 doesn't have encryption
+^samba3.smbtorture_s3.crypt_server\(s3dc\).SMB2-SESSION-RECONNECT # expected to give CONNECTION_DISCONNECTED, we need to fix the test
+^samba3.smb2.session enc.reconnect # expected to give CONNECTION_DISCONNECTED, we need to fix the test
+^samba3.raw.session enc # expected to give ACCESS_DENIED as SMB1 encryption isn't used
+^samba3.smbtorture_s3.crypt_server # expected to give ACCESS_DENIED as SMB1 encryption isn't used
 ^samba3.nbt.dgram.*netlogon2\(s3dc\)
 ^samba3.*rap.sam.*.useradd # Not provided by Samba 3
 ^samba3.*rap.sam.*.userdelete # Not provided by Samba 3

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 149a31e1eb21e015753316f347135e3d2ff9a5e3..72b9c19c718003faa49ed512af47b0586a973192 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -939,6 +939,10 @@ sub provision($$$$$$)
 [tmp]
        path = $shrdir
         comment = smb username is [%U]
+[tmpenc]
+       path = $shrdir
+       comment = encrypt smb username is [%U]
+       smb encrypt = required
 [tmpguest]
        path = $shrdir
         guest ok = yes

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b1998a6029aa4ec8a66ab7a90a7ef779abb05977..17afab2e56ad04d064ea6d21d10a08f55f487d50 100644 (file)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1385,6 +1385,10 @@ sub provision_plugin_s4_dc($$)
 
        my $extra_smbconf_shares = "
 
+[tmpenc]
+       copy = tmp
+       smb encrypt = required
+
 [tmpcase]
        copy = tmp
        case sensitive = yes

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 00ecd6c373071a4b3376855b80fa4a9eca067ac4..f9f2e22ce04016ad53a6e7ce8f28808e254de699 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -95,7 +95,11 @@ tests=[ "FDPASS", "LOCK1", "LOCK2", "LOCK3", "LOCK4", "LOCK5", "LOCK6", "LOCK7",
 
 for t in tests:
     plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmp', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
-    plantestsuite("samba3.smbtorture_s3.crypt(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmp', '$USERNAME', '$PASSWORD', smbtorture3, "-e", "-l $LOCAL_PATH"])
+    plantestsuite("samba3.smbtorture_s3.crypt_client(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmp', '$USERNAME', '$PASSWORD', smbtorture3, "-e", "-l $LOCAL_PATH"])
+    if t == "TORTURE":
+        # this is a negative test to verify that the server rejects
+        # access without encryption
+        plantestsuite("samba3.smbtorture_s3.crypt_server(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmpenc', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
     plantestsuite("samba3.smbtorture_s3.plain(dc).%s" % t, "dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/tmp', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
 
 posix_tests=[ "POSIX", "POSIX-APPEND"]
@@ -333,7 +337,8 @@ for t in tests:
         plansmbtorturetestsuite(t, "secshare", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
     elif t == "raw.session" or t == "smb2.session":
-        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'plain')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpenc -U$USERNAME%$PASSWORD', 'enc')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -k no -U$USERNAME%$PASSWORD', 'ntlm')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -k yes -U$USERNAME%$PASSWORD', 'krb5')
     elif t == "rpc.lsa":