selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options

This will allow the py_credentials test to tell if these are in use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/selftest/knownfail.d/ntlmv1-restrictions b/selftest/knownfail.d/ntlmv1-restrictions
new file mode 100644 (file)
index 0000000..b4f4f12
--- /dev/null
+++ b/selftest/knownfail.d/ntlmv1-restrictions
@@ -0,0 +1,5 @@
+# These tests should fail in these environments, as we restrict NTLMv1
+# in both of these, with vampire_dc however allowing MSCHAPv2
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(vampire_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExMSCHAPv2\(promoted_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(promoted_dc\)
\ No newline at end of file

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7d9fe3ca9b8fae544b9c3f41f734550aa342e078..772f982cb9dddb85c971e091cdfcb0700c9701d0 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1214,6 +1214,8 @@ sub provision_promoted_dc($$$)
        max xmit = 32K
        server max protocol = SMB2
 
+        ntlm auth = ntlmv2-only
+
 [sysvol]
        path = $ctx->{statedir}/sysvol
        read only = yes
@@ -1303,6 +1305,8 @@ sub provision_vampire_dc($$$)
        max xmit = 32K
        server max protocol = SMB2
 
+        ntlm auth = mschapv2-and-ntlmv2-only
+
 [sysvol]
        path = $ctx->{statedir}/sysvol
        read only = yes

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index c74d0fef715d8bccef51f51bb39054626ed3334e..a67a087227c441cdedc7344c66501651e9580738 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -659,9 +659,10 @@ planoldpythontestsuite("ad_dc",
                        extra_args=['-U"$USERNAME%$PASSWORD"'])
 
 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.lsa_string")
-planoldpythontestsuite("ad_dc_ntvfs",
-                       "samba.tests.py_credentials",
-                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
+    planoldpythontestsuite(env,
+                           "samba.tests.py_credentials",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
 
 plantestsuite_loadlist("samba4.ldap.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
 plantestsuite_loadlist("samba4.tokengroups.krb5.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])