s4:torture: Migrate smbtorture to new cmdline option parser

Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>

nsswitch/libwbclient/tests/wbclient.c

@@ -32,7 +32,7 @@
 #include "lib/param/param.h"
 #include "lib/util/samba_util.h"
 #include "auth/credentials/credentials.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
@@ -756,16 +756,17 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
 	struct wbcAuthUserInfo *info = NULL;
 	struct wbcAuthErrorInfo *error = NULL;
 	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
 
 	ret = wbcAuthenticateUser(cli_credentials_get_username(
-			popt_get_cmdline_credentials()), correct_password);
+			creds), correct_password);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 		 "wbcAuthenticateUser of %s failed",
-		 cli_credentials_get_username(popt_get_cmdline_credentials()));
+		 cli_credentials_get_username(creds));
 
 	ZERO_STRUCT(params);
 	params.account_name		=
-		cli_credentials_get_username(popt_get_cmdline_credentials());
+		cli_credentials_get_username(creds);
 	params.level			= WBC_AUTH_USER_LEVEL_PLAIN;
 	params.password.plaintext	= correct_password;
 
@@ -794,15 +795,18 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
 
 static bool test_wbc_authenticate_user(struct torture_context *tctx)
 {
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
 	return test_wbc_authenticate_user_int(tctx,
-		cli_credentials_get_password(popt_get_cmdline_credentials()));
+		cli_credentials_get_password(creds));
 }
 
 static bool test_wbc_change_password(struct torture_context *tctx)
 {
 	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
 	const char *oldpass =
-		cli_credentials_get_password(popt_get_cmdline_credentials());
+		cli_credentials_get_password(creds);
 	const char *newpass = "Koo8irei%$";
 
 	struct samr_CryptPassword new_nt_password;
@@ -891,9 +895,9 @@ static bool test_wbc_change_password(struct torture_context *tctx)
 
 	params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
 	params.account_name =
-		cli_credentials_get_username(popt_get_cmdline_credentials());
+		cli_credentials_get_username(creds);
 	params.domain_name =
-		cli_credentials_get_domain(popt_get_cmdline_credentials());
+		cli_credentials_get_domain(creds);
 
 	ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
@@ -904,14 +908,14 @@ static bool test_wbc_change_password(struct torture_context *tctx)
 	}
 
 	ret = wbcChangeUserPassword(
-		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		cli_credentials_get_username(creds),
 		newpass,
-		cli_credentials_get_password(popt_get_cmdline_credentials()));
+		cli_credentials_get_password(creds));
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "wbcChangeUserPassword for %s failed", params.account_name);
 
 	return test_wbc_authenticate_user_int(tctx,
-		cli_credentials_get_password(popt_get_cmdline_credentials()));
+		cli_credentials_get_password(creds));
 }
 
 static bool test_wbc_logon_user(struct torture_context *tctx)
@@ -925,6 +929,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 	enum wbcSidType sidtype;
 	char *sidstr;
 	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
 
 	ZERO_STRUCT(params);
 
@@ -934,9 +939,9 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 				 "have failed");
 
 	params.username =
-		cli_credentials_get_username(popt_get_cmdline_credentials());
+		cli_credentials_get_username(creds);
 	params.password =
-		cli_credentials_get_password(popt_get_cmdline_credentials());
+		cli_credentials_get_password(creds);
 
 	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
 			      "foo", 0, discard_const_p(uint8_t, "bar"), 4);
@@ -967,7 +972,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "%s", "wbcAddNamedBlob failed");
 	params.password =
-		cli_credentials_get_password(popt_get_cmdline_credentials());
+		cli_credentials_get_password(creds);
 	ret = wbcLogonUser(&params, &info, &error, &policy);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
 				 "wbcLogonUser for %s should have failed with "
@@ -983,13 +988,13 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 				 "%s", "wbcInterfaceDetails failed");
 
 	ret = wbcLookupName(iface->netbios_domain,
-		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		cli_credentials_get_username(creds),
 		&sid,
 		&sidtype);
 	wbcFreeMemory(iface);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 		"wbcLookupName for %s failed",
-		cli_credentials_get_username(popt_get_cmdline_credentials()));
+		cli_credentials_get_username(creds));
 
 	ret = wbcSidToString(&sid, &sidstr);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
@@ -1002,7 +1007,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 				 "%s", "wbcAddNamedBlob failed");
 	wbcFreeMemory(sidstr);
 	params.password =
-		cli_credentials_get_password(popt_get_cmdline_credentials());
+		cli_credentials_get_password(creds);
 	ret = wbcLogonUser(&params, &info, &error, &policy);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "wbcLogonUser for %s failed", params.username);
@@ -1020,14 +1025,15 @@ static bool test_wbc_getgroups(struct torture_context *tctx)
 	wbcErr ret;
 	uint32_t num_groups;
 	gid_t *groups;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
 
 	ret = wbcGetGroups(
-		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		cli_credentials_get_username(creds),
 		&num_groups,
 		&groups);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 		"wbcGetGroups for %s failed",
-		cli_credentials_get_username(popt_get_cmdline_credentials()));
+		cli_credentials_get_username(creds));
 	wbcFreeMemory(groups);
 	return true;
 }

selftest/knownfail

@@ -331,7 +331,7 @@
 ^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype
 # ad_dc requires signing
 #
-^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
+^samba4.smb.signing.*disabled.*client-protection=off.*\(ad_dc\)
 # fl2000dc doesn't support AES
 ^samba4.krb5.kdc.*as-req-aes.*fl2000dc
 # nt4_member and ad_member don't support ntlmv1 (not even over SMB1)

selftest/knownfail.d/ntlmv2-restrictions

@@ -1,2 +1,2 @@
 # 'raw NTLMv2 auth' is not enabled on ad_member
-^samba4.smb.signing.disabled.on.with.-k.no.--option=clientusespnego=no.--signing=off.domain-creds.xcopy\(ad_member\)
+^samba4.smb.signing disabled on with -k no --option=clientusespnego=no --client-protection=off domain-creds.xcopy\(ad_member\)

selftest/knownfail.d/smb1-tests

@@ -40,9 +40,9 @@
 ^samba3.unix.whoami kerberos connection.whoami\(ad_member\)
 ^samba3.unix.whoami anonymous connection.whoami\(ad_member\)
 ^samba3.unix.whoami ntlm [email protected]\(ad_member\)
-^samba4.smb.signing disabled on with -k no --signing=off domain-creds.xcopy\(ad_member\)
-^samba4.smb.signing disabled on with -k no --option=gensec:spengo=no --signing=off domain-creds.xcopy\(ad_member\)
-^samba4.smb.signing disabled on with -k yes --signing=off domain-creds.xcopy\(ad_member\)
+^samba4.smb.signing disabled on with -k no --client-protection=off domain-creds.xcopy\(ad_member\)
+^samba4.smb.signing disabled on with -k no --option=gensec:spengo=no --client-protection=off domain-creds.xcopy\(ad_member\)
+^samba4.smb.signing disabled on with -k yes --client-protection=off domain-creds.xcopy\(ad_member\)
 ^samba4.blackbox.smbclient\(ad_member:local\).Test login with --machine-pass without kerberos\(ad_member:local\)
 ^samba4.blackbox.smbclient\(ad_member:local\).Test login with --machine-pass and kerberos\(ad_member:local\)
 ^samba4.blackbox.smbclient\(chgdcpass:local\).Test login with --machine-pass without kerberos\(chgdcpass:local\)

source3/selftest/tests.py

@@ -856,7 +856,7 @@ def is_module_enabled(module):
         if t == "raw.notify" or t == "raw.oplock":
             tmp_env = "nt4_dc_smb1"
         # These tests are a little slower so don't duplicate them with ad_dc
-        plansmbtorture4testsuite(t, tmp_env, '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --signing=required')
+        plansmbtorture4testsuite(t, tmp_env, '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --client-protection=sign')
     elif t == "smb2.dosmode":
         plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode -U$USERNAME%$PASSWORD')
     elif t == "smb2.kernel-oplocks":
@@ -996,10 +996,10 @@ def is_module_enabled(module):
     e = ""
     a = "smb2"
     binding_string = "ncacn_np:$SERVER[%s%s%s]" % (a, s, e)
-    options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
+    options = binding_string + " --use-krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
     plansmbtorture4testsuite(test, "ktest", options, 'krb5 with old ccache ncacn_np with [%s%s%s] ' % (a, s, e))
 
-    options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
+    options = binding_string + " --use-krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
     plansmbtorture4testsuite(test, "ktest", options, 'krb5 ncacn_np with [%s%s%s] ' % (a, s, e))
 
     auth_options2 = ["krb5", "spnego,krb5"]

source4/selftest/tests.py

@@ -623,7 +623,7 @@ def plansmbtorture4testsuite(name, env, options, modname=None):
     "-k no --option=gensec:spengo=no",
     "-k yes",
     "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
-    for signing in ["--signing=on", "--signing=required"]:
+    for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]:
         signoptions = "%s %s" % (mech, signing)
         name = "smb.signing on with %s" % signoptions
         plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
@@ -633,7 +633,7 @@ def plansmbtorture4testsuite(name, env, options, modname=None):
     "-k no --option=clientusespnego=no",
     "-k no --option=gensec:spengo=no",
     "-k yes"]:
-    signoptions = "%s --signing=off" % mech
+    signoptions = "%s --client-protection=off" % mech
     name = "smb.signing disabled on with %s" % signoptions
     plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
     plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
@@ -646,12 +646,12 @@ def plansmbtorture4testsuite(name, env, options, modname=None):
     "-k no",
     "-k no --option=clientusespnego=no",
     "-k no --option=gensec:spengo=no"]:
-    signoptions = "%s --signing=off" % mech
+    signoptions = "%s --client-protection=off" % mech
     plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
 
-plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=yes', '-U%'], modname="samba4.smb.signing --signing=yes anon")
-plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=required', '-U%'], modname="samba4.smb.signing --signing=required anon")
-plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=no', '-U%'], modname="samba4.smb.signing --signing=no anon")
+plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon")
+plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon")
+plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon")
 
 # Test SPNEGO without issuing an optimistic token
 opt='--option=spnego:client_no_optimistic=yes'

source4/torture/auth/ntlmssp.c

@@ -22,7 +22,7 @@
 #include "auth/gensec/gensec_internal.h"
 #include "auth/ntlmssp/ntlmssp.h"
 #include "auth/ntlmssp/ntlmssp_private.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 #include "torture/torture.h"
 #include "param/param.h"
 #include "torture/auth/proto.h"
@@ -41,7 +41,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
 		"gensec client start");
 
-	gensec_set_credentials(gensec_security, popt_get_cmdline_credentials());
+	gensec_set_credentials(gensec_security, samba_cmdline_get_creds());
 
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
@@ -98,7 +98,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
 		"Failed to start GENSEC for NTLMSSP");
 
-	gensec_set_credentials(gensec_security, popt_get_cmdline_credentials());
+	gensec_set_credentials(gensec_security, samba_cmdline_get_creds());
 
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);

source4/torture/basic/misc.c

@@ -34,7 +34,7 @@
 #include "libcli/composite/composite.h"
 #include "param/param.h"
 #include "torture/basic/proto.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 
 static bool wait_lock(struct smbcli_state *c, int fnum, uint32_t offset, uint32_t len)
 {
@@ -874,7 +874,7 @@ static struct composite_context *torture_connect_async(
 	smb->in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
 	smb->in.called_name = strupper_talloc(mem_ctx, host);
 	smb->in.service_type=NULL;
-	smb->in.credentials=popt_get_cmdline_credentials();
+	smb->in.credentials = samba_cmdline_get_creds();
 	smb->in.fallback_to_anonymous=false;
 	smb->in.gensec_settings = lpcfg_gensec_settings(mem_ctx, tctx->lp_ctx);
 	smb->in.workgroup=workgroup;

source4/torture/dns/dlz_bind9.c

@@ -29,7 +29,7 @@
 #include "auth/session.h"
 #include "auth/gensec/gensec.h"
 #include "auth/credentials/credentials.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 
 /* Tests that configure multiple DLZs will use this. Increase to add stress. */
 #define NUM_DLZS_TO_CONFIGURE 4
@@ -288,7 +288,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
 
 	status = gensec_set_credentials(gensec_client_context,
-			popt_get_cmdline_credentials());
+			samba_cmdline_get_creds());
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
 	status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
@@ -304,7 +304,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 
 	torture_assert_int_equal(tctx, dlz_ssumatch(
 					cli_credentials_get_username(
-						popt_get_cmdline_credentials()),
+						samba_cmdline_get_creds()),
 					lpcfg_dnsdomain(tctx->lp_ctx),
 					"127.0.0.1", "type", "key",
 					client_to_server.length,
@@ -780,7 +780,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
 
 	status = gensec_set_credentials(gensec_client_context,
-			popt_get_cmdline_credentials());
+			samba_cmdline_get_creds());
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
 	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSS-SPNEGO");
@@ -796,7 +796,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
 
 	torture_assert_int_equal(tctx, dlz_ssumatch(
 				cli_credentials_get_username(
-					popt_get_cmdline_credentials()),
+					samba_cmdline_get_creds()),
 				name,
 				"127.0.0.1",
 				expected1->records[0].type,

source4/torture/drs/rpc/dssync.c

@@ -21,7 +21,7 @@
 */
 
 #include "includes.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "libcli/cldap/cldap.h"
@@ -126,7 +126,7 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx)
 	}
 
 	/* ctx->admin ...*/
-	ctx->admin.credentials	= popt_get_cmdline_credentials();
+	ctx->admin.credentials	= samba_cmdline_get_creds();
 
 	our_bind_info28				= &ctx->admin.drsuapi.our_bind_info28;
 	our_bind_info28->supported_extensions	= 0xFFFFFFFF;
@@ -146,7 +146,7 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx)
 	ctx->admin.drsuapi.req.out.bind_handle		= &ctx->admin.drsuapi.bind_handle;
 
 	/* ctx->new_dc ...*/
-	ctx->new_dc.credentials	= popt_get_cmdline_credentials();
+	ctx->new_dc.credentials	= samba_cmdline_get_creds();
 
 	our_bind_info28				= &ctx->new_dc.drsuapi.our_bind_info28;
 	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;

source4/torture/drs/rpc/msds_intid.c

@@ -20,7 +20,7 @@
 */
 
 #include "includes.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "libcli/cldap/cldap.h"
@@ -186,7 +186,7 @@ static struct DsIntIdTestCtx *_dsintid_create_context(struct torture_context *tc
 	}
 
 	/* populate test suite context */
-	ctx->creds = popt_get_cmdline_credentials();
+	ctx->creds = samba_cmdline_get_creds();
 	ctx->dsa_bind.server_binding = server_binding;
 
 	ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s",

source4/torture/drs/wscript_build

@@ -5,7 +5,7 @@ bld.SAMBA_MODULE('TORTURE_DRS',
 	autoproto='proto.h',
 	subsystem='smbtorture',
 	init_function='torture_drs_init',
-	deps='samba-util ldb POPT_SAMBA samba-errors torture ldbsamba talloc dcerpc ndr NDR_DRSUAPI gensec samba-hostconfig RPC_NDR_DRSUAPI DSDB_MODULE_HELPERS asn1util samdb NDR_DRSBLOBS samba-credentials samdb-common LIBCLI_RESOLVE LP_RESOLVE torturemain',
+	deps='samba-util ldb samba-errors torture ldbsamba talloc dcerpc ndr NDR_DRSUAPI gensec samba-hostconfig RPC_NDR_DRSUAPI DSDB_MODULE_HELPERS asn1util samdb NDR_DRSBLOBS samba-credentials samdb-common LIBCLI_RESOLVE LP_RESOLVE torturemain',
 	internal_module=True,
 	enabled=bld.PYTHON_BUILD_IS_ENABLED()
 	)