From c76ec3a6da41908bd6b4c58a7fcd0f5f7a7f13d1 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 26 Jan 2022 15:53:45 +1300
Subject: [PATCH 1/2] pytest:auth_log: expect TLS connections when using ldaps

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f37682747898591b37405f9e96a8135c15638637)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
---
 python/samba/tests/auth_log.py | 8 ++++----
 selftest/knownfail.d/authlog   | 4 ++++
 2 files changed, 8 insertions(+), 4 deletions(-)
 create mode 100644 selftest/knownfail.d/authlog

diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index d57d765a83a7..d971b48d8e9a 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -565,7 +565,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
         self.assertEqual("LDAP",
                           msg["Authentication"]["serviceDescription"])
-        self.assertEqual("simple bind",
+        self.assertEqual("simple bind/TLS",
                           msg["Authentication"]["authDescription"])
         self.assertEqual(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
@@ -579,7 +579,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_WRONG_PASSWORD") and
                     (msg["Authentication"]["authDescription"] ==
-                        "simple bind") and
+                        "simple bind/TLS") and
                     (msg["Authentication"]["eventId"] ==
                         EVT_ID_UNSUCCESSFUL_LOGON) and
                     (msg["Authentication"]["logonType"] ==
@@ -611,7 +611,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_NO_SUCH_USER") and
                     (msg["Authentication"]["authDescription"] ==
-                        "simple bind") and
+                        "simple bind/TLS") and
                     (msg["Authentication"]["eventId"] ==
                         EVT_ID_UNSUCCESSFUL_LOGON) and
                     (msg["Authentication"]["logonType"] ==
@@ -641,7 +641,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_NO_SUCH_USER") and
                     (msg["Authentication"]["authDescription"] ==
-                        "simple bind") and
+                        "simple bind/TLS") and
                     (msg["Authentication"]["eventId"] ==
                         EVT_ID_UNSUCCESSFUL_LOGON) and
                     (msg["Authentication"]["logonType"] ==
diff --git a/selftest/knownfail.d/authlog b/selftest/knownfail.d/authlog
new file mode 100644
index 000000000000..acef117262e9
--- /dev/null
+++ b/selftest/knownfail.d/authlog
@@ -0,0 +1,4 @@
+samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind
+samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_bad_password
+samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_bad_user
+samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_unparseable_user
-- 
2.25.1


From c6a318d864ab1d7949697fd79c53ce23e29cb0cf Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 23 Dec 2021 14:37:29 +1300
Subject: [PATCH 2/2] s4/auth/simple_bind: correctly report TLS state

It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184

(cherry picked from commit 309f1982263677045d407463eb19a2444c165a63)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
---
 selftest/knownfail.d/authlog    | 4 ----
 source4/auth/ntlm/auth_simple.c | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100644 selftest/knownfail.d/authlog

diff --git a/selftest/knownfail.d/authlog b/selftest/knownfail.d/authlog
deleted file mode 100644
index acef117262e9..000000000000
--- a/selftest/knownfail.d/authlog
+++ /dev/null
@@ -1,4 +0,0 @@
-samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind
-samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_bad_password
-samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_bad_user
-samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap_simple_bind_unparseable_user
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 72741aa5a6b0..c3ba5eaef674 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -88,9 +88,9 @@ _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_c
 	user_info->service_description = "LDAP";
 
 	if (using_tls) {
-		user_info->auth_description = "simple bind";
-	} else {
 		user_info->auth_description = "simple bind/TLS";
+	} else {
+		user_info->auth_description = "simple bind";
 	}
 
 	user_info->password_state = AUTH_PASSWORD_PLAIN;
-- 
2.25.1