[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu May 10 20:48:02 UTC 2018
The branch, master has been updated
via b07b4e4 loadparm: Remove unused realm_original
via 01fab30 samdb: Add transaction id control
via 5c0345e samdb: Add remote address to connect
via daa7b60 dsdb: pass the remote address to samdb connect
via 8cf4e54 auth logging tests: Clean up flake8 warnings
via fdf8275 auth logging tests: Add tests for sessionId
via 52a3318 auth log: Log the unique session GUID
via 1488723 auth: Add unique session GUID identifier
via 79ba530 dsdb: refactor password attibutes to constant
from 52dc959 s3: smbd: Remove unused counters for outstanding aio calls.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b07b4e459e95f2609af651e579d3b0b01b8a4c7e
Author: Christof Schmitt <cs at samba.org>
Date: Thu May 10 10:51:59 2018 -0700
loadparm: Remove unused realm_original
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 10 22:47:15 CEST 2018 on sn-devel-144
commit 01fab30a9779c7f2bfd3016c9c482d956cde5198
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Apr 16 07:59:43 2018 +1200
samdb: Add transaction id control
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5c0345ea9bb34695dcd7be6c913748323bebe937
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Apr 12 06:41:30 2018 +1200
samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit daa7b60a60520c94367e9112246482bae71c5ccd
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Apr 4 12:39:55 2018 +1200
dsdb: pass the remote address to samdb connect
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8cf4e546960ab1493b0e39f0cef822a66d30bf56
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Apr 30 10:35:25 2018 +1200
auth logging tests: Clean up flake8 warnings
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fdf827553a003ad02b977c67c46f251e1062d604
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Apr 30 09:13:58 2018 +1200
auth logging tests: Add tests for sessionId
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 52a3318be8316a8956d7bb6f62d64e32fed6f952
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Apr 10 06:47:40 2018 +1200
auth log: Log the unique session GUID
Log the unique_session_token GUID on successful Authorizations.
This patch adds the "sessionID" attribute to the Authorization object
and increments the version to 1.1
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1488723a119736ed6401476ebe58afe5ba9953d4
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Apr 10 06:44:00 2018 +1200
auth: Add unique session GUID identifier
Generate a GUID for each successful authorization, this will allow the
tying of events in the logs back to a specific session.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 79ba530aaf76be639143530ab6e28d1e3696dfd2
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Apr 4 11:55:00 2018 +1200
dsdb: refactor password attibutes to constant
The password attributes are defined as literal in two places in the
password_hash code. They will also be needed to support password change
logging. This patch replaces the individual definitions with a shared
constant.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/auth_log.c | 26 +-
lib/param/loadparm.c | 1 -
lib/param/loadparm.h | 1 -
librpc/idl/auth.idl | 7 +
python/samba/tests/auth_log.py | 476 ++++++++++-----------
python/samba/tests/auth_log_base.py | 35 +-
python/samba/tests/auth_log_ncalrpc.py | 28 +-
python/samba/tests/auth_log_netlogon.py | 1 +
python/samba/tests/auth_log_netlogon_bad_creds.py | 2 +
python/samba/tests/auth_log_pass_change.py | 148 +++----
python/samba/tests/auth_log_samlogon.py | 24 +-
source3/auth/auth_util.c | 6 +
source3/modules/vfs_dfs_samba4.c | 4 +-
source3/passdb/pdb_samba_dsdb.c | 7 +-
source4/auth/ntlm/auth.c | 7 +-
source4/auth/session.c | 2 +
source4/cldap_server/cldap_server.c | 7 +-
source4/dns_server/dlz_bind9.c | 11 +-
source4/dns_server/dns_server.c | 8 +-
source4/dsdb/common/util.h | 6 +
source4/dsdb/dns/dns_update.c | 8 +-
source4/dsdb/kcc/kcc_service.c | 7 +-
source4/dsdb/repl/drepl_service.c | 7 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 8 +-
source4/dsdb/samdb/samdb.c | 47 +-
source4/dsdb/samdb/samdb.h | 11 +-
source4/kdc/db-glue.c | 8 +-
source4/kdc/kdc-heimdal.c | 8 +-
source4/kdc/kdc-service-mit.c | 1 +
source4/kdc/kpasswd-helper.c | 1 +
source4/kdc/kpasswd_glue.c | 8 +-
source4/ldap_server/ldap_backend.c | 9 +-
source4/ldap_server/ldap_server.c | 8 +-
source4/libcli/ldap/ldap_controls.c | 1 +
source4/libnet/libnet_samsync_ldb.c | 5 +-
source4/nbt_server/nbt_server.c | 7 +-
source4/ntp_signd/ntp_signd.c | 7 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 7 +-
.../backupkey/dcesrv_backupkey_heimdal.c | 7 +-
source4/rpc_server/common/server_info.c | 8 +-
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 8 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 20 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 22 +-
source4/rpc_server/lsa/lsa_init.c | 7 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 124 ++++--
source4/rpc_server/samr/dcesrv_samr.c | 16 +-
source4/rpc_server/samr/samr_password.c | 28 +-
source4/setup/schema_samba4.ldif | 1 +
source4/smb_server/smb/trans2.c | 7 +-
source4/smbd/server.c | 9 +-
source4/torture/dns/dlz_bind9.c | 15 +-
source4/torture/gpo/apply.c | 8 +-
source4/torture/libnet/libnet_BecomeDC.c | 7 +-
source4/winbind/idmap.c | 7 +-
54 files changed, 766 insertions(+), 493 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_log.c b/auth/auth_log.c
index c143ae3..97b6537 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -43,7 +43,7 @@
#define AUTH_MAJOR 1
#define AUTH_MINOR 0
#define AUTHZ_MAJOR 1
-#define AUTHZ_MINOR 0
+#define AUTHZ_MINOR 1
#include "includes.h"
#include "../lib/tsocket/tsocket.h"
@@ -56,6 +56,7 @@
#include "source4/lib/messaging/irpc.h"
#include "lib/util/server_id_db.h"
#include "lib/param/param.h"
+#include "librpc/ndr/libndr.h"
/*
* Get a human readable timestamp.
@@ -431,6 +432,26 @@ static void add_sid(struct json_context *context,
}
/*
+ * Add a formatted string representation of a GUID to a json object.
+ *
+ */
+static void add_guid(struct json_context *context,
+ const char *name,
+ struct GUID *guid)
+{
+
+ char *guid_str;
+ struct GUID_txt_buf guid_buff;
+
+ if (context->error) {
+ return;
+ }
+
+ guid_str = GUID_buf_string(guid, &guid_buff);
+ add_string(context, name, guid_str);
+}
+
+/*
* Write a machine parsable json formatted authentication log entry.
*
* IF removing or changing the format/meaning of a field please update the
@@ -561,6 +582,9 @@ static void log_successful_authz_event_json(
add_string(&authorization, "domain", session_info->info->domain_name);
add_string(&authorization, "account", session_info->info->account_name);
add_sid(&authorization, "sid", &session_info->security_token->sids[0]);
+ add_guid(&authorization,
+ "sessionId",
+ &session_info->unique_session_token);
add_string(&authorization,
"logonServer",
session_info->info->logon_server);
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 0c1b28b..bcb4141 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1144,7 +1144,6 @@ bool handle_realm(struct loadparm_context *lp_ctx, struct loadparm_service *serv
return false;
}
- lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm_original, pszParmValue);
lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm, upper);
lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->dnsdomain, lower);
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
index b5d79b9..0b2e302 100644
--- a/lib/param/loadparm.h
+++ b/lib/param/loadparm.h
@@ -284,7 +284,6 @@ enum mangled_names_options {MANGLED_NAMES_NO, MANGLED_NAMES_YES, MANGLED_NAMES_I
#define LOADPARM_EXTRA_GLOBALS \
struct parmlist_entry *param_opt; \
char *dnsdomain; \
- char *realm_original; \
int rpc_low_port; \
int rpc_high_port;
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index 6cc7dcf..d26f575 100644
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -105,6 +105,13 @@ interface auth
[noprint] DATA_BLOB session_key;
[value(NULL), ignore] cli_credentials *credentials;
+
+ /*
+ * It is really handy to have our authorization code log a
+ * token that can be used to tie later requests togeather.
+ * We generate this in auth_generate_session_info()
+ */
+ GUID unique_session_token;
} auth_session_info;
typedef [public] struct {
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index 9e68c4f..6cec63a 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -18,22 +18,18 @@
from __future__ import print_function
"""Tests for the Auth and AuthZ logging.
"""
-from samba import auth
import samba.tests
-from samba.messaging import Messaging
-from samba.dcerpc.messaging import MSG_AUTH_LOG, AUTH_EVENT_NAME
from samba.dcerpc import srvsvc, dnsserver
-import time
-import json
import os
from samba import smb
from samba.samdb import SamDB
import samba.tests.auth_log_base
-from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
+from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba import NTSTATUSError
from subprocess import call
from ldb import LdbError
+
class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def setUp(self):
@@ -43,8 +39,6 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def tearDown(self):
super(AuthLogTests, self).tearDown()
-
-
def _test_rpc_ncacn_np(self, authTypes, creds, service,
binding, protection, checkFunction):
def isLastExpectedMessage(msg):
@@ -59,8 +53,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
if service == "dnsserver":
x = dnsserver.dnsserver("ncacn_np:%s%s" % (self.server, binding),
- self.get_loadparm(),
- creds)
+ self.get_loadparm(),
+ creds)
elif service == "srvsvc":
x = srvsvc.srvsvc("ncacn_np:%s%s" % (self.server, binding),
self.get_loadparm(),
@@ -84,8 +78,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("SMB",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[1], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[1],
+ msg["Authentication"]["authDescription"])
# Check the second message it should be an Authorization
msg = messages[1]
@@ -94,6 +89,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[2], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
+ self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
# Check the third message it should be an Authentication
# if we are expecting 4 messages
@@ -105,11 +101,19 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertTrue(
- checkServiceDescription(msg["Authentication"]["serviceDescription"]))
+ checkServiceDescription(
+ msg["Authentication"]["serviceDescription"]))
- self.assertEquals(authTypes[3], msg["Authentication"]["authDescription"])
+ self.assertEquals(authTypes[3],
+ msg["Authentication"]["authDescription"])
- def rpc_ncacn_np_krb5_check(self, messages, authTypes, service, binding, protection):
+ def rpc_ncacn_np_krb5_check(
+ self,
+ messages,
+ authTypes,
+ service,
+ binding,
+ protection):
expected_messages = len(authTypes)
self.assertEquals(expected_messages,
@@ -123,8 +127,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[1], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[1],
+ msg["Authentication"]["authDescription"])
# Check the second message it should be an Authentication
# This this the TCP Authentication in response to the message too big
@@ -133,8 +138,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[2], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[2],
+ msg["Authentication"]["authDescription"])
# Check the third message it should be an Authorization
msg = messages[2]
@@ -148,7 +154,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[3], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
-
+ self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
def test_rpc_ncacn_np_ntlm_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -195,8 +201,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication",
"krb5"],
- creds, "dnsserver", "sign", "SIGN",
- self.rpc_ncacn_np_krb5_check)
+ creds, "dnsserver", "sign", "SIGN",
+ self.rpc_ncacn_np_krb5_check)
def test_rpc_ncacn_np_krb_srv_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -205,8 +211,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication",
"krb5"],
- creds, "srvsvc", "sign", "SIGN",
- self.rpc_ncacn_np_krb5_check)
+ creds, "srvsvc", "sign", "SIGN",
+ self.rpc_ncacn_np_krb5_check)
def test_rpc_ncacn_np_krb_dns(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -232,9 +238,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=MUST_USE_KERBEROS)
self._test_rpc_ncacn_np(["ncacn_np",
- "ENC-TS Pre-authentication",
- "ENC-TS Pre-authentication",
- "krb5"],
+ "ENC-TS Pre-authentication",
+ "ENC-TS Pre-authentication",
+ "krb5"],
creds, "srvsvc", "", "SMB",
self.rpc_ncacn_np_krb5_check)
@@ -250,15 +256,15 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
binding = "[%s]" % binding
if service == "dnsserver":
- conn = dnsserver.dnsserver("ncacn_ip_tcp:%s%s" % (self.server, binding),
- self.get_loadparm(),
- creds)
+ conn = dnsserver.dnsserver(
+ "ncacn_ip_tcp:%s%s" % (self.server, binding),
+ self.get_loadparm(),
+ creds)
elif service == "srvsvc":
conn = srvsvc.srvsvc("ncacn_ip_tcp:%s%s" % (self.server, binding),
self.get_loadparm(),
creds)
-
messages = self.waitForMessages(isLastExpectedMessage, conn)
checkFunction(messages, authTypes, service, binding, protection)
@@ -277,14 +283,16 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[1], msg["Authorization"]["authType"])
self.assertEquals("NONE", msg["Authorization"]["transportProtection"])
+ self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
# Check the second message it should be an Authentication
msg = messages[1]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("DCE/RPC",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[2], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[2],
+ msg["Authentication"]["authDescription"])
def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
binding, protection):
@@ -301,22 +309,25 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[1], msg["Authorization"]["authType"])
self.assertEquals("NONE", msg["Authorization"]["transportProtection"])
+ self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
# Check the second message it should be an Authentication
msg = messages[1]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[2], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[2],
+ msg["Authentication"]["authDescription"])
# Check the third message it should be an Authentication
msg = messages[2]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
- self.assertEquals(authTypes[2], msg["Authentication"]["authDescription"])
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals(authTypes[2],
+ msg["Authentication"]["authDescription"])
def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -324,8 +335,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self._test_rpc_ncacn_ip_tcp(["NTLMSSP",
"ncacn_ip_tcp",
"NTLMSSP"],
- creds, "dnsserver", "sign", "SIGN",
- self.rpc_ncacn_ip_tcp_ntlm_check)
+ creds, "dnsserver", "sign", "SIGN",
+ self.rpc_ncacn_ip_tcp_ntlm_check)
def test_rpc_ncacn_ip_tcp_krb5_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -334,8 +345,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ncacn_ip_tcp",
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication"],
- creds, "dnsserver", "sign", "SIGN",
- self.rpc_ncacn_ip_tcp_krb5_check)
+ creds, "dnsserver", "sign", "SIGN",
+ self.rpc_ncacn_ip_tcp_krb5_check)
def test_rpc_ncacn_ip_tcp_ntlm_dns(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -343,8 +354,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self._test_rpc_ncacn_ip_tcp(["NTLMSSP",
"ncacn_ip_tcp",
"NTLMSSP"],
- creds, "dnsserver", "", "SIGN",
- self.rpc_ncacn_ip_tcp_ntlm_check)
+ creds, "dnsserver", "", "SIGN",
+ self.rpc_ncacn_ip_tcp_ntlm_check)
def test_rpc_ncacn_ip_tcp_krb5_dns(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -353,8 +364,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ncacn_ip_tcp",
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication"],
- creds, "dnsserver", "", "SIGN",
- self.rpc_ncacn_ip_tcp_krb5_check)
+ creds, "dnsserver", "", "SIGN",
+ self.rpc_ncacn_ip_tcp_krb5_check)
def test_rpc_ncacn_ip_tcp_ntlm_dns_connect(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -362,8 +373,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self._test_rpc_ncacn_ip_tcp(["NTLMSSP",
"ncacn_ip_tcp",
"NTLMSSP"],
- creds, "dnsserver", "connect", "NONE",
- self.rpc_ncacn_ip_tcp_ntlm_check)
+ creds, "dnsserver", "connect", "NONE",
+ self.rpc_ncacn_ip_tcp_ntlm_check)
def test_rpc_ncacn_ip_tcp_krb5_dns_connect(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -372,8 +383,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ncacn_ip_tcp",
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication"],
- creds, "dnsserver", "connect", "NONE",
- self.rpc_ncacn_ip_tcp_krb5_check)
+ creds, "dnsserver", "connect", "NONE",
+ self.rpc_ncacn_ip_tcp_krb5_check)
def test_rpc_ncacn_ip_tcp_ntlm_dns_seal(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -381,8 +392,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self._test_rpc_ncacn_ip_tcp(["NTLMSSP",
"ncacn_ip_tcp",
"NTLMSSP"],
- creds, "dnsserver", "seal", "SEAL",
- self.rpc_ncacn_ip_tcp_ntlm_check)
+ creds, "dnsserver", "seal", "SEAL",
+ self.rpc_ncacn_ip_tcp_ntlm_check)
def test_rpc_ncacn_ip_tcp_krb5_dns_seal(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -391,8 +402,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ncacn_ip_tcp",
"ENC-TS Pre-authentication",
"ENC-TS Pre-authentication"],
- creds, "dnsserver", "seal", "SEAL",
- self.rpc_ncacn_ip_tcp_krb5_check)
+ creds, "dnsserver", "seal", "SEAL",
+ self.rpc_ncacn_ip_tcp_krb5_check)
def test_ldap(self):
@@ -403,7 +414,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["authType"] == "krb5")
self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"],
- lp = self.get_loadparm(),
+ lp=self.get_loadparm(),
credentials=self.get_credentials())
messages = self.waitForMessages(isLastExpectedMessage)
@@ -416,18 +427,18 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
+ msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication",
- msg["Authentication"]["authDescription"])
+ msg["Authentication"]["authDescription"])
- # Check the first message it should be an Authentication
+ # Check the second message it should be an Authentication
msg = messages[1]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("Kerberos KDC",
- msg["Authentication"]["serviceDescription"])
+ msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication",
- msg["Authentication"]["authDescription"])
+ msg["Authentication"]["authDescription"])
def test_ldap_ntlm(self):
@@ -438,7 +449,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authorization"]["authType"] == "NTLMSSP")
self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER_IP"],
- lp = self.get_loadparm(),
+ lp=self.get_loadparm(),
credentials=self.get_credentials())
messages = self.waitForMessages(isLastExpectedMessage)
@@ -450,7 +461,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("LDAP",
- msg["Authentication"]["serviceDescription"])
+ msg["Authentication"]["serviceDescription"])
self.assertEquals("NTLMSSP", msg["Authentication"]["authDescription"])
def test_ldap_simple_bind(self):
@@ -462,10 +473,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(),
- creds.get_username()))
+ creds.get_username()))
self.samdb = SamDB(url="ldaps://%s" % os.environ["SERVER"],
- lp = self.get_loadparm(),
+ lp=self.get_loadparm(),
credentials=creds)
messages = self.waitForMessages(isLastExpectedMessage)
@@ -478,27 +489,27 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("LDAP",
- msg["Authentication"]["serviceDescription"])
+ msg["Authentication"]["serviceDescription"])
self.assertEquals("simple bind",
- msg["Authentication"]["authDescription"])
+ msg["Authentication"]["authDescription"])
def test_ldap_simple_bind_bad_password(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "LDAP" and
- msg["Authentication"]["status"]
- == "NT_STATUS_WRONG_PASSWORD" and
+ (msg["Authentication"]["status"] ==
+ "NT_STATUS_WRONG_PASSWORD") and
msg["Authentication"]["authDescription"] == "simple bind")
--
Samba Shared Repository
More information about the samba-cvs
mailing list