[PATCH] NTLM tests ported to Python3
Samuel Cabrero
scabrero at suse.de
Thu Nov 29 11:26:14 UTC 2018
Hi,
with the idea of extending the NTLM tests I have started by porting the
current mix of bash and python scripts to python3.
These tests looks to me more stable now using python's subprocess
module, before that I was getting broken pipe errors from time to time.
Please review and push if you agree.
Cheers.
-------------- next part --------------
From 9801c987eded14f87f35f5771ea3c3d0048a895e Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 12:44:09 +0200
Subject: [PATCH 01/22] selftest: Create included files during provision
Files included from smb.conf have to exists, otherwise python fails to
load the configuration. Found while trying to run a python test before
samba3.blackbox.smbd_error creates the included file.
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
selftest/target/Samba3.pm | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 363840e4521..e52fd357116 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1638,6 +1638,8 @@ sub provision($$$$$$$$$)
my $conffile="$libdir/server.conf";
my $dfqconffile="$libdir/dfq.conf";
+ my $errorinjectconf="$libdir/error_inject.conf";
+ my $delayinjectconf="$libdir/delay_inject.conf";
my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
my $nss_wrapper_passwd = "$privatedir/passwd";
@@ -2248,7 +2250,7 @@ sub provision($$$$$$$$$)
[error_inject]
copy = tmp
vfs objects = error_inject
- include = $libdir/error_inject.conf
+ include = $errorinjectconf
[delay_inject]
copy = tmp
@@ -2256,7 +2258,7 @@ sub provision($$$$$$$$$)
kernel share modes = no
kernel oplocks = no
posix locking = no
- include = $libdir/delay_inject.conf
+ include = $delayinjectconf
[aio_delay_inject]
copy = tmp
@@ -2280,6 +2282,18 @@ sub provision($$$$$$$$$)
return undef;
}
+ unless (open(ERRORCONF, ">$errorinjectconf")) {
+ warn("Unable to open $errorinjectconf");
+ return undef;
+ }
+ close(ERRORCONF);
+
+ unless (open(DELAYCONF, ">$delayinjectconf")) {
+ warn("Unable to open $delayinjectconf");
+ return undef;
+ }
+ close(DELAYCONF);
+
unless (open(DFQCONF, ">$dfqconffile")) {
warn("Unable to open $dfqconffile");
return undef;
--
2.19.1
From e695e005f0737b37bca2a7af396626d734431cf8 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Sat, 9 Dec 2017 10:44:15 +0100
Subject: [PATCH 02/22] selftest: Add a new base class for ntlm_auth tests
The class is based on test_ntlm_auth.py script.
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/__init__.py | 183 +++++++++++++++++++++++++++++++++
1 file changed, 183 insertions(+)
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index d79fcfbb997..ecd44d2ba35 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -23,6 +23,7 @@ import tempfile
import warnings
import ldb
import samba
+import time
from samba import param
from samba import credentials
from samba.credentials import Credentials
@@ -435,6 +436,188 @@ class BlackboxTestCase(TestCaseInTempDir):
string.digits) for x in range(count - 3))
return password
+class NTLMAuthTestCase(TestCase):
+
+ def setUp(self):
+ super(NTLMAuthTestCase, self).setUp()
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ self.ntlm_auth_path = os.path.join(bindir, 'ntlm_auth')
+ self.lp = samba.tests.env_loadparm()
+ self.winbind_separator = self.lp.get('winbind separator')
+
+ def readLine(self, text_stream):
+ buf = text_stream.readline()
+ newline = buf.find('\n')
+ if newline == -1:
+ raise Exception("Failed to read line")
+ return buf[:newline]
+
+ def writeLine(self, text_stream, buf):
+ text_stream.write(buf)
+ text_stream.write("\n")
+
+ def run_helper(self,
+ client_username=None,
+ client_password=None,
+ client_domain=None,
+ client_use_cached_creds=False,
+ server_username=None,
+ server_password=None,
+ server_domain=None,
+ client_helper="ntlmssp-client-1",
+ server_helper="squid-2.5-ntlmssp",
+ server_use_winbind=False,
+ require_membership=None,
+ target_hostname=None,
+ target_service=None):
+ self.assertTrue(os.access(self.ntlm_auth_path, os.X_OK))
+
+ if client_username is None:
+ raise Exception("client_username required")
+
+ # Client helper args
+ client_args = []
+ client_args.append(self.ntlm_auth_path)
+ client_args.append("--helper-protocol=%s" % client_helper)
+ client_args.append("--username=%s" % client_username)
+ if client_domain:
+ client_args.append("--domain=%s" % client_domain)
+ if client_use_cached_creds:
+ client_args.append("--use-cached-creds")
+ else:
+ if client_password is None:
+ raise Exception("client_password required")
+ client_args.append("--password=%s" % client_password)
+ if target_service:
+ client_args.append("--target-service=%s" % target_service)
+ if target_hostname:
+ client_args.append("--target-hostname=%s" % target_hostname)
+ client_args.append("--configfile=%s" % self.lp.configfile)
+
+ # Server helper args
+ server_args = []
+ server_args.append(self.ntlm_auth_path)
+ server_args.append("--helper-protocol=%s" % server_helper)
+ server_args.append("--configfile=%s" % self.lp.configfile)
+ if not server_use_winbind:
+ if server_username is None or server_password is None or server_domain is None:
+ raise Exception("Server credentials required if not using winbind")
+ server_args.append("--username=%s" % server_username)
+ server_args.append("--password=%s" % server_password)
+ server_args.append("--domain=%s" % server_domain)
+ if require_membership is not None:
+ raise Exception("Server must be using winbind for require-membership-of")
+ else:
+ if require_membership is not None:
+ server_args.append("--require-membership-of=%s" % require_membership)
+
+ # Run helpers
+ result = False
+ server_proc = subprocess.Popen(server_args, stdout=subprocess.PIPE, stdin=subprocess.PIPE, bufsize=0, universal_newlines=True)
+ client_proc = subprocess.Popen(client_args, stdout=subprocess.PIPE, stdin=subprocess.PIPE, bufsize=0, universal_newlines=True)
+
+ try:
+ if client_helper == "ntlmssp-client-1" and server_helper == "squid-2.5-ntlmssp":
+ self.writeLine(client_proc.stdin, "YR")
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("YR "))
+
+ self.writeLine(server_proc.stdin, buf)
+ buf = self.readLine(server_proc.stdout)
+ self.assertTrue(buf.startswith("TT "))
+
+ self.writeLine(client_proc.stdin, buf)
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("AF "))
+
+ # Client sends 'AF <base64 blob>' but server
+ # expects 'KK <base64 blob>'
+ buf = buf.replace("AF", "KK", 1)
+
+ self.writeLine(server_proc.stdin, buf)
+ buf = self.readLine(server_proc.stdout)
+ result = buf.startswith("AF ")
+ elif client_helper == "ntlmssp-client-1" and server_helper == "gss-spnego":
+ self.writeLine(client_proc.stdin, "YR")
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("YR "))
+
+ self.writeLine(server_proc.stdin, buf)
+ buf = self.readLine(server_proc.stdout)
+ self.assertTrue(buf.startswith("TT "))
+
+ self.writeLine(client_proc.stdin, buf)
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("AF "))
+
+ # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+ buf = buf.replace("AF", "KK", 1)
+
+ self.writeLine(server_proc.stdin, buf)
+ buf = self.readLine(server_proc.stdout)
+ result = buf.startswith("AF * ")
+ elif client_helper == "gss-spnego-client" and server_helper == "gss-spnego":
+ self.writeLine(server_proc.stdin, "YR")
+ buf = self.readLine(server_proc.stdout)
+
+ while True:
+ if (buf.startswith("NA * ")):
+ result = False
+ break
+
+ self.assertTrue(buf.startswith("AF ") or buf.startswith("TT "))
+
+ self.writeLine(client_proc.stdin, buf)
+ buf = self.readLine(client_proc.stdout)
+
+ if buf.startswith("AF"):
+ result = True
+ break
+
+ self.assertTrue(buf.startswith("AF ") or buf.startswith("KK ") or buf.startswith("TT "))
+
+ self.writeLine(server_proc.stdin, buf)
+ buf = self.readLine(server_proc.stdout)
+
+ if buf.startswith("AF * "):
+ result = True
+ break
+ else:
+ self.fail("Helper protocols not handled")
+
+ if result is True and client_helper == "ntlmssp-client-1":
+ self.writeLine(client_proc.stdin, "GK")
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("GK "))
+
+ self.writeLine(client_proc.stdin, "GF")
+ buf = self.readLine(client_proc.stdout)
+ self.assertTrue(buf.startswith("GF "))
+
+ if result is True and server_helper == "squid-2.5-ntlmssp":
+ self.writeLine(server_proc.stdin, "GK")
+ buf = self.readLine(server_proc.stdout)
+ self.assertTrue(buf.startswith("GK "))
+
+ self.writeLine(server_proc.stdin, "GF")
+ buf = self.readLine(server_proc.stdout)
+ self.assertTrue(buf.startswith("GF "))
+
+ client_proc.stdin.close()
+ client_proc.wait()
+ self.assertEqual(client_proc.returncode, 0)
+
+ server_proc.stdin.close()
+ server_proc.wait()
+ self.assertEqual(server_proc.returncode, 0)
+
+ return result
+ except:
+ client_proc.kill()
+ client_proc.wait()
+ server_proc.kill()
+ server_proc.wait()
+ raise
def connect_samdb(samdb_url, lp=None, session_info=None, credentials=None,
flags=0, ldb_options=None, ldap_only=False, global_schema=True):
--
2.19.1
From d5b34ce7794cbb45ad98b1efa954ab04d55f89fc Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 12:47:11 +0200
Subject: [PATCH 03/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 51 +++++++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 2 -
source4/selftest/tests.py | 2 +
3 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 python/samba/tests/ntlm_auth.py
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
new file mode 100644
index 00000000000..ff2e925d4dc
--- /dev/null
+++ b/python/samba/tests/ntlm_auth.py
@@ -0,0 +1,51 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) Samuel Cabrero <scabrero at suse.de> 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+from samba.tests import NTLMAuthTestCase
+
+class NTLMAuthHelpersTests(NTLMAuthTestCase):
+
+ def test_specified_domain(self):
+ """ ntlm_auth with specified domain """
+
+ username = "foo"
+ password = "secret"
+ domain = "FOO"
+
+ ret = self.run_helper(client_username=username,
+ client_password=password,
+ client_domain=domain,
+ server_username=username,
+ server_password=password,
+ server_domain=domain,
+ server_use_winbind=False)
+ self.assertTrue(ret)
+
+ username = "foo"
+ password = "secret"
+ domain = "fOo"
+
+ ret = self.run_helper(client_username=username,
+ client_password=password,
+ client_domain=domain,
+ server_username=username,
+ server_password=password,
+ server_domain=domain,
+ server_use_winbind=False)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 2b5e4353557..3d3d9f98048 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -268,9 +268,7 @@ EOF
fi
}
-testit "ntlm_auth" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS || failed=`expr $failed + 1`
# This should work even with NTLMv2
-testit "ntlm_auth with specified domain" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1`
testit "ntlm_auth against winbindd" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=ntlmssp-client-1 --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=gss-spnego-client --server-helper=gss-spnego || failed=`expr $failed + 1`
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index c4b7d18444c..2087515dd96 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -589,6 +589,8 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass
plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
+ planpythontestsuite(env + ":local", "samba.tests.ntlm_auth", py3_compatible=True)
+
for env in ["s4member_dflt_domain", "s4member"]:
for cmd in ["id", "getent"]:
users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
--
2.19.1
From cb65420fa74b36bbadd25cc716bcf430e28b7888 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 14:26:59 +0200
Subject: [PATCH 04/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 9 +++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 1 -
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index ff2e925d4dc..de3c6459bc8 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -49,3 +49,12 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_domain=domain,
server_use_winbind=False)
self.assertTrue(ret)
+
+ def test_agaist_winbind(self):
+ """ ntlm_auth against winbindd """
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ server_use_winbind=True)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 3d3d9f98048..3baed4acfb1 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,7 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth against winbindd" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=ntlmssp-client-1 --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=gss-spnego-client --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS || failed=`expr $failed + 1`
--
2.19.1
From b0bb5d5d1e2b1700239697fbb30f284bdb342356 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 16:05:34 +0200
Subject: [PATCH 05/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 18 ++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 1 -
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index de3c6459bc8..8e921cfc1cc 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -58,3 +58,21 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
client_domain=os.environ["DOMAIN"],
server_use_winbind=True)
self.assertTrue(ret)
+
+ def test_ntlmssp_gss_spnego(self):
+ """ ntlm_auth with NTLMSSP client and gss-spnego server """
+
+ username = "foo"
+ password = "secret"
+ domain = "fOo"
+
+ ret = self.run_helper(client_username=username,
+ client_password=password,
+ client_domain=domain,
+ server_username=username,
+ server_password=password,
+ server_domain=domain,
+ client_helper="ntlmssp-client-1",
+ server_helper="gss-spnego",
+ server_use_winbind=False)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 3baed4acfb1..f0646276d04 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,7 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=ntlmssp-client-1 --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=gss-spnego-client --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS || failed=`expr $failed + 1`
--
2.19.1
From 1766231a379e7f7b700bccc6bab93b91942ef39b Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 16:28:37 +0200
Subject: [PATCH 06/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 18 ++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 1 -
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 8e921cfc1cc..2cdb0a3a675 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -76,3 +76,21 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=False)
self.assertTrue(ret)
+
+ def test_gss_spnego(self):
+ """ ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server """
+
+ username = "foo"
+ password = "secret"
+ domain = "fOo"
+
+ ret = self.run_helper(client_username=username,
+ client_password=password,
+ client_domain=domain,
+ server_username=username,
+ server_password=password,
+ server_domain=domain,
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=False)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index f0646276d04..2b9b87e75b0 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,7 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-domain=fOo --server-domain=fOo --client-helper=gss-spnego-client --server-helper=gss-spnego || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS || failed=`expr $failed + 1`
testit "wbinfo store cached credentials" $BINDIR/wbinfo --ccache-save=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
--
2.19.1
From 4e50259aed07d037120b54da2dfad6bee82eca6c Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 16:42:05 +0200
Subject: [PATCH 07/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 12 ++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 2 --
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 2cdb0a3a675..3164a392de1 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -94,3 +94,15 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=False)
self.assertTrue(ret)
+
+ def test_gss_spnego_winbind(self):
+ """ ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server
+ against winbind """
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 2b9b87e75b0..12bdc65e897 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,8 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS || failed=`expr $failed + 1`
-
testit "wbinfo store cached credentials" $BINDIR/wbinfo --ccache-save=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
testit "ntlm_auth ccached credentials with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-username=$USERNAME --client-domain=$DOMAIN --client-use-cached-creds --client-helper=ntlmssp-client-1 --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1`
--
2.19.1
From d568cdf2e804d665cc149c9549c80607798bcdc9 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 17:07:23 +0200
Subject: [PATCH 08/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 24 +++++++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 3 ---
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 3164a392de1..060a9c5127b 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -106,3 +106,27 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=True)
self.assertTrue(ret)
+
+ def test_ntlmssp_gss_spnego_cached_creds(self):
+ """ ntlm_auth with NTLMSSP client and gss-spnego server against
+ winbind with cached credentials """
+
+ username = os.environ["DC_USERNAME"]
+ password = os.environ["DC_PASSWORD"]
+ domain = os.environ["DOMAIN"]
+
+ # Store cached credentials
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ wbinfo = os.path.join(bindir, "wbinfo")
+ ret = os.system("%s --ccache-save=%s%s%s%%%s" % (
+ wbinfo, domain, self.winbind_separator, username, password))
+ self.assertEqual(ret, 0)
+
+ ret = self.run_helper(client_username=username,
+ client_password=password,
+ client_domain=domain,
+ client_use_cached_creds=True,
+ client_helper="ntlmssp-client-1",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 12bdc65e897..4df0788fa15 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,9 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "wbinfo store cached credentials" $BINDIR/wbinfo --ccache-save=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
-testit "ntlm_auth ccached credentials with NTLMSSP client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --client-username=$USERNAME --client-domain=$DOMAIN --client-use-cached-creds --client-helper=ntlmssp-client-1 --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1`
-
testit "ntlm_auth against winbindd with require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$SID || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$SID || failed=`expr $failed + 1`
--
2.19.1
From 11780a725edf3025627f261c32b293bb3e8d54f3 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 17:41:40 +0200
Subject: [PATCH 09/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 20 ++++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 1 -
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 060a9c5127b..6b5a9a15490 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -17,6 +17,7 @@
#
import os
+from subprocess import Popen, PIPE
from samba.tests import NTLMAuthTestCase
class NTLMAuthHelpersTests(NTLMAuthTestCase):
@@ -130,3 +131,22 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=True)
self.assertTrue(ret)
+
+ def test_require_membership(self):
+ """ ntlm_auth against winbindd with require-membership-of """
+
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ wbinfo = os.path.join(bindir, "wbinfo")
+
+ proc = Popen([wbinfo, '-n', os.environ["DC_USERNAME"]],
+ stdout=PIPE, stderr=PIPE)
+ (out, err) = proc.communicate()
+ group_sid = out.decode().split(" ")[0]
+ self.assertTrue(group_sid.startswith("S-1-5-21-"))
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ require_membership=group_sid,
+ server_use_winbind=True)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 4df0788fa15..9ca123f96d6 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,7 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth against winbindd with require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$SID || failed=`expr $failed + 1`
testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$SID || failed=`expr $failed + 1`
testit_expect_failure "ntlm_auth against winbindd with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
--
2.19.1
From fc086767f721a5b53cda51391ed90e70f1f06477 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 17:46:59 +0200
Subject: [PATCH 10/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 22 ++++++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 2 --
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 6b5a9a15490..e13c3d3d55e 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -150,3 +150,25 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
require_membership=group_sid,
server_use_winbind=True)
self.assertTrue(ret)
+
+ def test_require_membership_gss_spnego(self):
+ """ ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server
+ against winbind with require-membership-of """
+
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ wbinfo = os.path.join(bindir, "wbinfo")
+
+ proc = Popen([wbinfo, '-n', os.environ["DC_USERNAME"]],
+ stdout=PIPE, stderr=PIPE)
+ (out, err) = proc.communicate()
+ group_sid = out.decode().split(" ")[0]
+ self.assertTrue(group_sid.startswith("S-1-5-21-"))
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ require_membership=group_sid,
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertTrue(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 9ca123f96d6..3a411e0d2b0 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,8 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$SID || failed=`expr $failed + 1`
-
testit_expect_failure "ntlm_auth against winbindd with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
testit_expect_failure "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
--
2.19.1
From 26dbfac8666be156f06b0d855219fd757456d412 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 17:53:16 +0200
Subject: [PATCH 11/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 9 +++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 1 -
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index e13c3d3d55e..09c13b98c42 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -151,6 +151,15 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_use_winbind=True)
self.assertTrue(ret)
+ group_sid = group_sid[:-2]
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ require_membership=group_sid,
+ server_use_winbind=True)
+ self.assertFalse(ret)
+
def test_require_membership_gss_spnego(self):
""" ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server
against winbind with require-membership-of """
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 3a411e0d2b0..725e9e3dbfa 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,7 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit_expect_failure "ntlm_auth against winbindd with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
testit_expect_failure "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
testit "ntlm_auth plaintext authentication with require-membership-of" test_plaintext_check_output_stdout || failed=`expr $failed + 1`
--
2.19.1
From 16108fd47ce9b6597645729508cf765f17ba8fba Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 18:01:17 +0200
Subject: [PATCH 12/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 11 +++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 2 --
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 09c13b98c42..6e9b66e8311 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -181,3 +181,14 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=True)
self.assertTrue(ret)
+
+ group_sid = group_sid[:-2]
+
+ ret = self.run_helper(client_username=os.environ["DC_USERNAME"],
+ client_password=os.environ["DC_PASSWORD"],
+ client_domain=os.environ["DOMAIN"],
+ require_membership=group_sid,
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertFalse(ret)
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 725e9e3dbfa..3b3c5dfe7ef 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -269,8 +269,6 @@ EOF
}
# This should work even with NTLMv2
-testit_expect_failure "ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH --client-username=$USERNAME --client-domain=$DOMAIN --client-password=$PASSWORD --server-use-winbindd --client-helper=gss-spnego-client --server-helper=gss-spnego $ADDARGS --require-membership-of=$BADSID && failed=`expr $failed + 1`
-
testit "ntlm_auth plaintext authentication with require-membership-of" test_plaintext_check_output_stdout || failed=`expr $failed + 1`
testit "ntlm_auth plaintext authentication with failed require-membership-of" test_plaintext_check_output_fail || failed=`expr $failed + 1`
--
2.19.1
From dcdd2b5aaa285e808b5c508829304e6b51a1a3de Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 18:24:56 +0200
Subject: [PATCH 13/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 26 ++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 32 -----------------------
2 files changed, 26 insertions(+), 32 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 6e9b66e8311..eff3c1430eb 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -192,3 +192,29 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
server_helper="gss-spnego",
server_use_winbind=True)
self.assertFalse(ret)
+
+ def test_plaintext_with_membership(self):
+ """ ntlm_auth plaintext authentication with require-membership-of """
+
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ wbinfo = os.path.join(bindir, "wbinfo")
+
+ proc = Popen([wbinfo, '-n', os.environ["DC_USERNAME"]],
+ stdout=PIPE, stderr=PIPE)
+ (out, err) = proc.communicate()
+ group_sid = out.decode().split(" ")[0]
+ self.assertTrue(group_sid.startswith("S-1-5-21-"))
+
+ username = os.environ["DC_USERNAME"]
+ password = os.environ["DC_PASSWORD"]
+ domain = os.environ["DOMAIN"]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--require-membership-of", group_sid,
+ "--helper-protocol", "squid-2.5-basic"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ creds = "%s%s%s %s\n" % (domain, self.winbind_separator, username,
+ password)
+ (out, err) = proc.communicate(input=creds.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+ self.assertTrue(out.startswith(b"OK\n"))
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 3b3c5dfe7ef..2a4942bb9f5 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,37 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_plaintext_check_output_stdout()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- cat > $tmpfile <<EOF
-$DOMAIN/$USERNAME $PASSWORD
-EOF
- cmd='$NTLM_AUTH "$@" --require-membership-of=$SID --helper-protocol=squid-2.5-basic < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "OK" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # authenticated .. succeed
- true
- else
- echo failed to get successful authentication
- false
- fi
-}
-
test_plaintext_check_output_fail()
{
tmpfile=$PREFIX/ntlm_commands
@@ -269,7 +238,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth plaintext authentication with require-membership-of" test_plaintext_check_output_stdout || failed=`expr $failed + 1`
testit "ntlm_auth plaintext authentication with failed require-membership-of" test_plaintext_check_output_fail || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed=`expr $failed + 1`
--
2.19.1
From bbe5ba0de18e8415597f13dc6147ac24ac49b526 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 18:27:50 +0200
Subject: [PATCH 14/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 13 +++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 33 -----------------------
2 files changed, 13 insertions(+), 33 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index eff3c1430eb..86593088064 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -218,3 +218,16 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
(out, err) = proc.communicate(input=creds.encode('utf-8'))
self.assertEqual(proc.returncode, 0)
self.assertTrue(out.startswith(b"OK\n"))
+
+ # Check membership failure
+ group_sid = group_sid[:-2]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--require-membership-of", group_sid,
+ "--helper-protocol", "squid-2.5-basic"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ creds = "%s%s%s %s\n" % (domain, self.winbind_separator, username,
+ password)
+ (out, err) = proc.communicate(input=creds.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+ self.assertTrue(out.startswith(b"ERR\n"))
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 2a4942bb9f5..56e327c8ec2 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,37 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_plaintext_check_output_fail()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- cat > $tmpfile <<EOF
-$DOMAIN\\$USERNAME $PASSWORD
-EOF
- cmd='$NTLM_AUTH "$@" --require-membership-of=$BADSID --helper-protocol=squid-2.5-basic < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "ERR" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # failed to authenticate .. success
- true
- else
- echo "incorrectly gave a successful authentication"
- false
- fi
-}
-
test_ntlm_server_1_check_output()
{
tmpfile=$PREFIX/ntlm_commands
@@ -238,8 +207,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth plaintext authentication with failed require-membership-of" test_plaintext_check_output_fail || failed=`expr $failed + 1`
-
testit "ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
--
2.19.1
From 5622c70cf69ebd8d06916fb2a08cfa8e8224ba21 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 18:49:13 +0200
Subject: [PATCH 15/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 28 +++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 37 -----------------------
2 files changed, 28 insertions(+), 37 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 86593088064..f2f157ed57c 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -231,3 +231,31 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
(out, err) = proc.communicate(input=creds.encode('utf-8'))
self.assertEqual(proc.returncode, 0)
self.assertTrue(out.startswith(b"ERR\n"))
+
+ def test_ntlm_server_1_with_fixed_password(self):
+ """ ntlm_auth ntlm-server-1 with fixed password """
+
+ ntlm_cmds = [
+ "LANMAN-Challenge: 0123456789abcdef",
+ "NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6",
+ "NT-Domain: TEST",
+ "Username: testuser",
+ "Request-User-Session-Key: Yes",
+ ".\n" ]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--password", "SecREt01",
+ "--helper-protocol", "ntlm-server-1"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "\n".join(ntlm_cmds)
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ lines = out.split(b"\n")
+
+ self.assertEqual(len(lines), 4)
+ self.assertEquals(lines[0], b"Authenticated: Yes")
+ self.assertEquals(
+ lines[1], b"User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4")
+ self.assertEquals(lines[2], b".")
+ self.assertEquals(lines[3], b"")
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 56e327c8ec2..82aebfef39c 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,42 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_ntlm_server_1_check_output()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- cat > $tmpfile <<EOF
-LANMAN-Challenge: 0123456789abcdef
-NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
-NT-Domain: TEST
-Username: testuser
-Request-User-Session-Key: Yes
-.
-EOF
- cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01< $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # authenticated .. succeed
- true
- else
- echo failed to get successful authentication
- false
- fi
-}
-
test_ntlm_server_1_check_output_fail()
{
tmpfile=$PREFIX/ntlm_commands
@@ -207,7 +171,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
--
2.19.1
From 67656fa624d14de19a8fffb196b6f49f6b1b3c93 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 19:06:18 +0200
Subject: [PATCH 16/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 15 +++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 38 -----------------------
2 files changed, 15 insertions(+), 38 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index f2f157ed57c..5665f1a9275 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -259,3 +259,18 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
lines[1], b"User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4")
self.assertEquals(lines[2], b".")
self.assertEquals(lines[3], b"")
+
+ # Break the password with a leading A on the challenge
+ ntlm_cmds[0] = "LANMAN-Challenge: A123456789abcdef"
+
+ proc = Popen([self.ntlm_auth_path,
+ "--password", "SecREt01",
+ "--helper-protocol", "ntlm-server-1"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "\n".join(ntlm_cmds)
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ lines = out.split(b"\n")
+ self.assertEqual(len(lines), 5)
+ self.assertEquals(lines[0], b"Authenticated: No")
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 82aebfef39c..b41368c4e3b 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,43 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_ntlm_server_1_check_output_fail()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- # Break the password with a leading A on the challenge
- cat > $tmpfile <<EOF
-LANMAN-Challenge: A123456789abcdef
-NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
-NT-Domain: TEST
-Username: testuser
-Request-User-Session-Key: Yes
-.
-EOF
- cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01 < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # failed to authenticate .. success
- true
- else
- echo "incorrectly gave a successful authentication"
- false
- fi
-}
-
test_ntlm_server_1_check_winbind_output()
{
tmpfile=$PREFIX/ntlm_commands
@@ -171,7 +134,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
--
2.19.1
From 8719c7cbe7dd626f01cc0257eab38c0c5a4a9149 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 19:15:05 +0200
Subject: [PATCH 17/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 34 +++++++++++++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 37 -----------------------
2 files changed, 34 insertions(+), 37 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 5665f1a9275..d586a4919c5 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -274,3 +274,37 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
lines = out.split(b"\n")
self.assertEqual(len(lines), 5)
self.assertEquals(lines[0], b"Authenticated: No")
+
+ def test_ntlm_server_1_with_plaintext_winbind(self):
+ """ ntlm_auth ntlm-server-1 with plaintext password against winbind """
+
+ bindir = os.path.normpath(os.getenv("BINDIR", "./bin"))
+ wbinfo = os.path.join(bindir, "wbinfo")
+
+ proc = Popen([wbinfo, '-n', os.environ["DC_USERNAME"]],
+ stdout=PIPE, stderr=PIPE)
+ (out, err) = proc.communicate()
+ group_sid = out.decode().split(' ')[0]
+ self.assertTrue(group_sid.startswith("S-1-5-21-"))
+
+ ntlm_cmds = [
+ "Password: %s" % os.environ["DC_PASSWORD"],
+ "NT-Domain: %s" % os.environ["DOMAIN"],
+ "Username: %s" % os.environ["DC_USERNAME"],
+ "Request-User-Session-Key: Yes",
+ ".\n" ]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--require-membership-of", group_sid,
+ "--helper-protocol", "ntlm-server-1"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "\n".join(ntlm_cmds)
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ lines = out.split(b"\n")
+
+ self.assertEqual(len(lines), 3)
+ self.assertEquals(lines[0], b"Authenticated: Yes")
+ self.assertEquals(lines[1], b".")
+ self.assertEquals(lines[2], b"")
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index b41368c4e3b..4048b804be2 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,42 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_ntlm_server_1_check_winbind_output()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- # This isn't the correct password
- cat > $tmpfile <<EOF
-Password: $PASSWORD
-NT-Domain: $DOMAIN
-Username: $USERNAME
-Request-User-Session-Key: Yes
-.
-EOF
- cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$SID < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "Authenticated: Yes" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # authenticated .. success
- true
- else
- echo "Failed to authenticate the user or match with SID $SID"
- false
- fi
-}
-
test_ntlm_server_1_check_winbind_output_wrong_sid()
{
tmpfile=$PREFIX/ntlm_commands
@@ -134,7 +98,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
--
2.19.1
From 67184a3c74b6f304de89f987e822f7720aeb937c Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 19:27:20 +0200
Subject: [PATCH 18/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 18 +++++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 37 -----------------------
2 files changed, 18 insertions(+), 37 deletions(-)
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index d586a4919c5..a8d9ce80326 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -308,3 +308,21 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
self.assertEquals(lines[0], b"Authenticated: Yes")
self.assertEquals(lines[1], b".")
self.assertEquals(lines[2], b"")
+
+ # Check membership failure
+ group_sid = group_sid[:-2]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--require-membership-of", group_sid,
+ "--helper-protocol", "ntlm-server-1"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "\n".join(ntlm_cmds)
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ lines = out.split(b"\n")
+
+ self.assertEqual(len(lines), 3)
+ self.assertEquals(lines[0], b"Authenticated: No")
+ self.assertEquals(lines[1], b".")
+ self.assertEquals(lines[2], b"")
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
index 4048b804be2..041cb7d9cb8 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -24,42 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
failed=0
-test_ntlm_server_1_check_winbind_output_wrong_sid()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- # This isn't the correct password
- cat > $tmpfile <<EOF
-Password: $PASSWORD
-NT-Domain: $DOMAIN
-Username: $USERNAME
-Request-User-Session-Key: Yes
-.
-EOF
- cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$BADSID < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # failed to authenticate .. success
- true
- else
- echo "incorrectly gave a successful authentication"
- false
- fi
-}
-
test_ntlm_server_1_check_winbind_output_fail()
{
tmpfile=$PREFIX/ntlm_commands
@@ -98,7 +62,6 @@ EOF
}
# This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
testok $0 $failed
--
2.19.1
From bcf6f6649329b609232937d8f372feb5216e1fd1 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Fri, 31 Aug 2018 19:28:06 +0200
Subject: [PATCH 19/22] tests/ntlm_auth: Port ntlm_auth tests to python
Port ntlm_auth bash script tests to python and remove bash test script
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 24 ++++++++
source3/script/tests/test_ntlm_auth_s3.sh | 67 -----------------------
source4/selftest/tests.py | 2 -
3 files changed, 24 insertions(+), 69 deletions(-)
delete mode 100755 source3/script/tests/test_ntlm_auth_s3.sh
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index a8d9ce80326..6d947617c11 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -326,3 +326,27 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
self.assertEquals(lines[0], b"Authenticated: No")
self.assertEquals(lines[1], b".")
self.assertEquals(lines[2], b"")
+
+ def test_ntlm_server_1_with_incorrect_password_winbind(self):
+ """ ntlm_auth ntlm-server-1 with incorrect fixed password against
+ winbind """
+
+ ntlm_cmds = [
+ "LANMAN-Challenge: 0123456789abcdef",
+ "NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6",
+ "NT-Domain: %s" % os.environ["DOMAIN"],
+ "Username: %s" % os.environ["DC_USERNAME"],
+ "Request-User-Session-Key: Yes",
+ ".\n" ]
+
+ proc = Popen([self.ntlm_auth_path,
+ "--helper-protocol", "ntlm-server-1"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "\n".join(ntlm_cmds)
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ lines = out.split(b"\n")
+
+ self.assertEqual(len(lines), 5)
+ self.assertEquals(lines[0], b"Authenticated: No")
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
deleted file mode 100755
index 041cb7d9cb8..00000000000
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-
-if [ $# -lt 2 ]; then
-cat <<EOF
-Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH
-EOF
-exit 1;
-fi
-
-PYTHON=$1
-SRC3DIR=$2
-NTLM_AUTH=$3
-DOMAIN=$4
-USERNAME=$5
-PASSWORD=$6
-shift 6
-ADDARGS="$*"
-
-incdir=`dirname $0`/../../../testprogs/blackbox
-. $incdir/subunit.sh
-
-SID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1`
-BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
-
-failed=0
-
-test_ntlm_server_1_check_winbind_output_fail()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- # This isn't the correct password
- cat > $tmpfile <<EOF
-LANMAN-Challenge: 0123456789abcdef
-NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
-NT-Domain: $DOMAIN
-Username: $USERNAME
-Request-User-Session-Key: Yes
-.
-EOF
- cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # failed to authenticate .. success
- true
- else
- echo "incorrectly gave a successful authentication"
- false
- fi
-}
-
-# This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
-
-testok $0 $failed
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 2087515dd96..ce9d5095d3c 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -587,8 +587,6 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass
"samba.ntlm_auth.diagnostics(%s:local)" % env, "%s:local" % env,
[os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_diagnostics.sh"), ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
- plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
-
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth", py3_compatible=True)
for env in ["s4member_dflt_domain", "s4member"]:
--
2.19.1
From 6372b369301ceba37464e3c27811a9b5984155d0 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Thu, 6 Sep 2018 12:58:42 +0200
Subject: [PATCH 20/22] tests/ntlm_auth: Port ntlm_auth_krb5 tests to python
Port ntlm_auth_krb5 bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth_krb5.py | 82 +++++++++++++++++++++
source3/script/tests/test_ntlm_auth_krb5.sh | 32 --------
source3/selftest/tests.py | 5 --
source4/selftest/tests.py | 3 +
4 files changed, 85 insertions(+), 37 deletions(-)
create mode 100644 python/samba/tests/ntlm_auth_krb5.py
delete mode 100755 source3/script/tests/test_ntlm_auth_krb5.sh
diff --git a/python/samba/tests/ntlm_auth_krb5.py b/python/samba/tests/ntlm_auth_krb5.py
new file mode 100644
index 00000000000..4fb1e9994e9
--- /dev/null
+++ b/python/samba/tests/ntlm_auth_krb5.py
@@ -0,0 +1,82 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) Samuel Cabrero <scabrero at suse.de> 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+from subprocess import Popen, PIPE
+from samba.tests import NTLMAuthTestCase
+
+class NTLMAuthKerberosTests(NTLMAuthTestCase):
+
+ def setUp(self):
+ super(NTLMAuthKerberosTests, self).setUp()
+ self.old_ccache = os.path.join(os.environ["SELFTEST_PREFIX"],
+ "ktest", "krb5_ccache-2")
+ self.ccache = os.path.join(os.environ["SELFTEST_PREFIX"],
+ "ktest", "krb5_ccache-3")
+
+ def test_krb5_gss_spnego_client_gss_spnego_server(self):
+ """ ntlm_auth with krb5 gss-spnego-client and gss-spnego server """
+
+ os.environ["KRB5CCNAME"] = self.old_ccache
+ ret = self.run_helper(client_username="foo",
+ client_password="secret",
+ client_domain="FOO",
+ target_hostname=os.environ["SERVER"],
+ target_service="host",
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertTrue(ret)
+
+ os.environ["KRB5CCNAME"] = self.ccache
+ ret = self.run_helper(client_username="foo",
+ client_password="secret",
+ client_domain="FOO",
+ target_hostname=os.environ["SERVER"],
+ target_service="host",
+ client_helper="gss-spnego-client",
+ server_helper="gss-spnego",
+ server_use_winbind=True)
+ self.assertTrue(ret)
+
+ def test_krb5_invalid_keytab(self):
+ """ ntlm_auth with krb5 and an invalid keytab """
+
+ dedicated_keytab = "FILE:%s.%s" % (
+ self.old_ccache, "keytab-does-not-exists")
+ proc = Popen([self.ntlm_auth_path,
+ "--helper-protocol", "gss-spnego",
+ "--option", "security=ads",
+ "--option", "kerberosmethod=dedicatedkeytab",
+ "--option", "dedicatedkeytabfile=%s" % dedicated_keytab],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "YR\n"
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+
+ dedicated_keytab = "FILE:%s.%s" % (
+ self.ccache, "keytab-does-not-exists")
+ proc = Popen([self.ntlm_auth_path,
+ "--helper-protocol", "gss-spnego",
+ "--option", "security=ads",
+ "--option", "kerberosmethod=dedicatedkeytab",
+ "--option", "dedicatedkeytabfile=%s" % dedicated_keytab],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ buf = "YR\n"
+ (out, err) = proc.communicate(input=buf.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
diff --git a/source3/script/tests/test_ntlm_auth_krb5.sh b/source3/script/tests/test_ntlm_auth_krb5.sh
deleted file mode 100755
index 773cb575811..00000000000
--- a/source3/script/tests/test_ntlm_auth_krb5.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-if [ $# -lt 2 ]; then
-cat <<EOF
-Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH CCACHE SERVER
-EOF
-exit 1;
-fi
-
-PYTHON=$1
-SRC3DIR=$2
-NTLM_AUTH=$3
-CCACHE=$4
-SERVER=$5
-shift 5
-ADDARGS="$*"
-
-incdir=`dirname $0`/../../../testprogs/blackbox
-. $incdir/subunit.sh
-
-failed=0
-
-KRB5CCNAME=$CCACHE
-export KRB5CCNAME
-
-# --server-use-winbindd is set so we know it isn't cheating and using the hard-coded passwords
-
-testit "ntlm_auth with krb5 gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --target-hostname=$SERVER --target-service=host --client-helper=gss-spnego-client --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1`
-
-echo YR| testit "ntlm_auth with krb5 and an invalid keytab" $NTLM_AUTH --helper-protocol=gss-spnego --option=security=ads --option=kerberosmethod='dedicatedkeytab' --option=dedicatedkeytabfile=FILE:`pwd`/$CCACHE.keytab-does-not-exist || failed=`expr $failed + 1`
-
-testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index f3c5c39664b..a383810f2e6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -267,11 +267,6 @@ t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"])
-plantestsuite("samba3.ntlm_auth.krb5 with old ccache(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration])
-
-plantestsuite("samba3.ntlm_auth.krb5(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-3', '$SERVER', configuration])
-
-
for env in ["maptoguest", "simpleserver"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) local creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbclient3, configuration + " --option=clientntlmv2auth=no --option=clientlanmanauth=yes"])
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index ce9d5095d3c..48e27ea13e9 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -589,6 +589,9 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth", py3_compatible=True)
+for env in ["ktest"]:
+ planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5", py3_compatible=True)
+
for env in ["s4member_dflt_domain", "s4member"]:
for cmd in ["id", "getent"]:
users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
--
2.19.1
From e4ff8cfc3ef104080d893b5c4cc9faa98286ea40 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Thu, 15 Nov 2018 11:17:43 +0100
Subject: [PATCH 21/22] selftest: Remove test_ntlm_auth.py helper
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
source3/torture/test_ntlm_auth.py | 335 ------------------------------
1 file changed, 335 deletions(-)
delete mode 100755 source3/torture/test_ntlm_auth.py
diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py
deleted file mode 100755
index ac60632347d..00000000000
--- a/source3/torture/test_ntlm_auth.py
+++ /dev/null
@@ -1,335 +0,0 @@
-#!/usr/bin/env python
-
-# Unix SMB/CIFS implementation.
-# A test for the ntlm_auth tool
-# Copyright (C) Kai Blin <kai at samba.org> 2008
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-"""Test ntlm_auth
-This test program will start ntlm_auth with the given command line switches and
-see if it will get the expected results.
-"""
-
-import os
-import sys
-from optparse import OptionParser
-
-
-class ReadChildError(Exception):
- pass
-
-
-class WriteChildError(Exception):
- pass
-
-
-def readLine(pipe):
- """readLine(pipe) -> str
- Read a line from the child's pipe, returns the string read.
- Throws ReadChildError if the read fails.
- """
- newline = -1
- buf = b""
- while newline == -1:
- more = os.read(pipe, 2047)
- buf = buf + more
- newline = buf.find(b'\n')
- if more == b"":
- raise ReadChildError()
-
- return buf[:newline]
-
-
-def writeLine(pipe, buf):
- """writeLine(pipe, buf) -> nul
- Write a line to the child's pipe.
- Raises WriteChildError if the write fails.
- """
- written = os.write(pipe, buf)
- if written != len(buf):
- raise WriteChildError()
- os.write(pipe, b"\n")
-
-
-def parseCommandLine():
- """parseCommandLine() -> (opts, ntlm_auth_path)
- Parse the command line.
- Return a tuple consisting of the options and the path to ntlm_auth.
- """
- usage = "usage: %prog [options] path/to/ntlm_auth"
- parser = OptionParser(usage)
-
- parser.set_defaults(client_username="foo")
- parser.set_defaults(client_password="secret")
- parser.set_defaults(client_domain="FOO")
- parser.set_defaults(client_helper="ntlmssp-client-1")
-
- parser.set_defaults(server_username="foo")
- parser.set_defaults(server_password="secret")
- parser.set_defaults(server_domain="FOO")
- parser.set_defaults(server_helper="squid-2.5-ntlmssp")
- parser.set_defaults(config_file="/etc/samba/smb.conf")
-
- parser.add_option("--client-username", dest="client_username",
- help="User name for the client. [default: foo]")
- parser.add_option("--client-password", dest="client_password",
- help="Password the client will send. [default: secret]")
- parser.add_option("--client-domain", dest="client_domain",
- help="Domain the client authenticates for. [default: FOO]")
- parser.add_option("--client-helper", dest="client_helper",
- help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
- parser.add_option("--client-use-cached-creds", dest="client_use_cached_creds",
- help="Use winbindd credentials cache (rather than default username/pw)", action="store_true")
-
- parser.add_option("--target-hostname", dest="target_hostname",
- help="Target hostname for kerberos")
- parser.add_option("--target-service", dest="target_service",
- help="Target service for kerberos")
-
- parser.add_option("--server-username", dest="server_username",
- help="User name server uses for local auth. [default: foo]")
- parser.add_option("--server-password", dest="server_password",
- help="Password server uses for local auth. [default: secret]")
- parser.add_option("--server-domain", dest="server_domain",
- help="Domain server uses for local auth. [default: FOO]")
- parser.add_option("--server-helper", dest="server_helper",
- help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
- parser.add_option("--server-use-winbindd", dest="server_use_winbindd",
- help="Use winbindd to check the password (rather than default username/pw)", action="store_true")
- parser.add_option("--require-membership-of", dest="sid",
- help="Require that the user is a member of this group to authenticate.")
-
- parser.add_option("-s", "--configfile", dest="config_file",
- help="Path to smb.conf file. [default:/etc/samba/smb.conf")
-
- (opts, args) = parser.parse_args()
- if len(args) != 1:
- parser.error("Invalid number of arguments.")
-
- if not os.access(args[0], os.X_OK):
- parser.error("%s is not executable." % args[0])
-
- return (opts, args[0])
-
-
-def main():
- """main() -> int
- Run the test.
- Returns 0 if test succeeded, <>0 otherwise.
- """
- (opts, ntlm_auth_path) = parseCommandLine()
-
- (client_in_r, client_in_w) = os.pipe()
- (client_out_r, client_out_w) = os.pipe()
-
- client_pid = os.fork()
-
- if not client_pid:
- # We're in the client child
- os.close(0)
- os.close(1)
-
- os.dup2(client_out_r, 0)
- os.close(client_out_r)
- os.close(client_out_w)
-
- os.dup2(client_in_w, 1)
- os.close(client_in_r)
- os.close(client_in_w)
-
- client_args = []
- client_args.append("--helper-protocol=%s" % opts.client_helper)
- client_args.append("--username=%s" % opts.client_username)
- if opts.client_use_cached_creds:
- client_args.append("--use-cached-creds")
- else:
- client_args.append("--password=%s" % opts.client_password)
- client_args.append("--domain=%s" % opts.client_domain)
- client_args.append("--configfile=%s" % opts.config_file)
- if opts.target_service:
- client_args.append("--target-service=%s" % opts.target_service)
- if opts.target_hostname:
- client_args.append("--target-hostname=%s" % opts.target_hostname)
-
- os.execv(ntlm_auth_path, client_args)
-
- client_in = client_in_r
- os.close(client_in_w)
-
- client_out = client_out_w
- os.close(client_out_r)
-
- (server_in_r, server_in_w) = os.pipe()
- (server_out_r, server_out_w) = os.pipe()
-
- server_pid = os.fork()
-
- if not server_pid:
- # We're in the server child
- os.close(0)
- os.close(1)
-
- os.dup2(server_out_r, 0)
- os.close(server_out_r)
- os.close(server_out_w)
-
- os.dup2(server_in_w, 1)
- os.close(server_in_r)
- os.close(server_in_w)
-
- server_args = []
- server_args.append("--helper-protocol=%s" % opts.server_helper)
- if not opts.server_use_winbindd:
- server_args.append("--username=%s" % opts.server_username)
- server_args.append("--password=%s" % opts.server_password)
- server_args.append("--domain=%s" % opts.server_domain)
- if opts.sid:
- raise Exception("Server must be using winbindd for require-membership-of.")
- else:
- if opts.sid:
- server_args.append("--require-membership-of=%s" % opts.sid)
-
- server_args.append("--configfile=%s" % opts.config_file)
-
- os.execv(ntlm_auth_path, server_args)
-
- server_in = server_in_r
- os.close(server_in_w)
-
- server_out = server_out_w
- os.close(server_out_r)
-
- if opts.client_helper == "ntlmssp-client-1" and opts.server_helper == "squid-2.5-ntlmssp":
-
- # We're in the parent
- writeLine(client_out, b"YR")
- buf = readLine(client_in)
- if buf.count(b"YR ", 0, 3) != 1:
- sys.exit(1)
-
- writeLine(server_out, buf)
- buf = readLine(server_in)
-
- if buf.count(b"TT ", 0, 3) != 1:
- sys.exit(2)
-
- writeLine(client_out, buf)
- buf = readLine(client_in)
-
- if buf.count(b"AF ", 0, 3) != 1:
- sys.exit(3)
-
- # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
- buf = buf.replace(b"AF", b"KK", 1)
-
- writeLine(server_out, buf)
- buf = readLine(server_in)
-
- if buf.count(b"AF ", 0, 3) != 1:
- sys.exit(4)
-
- elif opts.client_helper == "ntlmssp-client-1" and opts.server_helper == "gss-spnego":
- # We're in the parent
- writeLine(client_out, b"YR")
- buf = readLine(client_in)
-
- if buf.count(b"YR ", 0, 3) != 1:
- sys.exit(1)
-
- writeLine(server_out, buf)
- buf = readLine(server_in)
-
- if buf.count(b"TT ", 0, 3) != 1:
- sys.exit(2)
-
- writeLine(client_out, buf)
- buf = readLine(client_in)
-
- if buf.count(b"AF ", 0, 3) != 1:
- sys.exit(3)
-
- # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
- buf = buf.replace(b"AF", b"KK", 1)
-
- writeLine(server_out, buf)
- buf = readLine(server_in)
-
- if buf.count(b"AF * ", 0, 5) != 1:
- sys.exit(4)
-
- elif opts.client_helper == "gss-spnego-client" and opts.server_helper == "gss-spnego":
- # We're in the parent
- writeLine(server_out, b"YR")
- buf = readLine(server_in)
-
- while True:
- if buf.count(b"AF ", 0, 3) != 1 and buf.count(b"TT ", 0, 3) != 1:
- sys.exit(1)
-
- writeLine(client_out, buf)
- buf = readLine(client_in)
-
- if buf.count(b"AF", 0, 2) == 1:
- break
-
- if buf.count(b"AF ", 0, 5) != 1 and buf.count(b"KK ", 0, 3) != 1 and buf.count(b"TT ", 0, 3) != 1:
- sys.exit(2)
-
- writeLine(server_out, buf)
- buf = readLine(server_in)
-
- if buf.count(b"AF * ", 0, 5) == 1:
- break
-
- else:
- sys.exit(5)
-
- if opts.client_helper == "ntlmssp-client-1":
- writeLine(client_out, b"GK")
- buf = readLine(client_in)
-
- if buf.count(b"GK ", 0, 3) != 1:
- sys.exit(4)
-
- writeLine(client_out, b"GF")
- buf = readLine(client_in)
-
- if buf.count(b"GF ", 0, 3) != 1:
- sys.exit(4)
-
- if opts.server_helper == "squid-2.5-ntlmssp":
- writeLine(server_out, b"GK")
- buf = readLine(server_in)
-
- if buf.count(b"GK ", 0, 3) != 1:
- sys.exit(4)
-
- writeLine(server_out, b"GF")
- buf = readLine(server_in)
-
- if buf.count(b"GF ", 0, 3) != 1:
- sys.exit(4)
-
- os.close(server_in)
- os.close(server_out)
- os.close(client_in)
- os.close(client_out)
- os.waitpid(server_pid, 0)
- os.waitpid(client_pid, 0)
- sys.exit(0)
-
-
-if __name__ == "__main__":
- main()
--
2.19.1
From 1ef427a6e9827aeafcca986da24adab503435a81 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero at suse.de>
Date: Thu, 6 Sep 2018 13:56:53 +0200
Subject: [PATCH 22/22] tests/ntlm_auth: Port ntlm_auth_diagnostics tests to
python
Port ntlm_auth_diagnostics bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
---
python/samba/tests/ntlm_auth.py | 11 +++++++++
.../tests/test_ntlm_auth_diagnostics.sh | 23 -------------------
source4/selftest/tests.py | 4 ----
3 files changed, 11 insertions(+), 27 deletions(-)
delete mode 100755 source3/script/tests/test_ntlm_auth_diagnostics.sh
diff --git a/python/samba/tests/ntlm_auth.py b/python/samba/tests/ntlm_auth.py
index 6d947617c11..8b5ac942e97 100644
--- a/python/samba/tests/ntlm_auth.py
+++ b/python/samba/tests/ntlm_auth.py
@@ -350,3 +350,14 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
self.assertEqual(len(lines), 5)
self.assertEquals(lines[0], b"Authenticated: No")
+
+ def test_diagnostics(self):
+ """ ntlm_auth diagnostics """
+ proc = Popen([self.ntlm_auth_path,
+ "--username", os.environ["DC_USERNAME"],
+ "--password", os.environ["DC_PASSWORD"],
+ "--domain", os.environ["DOMAIN"],
+ "--diagnostics"],
+ stdout=PIPE, stderr=PIPE)
+ (out, err) = proc.communicate()
+ self.assertEqual(proc.returncode, 0)
diff --git a/source3/script/tests/test_ntlm_auth_diagnostics.sh b/source3/script/tests/test_ntlm_auth_diagnostics.sh
deleted file mode 100755
index 6e0c3eef42b..00000000000
--- a/source3/script/tests/test_ntlm_auth_diagnostics.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-if [ $# -lt 1 ]; then
-cat <<EOF
-Usage: test_ntlm_auth_diagnostics.sh NTLM_AUTH DOMAIN USERNAME PASSWORD
-EOF
-exit 1;
-fi
-
-NTLM_AUTH=$1
-DOMAIN=$2
-USERNAME=$3
-PASSWORD=$4
-shift 4
-
-ADDARGS="$*"
-
-incdir=`dirname $0`/../../../testprogs/blackbox
-. $incdir/subunit.sh
-
-testit "ntlm_auth" $VALGRIND $NTLM_AUTH --domain=$DOMAIN --username=$USERNAME --password=$PASSWORD --diagnostics $ADDARGS || failed=`expr $failed + 1`
-
-testok $0 $failed
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 48e27ea13e9..1881be734e4 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -583,10 +583,6 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass
"samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
[os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
- plantestsuite(
- "samba.ntlm_auth.diagnostics(%s:local)" % env, "%s:local" % env,
- [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_diagnostics.sh"), ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
-
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth", py3_compatible=True)
for env in ["ktest"]:
--
2.19.1
More information about the samba-technical
mailing list