diff options
author | Samuel Cabrero <scabrero@suse.de> | 2018-09-06 12:58:42 +0200 |
---|---|---|
committer | Noel Power <npower@samba.org> | 2018-12-19 12:42:14 +0100 |
commit | 129ab34baf0b1554dea3d93506b95439bffcb30f (patch) | |
tree | 458bf5f7894c65c880ecdcbb408b0550944ff724 | |
parent | 91c4f2603607a917c1f1006b2f9f83232ac489c4 (diff) | |
download | samba-129ab34baf0b1554dea3d93506b95439bffcb30f.tar.gz |
tests/ntlm_auth: Port ntlm_auth_krb5 tests to python
Port ntlm_auth_krb5 bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | python/samba/tests/ntlm_auth_krb5.py | 83 | ||||
-rwxr-xr-x | source3/script/tests/test_ntlm_auth_krb5.sh | 32 | ||||
-rwxr-xr-x | source3/selftest/tests.py | 5 | ||||
-rwxr-xr-x | source4/selftest/tests.py | 3 |
4 files changed, 86 insertions, 37 deletions
diff --git a/python/samba/tests/ntlm_auth_krb5.py b/python/samba/tests/ntlm_auth_krb5.py new file mode 100644 index 00000000000..d1957d68a0b --- /dev/null +++ b/python/samba/tests/ntlm_auth_krb5.py @@ -0,0 +1,83 @@ +# Unix SMB/CIFS implementation. +# +# Copyright (C) Samuel Cabrero <scabrero@suse.de> 2018 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import os +import samba +from subprocess import Popen, PIPE +from samba.tests.ntlm_auth_base import NTLMAuthTestCase + +class NTLMAuthKerberosTests(NTLMAuthTestCase): + + def setUp(self): + super(NTLMAuthKerberosTests, self).setUp() + self.old_ccache = os.path.join(os.environ["SELFTEST_PREFIX"], + "ktest", "krb5_ccache-2") + self.ccache = os.path.join(os.environ["SELFTEST_PREFIX"], + "ktest", "krb5_ccache-3") + + def test_krb5_gss_spnego_client_gss_spnego_server(self): + """ ntlm_auth with krb5 gss-spnego-client and gss-spnego server """ + + os.environ["KRB5CCNAME"] = self.old_ccache + ret = self.run_helper(client_username="foo", + client_password="secret", + client_domain="FOO", + target_hostname=os.environ["SERVER"], + target_service="host", + client_helper="gss-spnego-client", + server_helper="gss-spnego", + server_use_winbind=True) + self.assertTrue(ret) + + os.environ["KRB5CCNAME"] = self.ccache + ret = self.run_helper(client_username="foo", + client_password="secret", + client_domain="FOO", + target_hostname=os.environ["SERVER"], + target_service="host", + client_helper="gss-spnego-client", + server_helper="gss-spnego", + server_use_winbind=True) + self.assertTrue(ret) + + def test_krb5_invalid_keytab(self): + """ ntlm_auth with krb5 and an invalid keytab """ + + dedicated_keytab = "FILE:%s.%s" % ( + self.old_ccache, "keytab-does-not-exists") + proc = Popen([self.ntlm_auth_path, + "--helper-protocol", "gss-spnego", + "--option", "security=ads", + "--option", "kerberosmethod=dedicatedkeytab", + "--option", "dedicatedkeytabfile=%s" % dedicated_keytab], + stdout=PIPE, stdin=PIPE, stderr=PIPE) + buf = "YR\n" + (out, err) = proc.communicate(input=buf.encode('utf-8')) + self.assertEqual(proc.returncode, 0) + + dedicated_keytab = "FILE:%s.%s" % ( + self.ccache, "keytab-does-not-exists") + proc = Popen([self.ntlm_auth_path, + "--helper-protocol", "gss-spnego", + "--option", "security=ads", + "--option", "kerberosmethod=dedicatedkeytab", + "--option", "dedicatedkeytabfile=%s" % dedicated_keytab], + stdout=PIPE, stdin=PIPE, stderr=PIPE) + buf = "YR\n" + (out, err) = proc.communicate(input=buf.encode('utf-8')) + self.assertEqual(proc.returncode, 0) diff --git a/source3/script/tests/test_ntlm_auth_krb5.sh b/source3/script/tests/test_ntlm_auth_krb5.sh deleted file mode 100755 index 773cb575811..00000000000 --- a/source3/script/tests/test_ntlm_auth_krb5.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -if [ $# -lt 2 ]; then -cat <<EOF -Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH CCACHE SERVER -EOF -exit 1; -fi - -PYTHON=$1 -SRC3DIR=$2 -NTLM_AUTH=$3 -CCACHE=$4 -SERVER=$5 -shift 5 -ADDARGS="$*" - -incdir=`dirname $0`/../../../testprogs/blackbox -. $incdir/subunit.sh - -failed=0 - -KRB5CCNAME=$CCACHE -export KRB5CCNAME - -# --server-use-winbindd is set so we know it isn't cheating and using the hard-coded passwords - -testit "ntlm_auth with krb5 gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --target-hostname=$SERVER --target-service=host --client-helper=gss-spnego-client --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1` - -echo YR| testit "ntlm_auth with krb5 and an invalid keytab" $NTLM_AUTH --helper-protocol=gss-spnego --option=security=ads --option=kerberosmethod='dedicatedkeytab' --option=dedicatedkeytabfile=FILE:`pwd`/$CCACHE.keytab-does-not-exist || failed=`expr $failed + 1` - -testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index e7b4ebdbd8d..a3bb1c4feac 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -267,11 +267,6 @@ t = "WBCLIENT-MULTI-PING" plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""]) plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"]) -plantestsuite("samba3.ntlm_auth.krb5 with old ccache(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration]) - -plantestsuite("samba3.ntlm_auth.krb5(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-3', '$SERVER', configuration]) - - for env in ["maptoguest", "simpleserver"]: plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) local creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbclient3, configuration + " --option=clientntlmv2auth=no --option=clientlanmanauth=yes"]) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 64dd580b82b..98c2ea89b01 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -592,6 +592,9 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass planpythontestsuite(env + ":local", "samba.tests.ntlm_auth", py3_compatible=True) +for env in ["ktest"]: + planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5", py3_compatible=True) + for env in ["s4member_dflt_domain", "s4member"]: for cmd in ["id", "getent"]: users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"] |