diff options
author | Alexander Bokovoy <ab@samba.org> | 2018-07-19 14:07:39 +0300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-13 12:56:34 +0200 |
commit | 94ab84fff490bdcd96bc26e920c8813976869c54 (patch) | |
tree | 04ff3770894c528cc72368fa4d7bb65b415477ef /python | |
parent | 5b60ffce1812381fd8207aaa1af5d775391d8943 (diff) | |
download | samba-94ab84fff490bdcd96bc26e920c8813976869c54.tar.gz |
tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 70a9cf9ccfc4075cc08209191db1bce2c9b432fc)
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/auth_log.py | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py index 6b032a80edc..6233228fe5e 100644 --- a/python/samba/tests/auth_log.py +++ b/python/samba/tests/auth_log.py @@ -33,6 +33,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS from samba import NTSTATUSError from subprocess import call from ldb import LdbError +import re class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): @@ -71,6 +72,20 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): messages = self.waitForMessages(isLastExpectedMessage, x) checkFunction(messages, authTypes, service, binding, protection) + def _assert_ncacn_np_serviceDescription(self, binding, serviceDescription): + # Turn "[foo,bar]" into a list ("foo", "bar") to test + # lambda x: x removes anything that evaluates to False, + # including empty strings, so we handle "" as well + binding_list = filter(lambda x: x, re.compile('[\[,\]]').split(binding)) + + # Handle explicit smb2, smb1 or auto negotiation + if "smb2" in binding_list: + self.assertEquals(serviceDescription, "SMB2") + elif "smb1" in binding_list: + self.assertEquals(serviceDescription, "SMB") + else: + self.assertIn(serviceDescription, ["SMB", "SMB2"]) + def rpc_ncacn_np_ntlm_check(self, messages, authTypes, service, binding, protection): @@ -83,14 +98,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): msg = messages[0] self.assertEquals("Authentication", msg["type"]) self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"]) - self.assertEquals("SMB", - msg["Authentication"]["serviceDescription"]) + self._assert_ncacn_np_serviceDescription(binding, + msg["Authentication"]["serviceDescription"]) self.assertEquals(authTypes[1], msg["Authentication"]["authDescription"]) # Check the second message it should be an Authorization msg = messages[1] self.assertEquals("Authorization", msg["type"]) - self.assertEquals("SMB", + self._assert_ncacn_np_serviceDescription(binding, msg["Authorization"]["serviceDescription"]) self.assertEquals(authTypes[2], msg["Authorization"]["authType"]) self.assertEquals("SMB", msg["Authorization"]["transportProtection"]) @@ -139,12 +154,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): # Check the third message it should be an Authorization msg = messages[2] self.assertEquals("Authorization", msg["type"]) - serviceDescription = "SMB" - print "binding %s" % binding - if binding == "[smb2]": - serviceDescription = "SMB2" - - self.assertEquals(serviceDescription, + self._assert_ncacn_np_serviceDescription(binding, msg["Authorization"]["serviceDescription"]) self.assertEquals(authTypes[3], msg["Authorization"]["authType"]) self.assertEquals("SMB", msg["Authorization"]["transportProtection"]) |