diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-10-11 00:20:16 +0300 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-12 14:33:33 +0000 |
commit | 8a96359977249e8b19f50e5f2fe3f6ad7b7da52f (patch) | |
tree | ab38b275712aa86794983827bcdbc0fc63681fff /python | |
parent | eee1e8b6ac622e22a34ebfb684e70626cdd20fc1 (diff) | |
download | samba-8a96359977249e8b19f50e5f2fe3f6ad7b7da52f.tar.gz |
python/tests/gensec: add spnego downgrade python tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/gensec.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/python/samba/tests/gensec.py b/python/samba/tests/gensec.py index c9056ef9681..47bb6c82a01 100644 --- a/python/samba/tests/gensec.py +++ b/python/samba/tests/gensec.py @@ -47,11 +47,17 @@ class GensecTests(samba.tests.TestCase): def test_info_uninitialized(self): self.assertRaises(RuntimeError, self.gensec.session_info) - def _test_update(self, mech, client_mech=None): + def _test_update(self, mech, client_mech=None, client_only_opt=None): """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC""" """Start up a client and server GENSEC instance to test things with""" + if client_only_opt: + orig_client_opt = self.lp_ctx.get(client_only_opt) + if not orig_client_opt: + orig_client_opt = '' + self.lp_ctx.set(client_only_opt, "yes") + self.gensec_client = gensec.Security.start_client(self.settings) self.gensec_client.set_credentials(self.get_credentials()) self.gensec_client.want_feature(gensec.FEATURE_SEAL) @@ -60,6 +66,9 @@ class GensecTests(samba.tests.TestCase): else: self.gensec_client.start_mech_by_sasl_name(mech) + if client_only_opt: + self.lp_ctx.set(client_only_opt, "no") + self.gensec_server = gensec.Security.start_server(settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) creds = Credentials() @@ -78,11 +87,15 @@ class GensecTests(samba.tests.TestCase): """Run the actual call loop""" while True: if not client_finished: + if client_only_opt: + self.lp_ctx.set(client_only_opt, "yes") print("running client gensec_update") try: (client_finished, client_to_server) = self.gensec_client.update(server_to_client) except samba.NTSTATUSError as nt: raise AssertionError(nt) + if client_only_opt: + self.lp_ctx.set(client_only_opt, "no") if not server_finished: print("running server gensec_update") try: @@ -93,6 +106,9 @@ class GensecTests(samba.tests.TestCase): if client_finished and server_finished: break + if client_only_opt: + self.lp_ctx.set(client_only_opt, orig_client_opt) + self.assertTrue(server_finished) self.assertTrue(client_finished) @@ -121,6 +137,12 @@ class GensecTests(samba.tests.TestCase): def test_update_spnego(self): self._test_update("GSS-SPNEGO") + def test_update_spnego_downgrade(self): + self._test_update("GSS-SPNEGO", "spnego", "gensec:gssapi_krb5") + + def test_update_no_optimistic_spnego(self): + self._test_update("GSS-SPNEGO", "spnego", "spnego:client_no_optimistic") + def test_update_w2k_spnego_client(self): self.lp_ctx.set("spnego:simulate_w2k", "yes") |