diff options
author | Tim Beale <timbeale@catalyst.net.nz> | 2019-01-16 13:34:29 +1300 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-17 04:47:56 +0100 |
commit | a67b711ebcc8c88f37a09e8bbdbc97e412d76911 (patch) | |
tree | 2ac7dbfd5348fe23834a84c2b17d8654c1f29a91 /python | |
parent | 914e9d359010361c7fcaae8f17ef6404d5c18805 (diff) | |
download | samba-a67b711ebcc8c88f37a09e8bbdbc97e412d76911.tar.gz |
tests: Switchover auth_log from s4 SMB client bindings to s4
The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
however, we can set these in the loadparm instead, which will get the
SMB client code to do what we want. Instead of passing in boolean
parameters, we need to use yes/no strings that the lp will accept.
(We always set these values because the underlying lp context is
actually global, and setting a value is 'sticky' and will persist
across test cases. These conf settings are only used by the SMB client
code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
an SMBv1 connection. The s4 bindings only ever supported SMBv1
connections, so this is the same behaviour. The other test cases will
now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
cases are explicitly checking for bare-NTLM (with the s3 bindings, it
now ends up as NTLMSSP by default).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/auth_log.py | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py index e0738770f9f..daf088f2f32 100644 --- a/python/samba/tests/auth_log.py +++ b/python/samba/tests/auth_log.py @@ -21,7 +21,8 @@ from __future__ import print_function import samba.tests from samba.dcerpc import srvsvc, dnsserver import os -from samba import smb +from samba.samba3 import libsmb_samba_internal as libsmb +from samba.samba3 import param as s3param from samba.samdb import SamDB import samba.tests.auth_log_base from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS @@ -47,10 +48,19 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): def tearDown(self): super(AuthLogTests, self).tearDown() - def smb_connection(self, creds, use_spnego=True, ntlmv2_auth=True): + def smb_connection(self, creds, use_spnego="yes", ntlmv2_auth="yes", + force_smb1=False): + # the SMB bindings rely on having a s3 loadparm lp = self.get_loadparm() - return smb.SMB(self.server, "sysvol", lp=lp, creds=creds, - use_spnego=use_spnego, ntlmv2_auth=ntlmv2_auth) + s3_lp = s3param.get_context() + s3_lp.load(lp.configfile) + + # Allow the testcase to skip SPNEGO or use NTLMv1 + s3_lp.set("client use spnego", use_spnego) + s3_lp.set("client ntlmv2 auth", ntlmv2_auth) + + return libsmb.Conn(self.server, "sysvol", lp=s3_lp, creds=creds, + force_smb1=force_smb1) def _test_rpc_ncacn_np(self, authTypes, creds, service, binding, protection, checkFunction): @@ -1003,8 +1013,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): creds = self.insta_creds(template=self.get_credentials(), kerberos_state=DONT_USE_KERBEROS) self.smb_connection(creds, - ntlmv2_auth=False, - use_spnego=False) + force_smb1=True, + ntlmv2_auth="no", + use_spnego="no") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(2, @@ -1045,8 +1056,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): thrown = False try: self.smb_connection(creds, - ntlmv2_auth=False, - use_spnego=False) + force_smb1=True, + ntlmv2_auth="no", + use_spnego="no") except NTSTATUSError: thrown = True self.assertEquals(thrown, True) @@ -1076,8 +1088,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): thrown = False try: self.smb_connection(creds, - ntlmv2_auth=False, - use_spnego=False) + force_smb1=True, + ntlmv2_auth="no", + use_spnego="no") except NTSTATUSError: thrown = True self.assertEquals(thrown, True) |