diff options
| author | Stefan Metzmacher <metze@samba.org> | 2018-11-21 11:01:55 +0100 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:41 +0100 |
| commit | a0b230631bcb0fd9b0299aa41711af08cc2594c3 (patch) | |
| tree | 47f47e236fb7c86e49441deae90fb7b5cdb32412 /selftest | |
| parent | 3f535ed1adfe9c7088852a2c6aa56988440ce8fa (diff) | |
| download | samba-a0b230631bcb0fd9b0299aa41711af08cc2594c3.tar.gz | |
py:dcerpc/raw_protocol: add tests to demonstrate how security context multiplexing works
Important things are this:
- It's not required to use the bind time feature negotiation in order
to use it, it's only a hint for the client, but nothing is really
negotiated, unlike the request multiplexing with the
DCERPC_PFC_FLAG_CONC_MPX.
- There's special handling related to AUTH_LEVEL_CONNECT
and requests without auth trailer
- An security context is identified by the unique
tuple of auth_type, auth_level and auth_context_id (all together!),
not just the auth_context_id.
- There's a limit of 2049 explicit authentication contexts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'selftest')
| -rw-r--r-- | selftest/knownfail.d/security_context_multiplexing | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/selftest/knownfail.d/security_context_multiplexing b/selftest/knownfail.d/security_context_multiplexing new file mode 100644 index 00000000000..b5b9658af88 --- /dev/null +++ b/selftest/knownfail.d/security_context_multiplexing @@ -0,0 +1,4 @@ +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_lsa_multi_auth.* +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_multiple_auth_hdr_signing +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_multiple_auth_limit +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_bind_time_sec_ctx_ignore_additional |