sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 70a9cf9ccfc4075cc08209191db1bce2c9b432fc)
This commit is contained in:
Alexander Bokovoy 2018-07-19 14:07:39 +03:00 committed by Karolin Seeger
parent b1753afa31
commit 373406a18e
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
python/samba/tests/auth_log.py
View File

@ -28,6 +28,7 @@ from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba import NTSTATUSError
from subprocess import call
from ldb import LdbError
import re
class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
@ -65,6 +66,20 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
messages = self.waitForMessages(isLastExpectedMessage, x)
checkFunction(messages, authTypes, service, binding, protection)
def _assert_ncacn_np_serviceDescription(self, binding, serviceDescription):
# Turn "[foo,bar]" into a list ("foo", "bar") to test
# lambda x: x removes anything that evaluates to False,
# including empty strings, so we handle "" as well
binding_list = filter(lambda x: x, re.compile('[\[,\]]').split(binding))
# Handle explicit smb2, smb1 or auto negotiation
if "smb2" in binding_list:
self.assertEquals(serviceDescription, "SMB2")
elif "smb1" in binding_list:
self.assertEquals(serviceDescription, "SMB")
else:
self.assertIn(serviceDescription, ["SMB", "SMB2"])
def rpc_ncacn_np_ntlm_check(self, messages, authTypes, service,
binding, protection):
@ -77,7 +92,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg = messages[0]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals("SMB",
self._assert_ncacn_np_serviceDescription(binding,
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1],
msg["Authentication"]["authDescription"])
@ -85,7 +100,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
# Check the second message it should be an Authorization
msg = messages[1]
self.assertEquals("Authorization", msg["type"])
self.assertEquals("SMB",
self._assert_ncacn_np_serviceDescription(binding,
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[2], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
@ -145,12 +160,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
# Check the third message it should be an Authorization
msg = messages[2]
self.assertEquals("Authorization", msg["type"])
serviceDescription = "SMB"
print("binding %s" % binding)
if binding == "[smb2]":
serviceDescription = "SMB2"
self.assertEquals(serviceDescription,
self._assert_ncacn_np_serviceDescription(binding,
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[3], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])