tests/ntlm_auth: Port ntlm_auth tests to python: ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid

Port ntlm_auth bash script tests to python

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/ntlm_auth.py

@@ -273,3 +273,20 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
         self.assertEquals(lines[0], b"Authenticated: Yes")
         self.assertEquals(lines[1], b".")
         self.assertEquals(lines[2], b"")
+
+        # Check membership failure
+
+        proc = Popen([self.ntlm_auth_path,
+                      "--require-membership-of", self.bad_group_sid,
+                      "--helper-protocol", "ntlm-server-1"],
+                      stdout=PIPE, stdin=PIPE, stderr=PIPE)
+        buf = "\n".join(ntlm_cmds)
+        (out, err) = proc.communicate(input=buf.encode('utf-8'))
+        self.assertEqual(proc.returncode, 0)
+
+        lines = out.split(b"\n")
+
+        self.assertEqual(len(lines), 3)
+        self.assertEquals(lines[0], b"Authenticated: No")
+        self.assertEquals(lines[1], b".")
+        self.assertEquals(lines[2], b"")

source3/script/tests/test_ntlm_auth_s3.sh

@@ -24,42 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
 
 failed=0
 
-test_ntlm_server_1_check_winbind_output_wrong_sid()
-{
-	tmpfile=$PREFIX/ntlm_commands
-
-	# This isn't the correct password
-	cat > $tmpfile <<EOF
-Password: $PASSWORD
-NT-Domain: $DOMAIN
-Username: $USERNAME
-Request-User-Session-Key: Yes
-.
-EOF
-	cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --require-membership-of=$BADSID < $tmpfile 2>&1'
-	eval echo "$cmd"
-	out=`eval $cmd`
-	ret=$?
-	rm -f $tmpfile
-
-	if [ $ret != 0 ] ; then
-		echo "$out"
-		echo "command failed"
-		false
-		return
-	fi
-
-	echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
-
-	if [ $? = 0 ] ; then
-		# failed to authenticate .. success
-		true
-	else
-		echo "incorrectly gave a successful authentication"
-		false
-	fi
-}
-
 test_ntlm_server_1_check_winbind_output_fail()
 {
 	tmpfile=$PREFIX/ntlm_commands
@@ -98,7 +62,6 @@ EOF
 }
 
 # This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
 
 testok $0 $failed