sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

py:dcerpc/raw_testcase: prepare do_generic_bind() for raw NTLMSSP and Kerberos authentication

Browse Source 
They just use 3 legs (messages) for the authentication, while SPNEGO
uses 2 or 4 messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2018-11-20 15:15:04 +01:00 committed by Jeremy Allison
parent 3924924e61
commit 68e5dbe784
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
python/samba/tests/dcerpc/raw_testcase.py
View File

@ -133,12 +133,20 @@ class RawDCERPCTest(TestCase):
g.want_feature(gensec.FEATURE_DCE_STYLE)
g.start_mech_by_authtype(auth_type, g_auth_level)
if auth_type == dcerpc.DCERPC_AUTH_TYPE_KRB5:
expect_3legs = True
elif auth_type == dcerpc.DCERPC_AUTH_TYPE_NTLMSSP:
expect_3legs = True
else:
expect_3legs = False
auth_context = {}
auth_context["auth_type"] = auth_type
auth_context["auth_level"] = auth_level
auth_context["auth_context_id"] = auth_context_id
auth_context["g_auth_level"] = g_auth_level
auth_context["gensec"] = g
auth_context["expect_3legs"] = expect_3legs
return auth_context
@ -150,6 +158,8 @@ class RawDCERPCTest(TestCase):
ctx_list = [ctx]
if auth_context is not None:
expect_3legs = auth_context["expect_3legs"]
from_server = b""
(finished, to_server) = auth_context["gensec"].update(from_server)
self.assertFalse(finished)
@ -215,7 +225,10 @@ class RawDCERPCTest(TestCase):
from_server = a.credentials
(finished, to_server) = auth_context["gensec"].update(from_server)
self.assertFalse(finished)
if expect_3legs:
self.assertTrue(finished)
else:
self.assertFalse(finished)
auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
auth_level=auth_context["auth_level"],
@ -253,12 +266,18 @@ class RawDCERPCTest(TestCase):
self.assertEquals(rep.u.ctx_list[0].reason,
samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ctx.transfer_syntaxes[0])
self.assertNotEquals(rep.auth_length, 0)
self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
if finished:
self.assertEquals(rep.auth_length, 0)
else:
self.assertNotEquals(rep.auth_length, 0)
self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
self.assertEquals(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
a = self.parse_auth(rep.u.auth_info, auth_context=auth_context)
if finished:
return ack
from_server = a.credentials
(finished, to_server) = auth_context["gensec"].update(from_server)
self.assertTrue(finished)