sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code

selftest: Add test to confirm NTLM authentication is enabled

Browse Source 
(or later, that it is disabled)

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
This commit is contained in:
Tim Beale 2017-07-04 13:31:11 +12:00 committed by Andrew Bartlett
parent d0d266bbf7
commit c278fa65eb
2 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
python/samba/tests/ntlmauth.py Normal file
View File

@ -0,0 +1,68 @@
# Tests to check basic NTLM authentication
#
# Copyright (C) Catalyst IT Ltd. 2017
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba.tests import TestCase
import os
import samba
from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba import NTSTATUSError, ntstatus
import ctypes
from samba import credentials
from samba.dcerpc import srvsvc
"""
Tests basic NTLM authentication
"""
class NtlmAuthTests(TestCase):
def setUp(self):
super(NtlmAuthTests, self).setUp()
self.lp = self.get_loadparm()
def tearDown(self):
super(NtlmAuthTests, self).tearDown()
def test_ntlm_connection(self):
server = os.getenv("SERVER")
creds = credentials.Credentials()
creds.guess(self.lp)
creds.set_username(os.getenv("USERNAME"))
creds.set_domain(server)
creds.set_password(os.getenv("PASSWORD"))
creds.set_kerberos_state(DONT_USE_KERBEROS)
try:
conn = srvsvc.srvsvc("ncacn_np:%s[smb2,ntlm]" % server, self.lp, creds)
self.assertIsNotNone(conn)
except NTSTATUSError as e:
# NTLM might be blocked on this server
enum = ctypes.c_uint32(e[0]).value
if enum == ntstatus.NT_STATUS_NTLM_BLOCKED:
self.fail("NTLM is disabled on this server")
else:
raise

5
source4/selftest/tests.py
View File

@ -899,6 +899,11 @@ for env in [ "simpleserver", "fileserver", "nt4_dc", "ad_dc", "ad_dc_ntvfs", "ad
extra_path=[os.path.join(srcdir(), 'python/samba/tests')], extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
name="samba.tests.netlogonsvc.python(%s)" % env) name="samba.tests.netlogonsvc.python(%s)" % env)
for env in [ "ktest", "ad_member"]:
planoldpythontestsuite(env, "ntlmauth",
extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
name="samba.tests.ntlmauth.python(%s)" % env)
# Demote the vampire DC, it must be the last test each DC, before the dbcheck # Demote the vampire DC, it must be the last test each DC, before the dbcheck
for env in ['vampire_dc', 'promoted_dc', 'rodc']: for env in ['vampire_dc', 'promoted_dc', 'rodc']:
plantestsuite("samba4.blackbox.samba_tool_demote(%s)" % env, env, [os.path.join(samba4srcdir, "utils/tests/test_demote.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', '$DC_SERVER', '$PREFIX/%s' % env, smbclient4]) plantestsuite("samba4.blackbox.samba_tool_demote(%s)" % env, env, [os.path.join(samba4srcdir, "utils/tests/test_demote.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', '$DC_SERVER', '$PREFIX/%s' % env, smbclient4])