py:dcerpc/raw_testcase: prepare do_generic_bind() for raw NTLMSSP and Kerberos authen...
authorStefan Metzmacher <metze@samba.org>
Tue, 20 Nov 2018 14:15:04 +0000 (15:15 +0100)
committerJeremy Allison <jra@samba.org>
Sun, 23 Dec 2018 17:15:21 +0000 (18:15 +0100)
They just use 3 legs (messages) for the authentication, while SPNEGO
uses 2 or 4 messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
python/samba/tests/dcerpc/raw_testcase.py

index f38c8d3..8d213e5 100644 (file)
@@ -133,12 +133,20 @@ class RawDCERPCTest(TestCase):
         g.want_feature(gensec.FEATURE_DCE_STYLE)
         g.start_mech_by_authtype(auth_type, g_auth_level)
 
+        if auth_type == dcerpc.DCERPC_AUTH_TYPE_KRB5:
+            expect_3legs = True
+        elif auth_type == dcerpc.DCERPC_AUTH_TYPE_NTLMSSP:
+            expect_3legs = True
+        else:
+            expect_3legs = False
+
         auth_context = {}
         auth_context["auth_type"] = auth_type
         auth_context["auth_level"] = auth_level
         auth_context["auth_context_id"] = auth_context_id
         auth_context["g_auth_level"] = g_auth_level
         auth_context["gensec"] = g
+        auth_context["expect_3legs"] = expect_3legs
 
         return auth_context
 
@@ -150,6 +158,8 @@ class RawDCERPCTest(TestCase):
         ctx_list = [ctx]
 
         if auth_context is not None:
+            expect_3legs = auth_context["expect_3legs"]
+
             from_server = b""
             (finished, to_server) = auth_context["gensec"].update(from_server)
             self.assertFalse(finished)
@@ -215,7 +225,10 @@ class RawDCERPCTest(TestCase):
 
         from_server = a.credentials
         (finished, to_server) = auth_context["gensec"].update(from_server)
-        self.assertFalse(finished)
+        if expect_3legs:
+            self.assertTrue(finished)
+        else:
+            self.assertFalse(finished)
 
         auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
                                        auth_level=auth_context["auth_level"],
@@ -253,12 +266,18 @@ class RawDCERPCTest(TestCase):
         self.assertEquals(rep.u.ctx_list[0].reason,
                           samba.dcerpc.dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ctx.transfer_syntaxes[0])
-        self.assertNotEquals(rep.auth_length, 0)
-        self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
+        if finished:
+            self.assertEquals(rep.auth_length, 0)
+        else:
+            self.assertNotEquals(rep.auth_length, 0)
+        self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
         self.assertEquals(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
 
         a = self.parse_auth(rep.u.auth_info, auth_context=auth_context)
 
+        if finished:
+            return ack
+
         from_server = a.credentials
         (finished, to_server) = auth_context["gensec"].update(from_server)
         self.assertTrue(finished)