tests/ntlm_auth: Port ntlm_auth tests to python: ntlm_auth ntlm-server-1 with incorre...
authorSamuel Cabrero <scabrero@suse.de>
Fri, 31 Aug 2018 17:06:18 +0000 (19:06 +0200)
committerNoel Power <npower@samba.org>
Wed, 19 Dec 2018 11:42:13 +0000 (12:42 +0100)
Port ntlm_auth bash script tests to python

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/ntlm_auth.py
source3/script/tests/test_ntlm_auth_s3.sh

index 1b407021dd9866be1a483871ae120d7fc454e97b..ff8310d08d4dbf4e75684c355daa2af2d3c04beb 100644 (file)
@@ -233,3 +233,18 @@ class NTLMAuthHelpersTests(NTLMAuthTestCase):
             lines[1], b"User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4")
         self.assertEquals(lines[2], b".")
         self.assertEquals(lines[3], b"")
             lines[1], b"User-Session-Key: 3F373EA8E4AF954F14FAA506F8EEBDC4")
         self.assertEquals(lines[2], b".")
         self.assertEquals(lines[3], b"")
+
+        # Break the password with a leading A on the challenge
+        ntlm_cmds[0] = "LANMAN-Challenge: A123456789abcdef"
+
+        proc = Popen([self.ntlm_auth_path,
+                      "--password", "SecREt01",
+                      "--helper-protocol", "ntlm-server-1"],
+                      stdout=PIPE, stdin=PIPE, stderr=PIPE)
+        buf = "\n".join(ntlm_cmds)
+        (out, err) = proc.communicate(input=buf.encode('utf-8'))
+        self.assertEqual(proc.returncode, 0)
+
+        lines = out.split(b"\n")
+        self.assertEqual(len(lines), 5)
+        self.assertEquals(lines[0], b"Authenticated: No")
index 82aebfef39c6d9b5165eb1b1ff54dcf6f706a2db..b41368c4e3b8e64cb0d6e346c58dcf1df26f90fd 100755 (executable)
@@ -24,43 +24,6 @@ BADSID=`eval $BINDIR/wbinfo -n $USERNAME | cut -d ' ' -f1 | sed 's/..$//'`
 
 failed=0
 
 
 failed=0
 
-test_ntlm_server_1_check_output_fail()
-{
-       tmpfile=$PREFIX/ntlm_commands
-
-       # Break the password with a leading A on the challenge
-       cat > $tmpfile <<EOF
-LANMAN-Challenge: A123456789abcdef
-NT-Response: 25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6
-NT-Domain: TEST
-Username: testuser
-Request-User-Session-Key: Yes
-.
-EOF
-       cmd='$NTLM_AUTH "$@" --helper-protocol=ntlm-server-1 --password=SecREt01 < $tmpfile 2>&1'
-       eval echo "$cmd"
-       out=`eval $cmd`
-       ret=$?
-       rm -f $tmpfile
-
-       if [ $ret != 0 ] ; then
-               echo "$out"
-               echo "command failed"
-               false
-               return
-       fi
-
-       echo "$out" | grep "Authenticated: No" >/dev/null 2>&1
-
-       if [ $? = 0 ] ; then
-               # failed to authenticate .. success
-               true
-       else
-               echo "incorrectly gave a successful authentication"
-               false
-       fi
-}
-
 test_ntlm_server_1_check_winbind_output()
 {
        tmpfile=$PREFIX/ntlm_commands
 test_ntlm_server_1_check_winbind_output()
 {
        tmpfile=$PREFIX/ntlm_commands
@@ -171,7 +134,6 @@ EOF
 }
 
 # This should work even with NTLMv2
 }
 
 # This should work even with NTLMv2
-testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with plaintext password against winbind but wrong sid" test_ntlm_server_1_check_winbind_output_wrong_sid || failed=`expr $failed + 1`
 testit "ntlm_auth ntlm-server-1 with incorrect fixed password against winbind" test_ntlm_server_1_check_winbind_output_fail || failed=`expr $failed + 1`