ntlm_auth: Add a blackbox test.
authorKai Blin <kai@samba.org>
Mon, 28 Jan 2008 10:28:38 +0000 (11:28 +0100)
committerKai Blin <kai@samba.org>
Wed, 30 Jan 2008 14:26:27 +0000 (15:26 +0100)
(This used to be commit f02b74fc067074d8e48e186a7b7255a244592f7d)

source3/script/tests/test_ntlm_auth_s3.sh [new file with mode: 0755]
source3/script/tests/tests_all.sh
source3/torture/test_ntlm_auth.py [new file with mode: 0755]

diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
new file mode 100755 (executable)
index 0000000..8568da9
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+incdir=`dirname $0`
+. $incdir/test_functions.sh
+
+failed=0
+
+(/usr/bin/env python --version > /dev/null 2&>1)
+
+if $? -ne 0:
+then
+       echo "Python binary not found in path. Skipping ntlm_auth tests."
+       exit 0
+fi
+
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth || failed=`expr $failed + 1`
+# This should work even with NTLMv2
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1`
+
+
+testok $0 $failed
index 259e28e6e7f42c6ae6d2473c67a35fb413a34eac..369cf3ebe3147b68ba803a0c592cfbca08771de4 100755 (executable)
@@ -6,6 +6,7 @@ $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP || failed=`expr $failed + $?`
 echo "Testing encrypted"
 $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP "-e" || failed=`expr $failed + $?`
 $SCRIPTDIR/test_wbinfo_s3.sh $WORKGROUP $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
+$SCRIPTDIR/test_ntlm_auth_s3.sh || failed=`expr $failed + $?`
 
 eval "$LIB_PATH_VAR="\$SAMBA4SHAREDDIR:\$$LIB_PATH_VAR"; export $LIB_PATH_VAR"
 eval echo "$LIB_PATH_VAR=\$$LIB_PATH_VAR"
diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py
new file mode 100755 (executable)
index 0000000..3e7cc05
--- /dev/null
@@ -0,0 +1,212 @@
+#!/usr/bin/env python
+
+# Unix SMB/CIFS implementation.
+# A test for the ntlm_auth tool
+# Copyright (C) Kai Blin <kai@samba.org> 2008
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Test ntlm_auth
+This test program will start ntlm_auth with the given command line switches and
+see if it will get the expected results.
+"""
+
+import os
+import sys
+from optparse import OptionParser
+
+class ReadChildError(Exception):
+       pass
+
+class WriteChildError(Exception):
+       pass
+
+def readLine(pipe):
+       """readLine(pipe) -> str
+       Read a line from the child's pipe, returns the string read.
+       Throws ReadChildError if the read fails.
+       """
+       buf = os.read(pipe, 2047)
+       newline = buf.find('\n')
+       if newline == -1:
+               raise ReadChildError()
+       return buf[:newline]
+
+def writeLine(pipe, buf):
+       """writeLine(pipe, buf) -> nul
+       Write a line to the child's pipe.
+       Raises WriteChildError if the write fails.
+       """
+       written = os.write(pipe, buf)
+       if written != len(buf):
+               raise WriteChildError()
+       os.write(pipe, "\n")
+
+def parseCommandLine():
+       """parseCommandLine() -> (opts, ntlm_auth_path)
+       Parse the command line.
+       Return a tuple consisting of the options and the path to ntlm_auth.
+       """
+       usage = "usage: %prog [options] path/to/ntlm_auth"
+       parser = OptionParser(usage)
+
+       parser.set_defaults(client_username="foo")
+       parser.set_defaults(client_password="secret")
+       parser.set_defaults(client_domain="FOO")
+       parser.set_defaults(client_helper="ntlmssp-client-1")
+
+       parser.set_defaults(server_username="foo")
+       parser.set_defaults(server_password="secret")
+       parser.set_defaults(server_domain="FOO")
+       parser.set_defaults(server_helper="squid-2.5-ntlmssp")
+
+       parser.add_option("--client-username", dest="client_username",\
+                               help="User name for the client. [default: foo]")
+       parser.add_option("--client-password", dest="client_password",\
+                               help="Password the client will send. [default: secret]")
+       parser.add_option("--client-domain", dest="client_domain",\
+                               help="Domain the client authenticates for. [default: FOO]")
+       parser.add_option("--client-helper", dest="client_helper",\
+                               help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
+
+       parser.add_option("--server-username", dest="server_username",\
+                               help="User name server uses for local auth. [default: foo]")
+       parser.add_option("--server-password", dest="server_password",\
+                               help="Password server uses for local auth. [default: secret]")
+       parser.add_option("--server-domain", dest="server_domain",\
+                               help="Domain server uses for local auth. [default: FOO]")
+       parser.add_option("--server-helper", dest="server_helper",\
+                               help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
+
+       (opts, args) = parser.parse_args()
+       if len(args) != 1:
+               parser.error("Invalid number of arguments.")
+
+       if not os.access(args[0], os.X_OK):
+               parser.error("%s is not executable." % args[0])
+
+       return (opts, args[0])
+
+
+def main():
+       """main() -> int
+       Run the test.
+       Returns 0 if test succeeded, <>0 otherwise.
+       """
+       (opts, ntlm_auth_path) = parseCommandLine()
+
+       (client_in_r,  client_in_w)  = os.pipe()
+       (client_out_r, client_out_w) = os.pipe()
+
+       client_pid = os.fork()
+
+       if not client_pid:
+               # We're in the client child
+               os.close(0)
+               os.close(1)
+
+               os.dup2(client_out_r, 0)
+               os.close(client_out_r)
+               os.close(client_out_w)
+
+               os.dup2(client_in_w, 1)
+               os.close(client_in_r)
+               os.close(client_in_w)
+
+               client_args = []
+               client_args.append("--helper-protocol=%s" % opts.client_helper)
+               client_args.append("--username=%s" % opts.client_username)
+               client_args.append("--password=%s" % opts.client_password)
+               client_args.append("--domain=%s" % opts.client_domain)
+
+               os.execv(ntlm_auth_path, client_args)
+
+       client_in = client_in_r
+       os.close(client_in_w)
+
+       client_out = client_out_w
+       os.close(client_out_r)
+
+       (server_in_r,  server_in_w)  = os.pipe()
+       (server_out_r, server_out_w) = os.pipe()
+
+       server_pid = os.fork()
+
+       if not server_pid:
+               # We're in the server child
+               os.close(0)
+               os.close(1)
+
+               os.dup2(server_out_r, 0)
+               os.close(server_out_r)
+               os.close(server_out_w)
+
+               os.dup2(server_in_w, 1)
+               os.close(server_in_r)
+               os.close(server_in_w)
+
+               server_args = []
+               server_args.append("--helper-protocol=%s" % opts.server_helper)
+               server_args.append("--username=%s" % opts.server_username)
+               server_args.append("--password=%s" % opts.server_password)
+               server_args.append("--domain=%s" % opts.server_domain)
+
+               os.execv(ntlm_auth_path, server_args)
+
+       server_in = server_in_r
+       os.close(server_in_w)
+
+       server_out = server_out_w
+       os.close(server_out_r)
+
+       # We're in the parent
+       writeLine(client_out, "YR")
+       buf = readLine(client_in)
+
+       if buf.count("YR ", 0, 3) != 1:
+               sys.exit(1)
+
+       writeLine(server_out, buf)
+       buf = readLine(server_in)
+
+       if buf.count("TT ", 0, 3) != 1:
+               sys.exit(2)
+
+       writeLine(client_out, buf)
+       buf = readLine(client_in)
+
+       if buf.count("AF ", 0, 3) != 1:
+               sys.exit(3)
+
+       # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+       buf = buf.replace("AF", "KK", 1)
+
+       writeLine(server_out, buf)
+       buf = readLine(server_in)
+
+       if buf.count("AF ", 0, 3) != 1:
+               sys.exit(4)
+
+       os.close(server_in)
+       os.close(server_out)
+       os.close(client_in)
+       os.close(client_out)
+       os.waitpid(server_pid, 0)
+       os.waitpid(client_pid, 0)
+       sys.exit(0)
+
+if __name__ == "__main__":
+       main()
+
+