search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
docs-xml: "cluster addresses" dns registration
[Samba.git] / python / samba / tests / auth_log_ncalrpc.py
blob1281d28040ef1fd0403c450a97330ffe4fde2835
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 """Tests for the Auth and AuthZ logging.
19 """
20
21 import samba.tests
22 from samba.credentials import DONT_USE_KERBEROS
23 from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
24 from samba.dcerpc import samr
25 import samba.tests.auth_log_base
26 from samba.dcerpc.windows_event_ids import (
27 EVT_ID_SUCCESSFUL_LOGON,
28 EVT_LOGON_NETWORK
29 )
30
31
32 class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
33
34 def setUp(self):
35 super(AuthLogTestsNcalrpc, self).setUp()
36 self.remoteAddress = AS_SYSTEM_MAGIC_PATH_TOKEN
37
38 def tearDown(self):
39 super(AuthLogTestsNcalrpc, self).tearDown()
40
41 def _test_rpc_ncaclrpc(self, authTypes, binding, creds,
42 protection, checkFunction):
43
44 def isLastExpectedMessage(msg):
45 return (
46 msg["type"] == "Authorization" and
47 msg["Authorization"]["serviceDescription"] == "DCE/RPC" and
48 msg["Authorization"]["authType"] == authTypes[0] and
49 msg["Authorization"]["transportProtection"] == protection)
50
51 if binding:
52 binding = "[%s]" % binding
53
54 samr.samr("ncalrpc:%s" % binding, self.get_loadparm(), creds)
55 messages = self.waitForMessages(isLastExpectedMessage)
56 checkFunction(messages, authTypes, protection)
57
58 def rpc_ncacn_np_ntlm_check(self, messages, authTypes, protection):
59
60 expected_messages = len(authTypes)
61 self.assertEquals(expected_messages,
62 len(messages),
63 "Did not receive the expected number of messages")
64
65 # Check the first message it should be an Authorization
66 msg = messages[0]
67 self.assertEquals("Authorization", msg["type"])
68 self.assertEquals("DCE/RPC",
69 msg["Authorization"]["serviceDescription"])
70 self.assertEquals(authTypes[1], msg["Authorization"]["authType"])
71 self.assertEquals("NONE", msg["Authorization"]["transportProtection"])
72 self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
73
74 # Check the second message it should be an Authentication
75 msg = messages[1]
76 self.assertEquals("Authentication", msg["type"])
77 self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
78 self.assertEquals("DCE/RPC",
79 msg["Authentication"]["serviceDescription"])
80 self.assertEquals(authTypes[2],
81 msg["Authentication"]["authDescription"])
82 self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
83 msg["Authentication"]["eventId"])
84 self.assertEquals(EVT_LOGON_NETWORK,
85 msg["Authentication"]["logonType"])
86
87 def test_ncalrpc_ntlm_dns_sign(self):
88
89 creds = self.insta_creds(template=self.get_credentials(),
90 kerberos_state=DONT_USE_KERBEROS)
91 self._test_rpc_ncaclrpc(["NTLMSSP",
92 "ncalrpc",
93 "NTLMSSP"],
94 "", creds, "SIGN",
95 self.rpc_ncacn_np_ntlm_check)
96
97 def test_ncalrpc_ntlm_dns_seal(self):
98
99 creds = self.insta_creds(template=self.get_credentials(),
100 kerberos_state=DONT_USE_KERBEROS)
101 self._test_rpc_ncaclrpc(["NTLMSSP",
102 "ncalrpc",
103 "NTLMSSP"],
104 "seal", creds, "SEAL",
105 self.rpc_ncacn_np_ntlm_check)
Samba GIT mirror