python/samba/tests/net_join_no_spnego.py

   1 # Unix SMB/CIFS implementation.
   2 #
   3 # Copyright (C) Catalyst.Net Ltd. 2017
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 """
  20 Detect null pointer exception in /source3/smbd/sessetup.c
  21 """
  22
  23 import samba.tests
  24 import os
  25 from samba.net import Net, LIBNET_JOIN_AUTOMATIC
  26 from samba.credentials import DONT_USE_KERBEROS
  27 from samba import NTSTATUSError, ntstatus
  28 import ctypes
  29
  30
  31 class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir):
  32
  33     def setUp(self):
  34         super(NetJoinNoSpnegoTests, self).setUp()
  35         self.domain = os.environ["DOMAIN"]
  36         self.server = os.environ["SERVER"]
  37         self.lp = self.get_loadparm()
  38         self.lp.set("private dir", self.tempdir)
  39         self.lp.set("lock dir", self.tempdir)
  40         self.lp.set("state directory", self.tempdir)
  41
  42     def tearDown(self):
  43         super(NetJoinNoSpnegoTests, self).tearDown()
  44
  45     def test_net_join_no_spnego(self):
  46         self.lp.set("client ipc max protocol", "NT1")
  47         self.lp.set("client use spnego", "no")
  48         netbios_name = "NetJoinNoSpnego"
  49         machinepass  = "abcdefghij"
  50         creds = self.insta_creds(template=self.get_credentials(),
  51                                  kerberos_state=DONT_USE_KERBEROS)
  52
  53         net = Net(creds, self.lp, server=self.server)
  54
  55         try:
  56             (join_password, sid, domain_name) = net.join_member(
  57                 self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
  58                 machinepass=machinepass)
  59         except NTSTATUSError as e:
  60             code = ctypes.c_uint32(e.args[0]).value
  61             if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
  62                 self.fail("Connection failure")
  63             elif code == ntstatus.NT_STATUS_ACCESS_DENIED:
  64                 return
  65             else:
  66                 raise
  67         self.fail("Shoud have rejected NTLMv2 without SPNEGO")
  68
  69     def test_net_join_no_spnego_ntlmv1(self):
  70         self.lp.set("client ipc max protocol", "NT1")
  71         self.lp.set("client use spnego", "no")
  72         self.lp.set("client ntlmv2 auth", "no")
  73         netbios_name = "NetJoinNoSpnego"
  74         machinepass  = "abcdefghij"
  75         creds = self.insta_creds(template=self.get_credentials(),
  76                                  kerberos_state=DONT_USE_KERBEROS)
  77
  78         net = Net(creds, self.lp, server=self.server)
  79
  80         # NOTE WELL: We must not run more than one successful
  81         # net.join_member per file (process), as the shared
  82         # secrets.ldb handle will be kept between runs.
  83         try:
  84             (join_password, sid, domain_name) = net.join_member(
  85                 self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
  86                 machinepass=machinepass)
  87         except NTSTATUSError as e:
  88             code = ctypes.c_uint32(e.args[0]).value
  89             if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
  90                 self.fail("Connection failure")
  91             raise
  92         os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
  93         pass