search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-selftest: Verify GK and GF flag behaviour
[Samba/bjacke.git] / source3 / torture / test_ntlm_auth.py
blobbe725485a0ce4762cd11d91e8ca8cf2e0846644e
1 #!/usr/bin/env python
2
3 # Unix SMB/CIFS implementation.
4 # A test for the ntlm_auth tool
5 # Copyright (C) Kai Blin <kai@samba.org> 2008
6 #
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #
20 """Test ntlm_auth
21 This test program will start ntlm_auth with the given command line switches and
22 see if it will get the expected results.
23 """
24
25 import os
26 import sys
27 from optparse import OptionParser
28
29 class ReadChildError(Exception):
30 pass
31
32 class WriteChildError(Exception):
33 pass
34
35 def readLine(pipe):
36 """readLine(pipe) -> str
37 Read a line from the child's pipe, returns the string read.
38 Throws ReadChildError if the read fails.
39 """
40 buf = os.read(pipe, 2047)
41 newline = buf.find('\n')
42 if newline == -1:
43 raise ReadChildError()
44 return buf[:newline]
45
46 def writeLine(pipe, buf):
47 """writeLine(pipe, buf) -> nul
48 Write a line to the child's pipe.
49 Raises WriteChildError if the write fails.
50 """
51 written = os.write(pipe, buf)
52 if written != len(buf):
53 raise WriteChildError()
54 os.write(pipe, "\n")
55
56 def parseCommandLine():
57 """parseCommandLine() -> (opts, ntlm_auth_path)
58 Parse the command line.
59 Return a tuple consisting of the options and the path to ntlm_auth.
60 """
61 usage = "usage: %prog [options] path/to/ntlm_auth"
62 parser = OptionParser(usage)
63
64 parser.set_defaults(client_username="foo")
65 parser.set_defaults(client_password="secret")
66 parser.set_defaults(client_domain="FOO")
67 parser.set_defaults(client_helper="ntlmssp-client-1")
68
69 parser.set_defaults(server_username="foo")
70 parser.set_defaults(server_password="secret")
71 parser.set_defaults(server_domain="FOO")
72 parser.set_defaults(server_helper="squid-2.5-ntlmssp")
73 parser.set_defaults(config_file="/etc/samba/smb.conf")
74
75 parser.add_option("--client-username", dest="client_username",\
76 help="User name for the client. [default: foo]")
77 parser.add_option("--client-password", dest="client_password",\
78 help="Password the client will send. [default: secret]")
79 parser.add_option("--client-domain", dest="client_domain",\
80 help="Domain the client authenticates for. [default: FOO]")
81 parser.add_option("--client-helper", dest="client_helper",\
82 help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
83
84 parser.add_option("--server-username", dest="server_username",\
85 help="User name server uses for local auth. [default: foo]")
86 parser.add_option("--server-password", dest="server_password",\
87 help="Password server uses for local auth. [default: secret]")
88 parser.add_option("--server-domain", dest="server_domain",\
89 help="Domain server uses for local auth. [default: FOO]")
90 parser.add_option("--server-helper", dest="server_helper",\
91 help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
92 parser.add_option("--server-use-winbindd", dest="server_use_winbindd",\
93 help="Use winbindd to check the password (rather than default username/pw)", action="store_true")
94
95
96 parser.add_option("-s", "--configfile", dest="config_file",\
97 help="Path to smb.conf file. [default:/etc/samba/smb.conf")
98
99 (opts, args) = parser.parse_args()
100 if len(args) != 1:
101 parser.error("Invalid number of arguments.")
102
103 if not os.access(args[0], os.X_OK):
104 parser.error("%s is not executable." % args[0])
105
106 return (opts, args[0])
107
108
109 def main():
110 """main() -> int
111 Run the test.
112 Returns 0 if test succeeded, <>0 otherwise.
113 """
114 (opts, ntlm_auth_path) = parseCommandLine()
115
116 (client_in_r, client_in_w) = os.pipe()
117 (client_out_r, client_out_w) = os.pipe()
118
119 client_pid = os.fork()
120
121 if not client_pid:
122 # We're in the client child
123 os.close(0)
124 os.close(1)
125
126 os.dup2(client_out_r, 0)
127 os.close(client_out_r)
128 os.close(client_out_w)
129
130 os.dup2(client_in_w, 1)
131 os.close(client_in_r)
132 os.close(client_in_w)
133
134 client_args = []
135 client_args.append("--helper-protocol=%s" % opts.client_helper)
136 client_args.append("--username=%s" % opts.client_username)
137 client_args.append("--password=%s" % opts.client_password)
138 client_args.append("--domain=%s" % opts.client_domain)
139 client_args.append("--configfile=%s" % opts.config_file)
140
141 os.execv(ntlm_auth_path, client_args)
142
143 client_in = client_in_r
144 os.close(client_in_w)
145
146 client_out = client_out_w
147 os.close(client_out_r)
148
149 (server_in_r, server_in_w) = os.pipe()
150 (server_out_r, server_out_w) = os.pipe()
151
152 server_pid = os.fork()
153
154 if not server_pid:
155 # We're in the server child
156 os.close(0)
157 os.close(1)
158
159 os.dup2(server_out_r, 0)
160 os.close(server_out_r)
161 os.close(server_out_w)
162
163 os.dup2(server_in_w, 1)
164 os.close(server_in_r)
165 os.close(server_in_w)
166
167 server_args = []
168 server_args.append("--helper-protocol=%s" % opts.server_helper)
169 if not opts.server_use_winbindd:
170 server_args.append("--username=%s" % opts.server_username)
171 server_args.append("--password=%s" % opts.server_password)
172 server_args.append("--domain=%s" % opts.server_domain)
173
174 server_args.append("--configfile=%s" % opts.config_file)
175
176 os.execv(ntlm_auth_path, server_args)
177
178 server_in = server_in_r
179 os.close(server_in_w)
180
181 server_out = server_out_w
182 os.close(server_out_r)
183
184 # We're in the parent
185 writeLine(client_out, "YR")
186 buf = readLine(client_in)
187
188 if buf.count("YR ", 0, 3) != 1:
189 sys.exit(1)
190
191 writeLine(server_out, buf)
192 buf = readLine(server_in)
193
194 if buf.count("TT ", 0, 3) != 1:
195 sys.exit(2)
196
197 writeLine(client_out, buf)
198 buf = readLine(client_in)
199
200 if buf.count("AF ", 0, 3) != 1:
201 sys.exit(3)
202
203 # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
204 buf = buf.replace("AF", "KK", 1)
205
206 writeLine(server_out, buf)
207 buf = readLine(server_in)
208
209 if buf.count("AF ", 0, 3) != 1:
210 sys.exit(4)
211
212 if opts.client_helper == "ntlmssp-client-1":
213 writeLine(client_out, "GK")
214 buf = readLine(client_in)
215
216 if buf.count("GK ", 0, 3) != 1:
217 sys.exit(4)
218
219 writeLine(client_out, "GF")
220 buf = readLine(client_in)
221
222 if buf.count("GF ", 0, 3) != 1:
223 sys.exit(4)
224
225 if opts.server_helper == "squid-2.5-ntlmssp":
226 writeLine(server_out, "GK")
227 buf = readLine(server_in)
228
229 if buf.count("GK ", 0, 3) != 1:
230 sys.exit(4)
231
232 writeLine(server_out, "GF")
233 buf = readLine(server_in)
234
235 if buf.count("GF ", 0, 3) != 1:
236 sys.exit(4)
237
238 os.close(server_in)
239 os.close(server_out)
240 os.close(client_in)
241 os.close(client_out)
242 os.waitpid(server_pid, 0)
243 os.waitpid(client_pid, 0)
244 sys.exit(0)
245
246 if __name__ == "__main__":
247 main()
248
249
stuff from bjacke