search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drsuapi.idl: fix source_dsa spelling
[samba4-gss.git] / python / samba / tests / auth_log_ncalrpc.py
blobc671556afe20de95bcfdd5e68ecb9991069e2617
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 """Tests for the Auth and AuthZ logging.
19 """
20
21 import samba.tests
22 from samba.credentials import DONT_USE_KERBEROS
23 from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
24 from samba.dcerpc import samr
25 import samba.tests.auth_log_base
26 from samba.dcerpc.windows_event_ids import (
27 EVT_ID_SUCCESSFUL_LOGON,
28 EVT_LOGON_NETWORK
29 )
30
31
32 class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
33
34 def setUp(self):
35 super().setUp()
36 self.remoteAddress = AS_SYSTEM_MAGIC_PATH_TOKEN
37
38 def _test_rpc_ncaclrpc(self, authTypes, binding, creds,
39 protection, checkFunction):
40
41 def isLastExpectedMessage(msg):
42 return (
43 msg["type"] == "Authorization" and
44 msg["Authorization"]["serviceDescription"] == "DCE/RPC" and
45 msg["Authorization"]["authType"] == authTypes[0] and
46 msg["Authorization"]["transportProtection"] == protection)
47
48 if binding:
49 binding = "[%s]" % binding
50
51 samr.samr("ncalrpc:%s" % binding, self.get_loadparm(), creds)
52 messages = self.waitForMessages(isLastExpectedMessage)
53 checkFunction(messages, authTypes, protection)
54
55 def rpc_ncacn_np_ntlm_check(self, messages, authTypes, protection):
56
57 expected_messages = len(authTypes)
58 self.assertEqual(expected_messages,
59 len(messages),
60 "Did not receive the expected number of messages")
61
62 # Check the first message it should be an Authorization
63 msg = messages[0]
64 self.assertEqual("Authorization", msg["type"])
65 self.assertEqual("DCE/RPC",
66 msg["Authorization"]["serviceDescription"])
67 self.assertEqual(authTypes[1], msg["Authorization"]["authType"])
68 self.assertEqual("NONE", msg["Authorization"]["transportProtection"])
69 self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
70
71 # Check the second message it should be an Authentication
72 msg = messages[1]
73 self.assertEqual("Authentication", msg["type"])
74 self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
75 self.assertEqual("DCE/RPC",
76 msg["Authentication"]["serviceDescription"])
77 self.assertEqual(authTypes[2],
78 msg["Authentication"]["authDescription"])
79 self.assertEqual(EVT_ID_SUCCESSFUL_LOGON,
80 msg["Authentication"]["eventId"])
81 self.assertEqual(EVT_LOGON_NETWORK,
82 msg["Authentication"]["logonType"])
83
84 def test_ncalrpc_ntlm_dns_sign(self):
85
86 creds = self.insta_creds(template=self.get_credentials(),
87 kerberos_state=DONT_USE_KERBEROS)
88 self._test_rpc_ncaclrpc(["NTLMSSP",
89 "ncalrpc",
90 "NTLMSSP"],
91 "", creds, "SIGN",
92 self.rpc_ncacn_np_ntlm_check)
93
94 def test_ncalrpc_ntlm_dns_seal(self):
95
96 creds = self.insta_creds(template=self.get_credentials(),
97 kerberos_state=DONT_USE_KERBEROS)
98 self._test_rpc_ncaclrpc(["NTLMSSP",
99 "ncalrpc",
100 "NTLMSSP"],
101 "seal", creds, "SEAL",
102 self.rpc_ncacn_np_ntlm_check)
GSS-enabled samba4