python/samba/tests/net_join_no_spnego.py

   1 # Unix SMB/CIFS implementation.
   2 #
   3 # Copyright (C) Catalyst.Net Ltd. 2017
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 """
  20 Detect null pointer exception in /source3/smbd/sessetup.c
  21 """
  22
  23 import samba.tests
  24 import os
  25 from samba.net import Net, LIBNET_JOIN_AUTOMATIC
  26 from samba.credentials import DONT_USE_KERBEROS
  27 from samba import NTSTATUSError, ntstatus
  28 import ctypes
  29
  30
  31 class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir):
  32
  33     def setUp(self):
  34         super().setUp()
  35         self.domain = os.environ["DOMAIN"]
  36         self.server = os.environ["SERVER"]
  37         self.lp = self.get_loadparm()
  38         self.lp.set("private dir", self.tempdir)
  39         self.lp.set("lock dir", self.tempdir)
  40         self.lp.set("state directory", self.tempdir)
  41
  42     def test_net_join_no_spnego(self):
  43         self.lp.set("client ipc max protocol", "NT1")
  44         self.lp.set("client use spnego", "no")
  45         netbios_name = "NetJoinNoSpnego"
  46         machinepass  = "abcdefghij"
  47         creds = self.insta_creds(template=self.get_credentials(),
  48                                  kerberos_state=DONT_USE_KERBEROS)
  49
  50         net = Net(creds, self.lp, server=self.server)
  51
  52         try:
  53             (join_password, sid, domain_name) = net.join_member(
  54                 self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
  55                 machinepass=machinepass)
  56         except NTSTATUSError as e:
  57             code = ctypes.c_uint32(e.args[0]).value
  58             if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
  59                 self.fail("Connection failure")
  60             elif code == ntstatus.NT_STATUS_ACCESS_DENIED:
  61                 return
  62             else:
  63                 raise
  64         self.fail("Should have rejected NTLMv2 without SPNEGO")
  65
  66     def test_net_join_no_spnego_ntlmv1(self):
  67         self.lp.set("client ipc max protocol", "NT1")
  68         self.lp.set("client use spnego", "no")
  69         self.lp.set("client ntlmv2 auth", "no")
  70         netbios_name = "NetJoinNoSpnego"
  71         machinepass  = "abcdefghij"
  72         creds = self.insta_creds(template=self.get_credentials(),
  73                                  kerberos_state=DONT_USE_KERBEROS)
  74
  75         net = Net(creds, self.lp, server=self.server)
  76
  77         # NOTE WELL: We must not run more than one successful
  78         # net.join_member per file (process), as the shared
  79         # secrets.ldb handle will be kept between runs.
  80         try:
  81             (join_password, sid, domain_name) = net.join_member(
  82                 self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
  83                 machinepass=machinepass)
  84         except NTSTATUSError as e:
  85             code = ctypes.c_uint32(e.args[0]).value
  86             if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
  87                 self.fail("Connection failure")
  88             raise
  89         os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
  90         pass