From c278fa65ebe18063a09bb1f2af5e39459f9f2a7d Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 4 Jul 2017 13:31:11 +1200 Subject: [PATCH] selftest: Add test to confirm NTLM authentication is enabled (or later, that it is disabled) Signed-off-by: Tim Beale Reviewed-by: Garming Sam Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 --- python/samba/tests/ntlmauth.py | 68 ++++++++++++++++++++++++++++++++++ source4/selftest/tests.py | 5 +++ 2 files changed, 73 insertions(+) create mode 100644 python/samba/tests/ntlmauth.py diff --git a/python/samba/tests/ntlmauth.py b/python/samba/tests/ntlmauth.py new file mode 100644 index 00000000000..8db1ad09274 --- /dev/null +++ b/python/samba/tests/ntlmauth.py @@ -0,0 +1,68 @@ +# Tests to check basic NTLM authentication +# +# Copyright (C) Catalyst IT Ltd. 2017 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +from samba.tests import TestCase +import os + +import samba +from samba.credentials import Credentials, DONT_USE_KERBEROS + +from samba import NTSTATUSError, ntstatus +import ctypes + +from samba import credentials +from samba.dcerpc import srvsvc + +""" +Tests basic NTLM authentication +""" + +class NtlmAuthTests(TestCase): + + def setUp(self): + super(NtlmAuthTests, self).setUp() + + self.lp = self.get_loadparm() + + + + def tearDown(self): + super(NtlmAuthTests, self).tearDown() + + def test_ntlm_connection(self): + server = os.getenv("SERVER") + + creds = credentials.Credentials() + creds.guess(self.lp) + creds.set_username(os.getenv("USERNAME")) + creds.set_domain(server) + creds.set_password(os.getenv("PASSWORD")) + creds.set_kerberos_state(DONT_USE_KERBEROS) + + try: + conn = srvsvc.srvsvc("ncacn_np:%s[smb2,ntlm]" % server, self.lp, creds) + + self.assertIsNotNone(conn) + except NTSTATUSError as e: + # NTLM might be blocked on this server + enum = ctypes.c_uint32(e[0]).value + if enum == ntstatus.NT_STATUS_NTLM_BLOCKED: + self.fail("NTLM is disabled on this server") + else: + raise + + diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index a67a087227c..4e0642f6b8a 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -899,6 +899,11 @@ for env in [ "simpleserver", "fileserver", "nt4_dc", "ad_dc", "ad_dc_ntvfs", "ad extra_path=[os.path.join(srcdir(), 'python/samba/tests')], name="samba.tests.netlogonsvc.python(%s)" % env) +for env in [ "ktest", "ad_member"]: + planoldpythontestsuite(env, "ntlmauth", + extra_path=[os.path.join(srcdir(), 'python/samba/tests')], + name="samba.tests.ntlmauth.python(%s)" % env) + # Demote the vampire DC, it must be the last test each DC, before the dbcheck for env in ['vampire_dc', 'promoted_dc', 'rodc']: plantestsuite("samba4.blackbox.samba_tool_demote(%s)" % env, env, [os.path.join(samba4srcdir, "utils/tests/test_demote.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', '$DC_SERVER', '$PREFIX/%s' % env, smbclient4]) -- 2.34.1