from ldb import LdbError
from samba.dcerpc.windows_event_ids import (
EVT_ID_SUCCESSFUL_LOGON,
- EVT_ID_UNSUCCESSFUL_LOGON
+ EVT_ID_UNSUCCESSFUL_LOGON,
+ EVT_LOGON_NETWORK,
+ EVT_LOGON_INTERACTIVE,
+ EVT_LOGON_NETWORK_CLEAR_TEXT
)
import re
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
self._assert_ncacn_np_serviceDescription(binding,
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1],
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def rpc_ncacn_np_krb5_check(
self,
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
# This this the TCP Authentication in response to the message too big
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the third message it should be an Authorization
msg = messages[2]
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
binding, protection):
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the third message it should be an Authentication
msg = messages[2]
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_ldap_ntlm(self):
self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_ldap_simple_bind(self):
def isLastExpectedMessage(msg):
msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK_CLEAR_TEXT, msg["Authentication"]["logonType"])
def test_ldap_simple_bind_bad_password(self):
def isLastExpectedMessage(msg):
(msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_password("badPassword")
(msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser"))
(msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef"))
msg["Authentication"]["authDescription"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
msg["Authentication"]["authDescription"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb_bad_password(self):
def isLastExpectedMessage(msg):
(msg["Authentication"]["authDescription"] ==
"ENC-TS Pre-authentication") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
creds.set_username("badUser")
msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
msg["Authentication"]["becameAccount"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb2_anonymous(self):
def isLastExpectedMessage(msg):
msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
msg["Authentication"]["becameAccount"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb_no_krb_spnego(self):
def isLastExpectedMessage(msg):
msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb_no_krb_spnego_bad_password(self):
def isLastExpectedMessage(msg):
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb_no_krb_no_spnego_no_ntlmv2_bad_password(self):
def isLastExpectedMessage(msg):
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_SUCCESSFUL_LOGON))
+ EVT_ID_SUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_INTERACTIVE))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_INTERACTIVE))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_INTERACTIVE))
server = os.environ["SERVER"]
user = "badUser"
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_SUCCESSFUL_LOGON))
+ EVT_ID_SUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = "badUser"
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_SUCCESSFUL_LOGON))
+ EVT_ID_SUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_UNSUCCESSFUL_LOGON))
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = "badUser"
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_SUCCESSFUL_LOGON))
+ EVT_ID_SUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]
(msg["Authentication"]["workstation"] ==
r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
- EVT_ID_SUCCESSFUL_LOGON))
+ EVT_ID_SUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
server = os.environ["SERVER"]
user = os.environ["USERNAME"]