(out, err) = proc.communicate(input=creds.encode('utf-8'))
self.assertEqual(proc.returncode, 0)
self.assertTrue(out.startswith(b"OK\n"))
+
+ # Check membership failure
+ proc = Popen([self.ntlm_auth_path,
+ "--require-membership-of", self.bad_group_sid,
+ "--helper-protocol", "squid-2.5-basic"],
+ stdout=PIPE, stdin=PIPE, stderr=PIPE)
+ creds = "%s%s%s %s\n" % (self.domain,
+ self.winbind_separator,
+ self.username,
+ self.password)
+ (out, err) = proc.communicate(input=creds.encode('utf-8'))
+ self.assertEqual(proc.returncode, 0)
+ self.assertTrue(out.startswith(b"ERR\n"))
failed=0
-test_plaintext_check_output_fail()
-{
- tmpfile=$PREFIX/ntlm_commands
-
- cat > $tmpfile <<EOF
-$DOMAIN\\$USERNAME $PASSWORD
-EOF
- cmd='$NTLM_AUTH "$@" --require-membership-of=$BADSID --helper-protocol=squid-2.5-basic < $tmpfile 2>&1'
- eval echo "$cmd"
- out=`eval $cmd`
- ret=$?
- rm -f $tmpfile
-
- if [ $ret != 0 ] ; then
- echo "$out"
- echo "command failed"
- false
- return
- fi
-
- echo "$out" | grep "ERR" >/dev/null 2>&1
-
- if [ $? = 0 ] ; then
- # failed to authenticate .. success
- true
- else
- echo "incorrectly gave a successful authentication"
- false
- fi
-}
-
test_ntlm_server_1_check_output()
{
tmpfile=$PREFIX/ntlm_commands
}
# This should work even with NTLMv2
-testit "ntlm_auth plaintext authentication with failed require-membership-of" test_plaintext_check_output_fail || failed=`expr $failed + 1`
-
testit "ntlm_auth ntlm-server-1 with fixed password" test_ntlm_server_1_check_output || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with incorrect fixed password" test_ntlm_server_1_check_output_fail || failed=`expr $failed + 1`
testit "ntlm_auth ntlm-server-1 with plaintext password against winbind" test_ntlm_server_1_check_winbind_output || failed=`expr $failed + 1`