1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 """Tests for the Auth and AuthZ logging.
22 from samba.credentials import DONT_USE_KERBEROS
23 from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
24 from samba.dcerpc import samr
25 import samba.tests.auth_log_base
26 from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
29 class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
32 super(AuthLogTestsNcalrpc, self).setUp()
33 self.remoteAddress = AS_SYSTEM_MAGIC_PATH_TOKEN
36 super(AuthLogTestsNcalrpc, self).tearDown()
38 def _test_rpc_ncaclrpc(self, authTypes, binding, creds,
39 protection, checkFunction):
41 def isLastExpectedMessage(msg):
43 msg["type"] == "Authorization" and
44 msg["Authorization"]["serviceDescription"] == "DCE/RPC" and
45 msg["Authorization"]["authType"] == authTypes[0] and
46 msg["Authorization"]["transportProtection"] == protection)
49 binding = "[%s]" % binding
51 samr.samr("ncalrpc:%s" % binding, self.get_loadparm(), creds)
52 messages = self.waitForMessages(isLastExpectedMessage)
53 checkFunction(messages, authTypes, protection)
55 def rpc_ncacn_np_ntlm_check(self, messages, authTypes, protection):
57 expected_messages = len(authTypes)
58 self.assertEquals(expected_messages,
60 "Did not receive the expected number of messages")
62 # Check the first message it should be an Authorization
64 self.assertEquals("Authorization", msg["type"])
65 self.assertEquals("DCE/RPC",
66 msg["Authorization"]["serviceDescription"])
67 self.assertEquals(authTypes[1], msg["Authorization"]["authType"])
68 self.assertEquals("NONE", msg["Authorization"]["transportProtection"])
69 self.assertTrue(self.is_guid(msg["Authorization"]["sessionId"]))
71 # Check the second message it should be an Authentication
73 self.assertEquals("Authentication", msg["type"])
74 self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
75 self.assertEquals("DCE/RPC",
76 msg["Authentication"]["serviceDescription"])
77 self.assertEquals(authTypes[2],
78 msg["Authentication"]["authDescription"])
79 self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
80 msg["Authentication"]["eventId"])
82 def test_ncalrpc_ntlm_dns_sign(self):
84 creds = self.insta_creds(template=self.get_credentials(),
85 kerberos_state=DONT_USE_KERBEROS)
86 self._test_rpc_ncaclrpc(["NTLMSSP",
90 self.rpc_ncacn_np_ntlm_check)
92 def test_ncalrpc_ntlm_dns_seal(self):
94 creds = self.insta_creds(template=self.get_credentials(),
95 kerberos_state=DONT_USE_KERBEROS)
96 self._test_rpc_ncaclrpc(["NTLMSSP",
99 "seal", creds, "SEAL",
100 self.rpc_ncacn_np_ntlm_check)