from samba.tests import RpcInterfaceTestCase, TestCase
from samba.dcerpc import lsa
import samba.dcerpc.security as security
-from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED
+from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED, SMB_ENCRYPTION_OFF
from samba import NTSTATUSError
class RpcBindingTests(RpcInterfaceTestCase):
c.set_password(password)
return c
+ def test_smb3_dcerpc_no_encryption(self):
+ creds = self.get_user_creds()
+ creds.set_smb_encryption(SMB_ENCRYPTION_OFF)
+
+ lp = self.get_loadparm()
+ lp.set('client ipc max protocol', 'SMB3')
+ lp.set('client ipc min protocol', 'SMB3')
+
+ binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
+ lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+ self.assertFalse(lsa_conn.transport_encrypted())
+
+ objectAttr = lsa.ObjectAttribute()
+ objectAttr.sec_qos = lsa.QosInfo()
+
+ pol_handle = lsa_conn.OpenPolicy2('',
+ objectAttr,
+ security.SEC_FLAG_MAXIMUM_ALLOWED)
+ self.assertIsNotNone(pol_handle)
+
def test_smb3_dcerpc_encryption(self):
creds = self.get_user_creds()
creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+ self.assertTrue(lsa_conn.transport_encrypted())
objectAttr = lsa.ObjectAttribute()
objectAttr.sec_qos = lsa.QosInfo()