summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsource3/script/tests/test_ntlm_auth_s3.sh21
-rwxr-xr-xsource3/script/tests/tests_all.sh1
-rwxr-xr-xsource3/torture/test_ntlm_auth.py212
3 files changed, 234 insertions, 0 deletions
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
new file mode 100755
index 0000000000..8568da97e4
--- /dev/null
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+incdir=`dirname $0`
+. $incdir/test_functions.sh
+
+failed=0
+
+(/usr/bin/env python --version > /dev/null 2&>1)
+
+if $? -ne 0:
+then
+ echo "Python binary not found in path. Skipping ntlm_auth tests."
+ exit 0
+fi
+
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth || failed=`expr $failed + 1`
+# This should work even with NTLMv2
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1`
+
+
+testok $0 $failed
diff --git a/source3/script/tests/tests_all.sh b/source3/script/tests/tests_all.sh
index 259e28e6e7..369cf3ebe3 100755
--- a/source3/script/tests/tests_all.sh
+++ b/source3/script/tests/tests_all.sh
@@ -6,6 +6,7 @@ $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP || failed=`expr $failed + $?`
echo "Testing encrypted"
$SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP "-e" || failed=`expr $failed + $?`
$SCRIPTDIR/test_wbinfo_s3.sh $WORKGROUP $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
+$SCRIPTDIR/test_ntlm_auth_s3.sh || failed=`expr $failed + $?`
eval "$LIB_PATH_VAR="\$SAMBA4SHAREDDIR:\$$LIB_PATH_VAR"; export $LIB_PATH_VAR"
eval echo "$LIB_PATH_VAR=\$$LIB_PATH_VAR"
diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py
new file mode 100755
index 0000000000..3e7cc0551f
--- /dev/null
+++ b/source3/torture/test_ntlm_auth.py
@@ -0,0 +1,212 @@
+#!/usr/bin/env python
+
+# Unix SMB/CIFS implementation.
+# A test for the ntlm_auth tool
+# Copyright (C) Kai Blin <kai@samba.org> 2008
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+"""Test ntlm_auth
+This test program will start ntlm_auth with the given command line switches and
+see if it will get the expected results.
+"""
+
+import os
+import sys
+from optparse import OptionParser
+
+class ReadChildError(Exception):
+ pass
+
+class WriteChildError(Exception):
+ pass
+
+def readLine(pipe):
+ """readLine(pipe) -> str
+ Read a line from the child's pipe, returns the string read.
+ Throws ReadChildError if the read fails.
+ """
+ buf = os.read(pipe, 2047)
+ newline = buf.find('\n')
+ if newline == -1:
+ raise ReadChildError()
+ return buf[:newline]
+
+def writeLine(pipe, buf):
+ """writeLine(pipe, buf) -> nul
+ Write a line to the child's pipe.
+ Raises WriteChildError if the write fails.
+ """
+ written = os.write(pipe, buf)
+ if written != len(buf):
+ raise WriteChildError()
+ os.write(pipe, "\n")
+
+def parseCommandLine():
+ """parseCommandLine() -> (opts, ntlm_auth_path)
+ Parse the command line.
+ Return a tuple consisting of the options and the path to ntlm_auth.
+ """
+ usage = "usage: %prog [options] path/to/ntlm_auth"
+ parser = OptionParser(usage)
+
+ parser.set_defaults(client_username="foo")
+ parser.set_defaults(client_password="secret")
+ parser.set_defaults(client_domain="FOO")
+ parser.set_defaults(client_helper="ntlmssp-client-1")
+
+ parser.set_defaults(server_username="foo")
+ parser.set_defaults(server_password="secret")
+ parser.set_defaults(server_domain="FOO")
+ parser.set_defaults(server_helper="squid-2.5-ntlmssp")
+
+ parser.add_option("--client-username", dest="client_username",\
+ help="User name for the client. [default: foo]")
+ parser.add_option("--client-password", dest="client_password",\
+ help="Password the client will send. [default: secret]")
+ parser.add_option("--client-domain", dest="client_domain",\
+ help="Domain the client authenticates for. [default: FOO]")
+ parser.add_option("--client-helper", dest="client_helper",\
+ help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
+
+ parser.add_option("--server-username", dest="server_username",\
+ help="User name server uses for local auth. [default: foo]")
+ parser.add_option("--server-password", dest="server_password",\
+ help="Password server uses for local auth. [default: secret]")
+ parser.add_option("--server-domain", dest="server_domain",\
+ help="Domain server uses for local auth. [default: FOO]")
+ parser.add_option("--server-helper", dest="server_helper",\
+ help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
+
+ (opts, args) = parser.parse_args()
+ if len(args) != 1:
+ parser.error("Invalid number of arguments.")
+
+ if not os.access(args[0], os.X_OK):
+ parser.error("%s is not executable." % args[0])
+
+ return (opts, args[0])
+
+
+def main():
+ """main() -> int
+ Run the test.
+ Returns 0 if test succeeded, <>0 otherwise.
+ """
+ (opts, ntlm_auth_path) = parseCommandLine()
+
+ (client_in_r, client_in_w) = os.pipe()
+ (client_out_r, client_out_w) = os.pipe()
+
+ client_pid = os.fork()
+
+ if not client_pid:
+ # We're in the client child
+ os.close(0)
+ os.close(1)
+
+ os.dup2(client_out_r, 0)
+ os.close(client_out_r)
+ os.close(client_out_w)
+
+ os.dup2(client_in_w, 1)
+ os.close(client_in_r)
+ os.close(client_in_w)
+
+ client_args = []
+ client_args.append("--helper-protocol=%s" % opts.client_helper)
+ client_args.append("--username=%s" % opts.client_username)
+ client_args.append("--password=%s" % opts.client_password)
+ client_args.append("--domain=%s" % opts.client_domain)
+
+ os.execv(ntlm_auth_path, client_args)
+
+ client_in = client_in_r
+ os.close(client_in_w)
+
+ client_out = client_out_w
+ os.close(client_out_r)
+
+ (server_in_r, server_in_w) = os.pipe()
+ (server_out_r, server_out_w) = os.pipe()
+
+ server_pid = os.fork()
+
+ if not server_pid:
+ # We're in the server child
+ os.close(0)
+ os.close(1)
+
+ os.dup2(server_out_r, 0)
+ os.close(server_out_r)
+ os.close(server_out_w)
+
+ os.dup2(server_in_w, 1)
+ os.close(server_in_r)
+ os.close(server_in_w)
+
+ server_args = []
+ server_args.append("--helper-protocol=%s" % opts.server_helper)
+ server_args.append("--username=%s" % opts.server_username)
+ server_args.append("--password=%s" % opts.server_password)
+ server_args.append("--domain=%s" % opts.server_domain)
+
+ os.execv(ntlm_auth_path, server_args)
+
+ server_in = server_in_r
+ os.close(server_in_w)
+
+ server_out = server_out_w
+ os.close(server_out_r)
+
+ # We're in the parent
+ writeLine(client_out, "YR")
+ buf = readLine(client_in)
+
+ if buf.count("YR ", 0, 3) != 1:
+ sys.exit(1)
+
+ writeLine(server_out, buf)
+ buf = readLine(server_in)
+
+ if buf.count("TT ", 0, 3) != 1:
+ sys.exit(2)
+
+ writeLine(client_out, buf)
+ buf = readLine(client_in)
+
+ if buf.count("AF ", 0, 3) != 1:
+ sys.exit(3)
+
+ # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+ buf = buf.replace("AF", "KK", 1)
+
+ writeLine(server_out, buf)
+ buf = readLine(server_in)
+
+ if buf.count("AF ", 0, 3) != 1:
+ sys.exit(4)
+
+ os.close(server_in)
+ os.close(server_out)
+ os.close(client_in)
+ os.close(client_out)
+ os.waitpid(server_pid, 0)
+ os.waitpid(client_pid, 0)
+ sys.exit(0)
+
+if __name__ == "__main__":
+ main()
+
+