From a626fa59cc1df3e154c062c433f3c1e1d6f87029 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 28 Jan 2008 11:28:38 +0100 Subject: ntlm_auth: Add a blackbox test. (This used to be commit f02b74fc067074d8e48e186a7b7255a244592f7d) --- source3/torture/test_ntlm_auth.py | 212 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) create mode 100755 source3/torture/test_ntlm_auth.py (limited to 'source3/torture') diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py new file mode 100755 index 0000000000..3e7cc0551f --- /dev/null +++ b/source3/torture/test_ntlm_auth.py @@ -0,0 +1,212 @@ +#!/usr/bin/env python + +# Unix SMB/CIFS implementation. +# A test for the ntlm_auth tool +# Copyright (C) Kai Blin 2008 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +"""Test ntlm_auth +This test program will start ntlm_auth with the given command line switches and +see if it will get the expected results. +""" + +import os +import sys +from optparse import OptionParser + +class ReadChildError(Exception): + pass + +class WriteChildError(Exception): + pass + +def readLine(pipe): + """readLine(pipe) -> str + Read a line from the child's pipe, returns the string read. + Throws ReadChildError if the read fails. + """ + buf = os.read(pipe, 2047) + newline = buf.find('\n') + if newline == -1: + raise ReadChildError() + return buf[:newline] + +def writeLine(pipe, buf): + """writeLine(pipe, buf) -> nul + Write a line to the child's pipe. + Raises WriteChildError if the write fails. + """ + written = os.write(pipe, buf) + if written != len(buf): + raise WriteChildError() + os.write(pipe, "\n") + +def parseCommandLine(): + """parseCommandLine() -> (opts, ntlm_auth_path) + Parse the command line. + Return a tuple consisting of the options and the path to ntlm_auth. + """ + usage = "usage: %prog [options] path/to/ntlm_auth" + parser = OptionParser(usage) + + parser.set_defaults(client_username="foo") + parser.set_defaults(client_password="secret") + parser.set_defaults(client_domain="FOO") + parser.set_defaults(client_helper="ntlmssp-client-1") + + parser.set_defaults(server_username="foo") + parser.set_defaults(server_password="secret") + parser.set_defaults(server_domain="FOO") + parser.set_defaults(server_helper="squid-2.5-ntlmssp") + + parser.add_option("--client-username", dest="client_username",\ + help="User name for the client. [default: foo]") + parser.add_option("--client-password", dest="client_password",\ + help="Password the client will send. [default: secret]") + parser.add_option("--client-domain", dest="client_domain",\ + help="Domain the client authenticates for. [default: FOO]") + parser.add_option("--client-helper", dest="client_helper",\ + help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]") + + parser.add_option("--server-username", dest="server_username",\ + help="User name server uses for local auth. [default: foo]") + parser.add_option("--server-password", dest="server_password",\ + help="Password server uses for local auth. [default: secret]") + parser.add_option("--server-domain", dest="server_domain",\ + help="Domain server uses for local auth. [default: FOO]") + parser.add_option("--server-helper", dest="server_helper",\ + help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]") + + (opts, args) = parser.parse_args() + if len(args) != 1: + parser.error("Invalid number of arguments.") + + if not os.access(args[0], os.X_OK): + parser.error("%s is not executable." % args[0]) + + return (opts, args[0]) + + +def main(): + """main() -> int + Run the test. + Returns 0 if test succeeded, <>0 otherwise. + """ + (opts, ntlm_auth_path) = parseCommandLine() + + (client_in_r, client_in_w) = os.pipe() + (client_out_r, client_out_w) = os.pipe() + + client_pid = os.fork() + + if not client_pid: + # We're in the client child + os.close(0) + os.close(1) + + os.dup2(client_out_r, 0) + os.close(client_out_r) + os.close(client_out_w) + + os.dup2(client_in_w, 1) + os.close(client_in_r) + os.close(client_in_w) + + client_args = [] + client_args.append("--helper-protocol=%s" % opts.client_helper) + client_args.append("--username=%s" % opts.client_username) + client_args.append("--password=%s" % opts.client_password) + client_args.append("--domain=%s" % opts.client_domain) + + os.execv(ntlm_auth_path, client_args) + + client_in = client_in_r + os.close(client_in_w) + + client_out = client_out_w + os.close(client_out_r) + + (server_in_r, server_in_w) = os.pipe() + (server_out_r, server_out_w) = os.pipe() + + server_pid = os.fork() + + if not server_pid: + # We're in the server child + os.close(0) + os.close(1) + + os.dup2(server_out_r, 0) + os.close(server_out_r) + os.close(server_out_w) + + os.dup2(server_in_w, 1) + os.close(server_in_r) + os.close(server_in_w) + + server_args = [] + server_args.append("--helper-protocol=%s" % opts.server_helper) + server_args.append("--username=%s" % opts.server_username) + server_args.append("--password=%s" % opts.server_password) + server_args.append("--domain=%s" % opts.server_domain) + + os.execv(ntlm_auth_path, server_args) + + server_in = server_in_r + os.close(server_in_w) + + server_out = server_out_w + os.close(server_out_r) + + # We're in the parent + writeLine(client_out, "YR") + buf = readLine(client_in) + + if buf.count("YR ", 0, 3) != 1: + sys.exit(1) + + writeLine(server_out, buf) + buf = readLine(server_in) + + if buf.count("TT ", 0, 3) != 1: + sys.exit(2) + + writeLine(client_out, buf) + buf = readLine(client_in) + + if buf.count("AF ", 0, 3) != 1: + sys.exit(3) + + # Client sends 'AF ' but server expects 'KK ' + buf = buf.replace("AF", "KK", 1) + + writeLine(server_out, buf) + buf = readLine(server_in) + + if buf.count("AF ", 0, 3) != 1: + sys.exit(4) + + os.close(server_in) + os.close(server_out) + os.close(client_in) + os.close(client_out) + os.waitpid(server_pid, 0) + os.waitpid(client_pid, 0) + sys.exit(0) + +if __name__ == "__main__": + main() + + -- cgit From 5b5d56d84af1657b1aec29c134af5ad6be4348eb Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Wed, 30 Jan 2008 17:57:32 +0100 Subject: ntlm_auth: test should honour configfile option to run on build farm. (This used to be commit 11c9c1536b153047ba387b9804f34a6555a5ae26) --- source3/torture/test_ntlm_auth.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/torture') diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py index 3e7cc0551f..12a4dae398 100755 --- a/source3/torture/test_ntlm_auth.py +++ b/source3/torture/test_ntlm_auth.py @@ -70,6 +70,7 @@ def parseCommandLine(): parser.set_defaults(server_password="secret") parser.set_defaults(server_domain="FOO") parser.set_defaults(server_helper="squid-2.5-ntlmssp") + parser.set_defaults(config_file="/etc/samba/smb.conf") parser.add_option("--client-username", dest="client_username",\ help="User name for the client. [default: foo]") @@ -89,6 +90,9 @@ def parseCommandLine(): parser.add_option("--server-helper", dest="server_helper",\ help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]") + parser.add_option("-s", "--configfile", dest="config_file",\ + help="Path to smb.conf file. [default:/etc/samba/smb.conf") + (opts, args) = parser.parse_args() if len(args) != 1: parser.error("Invalid number of arguments.") @@ -129,6 +133,7 @@ def main(): client_args.append("--username=%s" % opts.client_username) client_args.append("--password=%s" % opts.client_password) client_args.append("--domain=%s" % opts.client_domain) + client_args.append("--configfile=%s" % opts.config_file) os.execv(ntlm_auth_path, client_args) @@ -161,6 +166,7 @@ def main(): server_args.append("--username=%s" % opts.server_username) server_args.append("--password=%s" % opts.server_password) server_args.append("--domain=%s" % opts.server_domain) + server_args.append("--configfile=%s" % opts.config_file) os.execv(ntlm_auth_path, server_args) -- cgit From 8daaa5d99bfd848c76f98de952289a26f93cca3c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 30 Jan 2008 19:56:05 +0100 Subject: Fix some IBM checker warnings (This used to be commit 0341b0be49fef5e6003a170100388b5c47a41e67) --- source3/torture/cmd_vfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/torture') diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c index f3b98862fe..82a28bd868 100644 --- a/source3/torture/cmd_vfs.c +++ b/source3/torture/cmd_vfs.c @@ -575,7 +575,7 @@ static NTSTATUS cmd_fstat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, } fd = atoi(argv[1]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fstat: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -710,7 +710,7 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, fd = atoi(argv[1]); mode = atoi(argv[2]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fchmod: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -763,7 +763,7 @@ static NTSTATUS cmd_fchown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, uid = atoi(argv[2]); gid = atoi(argv[3]); fd = atoi(argv[1]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fchown: faliure=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -822,7 +822,7 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar fd = atoi(argv[1]); off = atoi(argv[2]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("ftruncate: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } -- cgit