tests/auth_log: Properly expect authentication failures

author Joseph Sutton <josephsutton@catalyst.net.nz>

Wed, 14 Jun 2023 03:28:39 +0000 (15:28 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 14 Jun 2023 22:57:35 +0000 (22:57 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Wed, 14 Jun 2023 03:28:39 +0000 (15:28 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 14 Jun 2023 22:57:35 +0000 (22:57 +0000)
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py

index 462e22af62c06e129110e9d3c8f8a38877d0350c..98ab4603f98426618b32057396d2d44570a73128 100755 (executable)
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -176,13 +176,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          # returning message too big,
          msg = messages[0]
          self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
          self.assertEqual("Kerberos KDC",
                            msg["Authentication"]["serviceDescription"])
          self.assertEqual(authTypes[1],
                            msg["Authentication"]["authDescription"])
          self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
          self.assertEqual(
              EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
@@ -372,13 +373,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          # Check the second message it should be an Authentication
          msg = messages[1]
          self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
          self.assertEqual("Kerberos KDC",
                            msg["Authentication"]["serviceDescription"])
          self.assertEqual(authTypes[2],
                            msg["Authentication"]["authDescription"])
          self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
          self.assertEqual(
              EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
@@ -491,14 +493,15 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          # Check the first message it should be an Authentication
          msg = messages[0]
          self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
          self.assertEqual("Kerberos KDC",
                            msg["Authentication"]["serviceDescription"])
          self.assertEqual("ENC-TS Pre-authentication",
                            msg["Authentication"]["authDescription"])
          self.assertTrue(msg["Authentication"]["duration"] > 0)
          self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
          self.assertEqual(
              EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
@@ -735,12 +738,13 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          # Check the first message it should be an Authentication
          msg = messages[0]
          self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
          self.assertEqual("Kerberos KDC",
                            msg["Authentication"]["serviceDescription"])
          self.assertEqual("ENC-TS Pre-authentication",
                            msg["Authentication"]["authDescription"])
-        self.assertEqual(EVT_ID_SUCCESSFUL_LOGON,
+        self.assertEqual(EVT_ID_UNSUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
          self.assertEqual(EVT_LOGON_NETWORK,
                            msg["Authentication"]["logonType"])
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc

index c00fc68ac12873672eb091977999441295fd8fd0..1727e496d4980ea7f8738bc1f71df007563bae88 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -135,3 +135,28 @@
  ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_no_owner.ad_dc
  ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_service_deny.ad_dc
  ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_service_deny_to_self.ad_dc
+#
+# Authentication logging tests
+#
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_connect.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_connect.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_seal.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_seal.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_smb2.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_smb2.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_smb.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_smb.ad_dc_smb1:local
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 14 Jun 2023 03:28:39 +0000 (15:28 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 14 Jun 2023 22:57:35 +0000 (22:57 +0000)
python/samba/tests/auth_log.py		patch \| blob \| blame \| history
selftest/knownfail_heimdal_kdc		patch \| blob \| blame \| history