From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 12 Jun 2017 02:12:53 +0000 (+1200)
Subject: selftest: Add pygensec tests for GSS-SPNEGO and Win2000 emulated SPNEGO
X-Git-Tag: ldb-1.1.31~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=995f5c03c53c3eb82010b34e5b94c3e1bf8a685b;p=thirdparty%2Fsamba.git

selftest: Add pygensec tests for GSS-SPNEGO and Win2000 emulated SPNEGO

This is to provide some unit testing coverage for these different modes of operation

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/python/samba/tests/gensec.py b/python/samba/tests/gensec.py
index 368d406b6e3..fe87aa22222 100644
--- a/python/samba/tests/gensec.py
+++ b/python/samba/tests/gensec.py
@@ -32,6 +32,8 @@ class GensecTests(samba.tests.TestCase):
         self.settings = {}
         self.settings["lp_ctx"] = self.lp_ctx = samba.tests.env_loadparm()
         self.settings["target_hostname"] = self.lp_ctx.get("netbios name")
+        self.lp_ctx.set("spnego:simulate_w2k", "no")
+
         """This is just for the API tests"""
         self.gensec = gensec.Security.start_client(self.settings)
 
@@ -44,7 +46,7 @@ class GensecTests(samba.tests.TestCase):
     def test_info_uninitialized(self):
         self.assertRaises(RuntimeError, self.gensec.session_info)
 
-    def test_update(self):
+    def _test_update(self, mech):
         """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
 
         """Start up a client and server GENSEC instance to test things with"""
@@ -52,7 +54,7 @@ class GensecTests(samba.tests.TestCase):
         self.gensec_client = gensec.Security.start_client(self.settings)
         self.gensec_client.set_credentials(self.get_credentials())
         self.gensec_client.want_feature(gensec.FEATURE_SEAL)
-        self.gensec_client.start_mech_by_sasl_name("GSSAPI")
+        self.gensec_client.start_mech_by_sasl_name(mech)
 
         self.gensec_server = gensec.Security.start_server(settings=self.settings,
                                                           auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
@@ -62,25 +64,37 @@ class GensecTests(samba.tests.TestCase):
         self.gensec_server.set_credentials(creds)
 
         self.gensec_server.want_feature(gensec.FEATURE_SEAL)
-        self.gensec_server.start_mech_by_sasl_name("GSSAPI")
+        self.gensec_server.start_mech_by_sasl_name(mech)
 
         client_finished = False
         server_finished = False
         server_to_client = b""
+        client_to_server = b""
 
         """Run the actual call loop"""
-        while not client_finished and not server_finished:
+        while True:
             if not client_finished:
                 print("running client gensec_update")
                 (client_finished, client_to_server) = self.gensec_client.update(server_to_client)
             if not server_finished:
                 print("running server gensec_update")
                 (server_finished, server_to_client) = self.gensec_server.update(client_to_server)
+
+            if client_finished and server_finished:
+                break
+
+        self.assertTrue(server_finished)
+        self.assertTrue(client_finished)
+
         session_info = self.gensec_server.session_info()
 
         test_bytes = b"Hello Server"
-        test_wrapped = self.gensec_client.wrap(test_bytes)
-        test_unwrapped = self.gensec_server.unwrap(test_wrapped)
+        try:
+            test_wrapped = self.gensec_client.wrap(test_bytes)
+            test_unwrapped = self.gensec_server.unwrap(test_wrapped)
+        except samba.NTSTATUSError as e:
+            self.fail(str(e))
+
         self.assertEqual(test_bytes, test_unwrapped)
         test_bytes = b"Hello Client"
         test_wrapped = self.gensec_server.wrap(test_bytes)
@@ -91,6 +105,41 @@ class GensecTests(samba.tests.TestCase):
         server_session_key = self.gensec_server.session_key()
         self.assertEqual(client_session_key, server_session_key)
 
+    def test_update(self):
+        self._test_update("GSSAPI")
+
+    def test_update_spnego(self):
+        self._test_update("GSS-SPNEGO")
+
+    def test_update_w2k_spnego_client(self):
+        self.lp_ctx.set("spnego:simulate_w2k", "yes")
+
+        # Re-start the client with this set
+        self.gensec = gensec.Security.start_client(self.settings)
+
+        # Unset it for the server
+        self.lp_ctx.set("spnego:simulate_w2k", "no")
+
+        self._test_update("GSS-SPNEGO")
+
+    def test_update_w2k_spnego_server(self):
+        # Re-start the client with this set
+        self.gensec = gensec.Security.start_client(self.settings)
+
+        # Unset it for the server
+        self.lp_ctx.set("spnego:simulate_w2k", "yes")
+
+        self._test_update("GSS-SPNEGO")
+
+    def test_update_w2k_spnego(self):
+        self.lp_ctx.set("spnego:simulate_w2k", "no")
+
+        # Re-start the client with this set
+        self.gensec = gensec.Security.start_client(self.settings)
+
+        self._test_update("GSS-SPNEGO")
+
+
     def test_max_update_size(self):
         """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""