From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 14 Jun 2023 03:28:39 +0000 (+1200)
Subject: tests/auth_log: Properly expect authentication failures
X-Git-Tag: talloc-2.4.1~390
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1fcecd1214eba0dc8bcaca72cc889d209b7f716;p=thirdparty%2Fsamba.git

tests/auth_log: Properly expect authentication failures

These authentications are actually failing (due to RESPONSE_TOO_BIG
errors), but our authentication logging infrastructure hides this.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index 462e22af62c..98ab4603f98 100755
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -176,13 +176,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         # returning message too big,
         msg = messages[0]
         self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
         self.assertEqual("Kerberos KDC",
                           msg["Authentication"]["serviceDescription"])
         self.assertEqual(authTypes[1],
                           msg["Authentication"]["authDescription"])
         self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
         self.assertEqual(
             EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
@@ -372,13 +373,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         # Check the second message it should be an Authentication
         msg = messages[1]
         self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
         self.assertEqual("Kerberos KDC",
                           msg["Authentication"]["serviceDescription"])
         self.assertEqual(authTypes[2],
                           msg["Authentication"]["authDescription"])
         self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
         self.assertEqual(
             EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
@@ -491,14 +493,15 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         # Check the first message it should be an Authentication
         msg = messages[0]
         self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
         self.assertEqual("Kerberos KDC",
                           msg["Authentication"]["serviceDescription"])
         self.assertEqual("ENC-TS Pre-authentication",
                           msg["Authentication"]["authDescription"])
         self.assertTrue(msg["Authentication"]["duration"] > 0)
         self.assertEqual(
-            EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            EVT_ID_UNSUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
         self.assertEqual(
             EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
@@ -735,12 +738,13 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         # Check the first message it should be an Authentication
         msg = messages[0]
         self.assertEqual("Authentication", msg["type"])
-        self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
+        self.assertEqual("NT_STATUS_PROTOCOL_UNREACHABLE",  # RESPONSE_TOO_BIG
+                         msg["Authentication"]["status"])
         self.assertEqual("Kerberos KDC",
                           msg["Authentication"]["serviceDescription"])
         self.assertEqual("ENC-TS Pre-authentication",
                           msg["Authentication"]["authDescription"])
-        self.assertEqual(EVT_ID_SUCCESSFUL_LOGON,
+        self.assertEqual(EVT_ID_UNSUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
         self.assertEqual(EVT_LOGON_NETWORK,
                           msg["Authentication"]["logonType"])
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index c00fc68ac12..1727e496d49 100644
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -135,3 +135,28 @@
 ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_no_owner.ad_dc
 ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_service_deny.ad_dc
 ^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_samlogon_allowed_to_service_deny_to_self.ad_dc
+#
+# Authentication logging tests
+#
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_ldap.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_connect.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_connect.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_seal.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_seal.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_ip_tcp_krb5_dns_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_smb2.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_dns_smb2.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv_sign.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_rpc_ncacn_np_krb_srv_sign.ad_dc_smb1:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_smb.ad_dc_ntvfs:local
+^samba.tests.auth_log.samba.tests.auth_log.AuthLogTests.test_smb.ad_dc_smb1:local