From a77551bea969ce73a3dc27384d94b4126bef04f7 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:44:08 +0200
Subject: [PATCH] selftest: add a test for py dce transport_encrypted

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
 python/samba/tests/dcerpc/binding.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/python/samba/tests/dcerpc/binding.py b/python/samba/tests/dcerpc/binding.py
index 8e0d6a5ef0a..24e4ac77d89 100644
--- a/python/samba/tests/dcerpc/binding.py
+++ b/python/samba/tests/dcerpc/binding.py
@@ -22,7 +22,7 @@ import samba.tests
 from samba.tests import RpcInterfaceTestCase, TestCase
 from samba.dcerpc import lsa
 import samba.dcerpc.security as security
-from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED
+from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED, SMB_ENCRYPTION_OFF
 from samba import NTSTATUSError
 
 class RpcBindingTests(RpcInterfaceTestCase):
@@ -40,6 +40,26 @@ class RpcBindingTests(RpcInterfaceTestCase):
         c.set_password(password)
         return c
 
+    def test_smb3_dcerpc_no_encryption(self):
+        creds = self.get_user_creds()
+        creds.set_smb_encryption(SMB_ENCRYPTION_OFF)
+
+        lp = self.get_loadparm()
+        lp.set('client ipc max protocol', 'SMB3')
+        lp.set('client ipc min protocol', 'SMB3')
+
+        binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
+        lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+        self.assertFalse(lsa_conn.transport_encrypted())
+
+        objectAttr = lsa.ObjectAttribute()
+        objectAttr.sec_qos = lsa.QosInfo()
+
+        pol_handle = lsa_conn.OpenPolicy2('',
+                                          objectAttr,
+                                          security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.assertIsNotNone(pol_handle)
+
     def test_smb3_dcerpc_encryption(self):
         creds = self.get_user_creds()
         creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
@@ -50,6 +70,7 @@ class RpcBindingTests(RpcInterfaceTestCase):
 
         binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
         lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+        self.assertTrue(lsa_conn.transport_encrypted())
 
         objectAttr = lsa.ObjectAttribute()
         objectAttr.sec_qos = lsa.QosInfo()
-- 
2.47.3