Imported Upstream version 4.0.0+dfsg1upstream/4.0.0+dfsg1

1 files changed, 123 insertions, 22 deletions

diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py
index 12a4dae398..cb181be243 100755
--- a/source3/torture/test_ntlm_auth.py
+++ b/source3/torture/test_ntlm_auth.py
@@ -81,6 +81,12 @@ def parseCommandLine():
 	parser.add_option("--client-helper", dest="client_helper",\
 				help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
 
+	parser.add_option("--target-hostname", dest="target_hostname",\
+				help="Target hostname for kerberos")
+	parser.add_option("--target-service", dest="target_service",\
+				help="Target service for kerberos")
+
+
 	parser.add_option("--server-username", dest="server_username",\
 				help="User name server uses for local auth. [default: foo]")
 	parser.add_option("--server-password", dest="server_password",\
@@ -89,6 +95,9 @@ def parseCommandLine():
 				help="Domain server uses for local auth. [default: FOO]")
 	parser.add_option("--server-helper", dest="server_helper",\
 				help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
+	parser.add_option("--server-use-winbindd", dest="server_use_winbindd",\
+				help="Use winbindd to check the password (rather than default username/pw)", action="store_true")
+
 
 	parser.add_option("-s", "--configfile", dest="config_file",\
 				help="Path to smb.conf file. [default:/etc/samba/smb.conf")
@@ -134,6 +143,10 @@ def main():
 		client_args.append("--password=%s" % opts.client_password)
 		client_args.append("--domain=%s" % opts.client_domain)
 		client_args.append("--configfile=%s" % opts.config_file)
+		if opts.target_service:
+			client_args.append("--target-service=%s" % opts.target_service)
+		if opts.target_hostname:
+			client_args.append("--target-hostname=%s" % opts.target_hostname)
 
 		os.execv(ntlm_auth_path, client_args)
 
@@ -163,9 +176,11 @@ def main():
 
 		server_args = []
 		server_args.append("--helper-protocol=%s" % opts.server_helper)
-		server_args.append("--username=%s" % opts.server_username)
-		server_args.append("--password=%s" % opts.server_password)
-		server_args.append("--domain=%s" % opts.server_domain)
+		if not opts.server_use_winbindd:
+			server_args.append("--username=%s" % opts.server_username)
+			server_args.append("--password=%s" % opts.server_password)
+			server_args.append("--domain=%s" % opts.server_domain)
+
 		server_args.append("--configfile=%s" % opts.config_file)
 
 		os.execv(ntlm_auth_path, server_args)
@@ -176,33 +191,119 @@ def main():
 	server_out = server_out_w
 	os.close(server_out_r)
 
-	# We're in the parent
-	writeLine(client_out, "YR")
-	buf = readLine(client_in)
+	if opts.client_helper == "ntlmssp-client-1" and opts.server_helper == "squid-2.5-ntlmssp":
+
+		# We're in the parent
+		writeLine(client_out, "YR")
+		buf = readLine(client_in)
+		
+		if buf.count("YR ", 0, 3) != 1:
+			sys.exit(1)
+
+		writeLine(server_out, buf)
+		buf = readLine(server_in)
+
+		if buf.count("TT ", 0, 3) != 1:
+			sys.exit(2)
+
+		writeLine(client_out, buf)
+		buf = readLine(client_in)
+
+		if buf.count("AF ", 0, 3) != 1:
+			sys.exit(3)
+
+		# Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+		buf = buf.replace("AF", "KK", 1)
+		
+		writeLine(server_out, buf)
+		buf = readLine(server_in)
+		
+		if buf.count("AF ", 0, 3) != 1:
+			sys.exit(4)
+
+	
+	elif opts.client_helper == "ntlmssp-client-1" and opts.server_helper == "gss-spnego":
+		# We're in the parent
+		writeLine(client_out, "YR")
+		buf = readLine(client_in)
+		
+		if buf.count("YR ", 0, 3) != 1:
+			sys.exit(1)
+
+		writeLine(server_out, buf)
+		buf = readLine(server_in)
+
+		if buf.count("TT ", 0, 3) != 1:
+			sys.exit(2)
+
+		writeLine(client_out, buf)
+		buf = readLine(client_in)
+
+		if buf.count("AF ", 0, 3) != 1:
+			sys.exit(3)
+
+		# Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+		buf = buf.replace("AF", "KK", 1)
+		
+		writeLine(server_out, buf)
+		buf = readLine(server_in)
+		
+		if buf.count("AF * ", 0, 5) != 1:
+			sys.exit(4)
+
+
+	elif opts.client_helper == "gss-spnego-client" and opts.server_helper == "gss-spnego":
+		# We're in the parent
+		writeLine(server_out, "YR")
+		buf = readLine(server_in)
+		
+		while True:
+			if buf.count("AF ", 0, 3) != 1 and buf.count("TT ", 0, 3) != 1:
+				sys.exit(1)
+
+			writeLine(client_out, buf)
+			buf = readLine(client_in)
+		
+			if buf.count("AF", 0, 2) == 1:
+				break
+
+			if buf.count("AF ", 0, 5) != 1 and buf.count("KK ", 0, 3) != 1 and buf.count("TT ", 0, 3) != 1:
+				sys.exit(2)
+
+			writeLine(server_out, buf)
+			buf = readLine(server_in)
 
-	if buf.count("YR ", 0, 3) != 1:
-		sys.exit(1)
+			if buf.count("AF * ", 0, 5) == 1:
+				break
 
-	writeLine(server_out, buf)
-	buf = readLine(server_in)
+	else:
+		sys.exit(5)
 
-	if buf.count("TT ", 0, 3) != 1:
-		sys.exit(2)
+	if opts.client_helper == "ntlmssp-client-1":
+		writeLine(client_out, "GK")
+		buf = readLine(client_in)
 
-	writeLine(client_out, buf)
-	buf = readLine(client_in)
+		if buf.count("GK ", 0, 3) != 1:
+			sys.exit(4)
 
-	if buf.count("AF ", 0, 3) != 1:
-		sys.exit(3)
+		writeLine(client_out, "GF")
+		buf = readLine(client_in)
 
-	# Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
-	buf = buf.replace("AF", "KK", 1)
+		if buf.count("GF ", 0, 3) != 1:
+			sys.exit(4)
+
+	if opts.server_helper == "squid-2.5-ntlmssp":
+		writeLine(server_out, "GK")
+		buf = readLine(server_in)
+
+		if buf.count("GK ", 0, 3) != 1:
+			sys.exit(4)
 
-	writeLine(server_out, buf)
-	buf = readLine(server_in)
+		writeLine(server_out, "GF")
+		buf = readLine(server_in)
 
-	if buf.count("AF ", 0, 3) != 1:
-		sys.exit(4)
+		if buf.count("GF ", 0, 3) != 1:
+			sys.exit(4)
 
 	os.close(server_in)
 	os.close(server_out)