samba.git/python/samba/tests/auth_log.py, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. pytest:auth_log: expect TLS connections when using ldaps 2022-01-26T11:44:32+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2022-01-26T02:53:45+00:00 f37682747898591b37405f9e96a8135c15638637 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
tests/auth_log: adjust expected authDescription for test_smb_bad_user 2022-01-19T20:50:35+00:00 Stefan Metzmacher metze@samba.org 2022-01-19T16:25:00+00:00 52ccce259ddbebcedd5780ee683386d283aabda0 With NO_SUCH_USER we don't know if any pre-authentication was requested, so with the new Heimdal code we now used use "AS-REQ" instead of assuming ENC-TS Pre-authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
With NO_SUCH_USER we don't know if any pre-authentication was requested,
so with the new Heimdal code we now used use "AS-REQ" instead of
assuming ENC-TS Pre-authentication.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
python: remove all 'from __future__ import print_function' 2021-04-28T03:43:34+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-04-28T01:02:37+00:00 aecb2b779b88c13784b7c2691ae08da716d65ab2 This made Python 2's print behave like Python 3's print(). In some cases, where we had: from __future__ import print_function """Intended module documentation...""" this will have the side effect of making the intended module documentation work as the actual module documentation (i.e. becoming __doc__), because it is once again the first statement in the module. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This made Python 2's print behave like Python 3's print().

In some cases, where we had:

   from __future__ import print_function
   """Intended module documentation..."""

this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
pytests: heed assertEquals deprecation warning en-masse 2020-02-07T10:37:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-02-06T22:02:38+00:00 c247afbda00013bf4821e5a2d4f3166bf31814f0 TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 
TestCase.assertEquals() is an alias for TestCase.assertEqual() and
has been deprecated since Python 2.7.

When we run our tests with in python developer mode (`PYTHONDEVMODE=1
make test`) we get 580 DeprecationWarnings about this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
rpcclient: Remove unused global domain sid 2019-10-03T17:59:13+00:00 Volker Lendecke vl@samba.org 2019-09-28T02:24:18+00:00 fe41238097f4354f18130c43ea3c5db0293097c7 For the auth_log tests using rpcclient this means one message less Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 3 17:59:13 UTC 2019 on sn-devel-184 
For the auth_log tests using rpcclient this means one message less

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  3 17:59:13 UTC 2019 on sn-devel-184
tests: Switchover auth_log from s4 SMB client bindings to s4 2019-01-17T03:47:56+00:00 Tim Beale timbeale@catalyst.net.nz 2019-01-16T00:34:29+00:00 a67b711ebcc8c88f37a09e8bbdbc97e412d76911 The main changes required are: - we need to use an s3 loadparm instead of the standard s4 lp. - the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params, however, we can set these in the loadparm instead, which will get the SMB client code to do what we want. Instead of passing in boolean parameters, we need to use yes/no strings that the lp will accept. (We always set these values because the underlying lp context is actually global, and setting a value is 'sticky' and will persist across test cases. These conf settings are only used by the SMB client code, and so will only affect the SMB test cases). - For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to an SMBv1 connection. The s4 bindings only ever supported SMBv1 connections, so this is the same behaviour. The other test cases will now try to negotiate SMBv2 connections, however, the no_ntlmv2 test cases are explicitly checking for bare-NTLM (with the s3 bindings, it now ends up as NTLMSSP by default). Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144 
The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
  however, we can set these in the loadparm instead, which will get the
  SMB client code to do what we want. Instead of passing in boolean
  parameters, we need to use yes/no strings that the lp will accept.
  (We always set these values because the underlying lp context is
  actually global, and setting a value is 'sticky' and will persist
  across test cases. These conf settings are only used by the SMB client
  code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
  an SMBv1 connection. The s4 bindings only ever supported SMBv1
  connections, so this is the same behaviour. The other test cases will
  now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
  cases are explicitly checking for bare-NTLM (with the s3 bindings, it
  now ends up as NTLMSSP by default).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144
tests: Refactor auth_log SMB connection to be in a single place 2019-01-17T00:40:31+00:00 Tim Beale timbeale@catalyst.net.nz 2019-01-16T00:20:12+00:00 914e9d359010361c7fcaae8f17ef6404d5c18805 This should not alter the behaviour of the tests at all. It just makes it easier to switch over the underlying SMB client bindings. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> 
This should not alter the behaviour of the tests at all. It just makes
it easier to switch over the underlying SMB client bindings.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
tests: Use MUST_USE_KERBEROS over AUTO_USE_KERBEROS in auth_log tests 2019-01-17T00:40:31+00:00 Tim Beale timbeale@catalyst.net.nz 2019-01-15T23:12:16+00:00 e82e1b31e39631f6603be6d14debf79d2d9b16cd The s3 SMB client bindings seem slightly different to s4, in that they default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag. This seems to fallback to finding a valid KRB TGT (from a previous successful test), which results in the connection succeeding rather than failing. Setting MUST_USE_KERBEROS explicitly avoids this behaviour. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> 
The s3 SMB client bindings seem slightly different to s4, in that they
default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag.
This seems to fallback to finding a valid KRB TGT (from a previous
successful test), which results in the connection succeeding rather than
failing.

Setting MUST_USE_KERBEROS explicitly avoids this behaviour.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
tests: Relax auth_log SMB assertions to cover v1 *or* v2 2019-01-17T00:40:31+00:00 Tim Beale timbeale@catalyst.net.nz 2019-01-15T22:18:27+00:00 065faa6a1429db99ef1372ab194960f817d13ebf The s4 Python bindings currently only support SMBv1 connections. If we change the bindings to support *either* v1 or v2, they'll end up negotiating v2. In which case the server is "SMB2", not "SMB", and these assertions fail. Long-term we want to get rid of SMBv1, so it makes sense to write the tests so that they pass against either v1 or v2. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> 
The s4 Python bindings currently only support SMBv1 connections.
If we change the bindings to support *either* v1 or v2, they'll
end up negotiating v2. In which case the server is "SMB2", not "SMB",
and these assertions fail.

Long-term we want to get rid of SMBv1, so it makes sense to write the
tests so that they pass against either v1 or v2.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
tests (audit_auth)_log: PEP8 cleanup. 2018-12-20T22:40:26+00:00 Gary Lockyer gary@catalyst.net.nz 2018-12-16T21:04:42+00:00 05c981f0b4acd7b27e72098def023c82b92b6e59 Remove Flake8 warnings from the audit and authentication JSON log tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Remove Flake8 warnings from the audit and authentication JSON log
tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>