summaryrefslogtreecommitdiff
path: root/python/samba/tests/dcerpc
AgeCommit message (Collapse)AuthorFilesLines
2019-06-19CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in ↵Douglas Bagnall1-0/+26
DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-19CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in ↵Douglas Bagnall1-0/+25
DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14s2 decrpc samr: Add tests for QueryDomainInfoGary Lockyer1-0/+55
Add tests for the number of domain users, groups and aliases returned by QueryDomainInfo. These tests revealed that the existing code was not checking the returned elements to ensure they were part of the domain. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-01-12py:dcerpc/raw_protocol: add tests to demonstrate how security context ↵Stefan Metzmacher1-0/+967
multiplexing works Important things are this: - It's not required to use the bind time feature negotiation in order to use it, it's only a hint for the client, but nothing is really negotiated, unlike the request multiplexing with the DCERPC_PFC_FLAG_CONC_MPX. - There's special handling related to AUTH_LEVEL_CONNECT and requests without auth trailer - An security context is identified by the unique tuple of auth_type, auth_level and auth_context_id (all together!), not just the auth_context_id. - There's a limit of 2049 explicit authentication contexts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_testcase: add assertEqualsStrLower()Stefan Metzmacher1-0/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: demonstrate that \\pipe\lsarpc returns \\pipe\lsass ↵Stefan Metzmacher1-2/+4
as secondary_address BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: add test_assoc_group_fail3()Stefan Metzmacher1-0/+45
This demonstrates that assoc groups are only shared on the same transport (endpoint). BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: add test_assoc_group_ok2 to check assoc groups over ↵Stefan Metzmacher1-0/+31
ncacn_np BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: enable tests with the ↵Stefan Metzmacher1-9/+3
DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: consistently call self.recv_pdu(timeout=0.01) after ↵Stefan Metzmacher1-1/+3
auth3 When we don't expect a FAULT, we should wait a little bit to check there's no response to auth3 request. This reduces the raw_procol test from 45s down to 35s total runtime against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_protocol: add tests for delayed header signing activationStefan Metzmacher1-0/+186
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12py:dcerpc/raw_testcase: add pfc_flags_2nd and use_auth3 options to ↵Stefan Metzmacher1-2/+17
do_generic_bind() This makes it more flexible and allows to write complex tests in an easier fashion. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-09s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internalTim Beale1-1/+1
In order to make it clear that the APIs in these Python bindings are unstable and should not be used by external consumers, this patch changes the name of the Python bindings back to libsmb_samba_internal. To make the Python code that uses these bindings (i.e. samba-tool, etc) look a little cleaner, we can just change the module name as we import it, e.g. from samba.samba3 import libsmb_samba_internal as libsmb Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 9 14:30:31 CET 2019 on sn-devel-144
2019-01-07s3:pylibsmb: Rename 'credentials' param to match s4Tim Beale1-1/+1
s4 just calls it 'creds'. Renaming it will make it easier to convert existing SMB connections over to use the new bindings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-01-07s3:pylibsmb: Rename libsmb_samba_internal Py bindings to libsmbTim Beale1-3/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-07s3:pylibsmb: Make lp a mandatory param for the SMB connectionTim Beale1-1/+1
Currently establishing the SMB connection relies on having initialized the global source3 loadparm. This patch makes the lp param mandatory, so that you always have to pass the parameter in when establishing the SMB connection. It also makes the source3 API more consistent with the current source4 API, which will make it easier to replace the source4 version later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-23py:dcerpc/raw_testcase: add helper functions for ncacn_np: SMB connection ↵Stefan Metzmacher1-10/+136
support BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: maintain self.secondary_addressStefan Metzmacher1-8/+10
This was it's easier to alter once add support for SMB connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: maintain self.max_{xmit,recv}_fragStefan Metzmacher1-4/+16
This was it's easier to alter once add support for SMB connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: support DCERPC_AUTH_LEVEL_CONNECT in do_single_request()Stefan Metzmacher1-1/+16
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: add start_with_alter to do_generic_bind()Stefan Metzmacher1-34/+65
This will allow do_generic_bind() to be used to test security context multiplexing. Check with git show -w BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: test signing also with raw NTLMSSP and KerberosStefan Metzmacher1-0/+44
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: test signing with and without header signingStefan Metzmacher1-1/+16
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: prepare get_auth_context_creds() and ↵Stefan Metzmacher1-1/+10
do_generic_bind() for header signing BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: prepare do_generic_bind() for raw NTLMSSP and ↵Stefan Metzmacher1-3/+22
Kerberos authentication They just use 3 legs (messages) for the authentication, while SPNEGO uses 2 or 4 messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: use require DOMAIN/REALM in get_user_creds()Stefan Metzmacher1-0/+4
This is the usage now: SMB_CONF_PATH=/dev/null \ SERVER=172.31.9.188 \ TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator \ PASSWORD=A1b2C3d4 \ DOMAIN=W2012R2-L6 \ REALM=W2012R2-L6.BASE \ IGNORE_RANDOM_PAD=1 \ python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: use generate_request_auth() in do_single_request()Stefan Metzmacher1-54/+8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: use check_response_auth() in do_single_request()Stefan Metzmacher1-21/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: add generate_request_auth() helper functionStefan Metzmacher1-0/+72
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: add check_response_auth() helper functionStefan Metzmacher1-0/+32
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: rename _test_spnego_signing_auth_level_request to ↵Stefan Metzmacher1-4/+5
_test_auth_signing_auth_level_request We now pass down dcerpc.DCERPC_AUTH_TYPE_SPNEGO from callers instead of having SPNEGO specific functions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: rename _test_spnego_bind_auth_level ↵Stefan Metzmacher1-6/+8
to_test_auth_bind_auth_level We now pass down dcerpc.DCERPC_AUTH_TYPE_SPNEGO from callers instead of having SPNEGO specific functions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: pass auth_context and stub_len to parse_auth() in ↵Stefan Metzmacher1-10/+17
order to assert BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: let self._test_spnego_bind_auth_level() return ↵Stefan Metzmacher1-4/+8
auth_context BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: let do_single_request() check stub length against ↵Stefan Metzmacher1-0/+1
alloc_hint BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: make use of assertPadding()Stefan Metzmacher1-128/+60
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: make use of assertPadding()Stefan Metzmacher1-8/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: add assertPadding() that allows IGNORE_RANDOM_PAD=1Stefan Metzmacher1-0/+16
Sometimes Windows returns non zero bytes in padding fields, we won't allow that by default, but IGNORE_RANDOM_PAD=1 will will only do the length check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: explicitly disconnect additional connectionsStefan Metzmacher1-0/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_testcase: disconnect on tearDown() of RawDCERPCTestStefan Metzmacher1-0/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/raw_protocol: rename test_spnego_packet_bind_sign_privacy => ↵Stefan Metzmacher1-1/+1
test_spnego_packet_bind_seal This makes it consistent with other tests like test_spnego_integrity_bind_seal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-23py:dcerpc/tests: rename dcerpc/string.py -> string_tests.pyStefan Metzmacher1-0/+0
Otherwise it's not possible to run the raw_protocol tests anymore: python/samba/tests/dcerpc/raw_protocol.py Traceback (most recent call last): File "python/samba/tests/dcerpc/raw_protocol.py", line 26, in <module> import samba.dcerpc.dcerpc as dcerpc File "bin/python/samba/__init__.py", line 32, in <module> from samba.compat import string_types File "bin/python/samba/compat.py", line 151, in <module> from urllib import quote as urllib_quote File "/usr/lib/python2.7/urllib.py", line 25, in <module> import string File "/abs/path/samba/python/samba/tests/dcerpc/string.py", line 22, in <module> # Some strings for ctype-style character classification File "bin/python/samba/tests/__init__.py", line 36, in <module> from samba.compat import text_type ImportError: cannot import name text_type This allows the following again: SMB_CONF_PATH=/dev/null \ SERVER=172.31.9.188 \ TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator \ PASSWORD=A1b2C3d4 \ DOMAIN=W2012R2-L6 \ REALM=W2012R2-L6.BASE \ python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-14PY3: change shebang to python3 in misc dirsJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Dec 14 18:00:40 CET 2018 on sn-devel-144
2018-11-20tests samr: Extra tests for samr_EnumDomainUserssGary Lockyer1-0/+144
Add extra tests to test the content returned by samr_EnumDomainUsers, and tests for the result caching added in the following commit. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-20test samr: Extra tests for samr_EnumDomainGroupsGary Lockyer1-0/+169
Add extra tests to test the content returned by samr_EnumDomainGroups, and tests for the result caching added in the following commit. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-20tests samr: remove PEP8 warningsGary Lockyer1-2/+4
Remove PEP8 warnings from the samr tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-20tests samr: Extra tests for samr_QueryDisplayInfoGary Lockyer1-1/+389
Add extra tests to test the content returned by samr_QueryDisplayInfo, which is not tested for the ADDC. Also adds tests for the result caching added in the following commit. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-01py/tests/dcerpc_integer: remove dup testsDouglas Bagnall1-14/+0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-01py/tests/dcerpc_rpc: Py3 compat integer typesDouglas Bagnall1-1/+2
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>
2018-10-25python/tests/raw_protocol: reveal shadowed test via disambiguationDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 12:16:51 +0000