1 # Unix SMB/CIFS implementation.
3 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 """Smoke test for encrypted secrets
21 A quick test to confirm that the secret attributes are being stored
29 from samba
.tests
import TestCase
30 from samba
.credentials
import Credentials
31 from samba
.samdb
import SamDB
32 from samba
.auth
import system_session
33 from samba
.ndr
import ndr_unpack
34 from samba
.dcerpc
import drsblobs
37 class EncryptedSecretsTests(TestCase
):
40 super(EncryptedSecretsTests
, self
).setUp()
41 self
.lp
= samba
.tests
.env_loadparm()
42 self
.creds
= Credentials()
43 self
.session
= system_session()
44 self
.creds
.guess(self
.lp
)
45 self
.session
= system_session()
46 self
.ldb
= SamDB(session_info
=self
.session
,
47 credentials
=self
.creds
,
50 def test_encrypted_secrets(self
):
51 """Test that secret attributes are stored encrypted on disk"""
52 basedn
= self
.ldb
.domain_dn()
53 backend_filename
= "%s.ldb" % basedn
.upper()
54 backend_subpath
= os
.path
.join("sam.ldb.d",
56 backend_path
= self
.lp
.private_path(backend_subpath
)
57 backenddb
= ldb
.Ldb("ldb://" + backend_path
, flags
=ldb
.FLG_DONT_CREATE_DB
)
59 dn
= "CN=Administrator,CN=Users,%s" % basedn
61 res
= backenddb
.search(scope
=ldb
.SCOPE_BASE
,
64 self
.assertIs(True, len(res
) > 0)
66 blob
= obj
["unicodePwd"][0]
67 self
.assertTrue(len(blob
) > 30)
68 # Now verify that the header contains the correct magic value.
69 encrypted
= ndr_unpack(drsblobs
.EncryptedSecret
, blob
)
71 self
.assertEqual(magic
, encrypted
.header
.magic
)
73 def test_required_features(self
):
74 """Test that databases are provisioned with encryptedSecrets as a
77 res
= self
.ldb
.search(scope
=ldb
.SCOPE_BASE
,
79 attrs
=["requiredFeatures"])
80 self
.assertTrue(len(res
) > 0)
81 self
.assertTrue("requiredFeatures" in res
[0])
82 required_features
= res
[0]["requiredFeatures"]
83 self
.assertTrue(b
"encryptedSecrets" in required_features
)