search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_ceph_new: common prefix to debug-log messages
[Samba.git] / python / samba / tests / credentials.py
blobf9781f8ba036196d30b30ef87901feae648b8ca9
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 """Tests for the Credentials Python bindings.
19
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
22 """
23
24 from samba import credentials
25 import samba.tests
26 import os
27 import binascii
28 from samba.dcerpc import misc
29
30
31 class CredentialsTests(samba.tests.TestCaseInTempDir):
32
33 def setUp(self):
34 super().setUp()
35 self.creds = credentials.Credentials()
36
37 def test_set_username(self):
38 self.creds.set_username("somebody")
39 self.assertEqual("somebody", self.creds.get_username())
40
41 def test_set_password(self):
42 self.creds.set_password("S3CreT")
43 self.assertEqual("S3CreT", self.creds.get_password())
44
45 def test_set_utf16_password(self):
46 password = 'S3cRet'
47 passbytes = password.encode('utf-16-le')
48 self.assertTrue(self.creds.set_utf16_password(passbytes))
49 self.assertEqual(password, self.creds.get_password())
50
51 def test_set_old_password(self):
52 self.assertEqual(None, self.creds.get_old_password())
53 self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
54 self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
55
56 def test_set_old_utf16_password(self):
57 password = '0ldS3cRet'
58 passbytes = password.encode('utf-16-le')
59 self.assertTrue(self.creds.set_old_utf16_password(passbytes))
60 self.assertEqual(password, self.creds.get_old_password())
61
62 def test_set_domain(self):
63 self.creds.set_domain("ABMAS")
64 self.assertEqual("ABMAS", self.creds.get_domain())
65 self.assertEqual(self.creds.get_principal(), None)
66
67 def test_set_realm(self):
68 self.creds.set_realm("myrealm")
69 self.assertEqual("MYREALM", self.creds.get_realm())
70 self.assertEqual(self.creds.get_principal(), None)
71
72 def test_parse_string_anon(self):
73 self.creds.parse_string("%")
74 self.assertEqual("", self.creds.get_username())
75 self.assertEqual(None, self.creds.get_password())
76
77 def test_parse_string_empty_pw(self):
78 self.creds.parse_string("someone%")
79 self.assertEqual("someone", self.creds.get_username())
80 self.assertEqual("", self.creds.get_password())
81
82 def test_parse_string_none_pw(self):
83 self.creds.parse_string("someone")
84 self.assertEqual("someone", self.creds.get_username())
85 self.assertEqual(None, self.creds.get_password())
86
87 def test_parse_string_user_pw_domain(self):
88 self.creds.parse_string("dom\\someone%secr")
89 self.assertEqual("someone", self.creds.get_username())
90 self.assertEqual("secr", self.creds.get_password())
91 self.assertEqual("DOM", self.creds.get_domain())
92
93 def test_bind_dn(self):
94 self.assertEqual(None, self.creds.get_bind_dn())
95 self.creds.set_bind_dn("dc=foo,cn=bar")
96 self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
97
98 def test_is_anon(self):
99 self.creds.set_username("")
100 self.assertTrue(self.creds.is_anonymous())
101 self.creds.set_username("somebody")
102 self.assertFalse(self.creds.is_anonymous())
103 self.creds.set_anonymous()
104 self.assertTrue(self.creds.is_anonymous())
105
106 def test_workstation(self):
107 # FIXME: This is uninitialised, it should be None
108 #self.assertEqual(None, self.creds.get_workstation())
109 self.creds.set_workstation("myworksta")
110 self.assertEqual("myworksta", self.creds.get_workstation())
111
112 def test_secure_channel_type(self):
113 self.assertEqual(misc.SEC_CHAN_NULL,
114 self.creds.get_secure_channel_type())
115 self.creds.set_secure_channel_type(misc.SEC_CHAN_BDC)
116 self.assertEqual(misc.SEC_CHAN_BDC,
117 self.creds.get_secure_channel_type())
118
119 def test_get_nt_hash(self):
120 password = "geheim"
121 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
122 self.creds.set_password(password)
123 self.assertEqual(password, self.creds.get_password())
124 self.assertEqual(binascii.a2b_hex(hex_nthash),
125 self.creds.get_nt_hash())
126
127 def test_get_ntlm_response(self):
128 password = "SecREt01"
129 hex_challenge = "0123456789abcdef"
130 hex_nthash = "cd06ca7c7e10c99b1d33b7485a2ed808"
131 hex_session_key = "3f373ea8e4af954f14faa506f8eebdc4"
132 hex_ntlm_response = "25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
133 self.creds.set_username("fred")
134 self.creds.set_domain("nurk")
135 self.creds.set_password(password)
136 self.assertEqual(password, self.creds.get_password())
137 self.assertEqual(binascii.a2b_hex(hex_nthash),
138 self.creds.get_nt_hash())
139 response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
140 challenge=binascii.a2b_hex(hex_challenge))
141
142 self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
143 self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
144 self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
145
146 def test_get_nt_hash_string(self):
147 self.creds.set_password_will_be_nt_hash(True)
148 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
149 self.creds.set_password(hex_nthash)
150 self.assertEqual(None, self.creds.get_password())
151 self.assertEqual(binascii.a2b_hex(hex_nthash),
152 self.creds.get_nt_hash())
153
154 def test_set_cmdline_callbacks(self):
155 self.creds.set_cmdline_callbacks()
156
157 def test_authentication_requested(self):
158 self.creds.set_username("")
159 self.assertFalse(self.creds.authentication_requested())
160 self.creds.set_username("somebody")
161 self.assertTrue(self.creds.authentication_requested())
162
163 def test_wrong_password(self):
164 self.assertFalse(self.creds.wrong_password())
165
166 def test_guess(self):
167 creds = credentials.Credentials()
168 lp = samba.tests.env_loadparm()
169 os.environ["USER"] = "env_user"
170 creds.guess(lp)
171 self.assertEqual(creds.get_username(), "env_user")
172 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
173 self.assertEqual(creds.get_realm(), None)
174 self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
175 self.assertEqual(creds.is_anonymous(), False)
176 self.assertEqual(creds.authentication_requested(), False)
177
178 def test_set_anonymous(self):
179 creds = credentials.Credentials()
180 lp = samba.tests.env_loadparm()
181 os.environ["USER"] = "env_user"
182 creds.guess(lp)
183 creds.set_anonymous()
184 self.assertEqual(creds.get_username(), "")
185 self.assertEqual(creds.get_domain(), "")
186 self.assertEqual(creds.get_realm(), None)
187 self.assertEqual(creds.get_principal(), None)
188 self.assertEqual(creds.is_anonymous(), True)
189 self.assertEqual(creds.authentication_requested(), False)
190
191 def test_parse_file_1(self):
192 realm = "realm.example.com"
193 domain = "dom"
194 password = "pass"
195 username = "user"
196
197 passwd_file_name = os.path.join(self.tempdir, "parse_file")
198 passwd_file_fd = open(passwd_file_name, 'x')
199 passwd_file_fd.write("realm=%s\n" % realm)
200 passwd_file_fd.write("domain=%s\n" % domain)
201 passwd_file_fd.write("username=%s\n" % username)
202 passwd_file_fd.write("password=%s\n" % password)
203 passwd_file_fd.close()
204 self.creds.parse_file(passwd_file_name)
205 self.assertEqual(self.creds.get_username(), username)
206 self.assertEqual(self.creds.get_password(), password)
207 self.assertEqual(self.creds.get_domain(), domain.upper())
208 self.assertEqual(self.creds.get_realm(), realm.upper())
209 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
210 self.assertEqual(self.creds.is_anonymous(), False)
211 self.assertEqual(self.creds.authentication_requested(), True)
212 os.unlink(passwd_file_name)
213
214 def test_parse_file_2(self):
215 realm = "realm.example.com"
216 domain = "dom"
217 password = "pass"
218 username = "user"
219
220 passwd_file_name = os.path.join(self.tempdir, "parse_file")
221 passwd_file_fd = open(passwd_file_name, 'x')
222 passwd_file_fd.write("realm=%s\n" % realm)
223 passwd_file_fd.write("domain=%s\n" % domain)
224 passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
225 passwd_file_fd.write("password=%s\n" % password)
226 passwd_file_fd.close()
227 self.creds.parse_file(passwd_file_name)
228 self.assertEqual(self.creds.get_username(), username)
229 self.assertEqual(self.creds.get_password(), password)
230 self.assertEqual(self.creds.get_domain(), domain.upper())
231 self.assertEqual(self.creds.get_realm(), realm.upper())
232 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
233 self.assertEqual(self.creds.is_anonymous(), False)
234 self.assertEqual(self.creds.authentication_requested(), True)
235 os.unlink(passwd_file_name)
236
237 def test_parse_file_3(self):
238 realm = "realm.example.com"
239 domain = "domain"
240 password = "password"
241 username = "username"
242
243 userdom = "userdom"
244
245 passwd_file_name = os.path.join(self.tempdir, "parse_file")
246 passwd_file_fd = open(passwd_file_name, 'x')
247 passwd_file_fd.write("realm=%s\n" % realm)
248 passwd_file_fd.write("domain=%s\n" % domain)
249 passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
250 passwd_file_fd.write("password=%s\n" % password)
251 passwd_file_fd.close()
252 self.creds.parse_file(passwd_file_name)
253 self.assertEqual(self.creds.get_username(), username)
254 self.assertEqual(self.creds.get_password(), password)
255 self.assertEqual(self.creds.get_domain(), userdom.upper())
256 self.assertEqual(self.creds.get_realm(), userdom.upper())
257 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
258 self.assertEqual(self.creds.is_anonymous(), False)
259 self.assertEqual(self.creds.authentication_requested(), True)
260 os.unlink(passwd_file_name)
261
262 def test_parse_file_4(self):
263 password = "password"
264 username = "username"
265
266 userdom = "userdom"
267
268 passwd_file_name = os.path.join(self.tempdir, "parse_file")
269 passwd_file_fd = open(passwd_file_name, 'x')
270 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
271 passwd_file_fd.write("realm=ignorerealm\n")
272 passwd_file_fd.write("domain=ignoredomain\n")
273 passwd_file_fd.write("password=ignorepassword\n")
274 passwd_file_fd.close()
275 self.creds.parse_file(passwd_file_name)
276 self.assertEqual(self.creds.get_username(), username)
277 self.assertEqual(self.creds.get_password(), password)
278 self.assertEqual(self.creds.get_domain(), userdom.upper())
279 self.assertEqual(self.creds.get_realm(), userdom.upper())
280 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
281 self.assertEqual(self.creds.is_anonymous(), False)
282 self.assertEqual(self.creds.authentication_requested(), True)
283 os.unlink(passwd_file_name)
284
285 def test_parse_file_5(self):
286 password = "password"
287 username = "username"
288
289 userdom = "userdom"
290
291 passwd_file_name = os.path.join(self.tempdir, "parse_file")
292 passwd_file_fd = open(passwd_file_name, 'x')
293 passwd_file_fd.write("realm=ignorerealm\n")
294 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
295 passwd_file_fd.write("domain=ignoredomain\n")
296 passwd_file_fd.write("password=ignorepassword\n")
297 passwd_file_fd.close()
298 self.creds.parse_file(passwd_file_name)
299 self.assertEqual(self.creds.get_username(), username)
300 self.assertEqual(self.creds.get_password(), password)
301 self.assertEqual(self.creds.get_domain(), userdom.upper())
302 self.assertEqual(self.creds.get_realm(), userdom.upper())
303 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
304 self.assertEqual(self.creds.is_anonymous(), False)
305 self.assertEqual(self.creds.authentication_requested(), True)
306 os.unlink(passwd_file_name)
307
308 def test_parse_username_0(self):
309 creds = credentials.Credentials()
310 lp = samba.tests.env_loadparm()
311 os.environ["USER"] = "env_user"
312 creds.guess(lp)
313 creds.parse_string("user")
314 self.assertEqual(creds.get_username(), "user")
315 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
316 self.assertEqual(creds.get_realm(), None)
317 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
318 self.assertEqual(creds.is_anonymous(), False)
319 self.assertEqual(creds.authentication_requested(), True)
320
321 def test_parse_username_1(self):
322 creds = credentials.Credentials()
323 lp = samba.tests.env_loadparm()
324 os.environ["USER"] = "env_user"
325 creds.guess(lp)
326 realm = "realm.example.com"
327 creds.set_realm(realm, credentials.SMB_CONF)
328 creds.parse_string("user")
329 self.assertEqual(creds.get_username(), "user")
330 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
331 self.assertEqual(creds.get_realm(), realm.upper())
332 self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
333 self.assertEqual(creds.is_anonymous(), False)
334 self.assertEqual(creds.authentication_requested(), True)
335
336 def test_parse_username_with_domain_0(self):
337 creds = credentials.Credentials()
338 lp = samba.tests.env_loadparm()
339 os.environ["USER"] = "env_user"
340 creds.guess(lp)
341 creds.parse_string("domain\\user")
342 self.assertEqual(creds.get_username(), "user")
343 self.assertEqual(creds.get_domain(), "DOMAIN")
344 self.assertEqual(creds.get_realm(), None)
345 self.assertEqual(creds.get_principal(), "user@DOMAIN")
346 self.assertEqual(creds.is_anonymous(), False)
347 self.assertEqual(creds.authentication_requested(), True)
348
349 def test_parse_username_with_domain_1(self):
350 creds = credentials.Credentials()
351 lp = samba.tests.env_loadparm()
352 os.environ["USER"] = "env_user"
353 creds.guess(lp)
354 realm = "realm.example.com"
355 creds.set_realm(realm, credentials.SMB_CONF)
356 self.assertEqual(creds.get_username(), "env_user")
357 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
358 self.assertEqual(creds.get_realm(), realm.upper())
359 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
360 creds.set_principal("unknown@realm.example.com")
361 self.assertEqual(creds.get_username(), "env_user")
362 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
363 self.assertEqual(creds.get_realm(), realm.upper())
364 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
365 creds.parse_string("domain\\user")
366 self.assertEqual(creds.get_username(), "user")
367 self.assertEqual(creds.get_domain(), "DOMAIN")
368 self.assertEqual(creds.get_realm(), realm.upper())
369 self.assertEqual(creds.get_principal(), "user@DOMAIN")
370 self.assertEqual(creds.is_anonymous(), False)
371 self.assertEqual(creds.authentication_requested(), True)
372
373 def test_parse_username_with_domain_2(self):
374 creds = credentials.Credentials()
375 lp = samba.tests.env_loadparm()
376 os.environ["USER"] = "env_user"
377 creds.guess(lp)
378 realm = "realm.example.com"
379 creds.set_realm(realm, credentials.SPECIFIED)
380 self.assertEqual(creds.get_username(), "env_user")
381 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
382 self.assertEqual(creds.get_realm(), realm.upper())
383 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
384 creds.set_principal("unknown@realm.example.com")
385 self.assertEqual(creds.get_username(), "env_user")
386 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
387 self.assertEqual(creds.get_realm(), realm.upper())
388 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
389 creds.parse_string("domain\\user")
390 self.assertEqual(creds.get_username(), "user")
391 self.assertEqual(creds.get_domain(), "DOMAIN")
392 self.assertEqual(creds.get_realm(), "DOMAIN")
393 self.assertEqual(creds.get_principal(), "user@DOMAIN")
394 self.assertEqual(creds.is_anonymous(), False)
395 self.assertEqual(creds.authentication_requested(), True)
396
397 def test_parse_username_with_realm(self):
398 creds = credentials.Credentials()
399 lp = samba.tests.env_loadparm()
400 os.environ["USER"] = "env_user"
401 creds.guess(lp)
402 creds.parse_string("user@samba.org")
403 self.assertEqual(creds.get_username(), "user@samba.org")
404 self.assertEqual(creds.get_domain(), "")
405 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
406 self.assertEqual(creds.get_principal(), "user@samba.org")
407 self.assertEqual(creds.is_anonymous(), False)
408 self.assertEqual(creds.authentication_requested(), True)
409
410 def test_parse_username_pw(self):
411 creds = credentials.Credentials()
412 lp = samba.tests.env_loadparm()
413 os.environ["USER"] = "env_user"
414 creds.guess(lp)
415 creds.parse_string("user%pass")
416 self.assertEqual(creds.get_username(), "user")
417 self.assertEqual(creds.get_password(), "pass")
418 self.assertEqual(creds.get_domain(), lp.get("workgroup"))
419 self.assertEqual(creds.get_realm(), None)
420 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
421 self.assertEqual(creds.is_anonymous(), False)
422 self.assertEqual(creds.authentication_requested(), True)
423
424 def test_parse_username_with_domain_pw(self):
425 creds = credentials.Credentials()
426 lp = samba.tests.env_loadparm()
427 os.environ["USER"] = "env_user"
428 creds.guess(lp)
429 creds.parse_string("domain\\user%pass")
430 self.assertEqual(creds.get_username(), "user")
431 self.assertEqual(creds.get_domain(), "DOMAIN")
432 self.assertEqual(creds.get_password(), "pass")
433 self.assertEqual(creds.get_realm(), None)
434 self.assertEqual(creds.get_principal(), "user@DOMAIN")
435 self.assertEqual(creds.is_anonymous(), False)
436 self.assertEqual(creds.authentication_requested(), True)
437
438 def test_parse_username_with_realm_pw(self):
439 creds = credentials.Credentials()
440 lp = samba.tests.env_loadparm()
441 os.environ["USER"] = "env_user"
442 creds.guess(lp)
443 creds.parse_string("user@samba.org%pass")
444 self.assertEqual(creds.get_username(), "user@samba.org")
445 self.assertEqual(creds.get_domain(), "")
446 self.assertEqual(creds.get_password(), "pass")
447 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
448 self.assertEqual(creds.get_principal(), "user@samba.org")
449 self.assertEqual(creds.is_anonymous(), False)
450 self.assertEqual(creds.authentication_requested(), True)
451
452 def test_smb_signing(self):
453 creds = credentials.Credentials()
454 self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_DEFAULT)
455 creds.set_smb_signing(credentials.SMB_SIGNING_REQUIRED)
456 self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_REQUIRED)
457
458 def test_smb_signing_set_conf(self):
459 lp = samba.tests.env_loadparm()
460
461 creds = credentials.Credentials()
462 creds.set_conf(lp)
463 self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_DEFAULT)
464 creds.set_smb_signing(credentials.SMB_SIGNING_OFF)
465 self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_OFF)
466 creds.set_conf(lp)
467 self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_OFF)
468
469 def test_smb_ipc_signing(self):
470 creds = credentials.Credentials()
471 self.assertEqual(creds.get_smb_ipc_signing(), credentials.SMB_SIGNING_REQUIRED)
472 creds.set_smb_ipc_signing(credentials.SMB_SIGNING_OFF)
473 self.assertEqual(creds.get_smb_ipc_signing(), credentials.SMB_SIGNING_OFF)
474
475 def test_smb_ipc_signing_set_conf(self):
476 lp = samba.tests.env_loadparm()
477
478 creds = credentials.Credentials()
479 creds.set_conf(lp)
480 self.assertEqual(creds.get_smb_ipc_signing(), credentials.SMB_SIGNING_REQUIRED)
481 creds.set_smb_ipc_signing(credentials.SMB_SIGNING_OFF)
482 self.assertEqual(creds.get_smb_ipc_signing(), credentials.SMB_SIGNING_OFF)
483 creds.set_conf(lp)
484 self.assertEqual(creds.get_smb_ipc_signing(), credentials.SMB_SIGNING_OFF)
485
486 def test_smb_encryption(self):
487 creds = credentials.Credentials()
488 self.assertEqual(creds.get_smb_encryption(), credentials.SMB_ENCRYPTION_DEFAULT)
489 creds.set_smb_encryption(credentials.SMB_ENCRYPTION_REQUIRED)
490 self.assertEqual(creds.get_smb_encryption(), credentials.SMB_ENCRYPTION_REQUIRED)
491
492 def test_smb_encryption_set_conf(self):
493 lp = samba.tests.env_loadparm()
494
495 creds = credentials.Credentials()
496 creds.set_conf(lp)
497 self.assertEqual(creds.get_smb_encryption(), credentials.SMB_ENCRYPTION_DEFAULT)
498 creds.set_smb_encryption(credentials.SMB_ENCRYPTION_OFF)
499 self.assertEqual(creds.get_smb_encryption(), credentials.SMB_ENCRYPTION_OFF)
500 creds.set_conf(lp)
501 self.assertEqual(creds.get_smb_encryption(), credentials.SMB_ENCRYPTION_OFF)
Samba GIT mirror