search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
torture: Reproducer for 64c0367
[Samba/gebeck_regimport.git] / auth / credentials / tests / bind.py
blobaa4b17aaff40ae12eefc1cde531406419768a5a8
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
3 # This is unit with tests for LDAP access checks
4
5 import optparse
6 import sys
7 import base64
8 import re
9 import os
10 import copy
11 import time
12
13 sys.path.insert(0, "bin/python")
14 import samba
15 samba.ensure_external_module("testtools", "testtools")
16 samba.ensure_external_module("subunit", "subunit/python")
17
18 import samba.getopt as options
19
20 from ldb import (
21 SCOPE_BASE, SCOPE_SUBTREE, LdbError, ERR_NO_SUCH_OBJECT)
22 from samba.dcerpc import security
23
24 from samba.auth import system_session
25 from samba import gensec
26 from samba.samdb import SamDB
27 from samba.credentials import Credentials
28 import samba.tests, unittest
29 from samba.tests import delete_force
30 from subunit.run import SubunitTestRunner
31 from samba.tests import TestCase, TestSkipped
32
33 parser = optparse.OptionParser("ldap [options] <host>")
34 sambaopts = options.SambaOptions(parser)
35 parser.add_option_group(sambaopts)
36
37 # use command line creds if available
38 credopts = options.CredentialsOptions(parser)
39 parser.add_option_group(credopts)
40 opts, args = parser.parse_args()
41
42 if len(args) < 1:
43 parser.print_usage()
44 sys.exit(1)
45
46 host = args[0]
47 lp = sambaopts.get_loadparm()
48 creds = credopts.get_credentials(lp)
49 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
50 creds_machine = copy.deepcopy(creds)
51 creds_user1 = copy.deepcopy(creds)
52 creds_user2 = copy.deepcopy(creds)
53 creds_user3 = copy.deepcopy(creds)
54
55 class BindTests(samba.tests.TestCase):
56
57 info_dc = None
58
59 def setUp(self):
60 super(BindTests, self).setUp()
61 # fetch rootDSEs
62 if self.info_dc is None:
63 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
64 self.assertEquals(len(res), 1)
65 BindTests.info_dc = res[0]
66 # cache some of RootDSE props
67 self.schema_dn = self.info_dc["schemaNamingContext"][0]
68 self.domain_dn = self.info_dc["defaultNamingContext"][0]
69 self.config_dn = self.info_dc["configurationNamingContext"][0]
70 self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
71 self.password = "P@ssw0rd"
72 self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
73
74 def tearDown(self):
75 super(BindTests, self).tearDown()
76
77 def test_computer_account_bind(self):
78 # create a computer acocount for the test
79 delete_force(ldb, self.computer_dn)
80 ldb.add_ldif("""
81 dn: """ + self.computer_dn + """
82 cn: CENTOS53
83 displayName: CENTOS53$
84 name: CENTOS53
85 sAMAccountName: CENTOS53$
86 countryCode: 0
87 objectClass: computer
88 objectClass: organizationalPerson
89 objectClass: person
90 objectClass: top
91 objectClass: user
92 codePage: 0
93 userAccountControl: 4096
94 dNSHostName: centos53.alabala.test
95 operatingSystemVersion: 5.2 (3790)
96 operatingSystem: Windows Server 2003
97 """)
98 ldb.modify_ldif("""
99 dn: """ + self.computer_dn + """
100 changetype: modify
101 replace: unicodePwd
102 unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
103 """)
104
105 # do a simple bind and search with the machine account
106 creds_machine.set_bind_dn(self.computer_dn)
107 creds_machine.set_password(self.password)
108 print "BindTest with: " + creds_machine.get_bind_dn()
109 ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
110 lp=lp, ldap_only=True)
111 res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
112
113 def test_user_account_bind(self):
114 # create user
115 ldb.newuser(username=self.username, password=self.password)
116 ldb_res = ldb.search(base=self.domain_dn,
117 scope=SCOPE_SUBTREE,
118 expression="(samAccountName=%s)" % self.username)
119 self.assertEquals(len(ldb_res), 1)
120 user_dn = ldb_res[0]["dn"]
121
122 # do a simple bind and search with the user account in format user@realm
123 creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
124 creds_user1.set_password(self.password)
125 print "BindTest with: " + creds_user1.get_bind_dn()
126 ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
127 lp=lp, ldap_only=True)
128 res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
129
130 # do a simple bind and search with the user account in format domain\user
131 creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
132 creds_user2.set_password(self.password)
133 print "BindTest with: " + creds_user2.get_bind_dn()
134 ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
135 lp=lp, ldap_only=True)
136 res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
137
138 # do a simple bind and search with the user account DN
139 creds_user3.set_bind_dn(str(user_dn))
140 creds_user3.set_password(self.password)
141 print "BindTest with: " + creds_user3.get_bind_dn()
142 ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
143 lp=lp, ldap_only=True)
144 res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
145
146
147 ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
148
149 runner = SubunitTestRunner()
150 rc = 0
151 if not runner.run(unittest.makeSuite(BindTests)).wasSuccessful():
152 rc = 1
153
154 sys.exit(rc)
reg import