1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 """Tests for the Credentials Python bindings.
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
24 from samba import credentials
28 from samba.compat import PY3
29 from samba.dcerpc import misc
32 class CredentialsTests(samba.tests.TestCaseInTempDir):
35 super(CredentialsTests, self).setUp()
36 self.creds = credentials.Credentials()
38 # Because Python 2 does not support 'x' mode and Python 3
39 # does not support 'wx' mode in open() function
40 # for exclusive creation
45 def test_set_username(self):
46 self.creds.set_username("somebody")
47 self.assertEqual("somebody", self.creds.get_username())
49 def test_set_password(self):
50 self.creds.set_password("S3CreT")
51 self.assertEqual("S3CreT", self.creds.get_password())
53 def test_set_utf16_password(self):
55 passbytes = password.encode('utf-16-le')
56 self.assertTrue(self.creds.set_utf16_password(passbytes))
57 self.assertEqual(password, self.creds.get_password())
59 def test_set_old_password(self):
60 self.assertEqual(None, self.creds.get_old_password())
61 self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
62 self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
64 def test_set_old_utf16_password(self):
65 password = '0ldS3cRet'
66 passbytes = password.encode('utf-16-le')
67 self.assertTrue(self.creds.set_old_utf16_password(passbytes))
68 self.assertEqual(password, self.creds.get_old_password())
70 def test_set_domain(self):
71 self.creds.set_domain("ABMAS")
72 self.assertEqual("ABMAS", self.creds.get_domain())
73 self.assertEqual(self.creds.get_principal(), None)
75 def test_set_realm(self):
76 self.creds.set_realm("myrealm")
77 self.assertEqual("MYREALM", self.creds.get_realm())
78 self.assertEqual(self.creds.get_principal(), None)
80 def test_parse_string_anon(self):
81 self.creds.parse_string("%")
82 self.assertEqual("", self.creds.get_username())
83 self.assertEqual(None, self.creds.get_password())
85 def test_parse_string_empty_pw(self):
86 self.creds.parse_string("someone%")
87 self.assertEqual("someone", self.creds.get_username())
88 self.assertEqual("", self.creds.get_password())
90 def test_parse_string_none_pw(self):
91 self.creds.parse_string("someone")
92 self.assertEqual("someone", self.creds.get_username())
93 self.assertEqual(None, self.creds.get_password())
95 def test_parse_string_user_pw_domain(self):
96 self.creds.parse_string("dom\\someone%secr")
97 self.assertEqual("someone", self.creds.get_username())
98 self.assertEqual("secr", self.creds.get_password())
99 self.assertEqual("DOM", self.creds.get_domain())
101 def test_bind_dn(self):
102 self.assertEqual(None, self.creds.get_bind_dn())
103 self.creds.set_bind_dn("dc=foo,cn=bar")
104 self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
106 def test_is_anon(self):
107 self.creds.set_username("")
108 self.assertTrue(self.creds.is_anonymous())
109 self.creds.set_username("somebody")
110 self.assertFalse(self.creds.is_anonymous())
111 self.creds.set_anonymous()
112 self.assertTrue(self.creds.is_anonymous())
114 def test_workstation(self):
115 # FIXME: This is uninitialised, it should be None
116 #self.assertEqual(None, self.creds.get_workstation())
117 self.creds.set_workstation("myworksta")
118 self.assertEqual("myworksta", self.creds.get_workstation())
120 def test_secure_channel_type(self):
121 self.assertEqual(misc.SEC_CHAN_NULL,
122 self.creds.get_secure_channel_type())
123 self.creds.set_secure_channel_type(misc.SEC_CHAN_BDC)
124 self.assertEqual(misc.SEC_CHAN_BDC,
125 self.creds.get_secure_channel_type())
127 def test_get_nt_hash(self):
129 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
130 self.creds.set_password(password)
131 self.assertEqual(password, self.creds.get_password())
132 self.assertEqual(binascii.a2b_hex(hex_nthash),
133 self.creds.get_nt_hash())
135 def test_get_ntlm_response(self):
136 password = "SecREt01"
137 hex_challenge = "0123456789abcdef"
138 hex_nthash = "cd06ca7c7e10c99b1d33b7485a2ed808"
139 hex_session_key = "3f373ea8e4af954f14faa506f8eebdc4"
140 hex_ntlm_response = "25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
141 self.creds.set_username("fred")
142 self.creds.set_domain("nurk")
143 self.creds.set_password(password)
144 self.assertEqual(password, self.creds.get_password())
145 self.assertEqual(binascii.a2b_hex(hex_nthash),
146 self.creds.get_nt_hash())
147 response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
148 challenge=binascii.a2b_hex(hex_challenge))
151 self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
152 self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
153 self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
156 def test_get_nt_hash_string(self):
157 self.creds.set_password_will_be_nt_hash(True)
158 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
159 self.creds.set_password(hex_nthash)
160 self.assertEqual(None, self.creds.get_password())
161 self.assertEqual(binascii.a2b_hex(hex_nthash),
162 self.creds.get_nt_hash())
164 def test_set_cmdline_callbacks(self):
165 self.creds.set_cmdline_callbacks()
167 def test_authentication_requested(self):
168 self.creds.set_username("")
169 self.assertFalse(self.creds.authentication_requested())
170 self.creds.set_username("somebody")
171 self.assertTrue(self.creds.authentication_requested())
173 def test_wrong_password(self):
174 self.assertFalse(self.creds.wrong_password())
176 def test_guess(self):
177 creds = credentials.Credentials()
178 lp = samba.tests.env_loadparm()
179 os.environ["USER"] = "env_user"
181 self.assertEqual(creds.get_username(), "env_user")
182 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
183 self.assertEqual(creds.get_realm(), None)
184 self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
185 self.assertEqual(creds.is_anonymous(), False)
186 self.assertEqual(creds.authentication_requested(), False)
188 def test_set_anonymous(self):
189 creds = credentials.Credentials()
190 lp = samba.tests.env_loadparm()
191 os.environ["USER"] = "env_user"
193 creds.set_anonymous()
194 self.assertEqual(creds.get_username(), "")
195 self.assertEqual(creds.get_domain(), "")
196 self.assertEqual(creds.get_realm(), None)
197 self.assertEqual(creds.get_principal(), None)
198 self.assertEqual(creds.is_anonymous(), True)
199 self.assertEqual(creds.authentication_requested(), False)
201 def test_parse_file_1(self):
202 realm = "realm.example.com"
207 passwd_file_name = os.path.join(self.tempdir, "parse_file")
208 passwd_file_fd = open(passwd_file_name, self.open_mode)
209 passwd_file_fd.write("realm=%s\n" % realm)
210 passwd_file_fd.write("domain=%s\n" % domain)
211 passwd_file_fd.write("username=%s\n" % username)
212 passwd_file_fd.write("password=%s\n" % password)
213 passwd_file_fd.close()
214 self.creds.parse_file(passwd_file_name)
215 self.assertEqual(self.creds.get_username(), username)
216 self.assertEqual(self.creds.get_password(), password)
217 self.assertEqual(self.creds.get_domain(), domain.upper())
218 self.assertEqual(self.creds.get_realm(), realm.upper())
219 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
220 self.assertEqual(self.creds.is_anonymous(), False)
221 self.assertEqual(self.creds.authentication_requested(), True)
222 os.unlink(passwd_file_name)
224 def test_parse_file_2(self):
225 realm = "realm.example.com"
230 passwd_file_name = os.path.join(self.tempdir, "parse_file")
231 passwd_file_fd = open(passwd_file_name, self.open_mode)
232 passwd_file_fd.write("realm=%s\n" % realm)
233 passwd_file_fd.write("domain=%s\n" % domain)
234 passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
235 passwd_file_fd.write("password=%s\n" % password)
236 passwd_file_fd.close()
237 self.creds.parse_file(passwd_file_name)
238 self.assertEqual(self.creds.get_username(), username)
239 self.assertEqual(self.creds.get_password(), password)
240 self.assertEqual(self.creds.get_domain(), domain.upper())
241 self.assertEqual(self.creds.get_realm(), realm.upper())
242 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
243 self.assertEqual(self.creds.is_anonymous(), False)
244 self.assertEqual(self.creds.authentication_requested(), True)
245 os.unlink(passwd_file_name)
247 def test_parse_file_3(self):
248 realm = "realm.example.com"
250 password = "password"
251 username = "username"
255 passwd_file_name = os.path.join(self.tempdir, "parse_file")
256 passwd_file_fd = open(passwd_file_name, self.open_mode)
257 passwd_file_fd.write("realm=%s\n" % realm)
258 passwd_file_fd.write("domain=%s\n" % domain)
259 passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
260 passwd_file_fd.write("password=%s\n" % password)
261 passwd_file_fd.close()
262 self.creds.parse_file(passwd_file_name)
263 self.assertEqual(self.creds.get_username(), username)
264 self.assertEqual(self.creds.get_password(), password)
265 self.assertEqual(self.creds.get_domain(), userdom.upper())
266 self.assertEqual(self.creds.get_realm(), userdom.upper())
267 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
268 self.assertEqual(self.creds.is_anonymous(), False)
269 self.assertEqual(self.creds.authentication_requested(), True)
270 os.unlink(passwd_file_name)
272 def test_parse_file_4(self):
273 realm = "realm.example.com"
275 password = "password"
276 username = "username"
280 passwd_file_name = os.path.join(self.tempdir, "parse_file")
281 passwd_file_fd = open(passwd_file_name, self.open_mode)
282 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
283 passwd_file_fd.write("realm=ignorerealm\n")
284 passwd_file_fd.write("domain=ignoredomain\n")
285 passwd_file_fd.write("password=ignorepassword\n")
286 passwd_file_fd.close()
287 self.creds.parse_file(passwd_file_name)
288 self.assertEqual(self.creds.get_username(), username)
289 self.assertEqual(self.creds.get_password(), password)
290 self.assertEqual(self.creds.get_domain(), userdom.upper())
291 self.assertEqual(self.creds.get_realm(), userdom.upper())
292 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
293 self.assertEqual(self.creds.is_anonymous(), False)
294 self.assertEqual(self.creds.authentication_requested(), True)
295 os.unlink(passwd_file_name)
297 def test_parse_file_5(self):
298 realm = "realm.example.com"
300 password = "password"
301 username = "username"
305 passwd_file_name = os.path.join(self.tempdir, "parse_file")
306 passwd_file_fd = open(passwd_file_name, self.open_mode)
307 passwd_file_fd.write("realm=ignorerealm\n")
308 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
309 passwd_file_fd.write("domain=ignoredomain\n")
310 passwd_file_fd.write("password=ignorepassword\n")
311 passwd_file_fd.close()
312 self.creds.parse_file(passwd_file_name)
313 self.assertEqual(self.creds.get_username(), username)
314 self.assertEqual(self.creds.get_password(), password)
315 self.assertEqual(self.creds.get_domain(), userdom.upper())
316 self.assertEqual(self.creds.get_realm(), userdom.upper())
317 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
318 self.assertEqual(self.creds.is_anonymous(), False)
319 self.assertEqual(self.creds.authentication_requested(), True)
320 os.unlink(passwd_file_name)
322 def test_parse_username_0(self):
323 creds = credentials.Credentials()
324 lp = samba.tests.env_loadparm()
325 os.environ["USER"] = "env_user"
327 creds.parse_string("user")
328 self.assertEqual(creds.get_username(), "user")
329 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
330 self.assertEqual(creds.get_realm(), None)
331 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
332 self.assertEqual(creds.is_anonymous(), False)
333 self.assertEqual(creds.authentication_requested(), True)
335 def test_parse_username_1(self):
336 creds = credentials.Credentials()
337 lp = samba.tests.env_loadparm()
338 os.environ["USER"] = "env_user"
340 realm = "realm.example.com"
341 creds.set_realm(realm, credentials.UNINITIALISED)
342 creds.parse_string("user")
343 self.assertEqual(creds.get_username(), "user")
344 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
345 self.assertEqual(creds.get_realm(), realm.upper())
346 self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
347 self.assertEqual(creds.is_anonymous(), False)
348 self.assertEqual(creds.authentication_requested(), True)
350 def test_parse_username_with_domain_0(self):
351 creds = credentials.Credentials()
352 lp = samba.tests.env_loadparm()
353 os.environ["USER"] = "env_user"
355 creds.parse_string("domain\\user")
356 self.assertEqual(creds.get_username(), "user")
357 self.assertEqual(creds.get_domain(), "DOMAIN")
358 self.assertEqual(creds.get_realm(), None)
359 self.assertEqual(creds.get_principal(), "user@DOMAIN")
360 self.assertEqual(creds.is_anonymous(), False)
361 self.assertEqual(creds.authentication_requested(), True)
363 def test_parse_username_with_domain_1(self):
364 creds = credentials.Credentials()
365 lp = samba.tests.env_loadparm()
366 os.environ["USER"] = "env_user"
368 realm = "realm.example.com"
369 creds.set_realm(realm, credentials.UNINITIALISED)
370 self.assertEqual(creds.get_username(), "env_user")
371 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
372 self.assertEqual(creds.get_realm(), realm.upper())
373 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
374 creds.set_principal("unknown@realm.example.com")
375 self.assertEqual(creds.get_username(), "env_user")
376 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
377 self.assertEqual(creds.get_realm(), realm.upper())
378 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
379 creds.parse_string("domain\\user")
380 self.assertEqual(creds.get_username(), "user")
381 self.assertEqual(creds.get_domain(), "DOMAIN")
382 self.assertEqual(creds.get_realm(), realm.upper())
383 self.assertEqual(creds.get_principal(), "user@DOMAIN")
384 self.assertEqual(creds.is_anonymous(), False)
385 self.assertEqual(creds.authentication_requested(), True)
387 def test_parse_username_with_domain_2(self):
388 creds = credentials.Credentials()
389 lp = samba.tests.env_loadparm()
390 os.environ["USER"] = "env_user"
392 realm = "realm.example.com"
393 creds.set_realm(realm, credentials.SPECIFIED)
394 self.assertEqual(creds.get_username(), "env_user")
395 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
396 self.assertEqual(creds.get_realm(), realm.upper())
397 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
398 creds.set_principal("unknown@realm.example.com")
399 self.assertEqual(creds.get_username(), "env_user")
400 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
401 self.assertEqual(creds.get_realm(), realm.upper())
402 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
403 creds.parse_string("domain\\user")
404 self.assertEqual(creds.get_username(), "user")
405 self.assertEqual(creds.get_domain(), "DOMAIN")
406 self.assertEqual(creds.get_realm(), "DOMAIN")
407 self.assertEqual(creds.get_principal(), "user@DOMAIN")
408 self.assertEqual(creds.is_anonymous(), False)
409 self.assertEqual(creds.authentication_requested(), True)
411 def test_parse_username_with_realm(self):
412 creds = credentials.Credentials()
413 lp = samba.tests.env_loadparm()
414 os.environ["USER"] = "env_user"
416 creds.parse_string("user@samba.org")
417 self.assertEqual(creds.get_username(), "user@samba.org")
418 self.assertEqual(creds.get_domain(), "")
419 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
420 self.assertEqual(creds.get_principal(), "user@samba.org")
421 self.assertEqual(creds.is_anonymous(), False)
422 self.assertEqual(creds.authentication_requested(), True)
424 def test_parse_username_pw(self):
425 creds = credentials.Credentials()
426 lp = samba.tests.env_loadparm()
427 os.environ["USER"] = "env_user"
429 creds.parse_string("user%pass")
430 self.assertEqual(creds.get_username(), "user")
431 self.assertEqual(creds.get_password(), "pass")
432 self.assertEqual(creds.get_domain(), lp.get("workgroup"))
433 self.assertEqual(creds.get_realm(), None)
434 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
435 self.assertEqual(creds.is_anonymous(), False)
436 self.assertEqual(creds.authentication_requested(), True)
438 def test_parse_username_with_domain_pw(self):
439 creds = credentials.Credentials()
440 lp = samba.tests.env_loadparm()
441 os.environ["USER"] = "env_user"
443 creds.parse_string("domain\\user%pass")
444 self.assertEqual(creds.get_username(), "user")
445 self.assertEqual(creds.get_domain(), "DOMAIN")
446 self.assertEqual(creds.get_password(), "pass")
447 self.assertEqual(creds.get_realm(), None)
448 self.assertEqual(creds.get_principal(), "user@DOMAIN")
449 self.assertEqual(creds.is_anonymous(), False)
450 self.assertEqual(creds.authentication_requested(), True)
452 def test_parse_username_with_realm_pw(self):
453 creds = credentials.Credentials()
454 lp = samba.tests.env_loadparm()
455 os.environ["USER"] = "env_user"
457 creds.parse_string("user@samba.org%pass")
458 self.assertEqual(creds.get_username(), "user@samba.org")
459 self.assertEqual(creds.get_domain(), "")
460 self.assertEqual(creds.get_password(), "pass")
461 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
462 self.assertEqual(creds.get_principal(), "user@samba.org")
463 self.assertEqual(creds.is_anonymous(), False)
464 self.assertEqual(creds.authentication_requested(), True)