1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 """Tests for the Credentials Python bindings.
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
24 from samba import credentials
28 from samba.compat import PY3
30 class CredentialsTests(samba.tests.TestCaseInTempDir):
33 super(CredentialsTests, self).setUp()
34 self.creds = credentials.Credentials()
36 # Because Python 2 does not support 'x' mode and Python 3
37 # does not support 'wx' mode in open() function
38 # for exclusive creation
43 def test_set_username(self):
44 self.creds.set_username("somebody")
45 self.assertEqual("somebody", self.creds.get_username())
47 def test_set_password(self):
48 self.creds.set_password("S3CreT")
49 self.assertEqual("S3CreT", self.creds.get_password())
51 def test_set_utf16_password(self):
53 passbytes = password.encode('utf-16-le')
54 self.assertTrue(self.creds.set_utf16_password(passbytes))
55 self.assertEqual(password, self.creds.get_password())
57 def test_set_old_password(self):
58 self.assertEqual(None, self.creds.get_old_password())
59 self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
60 self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
62 def test_set_old_utf16_password(self):
63 password = '0ldS3cRet'
64 passbytes = password.encode('utf-16-le')
65 self.assertTrue(self.creds.set_old_utf16_password(passbytes))
66 self.assertEqual(password, self.creds.get_old_password())
68 def test_set_domain(self):
69 self.creds.set_domain("ABMAS")
70 self.assertEqual("ABMAS", self.creds.get_domain())
71 self.assertEqual(self.creds.get_principal(), None)
73 def test_set_realm(self):
74 self.creds.set_realm("myrealm")
75 self.assertEqual("MYREALM", self.creds.get_realm())
76 self.assertEqual(self.creds.get_principal(), None)
78 def test_parse_string_anon(self):
79 self.creds.parse_string("%")
80 self.assertEqual("", self.creds.get_username())
81 self.assertEqual(None, self.creds.get_password())
83 def test_parse_string_empty_pw(self):
84 self.creds.parse_string("someone%")
85 self.assertEqual("someone", self.creds.get_username())
86 self.assertEqual("", self.creds.get_password())
88 def test_parse_string_none_pw(self):
89 self.creds.parse_string("someone")
90 self.assertEqual("someone", self.creds.get_username())
91 self.assertEqual(None, self.creds.get_password())
93 def test_parse_string_user_pw_domain(self):
94 self.creds.parse_string("dom\\someone%secr")
95 self.assertEqual("someone", self.creds.get_username())
96 self.assertEqual("secr", self.creds.get_password())
97 self.assertEqual("DOM", self.creds.get_domain())
99 def test_bind_dn(self):
100 self.assertEqual(None, self.creds.get_bind_dn())
101 self.creds.set_bind_dn("dc=foo,cn=bar")
102 self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
104 def test_is_anon(self):
105 self.creds.set_username("")
106 self.assertTrue(self.creds.is_anonymous())
107 self.creds.set_username("somebody")
108 self.assertFalse(self.creds.is_anonymous())
109 self.creds.set_anonymous()
110 self.assertTrue(self.creds.is_anonymous())
112 def test_workstation(self):
113 # FIXME: This is uninitialised, it should be None
114 #self.assertEqual(None, self.creds.get_workstation())
115 self.creds.set_workstation("myworksta")
116 self.assertEqual("myworksta", self.creds.get_workstation())
118 def test_get_nt_hash(self):
120 hex_nthash="c2ae1fe6e648846352453e816f2aeb93"
121 self.creds.set_password(password)
122 self.assertEqual(password, self.creds.get_password())
123 self.assertEqual(binascii.a2b_hex(hex_nthash),
124 self.creds.get_nt_hash())
126 def test_get_ntlm_response(self):
128 hex_challenge="0123456789abcdef"
129 hex_nthash="cd06ca7c7e10c99b1d33b7485a2ed808"
130 hex_session_key="3f373ea8e4af954f14faa506f8eebdc4"
131 hex_ntlm_response="25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
132 self.creds.set_username("fred")
133 self.creds.set_domain("nurk")
134 self.creds.set_password(password)
135 self.assertEqual(password, self.creds.get_password())
136 self.assertEqual(binascii.a2b_hex(hex_nthash),
137 self.creds.get_nt_hash())
138 response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
139 challenge=binascii.a2b_hex(hex_challenge))
142 self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
143 self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
144 self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
147 def test_get_nt_hash_string(self):
148 self.creds.set_password_will_be_nt_hash(True)
149 hex_nthash="c2ae1fe6e648846352453e816f2aeb93"
150 self.creds.set_password(hex_nthash)
151 self.assertEqual(None, self.creds.get_password())
152 self.assertEqual(binascii.a2b_hex(hex_nthash),
153 self.creds.get_nt_hash())
155 def test_set_cmdline_callbacks(self):
156 self.creds.set_cmdline_callbacks()
158 def test_authentication_requested(self):
159 self.creds.set_username("")
160 self.assertFalse(self.creds.authentication_requested())
161 self.creds.set_username("somebody")
162 self.assertTrue(self.creds.authentication_requested())
164 def test_wrong_password(self):
165 self.assertFalse(self.creds.wrong_password())
167 def test_guess(self):
168 creds = credentials.Credentials()
169 lp = samba.tests.env_loadparm()
170 os.environ["USER"] = "env_user"
172 self.assertEqual(creds.get_username(), "env_user")
173 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
174 self.assertEqual(creds.get_realm(), None)
175 self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
176 self.assertEqual(creds.is_anonymous(), False)
177 self.assertEqual(creds.authentication_requested(), False)
179 def test_set_anonymous(self):
180 creds = credentials.Credentials()
181 lp = samba.tests.env_loadparm()
182 os.environ["USER"] = "env_user"
184 creds.set_anonymous()
185 self.assertEqual(creds.get_username(), "")
186 self.assertEqual(creds.get_domain(), "")
187 self.assertEqual(creds.get_realm(), None)
188 self.assertEqual(creds.get_principal(), None)
189 self.assertEqual(creds.is_anonymous(), True)
190 self.assertEqual(creds.authentication_requested(), False)
192 def test_parse_file_1(self):
193 realm="realm.example.com"
198 passwd_file_name = os.path.join(self.tempdir, "parse_file")
199 passwd_file_fd = open(passwd_file_name, self.open_mode)
200 passwd_file_fd.write("realm=%s\n" % realm)
201 passwd_file_fd.write("domain=%s\n" % domain)
202 passwd_file_fd.write("username=%s\n" % username)
203 passwd_file_fd.write("password=%s\n" % password)
204 passwd_file_fd.close()
205 self.creds.parse_file(passwd_file_name)
206 self.assertEqual(self.creds.get_username(), username)
207 self.assertEqual(self.creds.get_password(), password)
208 self.assertEqual(self.creds.get_domain(), domain.upper())
209 self.assertEqual(self.creds.get_realm(), realm.upper())
210 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
211 self.assertEqual(self.creds.is_anonymous(), False)
212 self.assertEqual(self.creds.authentication_requested(), True)
213 os.unlink(passwd_file_name)
215 def test_parse_file_2(self):
216 realm="realm.example.com"
221 passwd_file_name = os.path.join(self.tempdir, "parse_file")
222 passwd_file_fd = open(passwd_file_name, self.open_mode)
223 passwd_file_fd.write("realm=%s\n" % realm)
224 passwd_file_fd.write("domain=%s\n" % domain)
225 passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
226 passwd_file_fd.write("password=%s\n" % password)
227 passwd_file_fd.close()
228 self.creds.parse_file(passwd_file_name)
229 self.assertEqual(self.creds.get_username(), username)
230 self.assertEqual(self.creds.get_password(), password)
231 self.assertEqual(self.creds.get_domain(), domain.upper())
232 self.assertEqual(self.creds.get_realm(), realm.upper())
233 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
234 self.assertEqual(self.creds.is_anonymous(), False)
235 self.assertEqual(self.creds.authentication_requested(), True)
236 os.unlink(passwd_file_name)
238 def test_parse_file_3(self):
239 realm="realm.example.com"
246 passwd_file_name = os.path.join(self.tempdir, "parse_file")
247 passwd_file_fd = open(passwd_file_name, self.open_mode)
248 passwd_file_fd.write("realm=%s\n" % realm)
249 passwd_file_fd.write("domain=%s\n" % domain)
250 passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
251 passwd_file_fd.write("password=%s\n" % password)
252 passwd_file_fd.close()
253 self.creds.parse_file(passwd_file_name)
254 self.assertEqual(self.creds.get_username(), username)
255 self.assertEqual(self.creds.get_password(), password)
256 self.assertEqual(self.creds.get_domain(), userdom.upper())
257 self.assertEqual(self.creds.get_realm(), userdom.upper())
258 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
259 self.assertEqual(self.creds.is_anonymous(), False)
260 self.assertEqual(self.creds.authentication_requested(), True)
261 os.unlink(passwd_file_name)
263 def test_parse_file_4(self):
264 realm="realm.example.com"
271 passwd_file_name = os.path.join(self.tempdir, "parse_file")
272 passwd_file_fd = open(passwd_file_name, self.open_mode)
273 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
274 passwd_file_fd.write("realm=ignorerealm\n")
275 passwd_file_fd.write("domain=ignoredomain\n")
276 passwd_file_fd.write("password=ignorepassword\n")
277 passwd_file_fd.close()
278 self.creds.parse_file(passwd_file_name)
279 self.assertEqual(self.creds.get_username(), username)
280 self.assertEqual(self.creds.get_password(), password)
281 self.assertEqual(self.creds.get_domain(), userdom.upper())
282 self.assertEqual(self.creds.get_realm(), userdom.upper())
283 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
284 self.assertEqual(self.creds.is_anonymous(), False)
285 self.assertEqual(self.creds.authentication_requested(), True)
286 os.unlink(passwd_file_name)
288 def test_parse_file_5(self):
289 realm="realm.example.com"
296 passwd_file_name = os.path.join(self.tempdir, "parse_file")
297 passwd_file_fd = open(passwd_file_name, self.open_mode)
298 passwd_file_fd.write("realm=ignorerealm\n")
299 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
300 passwd_file_fd.write("domain=ignoredomain\n")
301 passwd_file_fd.write("password=ignorepassword\n")
302 passwd_file_fd.close()
303 self.creds.parse_file(passwd_file_name)
304 self.assertEqual(self.creds.get_username(), username)
305 self.assertEqual(self.creds.get_password(), password)
306 self.assertEqual(self.creds.get_domain(), userdom.upper())
307 self.assertEqual(self.creds.get_realm(), userdom.upper())
308 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
309 self.assertEqual(self.creds.is_anonymous(), False)
310 self.assertEqual(self.creds.authentication_requested(), True)
311 os.unlink(passwd_file_name)
313 def test_parse_username_0(self):
314 creds = credentials.Credentials()
315 lp = samba.tests.env_loadparm()
316 os.environ["USER"] = "env_user"
318 creds.parse_string("user")
319 self.assertEqual(creds.get_username(), "user")
320 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
321 self.assertEqual(creds.get_realm(), None)
322 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
323 self.assertEqual(creds.is_anonymous(), False)
324 self.assertEqual(creds.authentication_requested(), True)
326 def test_parse_username_1(self):
327 creds = credentials.Credentials()
328 lp = samba.tests.env_loadparm()
329 os.environ["USER"] = "env_user"
331 realm = "realm.example.com"
332 creds.set_realm(realm, credentials.UNINITIALISED)
333 creds.parse_string("user")
334 self.assertEqual(creds.get_username(), "user")
335 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
336 self.assertEqual(creds.get_realm(), realm.upper())
337 self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
338 self.assertEqual(creds.is_anonymous(), False)
339 self.assertEqual(creds.authentication_requested(), True)
341 def test_parse_username_with_domain_0(self):
342 creds = credentials.Credentials()
343 lp = samba.tests.env_loadparm()
344 os.environ["USER"] = "env_user"
346 creds.parse_string("domain\\user")
347 self.assertEqual(creds.get_username(), "user")
348 self.assertEqual(creds.get_domain(), "DOMAIN")
349 self.assertEqual(creds.get_realm(), None)
350 self.assertEqual(creds.get_principal(), "user@DOMAIN")
351 self.assertEqual(creds.is_anonymous(), False)
352 self.assertEqual(creds.authentication_requested(), True)
354 def test_parse_username_with_domain_1(self):
355 creds = credentials.Credentials()
356 lp = samba.tests.env_loadparm()
357 os.environ["USER"] = "env_user"
359 realm = "realm.example.com"
360 creds.set_realm(realm, credentials.UNINITIALISED)
361 self.assertEqual(creds.get_username(), "env_user")
362 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
363 self.assertEqual(creds.get_realm(), realm.upper())
364 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
365 creds.set_principal("unknown@realm.example.com")
366 self.assertEqual(creds.get_username(), "env_user")
367 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
368 self.assertEqual(creds.get_realm(), realm.upper())
369 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
370 creds.parse_string("domain\\user")
371 self.assertEqual(creds.get_username(), "user")
372 self.assertEqual(creds.get_domain(), "DOMAIN")
373 self.assertEqual(creds.get_realm(), realm.upper())
374 self.assertEqual(creds.get_principal(), "user@DOMAIN")
375 self.assertEqual(creds.is_anonymous(), False)
376 self.assertEqual(creds.authentication_requested(), True)
378 def test_parse_username_with_domain_2(self):
379 creds = credentials.Credentials()
380 lp = samba.tests.env_loadparm()
381 os.environ["USER"] = "env_user"
383 realm = "realm.example.com"
384 creds.set_realm(realm, credentials.SPECIFIED)
385 self.assertEqual(creds.get_username(), "env_user")
386 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
387 self.assertEqual(creds.get_realm(), realm.upper())
388 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
389 creds.set_principal("unknown@realm.example.com")
390 self.assertEqual(creds.get_username(), "env_user")
391 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
392 self.assertEqual(creds.get_realm(), realm.upper())
393 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
394 creds.parse_string("domain\\user")
395 self.assertEqual(creds.get_username(), "user")
396 self.assertEqual(creds.get_domain(), "DOMAIN")
397 self.assertEqual(creds.get_realm(), "DOMAIN")
398 self.assertEqual(creds.get_principal(), "user@DOMAIN")
399 self.assertEqual(creds.is_anonymous(), False)
400 self.assertEqual(creds.authentication_requested(), True)
402 def test_parse_username_with_realm(self):
403 creds = credentials.Credentials()
404 lp = samba.tests.env_loadparm()
405 os.environ["USER"] = "env_user"
407 creds.parse_string("user@samba.org")
408 self.assertEqual(creds.get_username(), "user@samba.org")
409 self.assertEqual(creds.get_domain(), "")
410 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
411 self.assertEqual(creds.get_principal(), "user@samba.org")
412 self.assertEqual(creds.is_anonymous(), False)
413 self.assertEqual(creds.authentication_requested(), True)
415 def test_parse_username_pw(self):
416 creds = credentials.Credentials()
417 lp = samba.tests.env_loadparm()
418 os.environ["USER"] = "env_user"
420 creds.parse_string("user%pass")
421 self.assertEqual(creds.get_username(), "user")
422 self.assertEqual(creds.get_password(), "pass")
423 self.assertEqual(creds.get_domain(), lp.get("workgroup"))
424 self.assertEqual(creds.get_realm(), None)
425 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
426 self.assertEqual(creds.is_anonymous(), False)
427 self.assertEqual(creds.authentication_requested(), True)
429 def test_parse_username_with_domain_pw(self):
430 creds = credentials.Credentials()
431 lp = samba.tests.env_loadparm()
432 os.environ["USER"] = "env_user"
434 creds.parse_string("domain\\user%pass")
435 self.assertEqual(creds.get_username(), "user")
436 self.assertEqual(creds.get_domain(), "DOMAIN")
437 self.assertEqual(creds.get_password(), "pass")
438 self.assertEqual(creds.get_realm(), None)
439 self.assertEqual(creds.get_principal(), "user@DOMAIN")
440 self.assertEqual(creds.is_anonymous(), False)
441 self.assertEqual(creds.authentication_requested(), True)
443 def test_parse_username_with_realm_pw(self):
444 creds = credentials.Credentials()
445 lp = samba.tests.env_loadparm()
446 os.environ["USER"] = "env_user"
448 creds.parse_string("user@samba.org%pass")
449 self.assertEqual(creds.get_username(), "user@samba.org")
450 self.assertEqual(creds.get_domain(), "")
451 self.assertEqual(creds.get_password(), "pass")
452 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
453 self.assertEqual(creds.get_principal(), "user@samba.org")
454 self.assertEqual(creds.is_anonymous(), False)
455 self.assertEqual(creds.authentication_requested(), True)