1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 """Tests for the Credentials Python bindings.
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
24 from samba import credentials
28 from samba.compat import PY3
29 from samba.dcerpc import misc
32 class CredentialsTests(samba.tests.TestCaseInTempDir):
35 super(CredentialsTests, self).setUp()
36 self.creds = credentials.Credentials()
38 # Because Python 2 does not support 'x' mode and Python 3
39 # does not support 'wx' mode in open() function
40 # for exclusive creation
45 def test_set_username(self):
46 self.creds.set_username("somebody")
47 self.assertEqual("somebody", self.creds.get_username())
49 def test_set_password(self):
50 self.creds.set_password("S3CreT")
51 self.assertEqual("S3CreT", self.creds.get_password())
53 def test_set_utf16_password(self):
55 passbytes = password.encode('utf-16-le')
56 self.assertTrue(self.creds.set_utf16_password(passbytes))
57 self.assertEqual(password, self.creds.get_password())
59 def test_set_old_password(self):
60 self.assertEqual(None, self.creds.get_old_password())
61 self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
62 self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
64 def test_set_old_utf16_password(self):
65 password = '0ldS3cRet'
66 passbytes = password.encode('utf-16-le')
67 self.assertTrue(self.creds.set_old_utf16_password(passbytes))
68 self.assertEqual(password, self.creds.get_old_password())
70 def test_set_domain(self):
71 self.creds.set_domain("ABMAS")
72 self.assertEqual("ABMAS", self.creds.get_domain())
73 self.assertEqual(self.creds.get_principal(), None)
75 def test_set_realm(self):
76 self.creds.set_realm("myrealm")
77 self.assertEqual("MYREALM", self.creds.get_realm())
78 self.assertEqual(self.creds.get_principal(), None)
80 def test_parse_string_anon(self):
81 self.creds.parse_string("%")
82 self.assertEqual("", self.creds.get_username())
83 self.assertEqual(None, self.creds.get_password())
85 def test_parse_string_empty_pw(self):
86 self.creds.parse_string("someone%")
87 self.assertEqual("someone", self.creds.get_username())
88 self.assertEqual("", self.creds.get_password())
90 def test_parse_string_none_pw(self):
91 self.creds.parse_string("someone")
92 self.assertEqual("someone", self.creds.get_username())
93 self.assertEqual(None, self.creds.get_password())
95 def test_parse_string_user_pw_domain(self):
96 self.creds.parse_string("dom\\someone%secr")
97 self.assertEqual("someone", self.creds.get_username())
98 self.assertEqual("secr", self.creds.get_password())
99 self.assertEqual("DOM", self.creds.get_domain())
101 def test_bind_dn(self):
102 self.assertEqual(None, self.creds.get_bind_dn())
103 self.creds.set_bind_dn("dc=foo,cn=bar")
104 self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
106 def test_is_anon(self):
107 self.creds.set_username("")
108 self.assertTrue(self.creds.is_anonymous())
109 self.creds.set_username("somebody")
110 self.assertFalse(self.creds.is_anonymous())
111 self.creds.set_anonymous()
112 self.assertTrue(self.creds.is_anonymous())
114 def test_workstation(self):
115 # FIXME: This is uninitialised, it should be None
116 #self.assertEqual(None, self.creds.get_workstation())
117 self.creds.set_workstation("myworksta")
118 self.assertEqual("myworksta", self.creds.get_workstation())
120 def test_secure_channel_type(self):
121 self.assertEqual(misc.SEC_CHAN_NULL,
122 self.creds.get_secure_channel_type())
123 self.creds.set_secure_channel_type(misc.SEC_CHAN_BDC)
124 self.assertEqual(misc.SEC_CHAN_BDC,
125 self.creds.get_secure_channel_type())
127 def test_get_nt_hash(self):
129 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
130 self.creds.set_password(password)
131 self.assertEqual(password, self.creds.get_password())
132 self.assertEqual(binascii.a2b_hex(hex_nthash),
133 self.creds.get_nt_hash())
135 def test_get_ntlm_response(self):
136 password = "SecREt01"
137 hex_challenge = "0123456789abcdef"
138 hex_nthash = "cd06ca7c7e10c99b1d33b7485a2ed808"
139 hex_session_key = "3f373ea8e4af954f14faa506f8eebdc4"
140 hex_ntlm_response = "25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
141 self.creds.set_username("fred")
142 self.creds.set_domain("nurk")
143 self.creds.set_password(password)
144 self.assertEqual(password, self.creds.get_password())
145 self.assertEqual(binascii.a2b_hex(hex_nthash),
146 self.creds.get_nt_hash())
147 response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
148 challenge=binascii.a2b_hex(hex_challenge))
150 self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
151 self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
152 self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
154 def test_get_nt_hash_string(self):
155 self.creds.set_password_will_be_nt_hash(True)
156 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
157 self.creds.set_password(hex_nthash)
158 self.assertEqual(None, self.creds.get_password())
159 self.assertEqual(binascii.a2b_hex(hex_nthash),
160 self.creds.get_nt_hash())
162 def test_set_cmdline_callbacks(self):
163 self.creds.set_cmdline_callbacks()
165 def test_authentication_requested(self):
166 self.creds.set_username("")
167 self.assertFalse(self.creds.authentication_requested())
168 self.creds.set_username("somebody")
169 self.assertTrue(self.creds.authentication_requested())
171 def test_wrong_password(self):
172 self.assertFalse(self.creds.wrong_password())
174 def test_guess(self):
175 creds = credentials.Credentials()
176 lp = samba.tests.env_loadparm()
177 os.environ["USER"] = "env_user"
179 self.assertEqual(creds.get_username(), "env_user")
180 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
181 self.assertEqual(creds.get_realm(), None)
182 self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
183 self.assertEqual(creds.is_anonymous(), False)
184 self.assertEqual(creds.authentication_requested(), False)
186 def test_set_anonymous(self):
187 creds = credentials.Credentials()
188 lp = samba.tests.env_loadparm()
189 os.environ["USER"] = "env_user"
191 creds.set_anonymous()
192 self.assertEqual(creds.get_username(), "")
193 self.assertEqual(creds.get_domain(), "")
194 self.assertEqual(creds.get_realm(), None)
195 self.assertEqual(creds.get_principal(), None)
196 self.assertEqual(creds.is_anonymous(), True)
197 self.assertEqual(creds.authentication_requested(), False)
199 def test_parse_file_1(self):
200 realm = "realm.example.com"
205 passwd_file_name = os.path.join(self.tempdir, "parse_file")
206 passwd_file_fd = open(passwd_file_name, self.open_mode)
207 passwd_file_fd.write("realm=%s\n" % realm)
208 passwd_file_fd.write("domain=%s\n" % domain)
209 passwd_file_fd.write("username=%s\n" % username)
210 passwd_file_fd.write("password=%s\n" % password)
211 passwd_file_fd.close()
212 self.creds.parse_file(passwd_file_name)
213 self.assertEqual(self.creds.get_username(), username)
214 self.assertEqual(self.creds.get_password(), password)
215 self.assertEqual(self.creds.get_domain(), domain.upper())
216 self.assertEqual(self.creds.get_realm(), realm.upper())
217 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
218 self.assertEqual(self.creds.is_anonymous(), False)
219 self.assertEqual(self.creds.authentication_requested(), True)
220 os.unlink(passwd_file_name)
222 def test_parse_file_2(self):
223 realm = "realm.example.com"
228 passwd_file_name = os.path.join(self.tempdir, "parse_file")
229 passwd_file_fd = open(passwd_file_name, self.open_mode)
230 passwd_file_fd.write("realm=%s\n" % realm)
231 passwd_file_fd.write("domain=%s\n" % domain)
232 passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
233 passwd_file_fd.write("password=%s\n" % password)
234 passwd_file_fd.close()
235 self.creds.parse_file(passwd_file_name)
236 self.assertEqual(self.creds.get_username(), username)
237 self.assertEqual(self.creds.get_password(), password)
238 self.assertEqual(self.creds.get_domain(), domain.upper())
239 self.assertEqual(self.creds.get_realm(), realm.upper())
240 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
241 self.assertEqual(self.creds.is_anonymous(), False)
242 self.assertEqual(self.creds.authentication_requested(), True)
243 os.unlink(passwd_file_name)
245 def test_parse_file_3(self):
246 realm = "realm.example.com"
248 password = "password"
249 username = "username"
253 passwd_file_name = os.path.join(self.tempdir, "parse_file")
254 passwd_file_fd = open(passwd_file_name, self.open_mode)
255 passwd_file_fd.write("realm=%s\n" % realm)
256 passwd_file_fd.write("domain=%s\n" % domain)
257 passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
258 passwd_file_fd.write("password=%s\n" % password)
259 passwd_file_fd.close()
260 self.creds.parse_file(passwd_file_name)
261 self.assertEqual(self.creds.get_username(), username)
262 self.assertEqual(self.creds.get_password(), password)
263 self.assertEqual(self.creds.get_domain(), userdom.upper())
264 self.assertEqual(self.creds.get_realm(), userdom.upper())
265 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
266 self.assertEqual(self.creds.is_anonymous(), False)
267 self.assertEqual(self.creds.authentication_requested(), True)
268 os.unlink(passwd_file_name)
270 def test_parse_file_4(self):
271 realm = "realm.example.com"
273 password = "password"
274 username = "username"
278 passwd_file_name = os.path.join(self.tempdir, "parse_file")
279 passwd_file_fd = open(passwd_file_name, self.open_mode)
280 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
281 passwd_file_fd.write("realm=ignorerealm\n")
282 passwd_file_fd.write("domain=ignoredomain\n")
283 passwd_file_fd.write("password=ignorepassword\n")
284 passwd_file_fd.close()
285 self.creds.parse_file(passwd_file_name)
286 self.assertEqual(self.creds.get_username(), username)
287 self.assertEqual(self.creds.get_password(), password)
288 self.assertEqual(self.creds.get_domain(), userdom.upper())
289 self.assertEqual(self.creds.get_realm(), userdom.upper())
290 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
291 self.assertEqual(self.creds.is_anonymous(), False)
292 self.assertEqual(self.creds.authentication_requested(), True)
293 os.unlink(passwd_file_name)
295 def test_parse_file_5(self):
296 realm = "realm.example.com"
298 password = "password"
299 username = "username"
303 passwd_file_name = os.path.join(self.tempdir, "parse_file")
304 passwd_file_fd = open(passwd_file_name, self.open_mode)
305 passwd_file_fd.write("realm=ignorerealm\n")
306 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
307 passwd_file_fd.write("domain=ignoredomain\n")
308 passwd_file_fd.write("password=ignorepassword\n")
309 passwd_file_fd.close()
310 self.creds.parse_file(passwd_file_name)
311 self.assertEqual(self.creds.get_username(), username)
312 self.assertEqual(self.creds.get_password(), password)
313 self.assertEqual(self.creds.get_domain(), userdom.upper())
314 self.assertEqual(self.creds.get_realm(), userdom.upper())
315 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
316 self.assertEqual(self.creds.is_anonymous(), False)
317 self.assertEqual(self.creds.authentication_requested(), True)
318 os.unlink(passwd_file_name)
320 def test_parse_username_0(self):
321 creds = credentials.Credentials()
322 lp = samba.tests.env_loadparm()
323 os.environ["USER"] = "env_user"
325 creds.parse_string("user")
326 self.assertEqual(creds.get_username(), "user")
327 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
328 self.assertEqual(creds.get_realm(), None)
329 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
330 self.assertEqual(creds.is_anonymous(), False)
331 self.assertEqual(creds.authentication_requested(), True)
333 def test_parse_username_1(self):
334 creds = credentials.Credentials()
335 lp = samba.tests.env_loadparm()
336 os.environ["USER"] = "env_user"
338 realm = "realm.example.com"
339 creds.set_realm(realm, credentials.UNINITIALISED)
340 creds.parse_string("user")
341 self.assertEqual(creds.get_username(), "user")
342 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
343 self.assertEqual(creds.get_realm(), realm.upper())
344 self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
345 self.assertEqual(creds.is_anonymous(), False)
346 self.assertEqual(creds.authentication_requested(), True)
348 def test_parse_username_with_domain_0(self):
349 creds = credentials.Credentials()
350 lp = samba.tests.env_loadparm()
351 os.environ["USER"] = "env_user"
353 creds.parse_string("domain\\user")
354 self.assertEqual(creds.get_username(), "user")
355 self.assertEqual(creds.get_domain(), "DOMAIN")
356 self.assertEqual(creds.get_realm(), None)
357 self.assertEqual(creds.get_principal(), "user@DOMAIN")
358 self.assertEqual(creds.is_anonymous(), False)
359 self.assertEqual(creds.authentication_requested(), True)
361 def test_parse_username_with_domain_1(self):
362 creds = credentials.Credentials()
363 lp = samba.tests.env_loadparm()
364 os.environ["USER"] = "env_user"
366 realm = "realm.example.com"
367 creds.set_realm(realm, credentials.UNINITIALISED)
368 self.assertEqual(creds.get_username(), "env_user")
369 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
370 self.assertEqual(creds.get_realm(), realm.upper())
371 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
372 creds.set_principal("unknown@realm.example.com")
373 self.assertEqual(creds.get_username(), "env_user")
374 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
375 self.assertEqual(creds.get_realm(), realm.upper())
376 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
377 creds.parse_string("domain\\user")
378 self.assertEqual(creds.get_username(), "user")
379 self.assertEqual(creds.get_domain(), "DOMAIN")
380 self.assertEqual(creds.get_realm(), realm.upper())
381 self.assertEqual(creds.get_principal(), "user@DOMAIN")
382 self.assertEqual(creds.is_anonymous(), False)
383 self.assertEqual(creds.authentication_requested(), True)
385 def test_parse_username_with_domain_2(self):
386 creds = credentials.Credentials()
387 lp = samba.tests.env_loadparm()
388 os.environ["USER"] = "env_user"
390 realm = "realm.example.com"
391 creds.set_realm(realm, credentials.SPECIFIED)
392 self.assertEqual(creds.get_username(), "env_user")
393 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
394 self.assertEqual(creds.get_realm(), realm.upper())
395 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
396 creds.set_principal("unknown@realm.example.com")
397 self.assertEqual(creds.get_username(), "env_user")
398 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
399 self.assertEqual(creds.get_realm(), realm.upper())
400 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
401 creds.parse_string("domain\\user")
402 self.assertEqual(creds.get_username(), "user")
403 self.assertEqual(creds.get_domain(), "DOMAIN")
404 self.assertEqual(creds.get_realm(), "DOMAIN")
405 self.assertEqual(creds.get_principal(), "user@DOMAIN")
406 self.assertEqual(creds.is_anonymous(), False)
407 self.assertEqual(creds.authentication_requested(), True)
409 def test_parse_username_with_realm(self):
410 creds = credentials.Credentials()
411 lp = samba.tests.env_loadparm()
412 os.environ["USER"] = "env_user"
414 creds.parse_string("user@samba.org")
415 self.assertEqual(creds.get_username(), "user@samba.org")
416 self.assertEqual(creds.get_domain(), "")
417 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
418 self.assertEqual(creds.get_principal(), "user@samba.org")
419 self.assertEqual(creds.is_anonymous(), False)
420 self.assertEqual(creds.authentication_requested(), True)
422 def test_parse_username_pw(self):
423 creds = credentials.Credentials()
424 lp = samba.tests.env_loadparm()
425 os.environ["USER"] = "env_user"
427 creds.parse_string("user%pass")
428 self.assertEqual(creds.get_username(), "user")
429 self.assertEqual(creds.get_password(), "pass")
430 self.assertEqual(creds.get_domain(), lp.get("workgroup"))
431 self.assertEqual(creds.get_realm(), None)
432 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
433 self.assertEqual(creds.is_anonymous(), False)
434 self.assertEqual(creds.authentication_requested(), True)
436 def test_parse_username_with_domain_pw(self):
437 creds = credentials.Credentials()
438 lp = samba.tests.env_loadparm()
439 os.environ["USER"] = "env_user"
441 creds.parse_string("domain\\user%pass")
442 self.assertEqual(creds.get_username(), "user")
443 self.assertEqual(creds.get_domain(), "DOMAIN")
444 self.assertEqual(creds.get_password(), "pass")
445 self.assertEqual(creds.get_realm(), None)
446 self.assertEqual(creds.get_principal(), "user@DOMAIN")
447 self.assertEqual(creds.is_anonymous(), False)
448 self.assertEqual(creds.authentication_requested(), True)
450 def test_parse_username_with_realm_pw(self):
451 creds = credentials.Credentials()
452 lp = samba.tests.env_loadparm()
453 os.environ["USER"] = "env_user"
455 creds.parse_string("user@samba.org%pass")
456 self.assertEqual(creds.get_username(), "user@samba.org")
457 self.assertEqual(creds.get_domain(), "")
458 self.assertEqual(creds.get_password(), "pass")
459 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
460 self.assertEqual(creds.get_principal(), "user@samba.org")
461 self.assertEqual(creds.is_anonymous(), False)
462 self.assertEqual(creds.authentication_requested(), True)