bddbc46b94eec00d95256a1aef9f57f8dcbe6662
[nivanova/samba-autobuild/.git] / python / samba / tests / credentials.py
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 """Tests for the Credentials Python bindings.
19
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
22 """
23
24 from samba import credentials
25 import samba.tests
26 import os
27 import binascii
28 from samba.compat import PY3
29 from samba.dcerpc import misc
30
31 class CredentialsTests(samba.tests.TestCaseInTempDir):
32
33     def setUp(self):
34         super(CredentialsTests, self).setUp()
35         self.creds = credentials.Credentials()
36         if PY3:
37             # Because Python 2 does not support 'x' mode and Python 3
38             # does not support 'wx' mode in open() function
39             # for exclusive creation
40             self.open_mode = 'x'
41         else:
42             self.open_mode = 'wx'
43
44     def test_set_username(self):
45         self.creds.set_username("somebody")
46         self.assertEqual("somebody", self.creds.get_username())
47
48     def test_set_password(self):
49         self.creds.set_password("S3CreT")
50         self.assertEqual("S3CreT", self.creds.get_password())
51
52     def test_set_utf16_password(self):
53         password = 'S3cRet'
54         passbytes = password.encode('utf-16-le')
55         self.assertTrue(self.creds.set_utf16_password(passbytes))
56         self.assertEqual(password, self.creds.get_password())
57
58     def test_set_old_password(self):
59         self.assertEqual(None, self.creds.get_old_password())
60         self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
61         self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
62
63     def test_set_old_utf16_password(self):
64         password = '0ldS3cRet'
65         passbytes = password.encode('utf-16-le')
66         self.assertTrue(self.creds.set_old_utf16_password(passbytes))
67         self.assertEqual(password, self.creds.get_old_password())
68
69     def test_set_domain(self):
70         self.creds.set_domain("ABMAS")
71         self.assertEqual("ABMAS", self.creds.get_domain())
72         self.assertEqual(self.creds.get_principal(), None)
73
74     def test_set_realm(self):
75         self.creds.set_realm("myrealm")
76         self.assertEqual("MYREALM", self.creds.get_realm())
77         self.assertEqual(self.creds.get_principal(), None)
78
79     def test_parse_string_anon(self):
80         self.creds.parse_string("%")
81         self.assertEqual("", self.creds.get_username())
82         self.assertEqual(None, self.creds.get_password())
83
84     def test_parse_string_empty_pw(self):
85         self.creds.parse_string("someone%")
86         self.assertEqual("someone", self.creds.get_username())
87         self.assertEqual("", self.creds.get_password())
88
89     def test_parse_string_none_pw(self):
90         self.creds.parse_string("someone")
91         self.assertEqual("someone", self.creds.get_username())
92         self.assertEqual(None, self.creds.get_password())
93
94     def test_parse_string_user_pw_domain(self):
95         self.creds.parse_string("dom\\someone%secr")
96         self.assertEqual("someone", self.creds.get_username())
97         self.assertEqual("secr", self.creds.get_password())
98         self.assertEqual("DOM", self.creds.get_domain())
99
100     def test_bind_dn(self):
101         self.assertEqual(None, self.creds.get_bind_dn())
102         self.creds.set_bind_dn("dc=foo,cn=bar")
103         self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
104
105     def test_is_anon(self):
106         self.creds.set_username("")
107         self.assertTrue(self.creds.is_anonymous())
108         self.creds.set_username("somebody")
109         self.assertFalse(self.creds.is_anonymous())
110         self.creds.set_anonymous()
111         self.assertTrue(self.creds.is_anonymous())
112
113     def test_workstation(self):
114         # FIXME: This is uninitialised, it should be None
115         #self.assertEqual(None, self.creds.get_workstation())
116         self.creds.set_workstation("myworksta")
117         self.assertEqual("myworksta", self.creds.get_workstation())
118
119     def test_secure_channel_type(self):
120         self.assertEqual(misc.SEC_CHAN_NULL,
121                          self.creds.get_secure_channel_type())
122         self.creds.set_secure_channel_type(misc.SEC_CHAN_BDC)
123         self.assertEqual(misc.SEC_CHAN_BDC,
124                          self.creds.get_secure_channel_type())
125
126     def test_get_nt_hash(self):
127         password="geheim"
128         hex_nthash="c2ae1fe6e648846352453e816f2aeb93"
129         self.creds.set_password(password)
130         self.assertEqual(password, self.creds.get_password())
131         self.assertEqual(binascii.a2b_hex(hex_nthash),
132                          self.creds.get_nt_hash())
133
134     def test_get_ntlm_response(self):
135         password="SecREt01"
136         hex_challenge="0123456789abcdef"
137         hex_nthash="cd06ca7c7e10c99b1d33b7485a2ed808"
138         hex_session_key="3f373ea8e4af954f14faa506f8eebdc4"
139         hex_ntlm_response="25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
140         self.creds.set_username("fred")
141         self.creds.set_domain("nurk")
142         self.creds.set_password(password)
143         self.assertEqual(password, self.creds.get_password())
144         self.assertEqual(binascii.a2b_hex(hex_nthash),
145                          self.creds.get_nt_hash())
146         response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
147                                                 challenge=binascii.a2b_hex(hex_challenge))
148
149
150         self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
151         self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
152         self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
153
154
155     def test_get_nt_hash_string(self):
156         self.creds.set_password_will_be_nt_hash(True)
157         hex_nthash="c2ae1fe6e648846352453e816f2aeb93"
158         self.creds.set_password(hex_nthash)
159         self.assertEqual(None, self.creds.get_password())
160         self.assertEqual(binascii.a2b_hex(hex_nthash),
161                          self.creds.get_nt_hash())
162
163     def test_set_cmdline_callbacks(self):
164         self.creds.set_cmdline_callbacks()
165
166     def test_authentication_requested(self):
167         self.creds.set_username("")
168         self.assertFalse(self.creds.authentication_requested())
169         self.creds.set_username("somebody")
170         self.assertTrue(self.creds.authentication_requested())
171
172     def test_wrong_password(self):
173         self.assertFalse(self.creds.wrong_password())
174
175     def test_guess(self):
176         creds = credentials.Credentials()
177         lp = samba.tests.env_loadparm()
178         os.environ["USER"] = "env_user"
179         creds.guess(lp)
180         self.assertEqual(creds.get_username(), "env_user")
181         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
182         self.assertEqual(creds.get_realm(), None)
183         self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
184         self.assertEqual(creds.is_anonymous(), False)
185         self.assertEqual(creds.authentication_requested(), False)
186
187     def test_set_anonymous(self):
188         creds = credentials.Credentials()
189         lp = samba.tests.env_loadparm()
190         os.environ["USER"] = "env_user"
191         creds.guess(lp)
192         creds.set_anonymous()
193         self.assertEqual(creds.get_username(), "")
194         self.assertEqual(creds.get_domain(), "")
195         self.assertEqual(creds.get_realm(), None)
196         self.assertEqual(creds.get_principal(), None)
197         self.assertEqual(creds.is_anonymous(), True)
198         self.assertEqual(creds.authentication_requested(), False)
199
200     def test_parse_file_1(self):
201         realm="realm.example.com"
202         domain="dom"
203         password="pass"
204         username="user"
205
206         passwd_file_name = os.path.join(self.tempdir, "parse_file")
207         passwd_file_fd = open(passwd_file_name, self.open_mode)
208         passwd_file_fd.write("realm=%s\n" % realm)
209         passwd_file_fd.write("domain=%s\n" % domain)
210         passwd_file_fd.write("username=%s\n" % username)
211         passwd_file_fd.write("password=%s\n" % password)
212         passwd_file_fd.close()
213         self.creds.parse_file(passwd_file_name)
214         self.assertEqual(self.creds.get_username(), username)
215         self.assertEqual(self.creds.get_password(), password)
216         self.assertEqual(self.creds.get_domain(), domain.upper())
217         self.assertEqual(self.creds.get_realm(), realm.upper())
218         self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
219         self.assertEqual(self.creds.is_anonymous(), False)
220         self.assertEqual(self.creds.authentication_requested(), True)
221         os.unlink(passwd_file_name)
222
223     def test_parse_file_2(self):
224         realm="realm.example.com"
225         domain="dom"
226         password="pass"
227         username="user"
228
229         passwd_file_name = os.path.join(self.tempdir, "parse_file")
230         passwd_file_fd = open(passwd_file_name, self.open_mode)
231         passwd_file_fd.write("realm=%s\n" % realm)
232         passwd_file_fd.write("domain=%s\n" % domain)
233         passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
234         passwd_file_fd.write("password=%s\n" % password)
235         passwd_file_fd.close()
236         self.creds.parse_file(passwd_file_name)
237         self.assertEqual(self.creds.get_username(), username)
238         self.assertEqual(self.creds.get_password(), password)
239         self.assertEqual(self.creds.get_domain(), domain.upper())
240         self.assertEqual(self.creds.get_realm(), realm.upper())
241         self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
242         self.assertEqual(self.creds.is_anonymous(), False)
243         self.assertEqual(self.creds.authentication_requested(), True)
244         os.unlink(passwd_file_name)
245
246     def test_parse_file_3(self):
247         realm="realm.example.com"
248         domain="domain"
249         password="password"
250         username="username"
251
252         userdom="userdom"
253
254         passwd_file_name = os.path.join(self.tempdir, "parse_file")
255         passwd_file_fd = open(passwd_file_name, self.open_mode)
256         passwd_file_fd.write("realm=%s\n" % realm)
257         passwd_file_fd.write("domain=%s\n" % domain)
258         passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
259         passwd_file_fd.write("password=%s\n" % password)
260         passwd_file_fd.close()
261         self.creds.parse_file(passwd_file_name)
262         self.assertEqual(self.creds.get_username(), username)
263         self.assertEqual(self.creds.get_password(), password)
264         self.assertEqual(self.creds.get_domain(), userdom.upper())
265         self.assertEqual(self.creds.get_realm(), userdom.upper())
266         self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
267         self.assertEqual(self.creds.is_anonymous(), False)
268         self.assertEqual(self.creds.authentication_requested(), True)
269         os.unlink(passwd_file_name)
270
271     def test_parse_file_4(self):
272         realm="realm.example.com"
273         domain="domain"
274         password="password"
275         username="username"
276
277         userdom="userdom"
278
279         passwd_file_name = os.path.join(self.tempdir, "parse_file")
280         passwd_file_fd = open(passwd_file_name, self.open_mode)
281         passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
282         passwd_file_fd.write("realm=ignorerealm\n")
283         passwd_file_fd.write("domain=ignoredomain\n")
284         passwd_file_fd.write("password=ignorepassword\n")
285         passwd_file_fd.close()
286         self.creds.parse_file(passwd_file_name)
287         self.assertEqual(self.creds.get_username(), username)
288         self.assertEqual(self.creds.get_password(), password)
289         self.assertEqual(self.creds.get_domain(), userdom.upper())
290         self.assertEqual(self.creds.get_realm(), userdom.upper())
291         self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
292         self.assertEqual(self.creds.is_anonymous(), False)
293         self.assertEqual(self.creds.authentication_requested(), True)
294         os.unlink(passwd_file_name)
295
296     def test_parse_file_5(self):
297         realm="realm.example.com"
298         domain="domain"
299         password="password"
300         username="username"
301
302         userdom="userdom"
303
304         passwd_file_name = os.path.join(self.tempdir, "parse_file")
305         passwd_file_fd = open(passwd_file_name, self.open_mode)
306         passwd_file_fd.write("realm=ignorerealm\n")
307         passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
308         passwd_file_fd.write("domain=ignoredomain\n")
309         passwd_file_fd.write("password=ignorepassword\n")
310         passwd_file_fd.close()
311         self.creds.parse_file(passwd_file_name)
312         self.assertEqual(self.creds.get_username(), username)
313         self.assertEqual(self.creds.get_password(), password)
314         self.assertEqual(self.creds.get_domain(), userdom.upper())
315         self.assertEqual(self.creds.get_realm(), userdom.upper())
316         self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
317         self.assertEqual(self.creds.is_anonymous(), False)
318         self.assertEqual(self.creds.authentication_requested(), True)
319         os.unlink(passwd_file_name)
320
321     def test_parse_username_0(self):
322         creds = credentials.Credentials()
323         lp = samba.tests.env_loadparm()
324         os.environ["USER"] = "env_user"
325         creds.guess(lp)
326         creds.parse_string("user")
327         self.assertEqual(creds.get_username(), "user")
328         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
329         self.assertEqual(creds.get_realm(), None)
330         self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
331         self.assertEqual(creds.is_anonymous(), False)
332         self.assertEqual(creds.authentication_requested(), True)
333
334     def test_parse_username_1(self):
335         creds = credentials.Credentials()
336         lp = samba.tests.env_loadparm()
337         os.environ["USER"] = "env_user"
338         creds.guess(lp)
339         realm = "realm.example.com"
340         creds.set_realm(realm, credentials.UNINITIALISED)
341         creds.parse_string("user")
342         self.assertEqual(creds.get_username(), "user")
343         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
344         self.assertEqual(creds.get_realm(), realm.upper())
345         self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
346         self.assertEqual(creds.is_anonymous(), False)
347         self.assertEqual(creds.authentication_requested(), True)
348
349     def test_parse_username_with_domain_0(self):
350         creds = credentials.Credentials()
351         lp = samba.tests.env_loadparm()
352         os.environ["USER"] = "env_user"
353         creds.guess(lp)
354         creds.parse_string("domain\\user")
355         self.assertEqual(creds.get_username(), "user")
356         self.assertEqual(creds.get_domain(), "DOMAIN")
357         self.assertEqual(creds.get_realm(), None)
358         self.assertEqual(creds.get_principal(), "user@DOMAIN")
359         self.assertEqual(creds.is_anonymous(), False)
360         self.assertEqual(creds.authentication_requested(), True)
361
362     def test_parse_username_with_domain_1(self):
363         creds = credentials.Credentials()
364         lp = samba.tests.env_loadparm()
365         os.environ["USER"] = "env_user"
366         creds.guess(lp)
367         realm = "realm.example.com"
368         creds.set_realm(realm, credentials.UNINITIALISED)
369         self.assertEqual(creds.get_username(), "env_user")
370         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
371         self.assertEqual(creds.get_realm(), realm.upper())
372         self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
373         creds.set_principal("unknown@realm.example.com")
374         self.assertEqual(creds.get_username(), "env_user")
375         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
376         self.assertEqual(creds.get_realm(), realm.upper())
377         self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
378         creds.parse_string("domain\\user")
379         self.assertEqual(creds.get_username(), "user")
380         self.assertEqual(creds.get_domain(), "DOMAIN")
381         self.assertEqual(creds.get_realm(), realm.upper())
382         self.assertEqual(creds.get_principal(), "user@DOMAIN")
383         self.assertEqual(creds.is_anonymous(), False)
384         self.assertEqual(creds.authentication_requested(), True)
385
386     def test_parse_username_with_domain_2(self):
387         creds = credentials.Credentials()
388         lp = samba.tests.env_loadparm()
389         os.environ["USER"] = "env_user"
390         creds.guess(lp)
391         realm = "realm.example.com"
392         creds.set_realm(realm, credentials.SPECIFIED)
393         self.assertEqual(creds.get_username(), "env_user")
394         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
395         self.assertEqual(creds.get_realm(), realm.upper())
396         self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
397         creds.set_principal("unknown@realm.example.com")
398         self.assertEqual(creds.get_username(), "env_user")
399         self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
400         self.assertEqual(creds.get_realm(), realm.upper())
401         self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
402         creds.parse_string("domain\\user")
403         self.assertEqual(creds.get_username(), "user")
404         self.assertEqual(creds.get_domain(), "DOMAIN")
405         self.assertEqual(creds.get_realm(), "DOMAIN")
406         self.assertEqual(creds.get_principal(), "user@DOMAIN")
407         self.assertEqual(creds.is_anonymous(), False)
408         self.assertEqual(creds.authentication_requested(), True)
409
410     def test_parse_username_with_realm(self):
411         creds = credentials.Credentials()
412         lp = samba.tests.env_loadparm()
413         os.environ["USER"] = "env_user"
414         creds.guess(lp)
415         creds.parse_string("user@samba.org")
416         self.assertEqual(creds.get_username(), "user@samba.org")
417         self.assertEqual(creds.get_domain(), "")
418         self.assertEqual(creds.get_realm(), "SAMBA.ORG")
419         self.assertEqual(creds.get_principal(), "user@samba.org")
420         self.assertEqual(creds.is_anonymous(), False)
421         self.assertEqual(creds.authentication_requested(), True)
422
423     def test_parse_username_pw(self):
424         creds = credentials.Credentials()
425         lp = samba.tests.env_loadparm()
426         os.environ["USER"] = "env_user"
427         creds.guess(lp)
428         creds.parse_string("user%pass")
429         self.assertEqual(creds.get_username(), "user")
430         self.assertEqual(creds.get_password(), "pass")
431         self.assertEqual(creds.get_domain(), lp.get("workgroup"))
432         self.assertEqual(creds.get_realm(), None)
433         self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
434         self.assertEqual(creds.is_anonymous(), False)
435         self.assertEqual(creds.authentication_requested(), True)
436
437     def test_parse_username_with_domain_pw(self):
438         creds = credentials.Credentials()
439         lp = samba.tests.env_loadparm()
440         os.environ["USER"] = "env_user"
441         creds.guess(lp)
442         creds.parse_string("domain\\user%pass")
443         self.assertEqual(creds.get_username(), "user")
444         self.assertEqual(creds.get_domain(), "DOMAIN")
445         self.assertEqual(creds.get_password(), "pass")
446         self.assertEqual(creds.get_realm(), None)
447         self.assertEqual(creds.get_principal(), "user@DOMAIN")
448         self.assertEqual(creds.is_anonymous(), False)
449         self.assertEqual(creds.authentication_requested(), True)
450
451     def test_parse_username_with_realm_pw(self):
452         creds = credentials.Credentials()
453         lp = samba.tests.env_loadparm()
454         os.environ["USER"] = "env_user"
455         creds.guess(lp)
456         creds.parse_string("user@samba.org%pass")
457         self.assertEqual(creds.get_username(), "user@samba.org")
458         self.assertEqual(creds.get_domain(), "")
459         self.assertEqual(creds.get_password(), "pass")
460         self.assertEqual(creds.get_realm(), "SAMBA.ORG")
461         self.assertEqual(creds.get_principal(), "user@samba.org")
462         self.assertEqual(creds.is_anonymous(), False)
463         self.assertEqual(creds.authentication_requested(), True)