1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 """Tests for the Credentials Python bindings.
20 Note that this just tests the bindings work. It does not intend to test
21 the functionality, that's already done in other tests.
24 from samba import credentials
28 from samba.compat import PY3
29 from samba.dcerpc import misc
32 class CredentialsTests(samba.tests.TestCaseInTempDir):
35 super(CredentialsTests, self).setUp()
36 self.creds = credentials.Credentials()
38 # Because Python 2 does not support 'x' mode and Python 3
39 # does not support 'wx' mode in open() function
40 # for exclusive creation
45 def test_set_username(self):
46 self.creds.set_username("somebody")
47 self.assertEqual("somebody", self.creds.get_username())
49 def test_set_password(self):
50 self.creds.set_password("S3CreT")
51 self.assertEqual("S3CreT", self.creds.get_password())
53 def test_set_utf16_password(self):
55 passbytes = password.encode('utf-16-le')
56 self.assertTrue(self.creds.set_utf16_password(passbytes))
57 self.assertEqual(password, self.creds.get_password())
59 def test_set_old_password(self):
60 self.assertEqual(None, self.creds.get_old_password())
61 self.assertTrue(self.creds.set_old_password("S3c0ndS3CreT"))
62 self.assertEqual("S3c0ndS3CreT", self.creds.get_old_password())
64 def test_set_old_utf16_password(self):
65 password = '0ldS3cRet'
66 passbytes = password.encode('utf-16-le')
67 self.assertTrue(self.creds.set_old_utf16_password(passbytes))
68 self.assertEqual(password, self.creds.get_old_password())
70 def test_set_domain(self):
71 self.creds.set_domain("ABMAS")
72 self.assertEqual("ABMAS", self.creds.get_domain())
73 self.assertEqual(self.creds.get_principal(), None)
75 def test_set_realm(self):
76 self.creds.set_realm("myrealm")
77 self.assertEqual("MYREALM", self.creds.get_realm())
78 self.assertEqual(self.creds.get_principal(), None)
80 def test_parse_string_anon(self):
81 self.creds.parse_string("%")
82 self.assertEqual("", self.creds.get_username())
83 self.assertEqual(None, self.creds.get_password())
85 def test_parse_string_empty_pw(self):
86 self.creds.parse_string("someone%")
87 self.assertEqual("someone", self.creds.get_username())
88 self.assertEqual("", self.creds.get_password())
90 def test_parse_string_none_pw(self):
91 self.creds.parse_string("someone")
92 self.assertEqual("someone", self.creds.get_username())
93 self.assertEqual(None, self.creds.get_password())
95 def test_parse_string_user_pw_domain(self):
96 self.creds = credentials.Credentials()
97 self.creds.parse_string("dom\\someone%secr")
98 self.assertEqual("someone", self.creds.get_username())
99 self.assertEqual("secr", self.creds.get_password())
100 self.assertEqual("DOM", self.creds.get_domain())
101 self.assertEqual("someone@DOM", self.creds.get_principal())
102 self.assertEqual(None, self.creds.get_realm())
103 (ntlm_user, ntlm_domain) = self.creds.get_ntlm_username_domain()
104 self.assertEqual("someone", ntlm_user)
105 self.assertEqual("DOM", ntlm_domain)
107 def test_parse_string_user_pw_domain2(self):
108 self.creds = credentials.Credentials()
109 self.creds.parse_string("some@one%secr")
110 self.assertEqual(None, self.creds.get_username())
111 self.assertEqual("secr", self.creds.get_password())
112 self.assertEqual(None, self.creds.get_domain())
113 self.assertEqual("some@one", self.creds.get_principal())
114 self.assertEqual("ONE", self.creds.get_realm())
115 (ntlm_user, ntlm_domain) = self.creds.get_ntlm_username_domain()
116 self.assertEqual("some@one", ntlm_user)
117 self.assertEqual("", ntlm_domain)
119 def test_parse_string_user_pw_domain3(self):
120 self.creds = credentials.Credentials()
121 self.creds.parse_string("dom\\some@one%secr")
122 self.assertEqual("some@one", self.creds.get_username())
123 self.assertEqual("secr", self.creds.get_password())
124 self.assertEqual("DOM", self.creds.get_domain())
125 self.assertEqual("some@one", self.creds.get_principal()) # TODO...
126 self.assertEqual(None, self.creds.get_realm())
127 (ntlm_user, ntlm_domain) = self.creds.get_ntlm_username_domain()
128 self.assertEqual("some@one", ntlm_user)
129 self.assertEqual("DOM", ntlm_domain)
131 def test_bind_dn(self):
132 self.assertEqual(None, self.creds.get_bind_dn())
133 self.creds.set_bind_dn("dc=foo,cn=bar")
134 self.assertEqual("dc=foo,cn=bar", self.creds.get_bind_dn())
136 def test_is_anon(self):
137 self.creds.set_username("")
138 self.assertTrue(self.creds.is_anonymous())
139 self.creds.set_username("somebody")
140 self.assertFalse(self.creds.is_anonymous())
141 self.creds.set_anonymous()
142 self.assertTrue(self.creds.is_anonymous())
144 def test_workstation(self):
145 # FIXME: This is uninitialised, it should be None
146 #self.assertEqual(None, self.creds.get_workstation())
147 self.creds.set_workstation("myworksta")
148 self.assertEqual("myworksta", self.creds.get_workstation())
150 def test_secure_channel_type(self):
151 self.assertEqual(misc.SEC_CHAN_NULL,
152 self.creds.get_secure_channel_type())
153 self.creds.set_secure_channel_type(misc.SEC_CHAN_BDC)
154 self.assertEqual(misc.SEC_CHAN_BDC,
155 self.creds.get_secure_channel_type())
157 def test_get_nt_hash(self):
159 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
160 self.creds.set_password(password)
161 self.assertEqual(password, self.creds.get_password())
162 self.assertEqual(binascii.a2b_hex(hex_nthash),
163 self.creds.get_nt_hash())
165 def test_get_ntlm_response(self):
166 password = "SecREt01"
167 hex_challenge = "0123456789abcdef"
168 hex_nthash = "cd06ca7c7e10c99b1d33b7485a2ed808"
169 hex_session_key = "3f373ea8e4af954f14faa506f8eebdc4"
170 hex_ntlm_response = "25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6"
171 self.creds.set_username("fred")
172 self.creds.set_domain("nurk")
173 self.creds.set_password(password)
174 self.assertEqual(password, self.creds.get_password())
175 self.assertEqual(binascii.a2b_hex(hex_nthash),
176 self.creds.get_nt_hash())
177 response = self.creds.get_ntlm_response(flags=credentials.CLI_CRED_NTLM_AUTH,
178 challenge=binascii.a2b_hex(hex_challenge))
180 self.assertEqual(response["nt_response"], binascii.a2b_hex(hex_ntlm_response))
181 self.assertEqual(response["nt_session_key"], binascii.a2b_hex(hex_session_key))
182 self.assertEqual(response["flags"], credentials.CLI_CRED_NTLM_AUTH)
184 def test_get_nt_hash_string(self):
185 self.creds.set_password_will_be_nt_hash(True)
186 hex_nthash = "c2ae1fe6e648846352453e816f2aeb93"
187 self.creds.set_password(hex_nthash)
188 self.assertEqual(None, self.creds.get_password())
189 self.assertEqual(binascii.a2b_hex(hex_nthash),
190 self.creds.get_nt_hash())
192 def test_set_cmdline_callbacks(self):
193 self.creds.set_cmdline_callbacks()
195 def test_authentication_requested(self):
196 self.creds.set_username("")
197 self.assertFalse(self.creds.authentication_requested())
198 self.creds.set_username("somebody")
199 self.assertTrue(self.creds.authentication_requested())
201 def test_wrong_password(self):
202 self.assertFalse(self.creds.wrong_password())
204 def test_guess(self):
205 creds = credentials.Credentials()
206 lp = samba.tests.env_loadparm()
207 os.environ["USER"] = "env_user"
209 self.assertEqual(creds.get_username(), "env_user")
210 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
211 self.assertEqual(creds.get_realm(), None)
212 self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain())
213 self.assertEqual(creds.is_anonymous(), False)
214 self.assertEqual(creds.authentication_requested(), False)
216 def test_set_anonymous(self):
217 creds = credentials.Credentials()
218 lp = samba.tests.env_loadparm()
219 os.environ["USER"] = "env_user"
221 creds.set_anonymous()
222 self.assertEqual(creds.get_username(), "")
223 self.assertEqual(creds.get_domain(), "")
224 self.assertEqual(creds.get_realm(), None)
225 self.assertEqual(creds.get_principal(), None)
226 self.assertEqual(creds.is_anonymous(), True)
227 self.assertEqual(creds.authentication_requested(), False)
229 def test_parse_file_1(self):
230 realm = "realm.example.com"
235 passwd_file_name = os.path.join(self.tempdir, "parse_file")
236 passwd_file_fd = open(passwd_file_name, self.open_mode)
237 passwd_file_fd.write("realm=%s\n" % realm)
238 passwd_file_fd.write("domain=%s\n" % domain)
239 passwd_file_fd.write("username=%s\n" % username)
240 passwd_file_fd.write("password=%s\n" % password)
241 passwd_file_fd.close()
242 self.creds.parse_file(passwd_file_name)
243 self.assertEqual(self.creds.get_username(), username)
244 self.assertEqual(self.creds.get_password(), password)
245 self.assertEqual(self.creds.get_domain(), domain.upper())
246 self.assertEqual(self.creds.get_realm(), realm.upper())
247 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
248 self.assertEqual(self.creds.is_anonymous(), False)
249 self.assertEqual(self.creds.authentication_requested(), True)
250 os.unlink(passwd_file_name)
252 def test_parse_file_2(self):
253 realm = "realm.example.com"
258 passwd_file_name = os.path.join(self.tempdir, "parse_file")
259 passwd_file_fd = open(passwd_file_name, self.open_mode)
260 passwd_file_fd.write("realm=%s\n" % realm)
261 passwd_file_fd.write("domain=%s\n" % domain)
262 passwd_file_fd.write("username=%s\\%s\n" % (domain, username))
263 passwd_file_fd.write("password=%s\n" % password)
264 passwd_file_fd.close()
265 self.creds.parse_file(passwd_file_name)
266 self.assertEqual(self.creds.get_username(), username)
267 self.assertEqual(self.creds.get_password(), password)
268 self.assertEqual(self.creds.get_domain(), domain.upper())
269 self.assertEqual(self.creds.get_realm(), realm.upper())
270 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, realm.upper()))
271 self.assertEqual(self.creds.is_anonymous(), False)
272 self.assertEqual(self.creds.authentication_requested(), True)
273 os.unlink(passwd_file_name)
275 def test_parse_file_3(self):
276 realm = "realm.example.com"
278 password = "password"
279 username = "username"
283 passwd_file_name = os.path.join(self.tempdir, "parse_file")
284 passwd_file_fd = open(passwd_file_name, self.open_mode)
285 passwd_file_fd.write("realm=%s\n" % realm)
286 passwd_file_fd.write("domain=%s\n" % domain)
287 passwd_file_fd.write("username=%s/%s\n" % (userdom, username))
288 passwd_file_fd.write("password=%s\n" % password)
289 passwd_file_fd.close()
290 self.creds.parse_file(passwd_file_name)
291 self.assertEqual(self.creds.get_username(), username)
292 self.assertEqual(self.creds.get_password(), password)
293 self.assertEqual(self.creds.get_domain(), userdom.upper())
294 self.assertEqual(self.creds.get_realm(), userdom.upper())
295 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
296 self.assertEqual(self.creds.is_anonymous(), False)
297 self.assertEqual(self.creds.authentication_requested(), True)
298 os.unlink(passwd_file_name)
300 def test_parse_file_4(self):
301 password = "password"
302 username = "username"
306 passwd_file_name = os.path.join(self.tempdir, "parse_file")
307 passwd_file_fd = open(passwd_file_name, self.open_mode)
308 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
309 passwd_file_fd.write("realm=ignorerealm\n")
310 passwd_file_fd.write("domain=ignoredomain\n")
311 passwd_file_fd.write("password=ignorepassword\n")
312 passwd_file_fd.close()
313 self.creds.parse_file(passwd_file_name)
314 self.assertEqual(self.creds.get_username(), username)
315 self.assertEqual(self.creds.get_password(), password)
316 self.assertEqual(self.creds.get_domain(), userdom.upper())
317 self.assertEqual(self.creds.get_realm(), userdom.upper())
318 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
319 self.assertEqual(self.creds.is_anonymous(), False)
320 self.assertEqual(self.creds.authentication_requested(), True)
321 os.unlink(passwd_file_name)
323 def test_parse_file_5(self):
324 password = "password"
325 username = "username"
329 passwd_file_name = os.path.join(self.tempdir, "parse_file")
330 passwd_file_fd = open(passwd_file_name, self.open_mode)
331 passwd_file_fd.write("realm=ignorerealm\n")
332 passwd_file_fd.write("username=%s\\%s%%%s\n" % (userdom, username, password))
333 passwd_file_fd.write("domain=ignoredomain\n")
334 passwd_file_fd.write("password=ignorepassword\n")
335 passwd_file_fd.close()
336 self.creds.parse_file(passwd_file_name)
337 self.assertEqual(self.creds.get_username(), username)
338 self.assertEqual(self.creds.get_password(), password)
339 self.assertEqual(self.creds.get_domain(), userdom.upper())
340 self.assertEqual(self.creds.get_realm(), userdom.upper())
341 self.assertEqual(self.creds.get_principal(), "%s@%s" % (username, userdom.upper()))
342 self.assertEqual(self.creds.is_anonymous(), False)
343 self.assertEqual(self.creds.authentication_requested(), True)
344 os.unlink(passwd_file_name)
346 def test_parse_username_0(self):
347 creds = credentials.Credentials()
348 lp = samba.tests.env_loadparm()
349 os.environ["USER"] = "env_user"
351 creds.parse_string("user")
352 self.assertEqual(creds.get_username(), "user")
353 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
354 self.assertEqual(creds.get_realm(), None)
355 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper())
356 self.assertEqual(creds.is_anonymous(), False)
357 self.assertEqual(creds.authentication_requested(), True)
359 def test_parse_username_1(self):
360 creds = credentials.Credentials()
361 lp = samba.tests.env_loadparm()
362 os.environ["USER"] = "env_user"
364 realm = "realm.example.com"
365 creds.set_realm(realm, credentials.UNINITIALISED)
366 creds.parse_string("user")
367 self.assertEqual(creds.get_username(), "user")
368 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
369 self.assertEqual(creds.get_realm(), realm.upper())
370 self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
371 self.assertEqual(creds.is_anonymous(), False)
372 self.assertEqual(creds.authentication_requested(), True)
374 def test_parse_username_with_domain_0(self):
375 creds = credentials.Credentials()
376 lp = samba.tests.env_loadparm()
377 os.environ["USER"] = "env_user"
379 creds.parse_string("domain\\user")
380 self.assertEqual(creds.get_username(), "user")
381 self.assertEqual(creds.get_domain(), "DOMAIN")
382 self.assertEqual(creds.get_realm(), None)
383 self.assertEqual(creds.get_principal(), "user@DOMAIN")
384 self.assertEqual(creds.is_anonymous(), False)
385 self.assertEqual(creds.authentication_requested(), True)
387 def test_parse_username_with_domain_1(self):
388 creds = credentials.Credentials()
389 lp = samba.tests.env_loadparm()
390 os.environ["USER"] = "env_user"
392 realm = "realm.example.com"
393 creds.set_realm(realm, credentials.UNINITIALISED)
394 self.assertEqual(creds.get_username(), "env_user")
395 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
396 self.assertEqual(creds.get_realm(), realm.upper())
397 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
398 creds.set_principal("unknown@realm.example.com")
399 self.assertEqual(creds.get_username(), "env_user")
400 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
401 self.assertEqual(creds.get_realm(), realm.upper())
402 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
403 creds.parse_string("domain\\user")
404 self.assertEqual(creds.get_username(), "user")
405 self.assertEqual(creds.get_domain(), "DOMAIN")
406 self.assertEqual(creds.get_realm(), realm.upper())
407 self.assertEqual(creds.get_principal(), "user@DOMAIN")
408 self.assertEqual(creds.is_anonymous(), False)
409 self.assertEqual(creds.authentication_requested(), True)
411 def test_parse_username_with_domain_2(self):
412 creds = credentials.Credentials()
413 lp = samba.tests.env_loadparm()
414 os.environ["USER"] = "env_user"
416 realm = "realm.example.com"
417 creds.set_realm(realm, credentials.SPECIFIED)
418 self.assertEqual(creds.get_username(), "env_user")
419 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
420 self.assertEqual(creds.get_realm(), realm.upper())
421 self.assertEqual(creds.get_principal(), "env_user@%s" % realm.upper())
422 creds.set_principal("unknown@realm.example.com")
423 self.assertEqual(creds.get_username(), "env_user")
424 self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
425 self.assertEqual(creds.get_realm(), realm.upper())
426 self.assertEqual(creds.get_principal(), "unknown@realm.example.com")
427 creds.parse_string("domain\\user")
428 self.assertEqual(creds.get_username(), "user")
429 self.assertEqual(creds.get_domain(), "DOMAIN")
430 self.assertEqual(creds.get_realm(), "DOMAIN")
431 self.assertEqual(creds.get_principal(), "user@DOMAIN")
432 self.assertEqual(creds.is_anonymous(), False)
433 self.assertEqual(creds.authentication_requested(), True)
435 def test_parse_username_with_realm(self):
436 creds = credentials.Credentials()
437 lp = samba.tests.env_loadparm()
438 os.environ["USER"] = "env_user"
440 creds.parse_string("user@samba.org")
441 self.assertEqual(creds.get_username(), "user@samba.org")
442 self.assertEqual(creds.get_domain(), "")
443 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
444 self.assertEqual(creds.get_principal(), "user@samba.org")
445 self.assertEqual(creds.is_anonymous(), False)
446 self.assertEqual(creds.authentication_requested(), True)
448 def test_parse_username_pw(self):
449 creds = credentials.Credentials()
450 lp = samba.tests.env_loadparm()
451 os.environ["USER"] = "env_user"
453 creds.parse_string("user%pass")
454 self.assertEqual(creds.get_username(), "user")
455 self.assertEqual(creds.get_password(), "pass")
456 self.assertEqual(creds.get_domain(), lp.get("workgroup"))
457 self.assertEqual(creds.get_realm(), None)
458 self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup"))
459 self.assertEqual(creds.is_anonymous(), False)
460 self.assertEqual(creds.authentication_requested(), True)
462 def test_parse_username_with_domain_pw(self):
463 creds = credentials.Credentials()
464 lp = samba.tests.env_loadparm()
465 os.environ["USER"] = "env_user"
467 creds.parse_string("domain\\user%pass")
468 self.assertEqual(creds.get_username(), "user")
469 self.assertEqual(creds.get_domain(), "DOMAIN")
470 self.assertEqual(creds.get_password(), "pass")
471 self.assertEqual(creds.get_realm(), None)
472 self.assertEqual(creds.get_principal(), "user@DOMAIN")
473 self.assertEqual(creds.is_anonymous(), False)
474 self.assertEqual(creds.authentication_requested(), True)
476 def test_parse_username_with_realm_pw(self):
477 creds = credentials.Credentials()
478 lp = samba.tests.env_loadparm()
479 os.environ["USER"] = "env_user"
481 creds.parse_string("user@samba.org%pass")
482 self.assertEqual(creds.get_username(), "user@samba.org")
483 self.assertEqual(creds.get_domain(), "")
484 self.assertEqual(creds.get_password(), "pass")
485 self.assertEqual(creds.get_realm(), "SAMBA.ORG")
486 self.assertEqual(creds.get_principal(), "user@samba.org")
487 self.assertEqual(creds.is_anonymous(), False)
488 self.assertEqual(creds.authentication_requested(), True)