python/samba/tests/samba_tool/user_check_password_script.py

   1 # Unix SMB/CIFS implementation.
   2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
   3 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 import os
  20 from samba.tests.samba_tool.base import SambaToolCmdTest
  21
  22
  23 class UserCheckPwdTestCase(SambaToolCmdTest):
  24     """Tests for samba-tool user subcommands"""
  25     users = []
  26     samdb = None
  27
  28     def setUp(self):
  29         super(UserCheckPwdTestCase, self).setUp()
  30         self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
  31                                    "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
  32         self.old_min_pwd_age = self.samdb.get_minPwdAge()
  33         self.samdb.set_minPwdAge("0")
  34
  35     def tearDown(self):
  36         super(UserCheckPwdTestCase, self).tearDown()
  37         self.samdb.set_minPwdAge(self.old_min_pwd_age)
  38
  39     def _test_checkpassword(self, user, bad_password, good_password, desc):
  40
  41         (result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
  42                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
  43                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
  44         self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
  45
  46         (result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
  47                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
  48                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
  49         self.assertCmdSuccess(result, out, err, "Should succeed adding a user with good password.")
  50
  51         # Set password
  52         (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
  53                                             "--newpassword=%s" % bad_password,
  54                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
  55                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
  56         self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
  57
  58         (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
  59                                             "--newpassword=%s" % good_password,
  60                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
  61                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
  62         self.assertCmdSuccess(result, out, err, "Should succeed setting a user's password to a good one.")
  63
  64         # Password=
  65
  66         (result, out, err) = self.runsubcmd("user", "password",
  67                                             "--newpassword=%s" % bad_password,
  68                                             "--ipaddress", os.environ["DC_SERVER_IP"],
  69                                             "-U%s%%%s" % (user["name"], good_password))
  70         self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
  71
  72         (result, out, err) = self.runsubcmd("user", "password",
  73                                             "--newpassword=%s" % good_password + 'XYZ',
  74                                             "--ipaddress", os.environ["DC_SERVER_IP"],
  75                                             "-U%s%%%s" % (user["name"], good_password))
  76         self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
  77
  78     def test_checkpassword_unacceptable(self):
  79         # Add
  80         user = self._randomUser()
  81         bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
  82         good_password = bad_password[:-1]
  83         return self._test_checkpassword(user,
  84                                         bad_password,
  85                                         good_password,
  86                                         "unacceptable")
  87
  88     def test_checkpassword_username(self):
  89         # Add
  90         user = self._randomUser()
  91         bad_password = user["name"]
  92         good_password = bad_password[:-1]
  93         return self._test_checkpassword(user,
  94                                         bad_password,
  95                                         good_password,
  96                                         "username")
  97
  98     def _randomUser(self, base={}):
  99         """create a user with random attribute values, you can specify base attributes"""
 100         user = {
 101             "name": self.randomName(),
 102         }
 103         user.update(base)
 104         return user