search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drsuapi.idl: fix source_dsa spelling
[samba4-gss.git] / python / samba / tests / krb5_credentials.py
blob192d787decbc378dd1520d6d30c5544ab2e4db0b
1 # Integration tests for pycredentials
2 #
3 # Copyright (C) Catalyst IT Ltd. 2017
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18 from samba.tests import TestCase, delete_force
19 import os
20
21 import samba
22 from samba.auth import system_session
23 from samba.credentials import (
24 Credentials,
25 )
26 from samba.dsdb import (
27 UF_WORKSTATION_TRUST_ACCOUNT,
28 UF_PASSWD_NOTREQD,
29 )
30 from samba.samdb import SamDB
31
32 """KRB5 Integration tests for pycredentials.
33
34 Separated from py_credentials so as to allow running against just one
35 environment so we know the server that we add the user on will be our
36 KDC
37
38 """
39
40 MACHINE_NAME = "krb5credstest"
41
42
43 class PyKrb5CredentialsTests(TestCase):
44
45 def setUp(self):
46 super().setUp()
47
48 self.server = os.environ["SERVER"]
49 self.domain = os.environ["DOMAIN"]
50 self.host = os.environ["SERVER_IP"]
51 self.lp = self.get_loadparm()
52
53 self.credentials = self.get_credentials()
54
55 self.session = system_session()
56 self.ldb = SamDB(url="ldap://%s" % self.host,
57 session_info=self.session,
58 credentials=self.credentials,
59 lp=self.lp)
60
61 self.create_machine_account()
62
63 def tearDown(self):
64 super().tearDown()
65 delete_force(self.ldb, self.machine_dn)
66
67 def test_get_named_ccache(self):
68 name = "MEMORY:py_creds_machine"
69 ccache = self.machine_creds.get_named_ccache(self.lp,
70 name)
71 self.assertEqual(ccache.get_name(), name)
72
73 def test_get_unnamed_ccache(self):
74 ccache = self.machine_creds.get_named_ccache(self.lp)
75 self.assertIsNotNone(ccache.get_name())
76
77 def test_set_named_ccache(self):
78 ccache = self.machine_creds.get_named_ccache(self.lp)
79
80 creds = Credentials()
81 creds.set_named_ccache(ccache.get_name())
82
83 ccache2 = creds.get_named_ccache(self.lp)
84 self.assertEqual(ccache.get_name(), ccache2.get_name())
85
86 #
87 # Create the machine account
88 def create_machine_account(self):
89 self.machine_pass = samba.generate_random_password(32, 32)
90 self.machine_name = MACHINE_NAME
91 self.machine_dn = "cn=%s,%s" % (self.machine_name, self.ldb.domain_dn())
92
93 # remove the account if it exists, this will happen if a previous test
94 # run failed
95 delete_force(self.ldb, self.machine_dn)
96 # get unicode str for both py2 and py3
97 pass_unicode = self.machine_pass.encode('utf-8').decode('utf-8')
98 utf16pw = u'"{0}"'.format(pass_unicode).encode('utf-16-le')
99 self.ldb.add({
100 "dn": self.machine_dn,
101 "objectclass": "computer",
102 "sAMAccountName": "%s$" % self.machine_name,
103 "userAccountControl":
104 str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
105 "unicodePwd": utf16pw})
106
107 self.machine_creds = Credentials()
108 self.machine_creds.guess(self.get_loadparm())
109 self.machine_creds.set_password(self.machine_pass)
110 self.machine_creds.set_username(self.machine_name + "$")
111 self.machine_creds.set_workstation(self.machine_name)
GSS-enabled samba4