search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / cred_opt.py
blob0adb91586100020c4ae1a65b5dfa5fed3f80e5e8
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) David Mulder <dmulder@suse.com> 2019
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 """Tests for cred option parsing.
19
20 """
21
22 import optparse
23 import os
24 from contextlib import contextmanager
25 from samba.getopt import CredentialsOptions, SambaOptions
26 import samba.tests
27 import setproctitle
28 import sys
29
30 password_opt = '--password=super_secret_password'
31 clear_password_opt = '--password '
32
33 @contextmanager
34 def auth_fle_opt(auth_file_path, long_opt=True):
35 old_argv = list(sys.argv)
36 try:
37 if long_opt:
38 sys.argv.append('--authentication-file=%s' % auth_file_path)
39 else:
40 sys.argv.append('-A')
41 sys.argv.append(auth_file_path)
42 yield
43 finally:
44 sys.argv = old_argv
45
46 class CredentialsOptionsTests(samba.tests.TestCase):
47
48 def setUp(self):
49 super().setUp()
50 self.old_proctitle = setproctitle.getproctitle()
51
52 # We must append two options to get the " " we look for in the
53 # test after the redacted password
54 sys.argv.extend([password_opt, "--realm=samba.org"])
55
56 def test_clear_proctitle_password(self):
57 parser = optparse.OptionParser()
58
59 # The password burning is on the SambaOptions __init__()
60 sambaopts = SambaOptions(parser)
61 parser.add_option_group(sambaopts)
62 credopts = CredentialsOptions(parser)
63 parser.add_option_group(credopts)
64 (opts, args) = parser.parse_args()
65 self.assertNotIn(password_opt, setproctitle.getproctitle())
66 self.assertIn(clear_password_opt, setproctitle.getproctitle())
67
68 def tearDown(self):
69 super().tearDown()
70 setproctitle.setproctitle(self.old_proctitle)
71 sys.argv.pop()
72
73 class AuthenticationFileTests(samba.tests.TestCaseInTempDir):
74
75 def setUp(self):
76 super().setUp()
77
78 self.parser = optparse.OptionParser()
79 self.credopts = CredentialsOptions(self.parser)
80 self.parser.add_option_group(self.credopts)
81
82 self.auth_file_name = os.path.join(self.tempdir, 'auth.txt')
83
84 self.realm = 'realm.example.com'
85 self.domain = 'dom'
86 self.password = 'pass'
87 self.username = 'user'
88
89 auth_file_fd = open(self.auth_file_name, 'x')
90 auth_file_fd.write('realm=%s\n' % self.realm)
91 auth_file_fd.write('domain=%s\n' % self.domain)
92 auth_file_fd.write('username=%s\n' % self.username)
93 auth_file_fd.write('password=%s\n' % self.password)
94 auth_file_fd.close()
95
96 def tearDown(self):
97 super().tearDown()
98
99 os.unlink(self.auth_file_name)
100
101 def test_long_option_valid_path(self):
102 with auth_fle_opt(self.auth_file_name):
103 self.parser.parse_args()
104 credopts = self.credopts
105 creds = credopts.creds
106
107 self.assertFalse(credopts.ask_for_password)
108 self.assertFalse(credopts.machine_pass)
109
110 self.assertEqual(self.username, creds.get_username())
111 self.assertEqual(self.password, creds.get_password())
112 self.assertEqual(self.domain.upper(), creds.get_domain())
113 self.assertEqual(self.realm.upper(), creds.get_realm())
114
115 def test_long_option_invalid_path(self):
116 with auth_fle_opt(self.auth_file_name + '.dontexist'):
117 self.parser.parse_args()
118 credopts = self.credopts
119 creds = credopts.creds
120
121 self.assertTrue(credopts.ask_for_password)
122 self.assertFalse(credopts.machine_pass)
123
124 self.assertIsNone(creds.get_username())
125 self.assertIsNone(creds.get_password())
126 self.assertIsNone(creds.get_domain())
127 self.assertIsNone(creds.get_realm())
128
129 def test_short_option_valid_path(self):
130 with auth_fle_opt(self.auth_file_name, long_opt=False):
131 self.parser.parse_args()
132 credopts = self.credopts
133 creds = credopts.creds
134
135 self.assertFalse(credopts.ask_for_password)
136 self.assertFalse(credopts.machine_pass)
137
138 self.assertEqual(self.username, creds.get_username())
139 self.assertEqual(self.password, creds.get_password())
140 self.assertEqual(self.domain.upper(), creds.get_domain())
141 self.assertEqual(self.realm.upper(), creds.get_realm())
142
143 def test_short_option_invalid_path(self):
144 with auth_fle_opt(self.auth_file_name + '.dontexist', long_opt=False):
145 self.parser.parse_args()
146 credopts = self.credopts
147 creds = credopts.creds
148
149 self.assertTrue(credopts.ask_for_password)
150 self.assertFalse(credopts.machine_pass)
151
152 self.assertIsNone(creds.get_username())
153 self.assertIsNone(creds.get_password())
154 self.assertIsNone(creds.get_domain())
155 self.assertIsNone(creds.get_realm())
GSS-enabled samba4