search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / krb5 / salt_tests.py
blobfcda5338d49fca2aca9b88d9d4d65b10128d15cf
1 #!/usr/bin/env python3
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2020
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21
22 sys.path.insert(0, "bin/python")
23 os.environ["PYTHONUNBUFFERED"] = "1"
24
25 import ldb
26
27 from samba.tests.krb5.as_req_tests import AsReqBaseTest
28 import samba.tests.krb5.kcrypto as kcrypto
29
30 global_asn1_print = False
31 global_hexdump = False
32
33
34 class SaltTests(AsReqBaseTest):
35
36 def setUp(self):
37 super().setUp()
38 self.do_asn1_print = global_asn1_print
39 self.do_hexdump = global_hexdump
40
41 def _get_creds(self, *,
42 account_type,
43 opts=None):
44 try:
45 return self.get_cached_creds(
46 account_type=account_type,
47 opts=opts)
48 except ldb.LdbError:
49 self.fail()
50
51 def _run_salt_test(self, client_creds):
52 expected_salt = self.get_salt(client_creds)
53 self.assertIsNotNone(expected_salt)
54
55 etype_info2 = self._run_as_req_enc_timestamp(client_creds)
56
57 self.assertEqual(etype_info2[0]['etype'], kcrypto.Enctype.AES256)
58 self.assertEqual(etype_info2[0]['salt'], expected_salt)
59
60 def test_salt_at_user(self):
61 client_creds = self._get_creds(
62 account_type=self.AccountType.USER,
63 opts={'name_suffix': 'foo@bar'})
64 self._run_as_req_enc_timestamp(client_creds)
65
66 def test_salt_at_mac(self):
67 client_creds = self._get_creds(
68 account_type=self.AccountType.COMPUTER,
69 opts={'name_suffix': 'foo@bar'})
70 self._run_as_req_enc_timestamp(client_creds)
71
72 def test_salt_at_managed_service(self):
73 client_creds = self._get_creds(
74 account_type=self.AccountType.MANAGED_SERVICE,
75 opts={'name_suffix': 'foo@bar'})
76 self._run_as_req_enc_timestamp(client_creds)
77
78 def test_salt_at_case_user(self):
79 client_creds = self._get_creds(
80 account_type=self.AccountType.USER,
81 opts={'name_suffix': 'Foo@bar'})
82 self._run_as_req_enc_timestamp(client_creds)
83
84 def test_salt_at_case_mac(self):
85 client_creds = self._get_creds(
86 account_type=self.AccountType.COMPUTER,
87 opts={'name_suffix': 'Foo@bar'})
88 self._run_as_req_enc_timestamp(client_creds)
89
90 def test_salt_at_case_managed_service(self):
91 client_creds = self._get_creds(
92 account_type=self.AccountType.MANAGED_SERVICE,
93 opts={'name_suffix': 'Foo@bar'})
94 self._run_as_req_enc_timestamp(client_creds)
95
96 def test_salt_double_at_user(self):
97 client_creds = self._get_creds(
98 account_type=self.AccountType.USER,
99 opts={'name_suffix': 'foo@@bar'})
100 self._run_as_req_enc_timestamp(client_creds)
101
102 def test_salt_double_at_mac(self):
103 client_creds = self._get_creds(
104 account_type=self.AccountType.COMPUTER,
105 opts={'name_suffix': 'foo@@bar'})
106 self._run_as_req_enc_timestamp(client_creds)
107
108 def test_salt_double_at_managed_service(self):
109 client_creds = self._get_creds(
110 account_type=self.AccountType.MANAGED_SERVICE,
111 opts={'name_suffix': 'foo@@bar'})
112 self._run_as_req_enc_timestamp(client_creds)
113
114 def test_salt_at_start_user(self):
115 client_creds = self._get_creds(
116 account_type=self.AccountType.USER,
117 opts={'name_prefix': '@foo'})
118 self._run_as_req_enc_timestamp(client_creds)
119
120 def test_salt_at_start_mac(self):
121 client_creds = self._get_creds(
122 account_type=self.AccountType.COMPUTER,
123 opts={'name_prefix': '@foo'})
124 self._run_as_req_enc_timestamp(client_creds)
125
126 def test_salt_at_start_managed_service(self):
127 client_creds = self._get_creds(
128 account_type=self.AccountType.MANAGED_SERVICE,
129 opts={'name_prefix': '@foo'})
130 self._run_as_req_enc_timestamp(client_creds)
131
132 def test_salt_at_end_user(self):
133 client_creds = self._get_creds(
134 account_type=self.AccountType.USER,
135 opts={'name_suffix': 'foo@'})
136 self._run_as_req_enc_timestamp(client_creds)
137
138 def test_salt_at_end_mac(self):
139 client_creds = self._get_creds(
140 account_type=self.AccountType.COMPUTER,
141 opts={'name_suffix': 'foo@'})
142 self._run_as_req_enc_timestamp(client_creds)
143
144 def test_salt_at_end_managed_service(self):
145 client_creds = self._get_creds(
146 account_type=self.AccountType.MANAGED_SERVICE,
147 opts={'name_suffix': 'foo@',
148 'add_dollar': True})
149 self._run_as_req_enc_timestamp(client_creds)
150
151 def test_salt_at_end_no_dollar_mac(self):
152 client_creds = self._get_creds(
153 account_type=self.AccountType.COMPUTER,
154 opts={'name_suffix': 'foo@',
155 'add_dollar': False})
156 self._run_as_req_enc_timestamp(client_creds)
157
158 def test_salt_at_end_add_dollar_managed_service(self):
159 client_creds = self._get_creds(
160 account_type=self.AccountType.MANAGED_SERVICE,
161 opts={'name_suffix': 'foo@',
162 'add_dollar': True})
163 self._run_as_req_enc_timestamp(client_creds)
164
165 def test_salt_no_dollar_mac(self):
166 client_creds = self._get_creds(
167 account_type=self.AccountType.COMPUTER,
168 opts={'add_dollar': False})
169 self._run_as_req_enc_timestamp(client_creds)
170
171 def test_salt_add_dollar_managed_service(self):
172 client_creds = self._get_creds(
173 account_type=self.AccountType.MANAGED_SERVICE,
174 opts={'add_dollar': True})
175 self._run_as_req_enc_timestamp(client_creds)
176
177 def test_salt_dollar_mid_mac(self):
178 client_creds = self._get_creds(
179 account_type=self.AccountType.COMPUTER,
180 opts={'name_suffix': 'foo$bar',
181 'add_dollar': False})
182 self._run_as_req_enc_timestamp(client_creds)
183
184 def test_salt_dollar_mid_managed_service(self):
185 client_creds = self._get_creds(
186 account_type=self.AccountType.MANAGED_SERVICE,
187 opts={'name_suffix': 'foo$bar',
188 'add_dollar': True})
189 self._run_as_req_enc_timestamp(client_creds)
190
191 def test_salt_dollar_user(self):
192 client_creds = self._get_creds(
193 account_type=self.AccountType.USER,
194 opts={'name_suffix': 'foo$bar'})
195 self._run_as_req_enc_timestamp(client_creds)
196
197 def test_salt_dollar_mac(self):
198 client_creds = self._get_creds(
199 account_type=self.AccountType.COMPUTER,
200 opts={'name_suffix': 'foo$bar'})
201 self._run_as_req_enc_timestamp(client_creds)
202
203 def test_salt_dollar_managed_service(self):
204 client_creds = self._get_creds(
205 account_type=self.AccountType.MANAGED_SERVICE,
206 opts={'name_suffix': 'foo$bar'})
207 self._run_as_req_enc_timestamp(client_creds)
208
209 def test_salt_dollar_end_user(self):
210 client_creds = self._get_creds(
211 account_type=self.AccountType.USER,
212 opts={'name_suffix': 'foo$'})
213 self._run_as_req_enc_timestamp(client_creds)
214
215 def test_salt_dollar_end_mac(self):
216 client_creds = self._get_creds(
217 account_type=self.AccountType.COMPUTER,
218 opts={'name_suffix': 'foo$'})
219 self._run_as_req_enc_timestamp(client_creds)
220
221 def test_salt_dollar_end_managed_service(self):
222 client_creds = self._get_creds(
223 account_type=self.AccountType.MANAGED_SERVICE,
224 opts={'name_suffix': 'foo$'})
225 self._run_as_req_enc_timestamp(client_creds)
226
227 def test_salt_upn_user(self):
228 client_creds = self._get_creds(
229 account_type=self.AccountType.USER,
230 opts={'upn': 'foo0'})
231 self._run_as_req_enc_timestamp(client_creds)
232
233 def test_salt_upn_mac(self):
234 client_creds = self._get_creds(
235 account_type=self.AccountType.COMPUTER,
236 opts={'upn': 'foo1'})
237 self._run_as_req_enc_timestamp(client_creds)
238
239 def test_salt_upn_managed_service(self):
240 client_creds = self._get_creds(
241 account_type=self.AccountType.MANAGED_SERVICE,
242 opts={'upn': 'foo24'})
243 self._run_as_req_enc_timestamp(client_creds)
244
245 def test_salt_upn_host_user(self):
246 client_creds = self._get_creds(
247 account_type=self.AccountType.USER,
248 opts={'upn': 'host/foo2'})
249 self._run_as_req_enc_timestamp(client_creds)
250
251 def test_salt_upn_host_mac(self):
252 client_creds = self._get_creds(
253 account_type=self.AccountType.COMPUTER,
254 opts={'upn': 'host/foo3'})
255 self._run_as_req_enc_timestamp(client_creds)
256
257 def test_salt_upn_host_managed_service(self):
258 client_creds = self._get_creds(
259 account_type=self.AccountType.MANAGED_SERVICE,
260 opts={'upn': 'host/foo25'})
261 self._run_as_req_enc_timestamp(client_creds)
262
263 def test_salt_upn_realm_user(self):
264 realm = self.get_samdb().domain_dns_name()
265 client_creds = self._get_creds(
266 account_type=self.AccountType.USER,
267 opts={'upn': 'foo4@' + realm})
268 self._run_as_req_enc_timestamp(client_creds)
269
270 def test_salt_upn_realm_mac(self):
271 realm = self.get_samdb().domain_dns_name()
272 client_creds = self._get_creds(
273 account_type=self.AccountType.COMPUTER,
274 opts={'upn': 'foo5@' + realm})
275 self._run_as_req_enc_timestamp(client_creds)
276
277 def test_salt_upn_realm_managed_service(self):
278 realm = self.get_samdb().domain_dns_name()
279 client_creds = self._get_creds(
280 account_type=self.AccountType.MANAGED_SERVICE,
281 opts={'upn': 'foo26@' + realm})
282 self._run_as_req_enc_timestamp(client_creds)
283
284 def test_salt_upn_host_realm_user(self):
285 realm = self.get_samdb().domain_dns_name()
286 client_creds = self._get_creds(
287 account_type=self.AccountType.USER,
288 opts={'upn': 'host/foo6@' + realm})
289 self._run_as_req_enc_timestamp(client_creds)
290
291 def test_salt_upn_host_realm_mac(self):
292 realm = self.get_samdb().domain_dns_name()
293 client_creds = self._get_creds(
294 account_type=self.AccountType.COMPUTER,
295 opts={'upn': 'host/foo7@' + realm})
296 self._run_as_req_enc_timestamp(client_creds)
297
298 def test_salt_upn_host_realm_managed_service(self):
299 realm = self.get_samdb().domain_dns_name()
300 client_creds = self._get_creds(
301 account_type=self.AccountType.MANAGED_SERVICE,
302 opts={'upn': 'host/foo27@' + realm})
303 self._run_as_req_enc_timestamp(client_creds)
304
305 def test_salt_upn_dollar_realm_user(self):
306 realm = self.get_samdb().domain_dns_name()
307 client_creds = self._get_creds(
308 account_type=self.AccountType.USER,
309 opts={'upn': 'foo8$@' + realm})
310 self._run_as_req_enc_timestamp(client_creds)
311
312 def test_salt_upn_dollar_realm_mac(self):
313 realm = self.get_samdb().domain_dns_name()
314 client_creds = self._get_creds(
315 account_type=self.AccountType.COMPUTER,
316 opts={'upn': 'foo9$@' + realm})
317 self._run_as_req_enc_timestamp(client_creds)
318
319 def test_salt_upn_dollar_realm_managed_service(self):
320 realm = self.get_samdb().domain_dns_name()
321 client_creds = self._get_creds(
322 account_type=self.AccountType.MANAGED_SERVICE,
323 opts={'upn': 'foo28$@' + realm})
324 self._run_as_req_enc_timestamp(client_creds)
325
326 def test_salt_upn_host_dollar_realm_user(self):
327 realm = self.get_samdb().domain_dns_name()
328 client_creds = self._get_creds(
329 account_type=self.AccountType.USER,
330 opts={'upn': 'host/foo10$@' + realm})
331 self._run_as_req_enc_timestamp(client_creds)
332
333 def test_salt_upn_host_dollar_realm_mac(self):
334 realm = self.get_samdb().domain_dns_name()
335 client_creds = self._get_creds(
336 account_type=self.AccountType.COMPUTER,
337 opts={'upn': 'host/foo11$@' + realm})
338 self._run_as_req_enc_timestamp(client_creds)
339
340 def test_salt_upn_host_dollar_realm_managed_service(self):
341 realm = self.get_samdb().domain_dns_name()
342 client_creds = self._get_creds(
343 account_type=self.AccountType.MANAGED_SERVICE,
344 opts={'upn': 'host/foo29$@' + realm})
345 self._run_as_req_enc_timestamp(client_creds)
346
347 def test_salt_upn_other_realm_user(self):
348 client_creds = self._get_creds(
349 account_type=self.AccountType.USER,
350 opts={'upn': 'foo12@other.realm'})
351 self._run_as_req_enc_timestamp(client_creds)
352
353 def test_salt_upn_other_realm_mac(self):
354 client_creds = self._get_creds(
355 account_type=self.AccountType.COMPUTER,
356 opts={'upn': 'foo13@other.realm'})
357 self._run_as_req_enc_timestamp(client_creds)
358
359 def test_salt_upn_other_realm_managed_service(self):
360 client_creds = self._get_creds(
361 account_type=self.AccountType.MANAGED_SERVICE,
362 opts={'upn': 'foo30@other.realm'})
363 self._run_as_req_enc_timestamp(client_creds)
364
365 def test_salt_upn_host_other_realm_user(self):
366 client_creds = self._get_creds(
367 account_type=self.AccountType.USER,
368 opts={'upn': 'host/foo14@other.realm'})
369 self._run_as_req_enc_timestamp(client_creds)
370
371 def test_salt_upn_host_other_realm_mac(self):
372 client_creds = self._get_creds(
373 account_type=self.AccountType.COMPUTER,
374 opts={'upn': 'host/foo15@other.realm'})
375 self._run_as_req_enc_timestamp(client_creds)
376
377 def test_salt_upn_host_other_realm_managed_service(self):
378 client_creds = self._get_creds(
379 account_type=self.AccountType.MANAGED_SERVICE,
380 opts={'upn': 'host/foo31@other.realm'})
381 self._run_as_req_enc_timestamp(client_creds)
382
383 def test_salt_upn_case_user(self):
384 client_creds = self._get_creds(
385 account_type=self.AccountType.USER,
386 opts={'upn': 'Foo16'})
387 self._run_as_req_enc_timestamp(client_creds)
388
389 def test_salt_upn_case_mac(self):
390 client_creds = self._get_creds(
391 account_type=self.AccountType.COMPUTER,
392 opts={'upn': 'Foo17'})
393 self._run_as_req_enc_timestamp(client_creds)
394
395 def test_salt_upn_case_managed_service(self):
396 client_creds = self._get_creds(
397 account_type=self.AccountType.MANAGED_SERVICE,
398 opts={'upn': 'Foo32'})
399 self._run_as_req_enc_timestamp(client_creds)
400
401 def test_salt_upn_dollar_mid_realm_user(self):
402 realm = self.get_samdb().domain_dns_name()
403 client_creds = self._get_creds(
404 account_type=self.AccountType.USER,
405 opts={'upn': 'foo$18@' + realm})
406 self._run_as_req_enc_timestamp(client_creds)
407
408 def test_salt_upn_dollar_mid_realm_mac(self):
409 realm = self.get_samdb().domain_dns_name()
410 client_creds = self._get_creds(
411 account_type=self.AccountType.COMPUTER,
412 opts={'upn': 'foo$19@' + realm})
413 self._run_as_req_enc_timestamp(client_creds)
414
415 def test_salt_upn_dollar_mid_realm_managed_service(self):
416 realm = self.get_samdb().domain_dns_name()
417 client_creds = self._get_creds(
418 account_type=self.AccountType.MANAGED_SERVICE,
419 opts={'upn': 'foo$33@' + realm})
420 self._run_as_req_enc_timestamp(client_creds)
421
422 def test_salt_upn_host_dollar_mid_realm_user(self):
423 realm = self.get_samdb().domain_dns_name()
424 client_creds = self._get_creds(
425 account_type=self.AccountType.USER,
426 opts={'upn': 'host/foo$20@' + realm})
427 self._run_as_req_enc_timestamp(client_creds)
428
429 def test_salt_upn_host_dollar_mid_realm_mac(self):
430 realm = self.get_samdb().domain_dns_name()
431 client_creds = self._get_creds(
432 account_type=self.AccountType.COMPUTER,
433 opts={'upn': 'host/foo$21@' + realm})
434 self._run_as_req_enc_timestamp(client_creds)
435
436 def test_salt_upn_host_dollar_mid_realm_managed_service(self):
437 realm = self.get_samdb().domain_dns_name()
438 client_creds = self._get_creds(
439 account_type=self.AccountType.MANAGED_SERVICE,
440 opts={'upn': 'host/foo$34@' + realm})
441 self._run_as_req_enc_timestamp(client_creds)
442
443 def test_salt_upn_at_realm_user(self):
444 realm = self.get_samdb().domain_dns_name()
445 client_creds = self._get_creds(
446 account_type=self.AccountType.USER,
447 opts={'upn': 'foo22@bar@' + realm})
448 self._run_as_req_enc_timestamp(client_creds)
449
450 def test_salt_upn_at_realm_mac(self):
451 realm = self.get_samdb().domain_dns_name()
452 client_creds = self._get_creds(
453 account_type=self.AccountType.COMPUTER,
454 opts={'upn': 'foo23@bar@' + realm})
455 self._run_as_req_enc_timestamp(client_creds)
456
457 def test_salt_upn_at_realm_managed_service(self):
458 realm = self.get_samdb().domain_dns_name()
459 client_creds = self._get_creds(
460 account_type=self.AccountType.MANAGED_SERVICE,
461 opts={'upn': 'foo35@bar@' + realm})
462 self._run_as_req_enc_timestamp(client_creds)
463
464
465 if __name__ == "__main__":
466 global_asn1_print = False
467 global_hexdump = False
468 import unittest
469 unittest.main()
GSS-enabled samba4