python/samba/tests/ndr/gmsa.py

   1 #!/usr/bin/env python3
   2 # Unix SMB/CIFS implementation.
   3 # Copyright (C) Catalyst.Net Ltd 2023
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 import sys
  20 import os
  21
  22 sys.path.insert(0, 'bin/python')
  23 os.environ['PYTHONUNBUFFERED'] = '1'
  24
  25 from samba.dcerpc import gmsa
  26 from samba.ndr import ndr_pack, ndr_unpack
  27 import samba.tests
  28
  29
  30 class GmsaTests(samba.tests.TestCase):
  31     managed_password_blob = (
  32         b'\x01\x00\x00\x00"\x01\x00\x00\x10\x00\x00\x00\x12\x01\x1a\x01g\x86W\xa1'
  33         b'\x13nT\x7fF\xeey\x88\xc8\x08\xd9\x04\xed\x0eK\x05\x92\xf8\x9e\xb8+\xd2\x92h'
  34         b'Xg\xc3\x11\x9d\xd6\xea\xae\xf5\x81\n\x1a\xa4\xe0\x8eI|\xc3\x11c'
  35         b'\xb2\xe7\x99\xe6\xeaf\xe3\x02,\x10\x0b\xf5\x95\x85\xa3FBt\xeb\xad$\x88\xfc('
  36         b'\xac\xbd\x10\xa9\xb4M\xdeCjm5\xff\xf0\xe9Z\xe7\x906\t\xe8%"\n\xd3\r\xb6\xa8k'
  37         b'\xb5D\xfa4\x0f\x86M-8\x95\x19=@\x07\xdfrG\x8dq\xce?x\x9b\xb19\xc4\xc1\xcf'
  38         b"\xfdm9\x94\x8c\n\xfaje\xe3\xf5\xf8\xf9\r\x8cp\xf7',\xe6Z?c'\x93\xeb\x0eF"
  39         b'\x97\xe5v\xc2\x1f6\xacU\xf4\x16z"\xb4\xeb\xb2Y<-"\xdcJ\xc8\xd4\xcaE_)\x9a'
  40         b'\x18+\x8dM\x8d\xd1#-\xde\x1e\xfe:\xca\xf1K\x13tS\x19_EE_]H\xa0\xc4A'
  41         b'\x91;\x80\xf9MF\x96\xb1q7\x9bZ\xc3\xb0,P\x1c\xf8\xe1kC\xbe\xac\xa5"cA\x1d'
  42         b'\\\xf7r\xe7c\xe8\xd2\x9ap\xa1)>r\x18\xa1\xe3\x00\x00t\x95\x01i\x80\x17'
  43         b'\x00\x00t71\xb6\x7f\x17\x00\x00'
  44     )
  45
  46     current_password = (
  47         b'g\x86W\xa1\x13nT\x7fF\xeey\x88\xc8\x08\xd9\x04\xed\x0eK\x05\x92\xf8\x9e\xb8'
  48         b'+\xd2\x92hXg\xc3\x11\x9d\xd6\xea\xae\xf5\x81\n\x1a\xa4\xe0\x8eI|\xc3\x11c'
  49         b'\xb2\xe7\x99\xe6\xeaf\xe3\x02,\x10\x0b\xf5\x95\x85\xa3FBt\xeb\xad$\x88\xfc('
  50         b'\xac\xbd\x10\xa9\xb4M\xdeCjm5\xff\xf0\xe9Z\xe7\x906\t\xe8%"\n\xd3\r\xb6\xa8k'
  51         b'\xb5D\xfa4\x0f\x86M-8\x95\x19=@\x07\xdfrG\x8dq\xce?x\x9b\xb19\xc4\xc1\xcf'
  52         b"\xfdm9\x94\x8c\n\xfaje\xe3\xf5\xf8\xf9\r\x8cp\xf7',\xe6Z?c'\x93\xeb\x0eF"
  53         b'\x97\xe5v\xc2\x1f6\xacU\xf4\x16z"\xb4\xeb\xb2Y<-"\xdcJ\xc8\xd4\xcaE_)\x9a'
  54         b'\x18+\x8dM\x8d\xd1#-\xde\x1e\xfe:\xca\xf1K\x13tS\x19_EE_]H\xa0\xc4A'
  55         b'\x91;\x80\xf9MF\x96\xb1q7\x9bZ\xc3\xb0,P\x1c\xf8\xe1kC\xbe\xac\xa5"cA\x1d'
  56         b'\\\xf7r\xe7c\xe8\xd2\x9ap\xa1)>r\x18\xa1\xe3'
  57     )
  58
  59     query_interval = 0x178069019574
  60     unchanged_interval = 0x177fb6313774
  61
  62     def test_managed_password_blob_unpack(self):
  63         """Unpack a GMSA Managed Password blob and check its fields."""
  64
  65         managed_password = ndr_unpack(gmsa.MANAGEDPASSWORD_BLOB,
  66                                       self.managed_password_blob)
  67
  68         self.assertEqual(1, managed_password.version)
  69         self.assertEqual(0, managed_password.reserved)
  70         self.assertEqual(len(self.managed_password_blob),
  71                          managed_password.length)
  72
  73         self.assertEqual(self.current_password,
  74                          managed_password.passwords.current)
  75         self.assertIsNone(managed_password.passwords.previous)
  76
  77         self.assertEqual(self.query_interval,
  78                          managed_password.passwords.query_interval)
  79         self.assertEqual(self.unchanged_interval,
  80                          managed_password.passwords.unchanged_interval)
  81
  82     def test_managed_password_blob_pack(self):
  83         """Create a GMSA Managed Password blob and test that it packs to the
  84         blob we expect."""
  85
  86         managed_password = gmsa.MANAGEDPASSWORD_BLOB()
  87
  88         managed_password.passwords.current = self.current_password
  89         managed_password.passwords.query_interval = self.query_interval
  90         managed_password.passwords.unchanged_interval = self.unchanged_interval
  91
  92         self.assertEqual(self.managed_password_blob,
  93                          ndr_pack(managed_password))
  94
  95
  96 if __name__ == '__main__':
  97     import unittest
  98
  99     unittest.main()