search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / samba_tool / user_virtualCryptSHA_userPassword.py
blob1f84af0564bd9f8a8d05c0afc20663c480852134
1 # Tests for the samba-tool user sub command reading Primary:userPassword
2 #
3 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 from samba.tests.samba_tool.user_virtualCryptSHA_base import UserCmdCryptShaTestCase
20
21
22 class UserCmdCryptShaTestCaseUserPassword(UserCmdCryptShaTestCase):
23 # gpg decryption not enabled.
24 # both virtual attributes specified, no rounds option
25 # no hashes stored in supplementalCredentials
26 # Should not get values
27 def test_no_gpg_both_hashes_no_rounds(self):
28 self.add_user()
29 out = self._get_password("virtualCryptSHA256,virtualCryptSHA512")
30
31 self.assertTrue("virtualCryptSHA256:" not in out)
32 self.assertTrue("virtualCryptSHA512:" not in out)
33 self.assertTrue("rounds=" not in out)
34
35 # gpg decryption not enabled.
36 # SHA256 specified
37 # no hashes stored in supplementalCredentials
38 # No rounds
39 #
40 # Should not get values
41 def test_no_gpg_sha256_no_rounds(self):
42 self.add_user()
43 out = self._get_password("virtualCryptSHA256")
44
45 self.assertTrue("virtualCryptSHA256:" not in out)
46 self.assertTrue("virtualCryptSHA512:" not in out)
47 self.assertTrue("rounds=" not in out)
48
49 # gpg decryption not enabled.
50 # SHA512 specified
51 # no hashes stored in supplementalCredentials
52 # No rounds
53 #
54 # Should not get values
55 def test_no_gpg_sha512_no_rounds(self):
56 self.add_user()
57 out = self._get_password("virtualCryptSHA512")
58
59 self.assertTrue("virtualCryptSHA256:" not in out)
60 self.assertTrue("virtualCryptSHA512:" not in out)
61 self.assertTrue("rounds=" not in out)
62
63 # gpg decryption not enabled.
64 # SHA128 specified, i.e. invalid/unknown algorithm
65 # no hashes stored in supplementalCredentials
66 # No rounds
67 #
68 # Should not get values
69 def test_no_gpg_invalid_alg_no_rounds(self):
70 self.add_user()
71 out = self._get_password("virtualCryptSHA128")
72
73 self.assertTrue("virtualCryptSHA256:" not in out)
74 self.assertTrue("virtualCryptSHA512:" not in out)
75 self.assertTrue("rounds=" not in out)
76
77 # gpg decryption not enabled.
78 # both virtual attributes specified, no rounds option
79 # both hashes stored in supplementalCredentials
80 # Should get values
81 def test_no_gpg_both_hashes_no_rounds_stored_hashes(self):
82 self.add_user("CryptSHA512 CryptSHA256")
83
84 out = self._get_password("virtualCryptSHA256,virtualCryptSHA512")
85
86 self.assertTrue("virtualCryptSHA256:" in out)
87 self.assertTrue("virtualCryptSHA512:" in out)
88 self.assertTrue("rounds=" not in out)
89
90 # Should be using the pre computed hash in supplementalCredentials
91 # so it should not change between calls.
92 sha256 = self._get_attribute(out, "virtualCryptSHA256")
93 sha512 = self._get_attribute(out, "virtualCryptSHA512")
94
95 out = self._get_password("virtualCryptSHA256,virtualCryptSHA512")
96 self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256"))
97 self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512"))
98
99 # gpg decryption not enabled.
100 # both virtual attributes specified, rounds specified
101 # both hashes stored in supplementalCredentials, with not rounds
102 # Should get hashes for the first matching scheme entry
103 def test_no_gpg_both_hashes_rounds_stored_hashes(self):
104 self.add_user("CryptSHA512 CryptSHA256")
105
106 out = self._get_password("virtualCryptSHA256;rounds=2561," +
107 "virtualCryptSHA512;rounds=5129")
108
109 self.assertTrue("virtualCryptSHA256;rounds=2561:" in out)
110 self.assertTrue("virtualCryptSHA512;rounds=5129:" in out)
111 self.assertTrue("$rounds=" not in out)
112
113 # Should be using the pre computed hash in supplementalCredentials
114 # so it should not change between calls.
115 sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561")
116 sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129")
117
118 out = self._get_password("virtualCryptSHA256,virtualCryptSHA512")
119 self.assertEqual(sha256, self._get_attribute(out,
120 "virtualCryptSHA256"))
121 self.assertEqual(sha512, self._get_attribute(out,
122 "virtualCryptSHA512"))
123
124 # gpg decryption not enabled.
125 # both virtual attributes specified, rounds specified
126 # both hashes stored in supplementalCredentials, with rounds
127 # Should get values
128 def test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds(self):
129 self.add_user("CryptSHA512 " +
130 "CryptSHA256 " +
131 "CryptSHA512:rounds=5129 " +
132 "CryptSHA256:rounds=2561")
133
134 out = self._get_password("virtualCryptSHA256;rounds=2561," +
135 "virtualCryptSHA512;rounds=5129")
136
137 self.assertTrue("virtualCryptSHA256;rounds=2561:" in out)
138 self.assertTrue("virtualCryptSHA512;rounds=5129:" in out)
139 self.assertTrue("$rounds=" in out)
140
141 # Should be using the pre computed hash in supplementalCredentials
142 # so it should not change between calls.
143 sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561")
144 sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129")
145
146 out = self._get_password("virtualCryptSHA256;rounds=2561," +
147 "virtualCryptSHA512;rounds=5129")
148 self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=2561"))
149 self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5129"))
150
151 # Number of rounds should match that specified
152 self.assertTrue(sha256.startswith("{CRYPT}$5$rounds=2561"))
153 self.assertTrue(sha512.startswith("{CRYPT}$6$rounds=5129"))
154
155 # gpg decryption not enabled.
156 # both virtual attributes specified, rounds specified
157 # both hashes stored in supplementalCredentials, with rounds
158 # number of rounds stored/requested do not match
159 # Should get the precomputed hashes for CryptSHA512 and CryptSHA256
160 def test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match(self):
161 self.add_user("CryptSHA512 " +
162 "CryptSHA256 " +
163 "CryptSHA512:rounds=5129 " +
164 "CryptSHA256:rounds=2561")
165
166 out = self._get_password("virtualCryptSHA256;rounds=4000," +
167 "virtualCryptSHA512;rounds=5000")
168
169 self.assertTrue("virtualCryptSHA256;rounds=4000:" in out)
170 self.assertTrue("virtualCryptSHA512;rounds=5000:" in out)
171 self.assertTrue("$rounds=" not in out)
172
173 # Should be using the pre computed hash in supplementalCredentials
174 # so it should not change between calls.
175 sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=4000")
176 sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5000")
177
178 out = self._get_password("virtualCryptSHA256;rounds=4000," +
179 "virtualCryptSHA512;rounds=5000")
180 self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=4000"))
181 self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5000"))
182
183 # As the number of rounds did not match, should have returned the
184 # first hash of the corresponding scheme
185 out = self._get_password("virtualCryptSHA256," +
186 "virtualCryptSHA512")
187 self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256"))
188 self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512"))
GSS-enabled samba4