summaryrefslogtreecommitdiff
path: root/source4/auth/credentials/tests
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-10-07 17:20:33 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-10-11 13:41:36 +1100
commit561d834123a2a8a96954f7cca556f8838ab38b72 (patch)
treea473eff62f409089a9bacdb5fe5742885c708223 /source4/auth/credentials/tests
parent1255383140a9b3fbd957c1f7ce47e89c17cc4eda (diff)
downloadsamba-561d834123a2a8a96954f7cca556f8838ab38b72.tar.gz
samba-561d834123a2a8a96954f7cca556f8838ab38b72.tar.bz2
samba-561d834123a2a8a96954f7cca556f8838ab38b72.zip
auth: move credentials layer to the top level
This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
Diffstat (limited to 'source4/auth/credentials/tests')
-rwxr-xr-xsource4/auth/credentials/tests/bind.py154
-rw-r--r--source4/auth/credentials/tests/simple.c119
2 files changed, 0 insertions, 273 deletions
diff --git a/source4/auth/credentials/tests/bind.py b/source4/auth/credentials/tests/bind.py
deleted file mode 100755
index 1529a475c7..0000000000
--- a/source4/auth/credentials/tests/bind.py
+++ /dev/null
@@ -1,154 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# This is unit with tests for LDAP access checks
-
-import optparse
-import sys
-import base64
-import re
-import os
-import copy
-import time
-
-sys.path.insert(0, "bin/python")
-import samba
-samba.ensure_external_module("testtools", "testtools")
-samba.ensure_external_module("subunit", "subunit/python")
-
-import samba.getopt as options
-
-from ldb import (
- SCOPE_BASE, SCOPE_SUBTREE, LdbError, ERR_NO_SUCH_OBJECT)
-from samba.dcerpc import security
-
-from samba.auth import system_session
-from samba import gensec
-from samba.samdb import SamDB
-from samba.credentials import Credentials
-import samba.tests
-from samba.tests import delete_force
-from subunit.run import SubunitTestRunner
-import unittest
-
-parser = optparse.OptionParser("ldap [options] <host>")
-sambaopts = options.SambaOptions(parser)
-parser.add_option_group(sambaopts)
-
-# use command line creds if available
-credopts = options.CredentialsOptions(parser)
-parser.add_option_group(credopts)
-opts, args = parser.parse_args()
-
-if len(args) < 1:
- parser.print_usage()
- sys.exit(1)
-
-host = args[0]
-lp = sambaopts.get_loadparm()
-creds = credopts.get_credentials(lp)
-creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
-creds_machine = copy.deepcopy(creds)
-creds_user1 = copy.deepcopy(creds)
-creds_user2 = copy.deepcopy(creds)
-creds_user3 = copy.deepcopy(creds)
-
-class BindTests(samba.tests.TestCase):
-
- info_dc = None
-
- def setUp(self):
- super(BindTests, self).setUp()
- # fetch rootDSEs
- if self.info_dc is None:
- res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
- self.assertEquals(len(res), 1)
- BindTests.info_dc = res[0]
- # cache some of RootDSE props
- self.schema_dn = self.info_dc["schemaNamingContext"][0]
- self.domain_dn = self.info_dc["defaultNamingContext"][0]
- self.config_dn = self.info_dc["configurationNamingContext"][0]
- self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
- self.password = "P@ssw0rd"
- self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
-
- def tearDown(self):
- super(BindTests, self).tearDown()
-
- def test_computer_account_bind(self):
- # create a computer acocount for the test
- delete_force(ldb, self.computer_dn)
- ldb.add_ldif("""
-dn: """ + self.computer_dn + """
-cn: CENTOS53
-displayName: CENTOS53$
-name: CENTOS53
-sAMAccountName: CENTOS53$
-countryCode: 0
-objectClass: computer
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-objectClass: user
-codePage: 0
-userAccountControl: 4096
-dNSHostName: centos53.alabala.test
-operatingSystemVersion: 5.2 (3790)
-operatingSystem: Windows Server 2003
-""")
- ldb.modify_ldif("""
-dn: """ + self.computer_dn + """
-changetype: modify
-replace: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
-""")
-
- # do a simple bind and search with the machine account
- creds_machine.set_bind_dn(self.computer_dn)
- creds_machine.set_password(self.password)
- print "BindTest with: " + creds_machine.get_bind_dn()
- ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
- lp=lp, ldap_only=True)
- res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
-
- def test_user_account_bind(self):
- # create user
- ldb.newuser(username=self.username, password=self.password)
- ldb_res = ldb.search(base=self.domain_dn,
- scope=SCOPE_SUBTREE,
- expression="(samAccountName=%s)" % self.username)
- self.assertEquals(len(ldb_res), 1)
- user_dn = ldb_res[0]["dn"]
-
- # do a simple bind and search with the user account in format user@realm
- creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
- creds_user1.set_password(self.password)
- print "BindTest with: " + creds_user1.get_bind_dn()
- ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
- lp=lp, ldap_only=True)
- res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
-
- # do a simple bind and search with the user account in format domain\user
- creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
- creds_user2.set_password(self.password)
- print "BindTest with: " + creds_user2.get_bind_dn()
- ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
- lp=lp, ldap_only=True)
- res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
-
- # do a simple bind and search with the user account DN
- creds_user3.set_bind_dn(str(user_dn))
- creds_user3.set_password(self.password)
- print "BindTest with: " + creds_user3.get_bind_dn()
- ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
- lp=lp, ldap_only=True)
- res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
-
-
-ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
-
-runner = SubunitTestRunner()
-rc = 0
-if not runner.run(unittest.makeSuite(BindTests)).wasSuccessful():
- rc = 1
-
-sys.exit(rc)
diff --git a/source4/auth/credentials/tests/simple.c b/source4/auth/credentials/tests/simple.c
deleted file mode 100644
index 6c722750d6..0000000000
--- a/source4/auth/credentials/tests/simple.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Samba utility functions
- Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth/credentials/credentials.h"
-#include "torture/torture.h"
-
-static bool test_init(struct torture_context *tctx)
-{
- struct cli_credentials *creds = cli_credentials_init(tctx);
-
- cli_credentials_set_domain(creds, "bla", CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, "BLA", cli_credentials_get_domain(creds),
- "domain");
-
- cli_credentials_set_username(creds, "someuser", CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, "someuser",
- cli_credentials_get_username(creds),
- "username");
-
- cli_credentials_set_password(creds, "p4ssw0rd", CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, "p4ssw0rd",
- cli_credentials_get_password(creds),
- "password");
-
- return true;
-}
-
-static bool test_init_anonymous(struct torture_context *tctx)
-{
- struct cli_credentials *creds = cli_credentials_init_anon(tctx);
-
- torture_assert_str_equal(tctx, cli_credentials_get_domain(creds),
- "", "domain");
-
- torture_assert_str_equal(tctx, cli_credentials_get_username(creds),
- "", "username");
-
- torture_assert(tctx, cli_credentials_get_password(creds) == NULL,
- "password");
-
- return true;
-}
-
-static bool test_parse_string(struct torture_context *tctx)
-{
- struct cli_credentials *creds = cli_credentials_init_anon(tctx);
-
- /* anonymous */
- cli_credentials_parse_string(creds, "%", CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, cli_credentials_get_domain(creds),
- "", "domain");
-
- torture_assert_str_equal(tctx, cli_credentials_get_username(creds),
- "", "username");
-
- torture_assert(tctx, cli_credentials_get_password(creds) == NULL,
- "password");
-
- /* username + password */
- cli_credentials_parse_string(creds, "somebody%secret",
- CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, cli_credentials_get_domain(creds),
- "", "domain");
-
- torture_assert_str_equal(tctx, cli_credentials_get_username(creds),
- "somebody", "username");
-
- torture_assert_str_equal(tctx, cli_credentials_get_password(creds),
- "secret", "password");
-
- /* principal */
- cli_credentials_parse_string(creds, "prin@styx",
- CRED_SPECIFIED);
-
- torture_assert_str_equal(tctx, cli_credentials_get_realm(creds),
- "STYX", "realm");
-
- torture_assert_str_equal(tctx,
- cli_credentials_get_principal(creds, tctx),
- "prin@styx", "principal");
-
- return true;
-}
-
-struct torture_suite *torture_local_credentials(TALLOC_CTX *mem_ctx)
-{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "credentials");
-
- torture_suite_add_simple_test(suite, "init", test_init);
- torture_suite_add_simple_test(suite, "init anonymous",
- test_init_anonymous);
- torture_suite_add_simple_test(suite, "parse_string",
- test_parse_string);
-
- return suite;
-}
-