From 561d834123a2a8a96954f7cca556f8838ab38b72 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Oct 2011 17:20:33 +1100 Subject: auth: move credentials layer to the top level This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett --- source4/auth/credentials/tests/bind.py | 154 -------------------------------- source4/auth/credentials/tests/simple.c | 119 ------------------------ 2 files changed, 273 deletions(-) delete mode 100755 source4/auth/credentials/tests/bind.py delete mode 100644 source4/auth/credentials/tests/simple.c (limited to 'source4/auth/credentials/tests') diff --git a/source4/auth/credentials/tests/bind.py b/source4/auth/credentials/tests/bind.py deleted file mode 100755 index 1529a475c7..0000000000 --- a/source4/auth/credentials/tests/bind.py +++ /dev/null @@ -1,154 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -# This is unit with tests for LDAP access checks - -import optparse -import sys -import base64 -import re -import os -import copy -import time - -sys.path.insert(0, "bin/python") -import samba -samba.ensure_external_module("testtools", "testtools") -samba.ensure_external_module("subunit", "subunit/python") - -import samba.getopt as options - -from ldb import ( - SCOPE_BASE, SCOPE_SUBTREE, LdbError, ERR_NO_SUCH_OBJECT) -from samba.dcerpc import security - -from samba.auth import system_session -from samba import gensec -from samba.samdb import SamDB -from samba.credentials import Credentials -import samba.tests -from samba.tests import delete_force -from subunit.run import SubunitTestRunner -import unittest - -parser = optparse.OptionParser("ldap [options] ") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) - -# use command line creds if available -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -opts, args = parser.parse_args() - -if len(args) < 1: - parser.print_usage() - sys.exit(1) - -host = args[0] -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) -creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL) -creds_machine = copy.deepcopy(creds) -creds_user1 = copy.deepcopy(creds) -creds_user2 = copy.deepcopy(creds) -creds_user3 = copy.deepcopy(creds) - -class BindTests(samba.tests.TestCase): - - info_dc = None - - def setUp(self): - super(BindTests, self).setUp() - # fetch rootDSEs - if self.info_dc is None: - res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) - self.assertEquals(len(res), 1) - BindTests.info_dc = res[0] - # cache some of RootDSE props - self.schema_dn = self.info_dc["schemaNamingContext"][0] - self.domain_dn = self.info_dc["defaultNamingContext"][0] - self.config_dn = self.info_dc["configurationNamingContext"][0] - self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn - self.password = "P@ssw0rd" - self.username = "BindTestUser_" + time.strftime("%s", time.gmtime()) - - def tearDown(self): - super(BindTests, self).tearDown() - - def test_computer_account_bind(self): - # create a computer acocount for the test - delete_force(ldb, self.computer_dn) - ldb.add_ldif(""" -dn: """ + self.computer_dn + """ -cn: CENTOS53 -displayName: CENTOS53$ -name: CENTOS53 -sAMAccountName: CENTOS53$ -countryCode: 0 -objectClass: computer -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: user -codePage: 0 -userAccountControl: 4096 -dNSHostName: centos53.alabala.test -operatingSystemVersion: 5.2 (3790) -operatingSystem: Windows Server 2003 -""") - ldb.modify_ldif(""" -dn: """ + self.computer_dn + """ -changetype: modify -replace: unicodePwd -unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """ -""") - - # do a simple bind and search with the machine account - creds_machine.set_bind_dn(self.computer_dn) - creds_machine.set_password(self.password) - print "BindTest with: " + creds_machine.get_bind_dn() - ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine, - lp=lp, ldap_only=True) - res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) - - def test_user_account_bind(self): - # create user - ldb.newuser(username=self.username, password=self.password) - ldb_res = ldb.search(base=self.domain_dn, - scope=SCOPE_SUBTREE, - expression="(samAccountName=%s)" % self.username) - self.assertEquals(len(ldb_res), 1) - user_dn = ldb_res[0]["dn"] - - # do a simple bind and search with the user account in format user@realm - creds_user1.set_bind_dn(self.username + "@" + creds.get_realm()) - creds_user1.set_password(self.password) - print "BindTest with: " + creds_user1.get_bind_dn() - ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1, - lp=lp, ldap_only=True) - res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) - - # do a simple bind and search with the user account in format domain\user - creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username) - creds_user2.set_password(self.password) - print "BindTest with: " + creds_user2.get_bind_dn() - ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2, - lp=lp, ldap_only=True) - res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) - - # do a simple bind and search with the user account DN - creds_user3.set_bind_dn(str(user_dn)) - creds_user3.set_password(self.password) - print "BindTest with: " + creds_user3.get_bind_dn() - ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3, - lp=lp, ldap_only=True) - res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) - - -ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True) - -runner = SubunitTestRunner() -rc = 0 -if not runner.run(unittest.makeSuite(BindTests)).wasSuccessful(): - rc = 1 - -sys.exit(rc) diff --git a/source4/auth/credentials/tests/simple.c b/source4/auth/credentials/tests/simple.c deleted file mode 100644 index 6c722750d6..0000000000 --- a/source4/auth/credentials/tests/simple.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba utility functions - Copyright (C) Jelmer Vernooij 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "auth/credentials/credentials.h" -#include "torture/torture.h" - -static bool test_init(struct torture_context *tctx) -{ - struct cli_credentials *creds = cli_credentials_init(tctx); - - cli_credentials_set_domain(creds, "bla", CRED_SPECIFIED); - - torture_assert_str_equal(tctx, "BLA", cli_credentials_get_domain(creds), - "domain"); - - cli_credentials_set_username(creds, "someuser", CRED_SPECIFIED); - - torture_assert_str_equal(tctx, "someuser", - cli_credentials_get_username(creds), - "username"); - - cli_credentials_set_password(creds, "p4ssw0rd", CRED_SPECIFIED); - - torture_assert_str_equal(tctx, "p4ssw0rd", - cli_credentials_get_password(creds), - "password"); - - return true; -} - -static bool test_init_anonymous(struct torture_context *tctx) -{ - struct cli_credentials *creds = cli_credentials_init_anon(tctx); - - torture_assert_str_equal(tctx, cli_credentials_get_domain(creds), - "", "domain"); - - torture_assert_str_equal(tctx, cli_credentials_get_username(creds), - "", "username"); - - torture_assert(tctx, cli_credentials_get_password(creds) == NULL, - "password"); - - return true; -} - -static bool test_parse_string(struct torture_context *tctx) -{ - struct cli_credentials *creds = cli_credentials_init_anon(tctx); - - /* anonymous */ - cli_credentials_parse_string(creds, "%", CRED_SPECIFIED); - - torture_assert_str_equal(tctx, cli_credentials_get_domain(creds), - "", "domain"); - - torture_assert_str_equal(tctx, cli_credentials_get_username(creds), - "", "username"); - - torture_assert(tctx, cli_credentials_get_password(creds) == NULL, - "password"); - - /* username + password */ - cli_credentials_parse_string(creds, "somebody%secret", - CRED_SPECIFIED); - - torture_assert_str_equal(tctx, cli_credentials_get_domain(creds), - "", "domain"); - - torture_assert_str_equal(tctx, cli_credentials_get_username(creds), - "somebody", "username"); - - torture_assert_str_equal(tctx, cli_credentials_get_password(creds), - "secret", "password"); - - /* principal */ - cli_credentials_parse_string(creds, "prin@styx", - CRED_SPECIFIED); - - torture_assert_str_equal(tctx, cli_credentials_get_realm(creds), - "STYX", "realm"); - - torture_assert_str_equal(tctx, - cli_credentials_get_principal(creds, tctx), - "prin@styx", "principal"); - - return true; -} - -struct torture_suite *torture_local_credentials(TALLOC_CTX *mem_ctx) -{ - struct torture_suite *suite = torture_suite_create(mem_ctx, "credentials"); - - torture_suite_add_simple_test(suite, "init", test_init); - torture_suite_add_simple_test(suite, "init anonymous", - test_init_anonymous); - torture_suite_add_simple_test(suite, "parse_string", - test_parse_string); - - return suite; -} - -- cgit