badZddlZddlmZmZddlmZddlm Z ddl m Z ddl Z ddl Z ddlmZddlmZdd lmZddlZdd lmZmZd Zejd d ZGd deZdS)z1Tests for the SamDb logging of password changes. N) MSG_DSDB_LOGDSDB_EVENT_NAME)ERR_NO_SUCH_OBJECT)SamDB)system_session)AuditLogTestBase) delete_force)Net)securitylsaauditlogtestuser creZdZfdZdZfdZdZddZdZdZ d Z d Z d Z d Z d ZdZdZxZS)AuditLogDsdbTestsc(t|_t|_t t |tjd|_ dtjdz}t|t| | |_tjd|_|j|_|j}|jd||jj||j}|jd|j|_||jj|t/|jdt0zdz|jz|jdt0zdz|jzd t0t4d dS) N SERVER_IPz ldap://%sSERVER)url session_info credentialslp 0000000010cn= ,cn=users,user)dn objectclasssAMAccountName userPassword)r message_typer event_typesuperrsetUposenviron server_iprrget_credentials get_loadparmldbserver domain_dnbase_dnget_dsheuristicsset_dsheuristics addCleanup get_minPwdAge set_minPwdAger USER_NAMEadd USER_PASS)selfhost dsheuristics minPwdAge __class__s ?C?#x//tur<Nc,||_tj}||sR|jdtj|z dkr d|_dS||Rd|_|jdS)zWait for a transaction message to arrive The connection is passed through to keep the connection alive until all the logging messages have been received. g?NrG) connectiontimerMmsg_ctx loop_oncerJ)r6rKrQ start_times r;waitForTransactionz$AuditLogDsdbTests.waitForTransactionhs %Y[[ &&x00  L " "3 ' ' 'y{{Z'!++"&r &&x00  |L))r<cDdtzdz|jz}||||}|}t |||j}d}||tt| d||}td t|z| dt|d |d d }| d |d||d|||d||d|j|}| ||d|||d|d} | dt| | dd} | dt| || d d| d| d ddS)NCN= ,CN=Users,templater+newPassword!!42) newpasswordusername oldpasswordrOr?Received %d messages/Did not receive the expected number of messagesr dsdbChangeModify operationperformedAsSystemr remoteAddress sessionIdrI attributesclearTextPasswordactionsredactedreplaceaction)r3r-rB insta_credsr(r)r r+change_passwordr5r@printlen assertEqual assertFalse assertTruelowerassertRegexpMatchesrg get_sessionis_guid) r6rcredsrnetpasswordmessagesaudit session_idrirks r;test_net_change_passwordz*AuditLogDsdbTests.test_net_change_passwordzsw Y  - < !!"%%%  $*>*>*@*@ AA    %DK000$ %.(1  3 3 3''32'66 $s8}}4555 h--K M M M L) 5#5666 23444  E$K$5$5$7$7888   !7!%!3 5 5 5%%''  U;%7888  U?%;<<===<(  C OO,,,01)< CLL)))  :./// GAJx$899999r<cdtzdz|jz}||||}|}t |||j}d}|d}| |t|| d|| }td t|z| dt|d |d d }| d|d||d| ||d||d|j|} | | |d|||d|d} | dt| | dd} | dt| || d d| d| d ddS)NrXrYrZr\r] workgroup)r^ account_name domain_namerOr?rarbrrcrdrerfrrgrhrIrirjrkrlrmrn)r3r-rBror(r)r r+get set_passwordr@rqrrrsrtrwrgrxrury) r6rrzrr{r|domainr}r~rrirks r;test_net_set_passwordz'AuditLogDsdbTests.test_net_set_passwordsv Y  - < !!"%%%  $*>*>*@*@ AA    %DK000$ $$ X&/%+  - - -''32'66 $s8}}4555 h--K M M M L) 5#5666 23444 U4[)))   !7!%!3 5 5 5%%''  U;%7888  U?%;<<===<(  C OO,,,01)< CLL)))  :./// GAJx$899999r<cdtzdz|jz}||tjdd}dtzdz|jz}|jd|zdzdzdzdztzdzd zdz|zdz|d }td t|z| d t|d |d d}| d|d| |d| ||d| |d|j|||d|}| ||d|}| |d|d}| d t||dd}| dt|||d d| d|d d||d d| d|d ddS)Nrrrdn:  changetype: modify zdelete: userPassword userPassword: zadd: userPassword rOrarbrrcrdrerfrrgrhLDAPrir rkr>rldeleternr4)r3r-rBsambagenerate_random_passwordr* modify_ldifr5r@rqrrrsrtrwrgruryrxget_service_description r6r new_passwordr}r~rservice_descriptionrirks r;test_ldap_change_passwordz+AuditLogDsdbTests.test_ldap_change_passwords Y  - < !!"%%%5b"== Y  - <  RK$  " # $ %   ) ),0 0 "  "    ,  , /3  3 4 4 4''** $s8}}4555 h--K M M M L) 5#5666 23444 U4[)))   !7!%!3 5 5 5  U;%788999%%''  U;%7888"::<< ,f555<(  C OO,,,^,Y7 CLL)))  :./// 71:h#7888  :.///  8 455555r<cdtzdz|jz}||tjdd}|jd|zdzdzdzdz|zdz|d | }td t|z| d t|d |d d}| d|d| |d| | |d ||d|j| ||d|}| ||d|}| |d| ||d|d}| d t||dd}| d t|| |d d| d|d ddS)Nrrrrrrzreplace: userPassword rrOr?rarbrrcrdrerfrrgrhrrIrir rkrlrmrn)r3r-rBrrr*rr@rqrrrsrtrurvrwrgryrxrrs r;test_ldap_replace_passwordz,AuditLogDsdbTests.test_ldap_replace_passwords Y  - < !!"%%%5b"==   RK$  " # % &   , ,/3 3 4 4 4 ''b'11 $s8}}4555 h--K M M M L) 5#5666 23444  E$K$5$5$7$7888   !7!%!3 5 5 5  U;%788999%%''  U;%7888"::<< ,f555  U?%;<<===<(  C OO,,,^,Y7 CLL)))  :./// GAJx$899999r<c\dtzdz|jz}|d|}tdt |z|dt |d|dd}|d |d ||d |||d ||d |j| }|||d| }||d| | |d| | |d|d}|dt ||dd}|dt ||d|dd|dt |dd|d|dddd|dd}|dt ||d|dd|dt |dd|t|dddd|dd}|dt ||d|dd| |dddS)Nrrr>r?rarbrOrcAddrerfrrgrhrrIrirrkr4rrnvaluesrvaluerr rl) r3r-r@rqrrrsrtrwrgrxrrury)r6rr}r~rrrirks r;test_ldap_add_userz$AuditLogDsdbTests.test_ldap_add_usersZY  - <''b'11 $s8}}4555 h--K M M M L) k 2333 23444 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,f555  U;%788999  U?%;<<===<(  C OO,,,]+I6 CLL)))  8 4555 C 8 455666 H!5a!8!ABBB-.y9 CLL)))  8 4555 C 8 455666 GAJx$8$;G$DEEE^,Y7 CLL)))  8 4555  :./////r<c4dtzdz|jz}|||jt|d|}t dt|z|dt|d|dd}|d |d | |d | | |d  | |d |j | ||d|d|d|d|d|}|||d|}||d|d}||}|d}|d|d| ||d| |ddkdS)NrrrOr?rarbrrcDeletererfrrgrh statusCodeSuccessstatusrrIrHcommitrnduration)r3r-rBr* deleteuserr@rqrrrsrtrurvrwrgryrxrrV)r6rr}r~rrrImessages r;test_samdb_delete_userz(AuditLogDsdbTests.test_samdb_delete_userIsg Y  - < !!"%%% I&&&''b'11 $s8}}4555 h--K M M M L) 5#5666 23444  E$K$5$5$7$7888   !7!%!3 5 5 5  U;%788999 E,/000 E(O444%%''  U;%7888"::<< ,f555o. ))-88)* 5?333  U?%;<<=== j)A-.....r<cd}dtzdz|jz}||d|zdz|jz} |j||dn#t $rYnwxYw|d}tdt|z| dt|d|dd }| d |d | |d | | |d  ||d|j| t |d| d|d| ||d|}| ||d|}| |d|d}||}|d}| d|d| ||d| |ddkdS)N doesNotExistrrzException not thrownrOrarbrrcrrerfrrgrzNo such objectrrhrrIrHrollbackrnr)r3r-rBr*rfail Exceptionr@rqrrrsrtrurvrwrgrryrxrrV) r6DOES_NOT_EXISTrr}r~rrrIrs r;!test_samdb_delete_non_existent_dnz3AuditLogDsdbTests.test_samdb_delete_non_existent_dnks' Y  - < !!"%%% ^ #l 2T\ A  HOOB    II, - - - -    D ''** $s8}}4555 h--K M M M L) 5#5666 23444  E$K$5$5$7$7888   !7!%!3 5 5 5 +U<-@AAA )5?;;;  U;%788999%%''  U;%7888"::<< ,f555o. ))-88)* U8_555  U?%;<<=== j)A-.....s/A.. A;:A;c d|jz}||||}t jd|jz||}|dt j tj }t j }d|_ |||tj |d| }t!d t#|z|dt#|d |d d }|d|d||d|||d||d|j|||d|}|||d|d} |dt#| | d} |dt#| d| dd } |d| d| d} |dt#| |d| d d| d} |dt#| d| dd } |d| d| d} |dt#| |d| d d||||tj }|||d| }t!d t#|z|dt#|d d|jz}|d d }|d|d||d|||d||d|j|||d|}|||ddS) Nzcn=Test Secret,CN=System,rZz ncacn_np:%s\) system_nameattr access_maskzG$Test)handlenamerrOr?rarbrrcrrerfrrgrhrir> objectClassrkr4rnrsecretrcnz Test Secretr)r-rBror(r lsarpcr+r) OpenPolicy2ObjectAttributer SEC_FLAG_MAXIMUM_ALLOWEDStringstring CreateSecretr@rqrrrsrurvrwrgryrxrA OpenSecret DeleteObject)r6rrzlsa_conn lsa_handle secret_namer}r~rri object_classrnrrhs r;&test_create_and_delete_secret_over_lsaz8AuditLogDsdbTests.test_create_and_delete_secret_over_lsas (4< 7 !!"%%%  $*>*>*@*@ AA: DK '      ))$&& 9*;; jll %  9  ; ; ; ''b'11 $s8}}4555 h--K M M M L) k 2333 12333  E$K$5$5$7$7888   !7!%!3 5 5 5  U;%788999%%''  U;%7888 <(  C OO,,,!-0  C Y 788999i(+ x 0111! CKK((( 6!9W#5666   C9 ..///Iq! x 0111! CKK((( q '(:;;;     9  ; ; a   ''b'11 $s8}}4555 h--K M M M)4< 7 L) 5#5666 12333  E$K$5$5$7$7888   !7!%!3 5 5 5  U;%788999%%''  U;%788888r<cdtzdz|jz}|||jd|zdzdzdzdz|d| }t d t|z|dt|d |d d }|d|d| |d|||d| |d|j | | |d|}|||d|}||d|d}|dt||dd}|dt||d|d d|d d}|dt||d|d d||jd|zdzdzdzdz|d| }t d t|z|dt|d |d d d}|dt||dd}|dt||d|d d|d d}|dt||d|d d||jd|zdzdzdzdzd z|d| }t d t|z|dt|d |d d d}|dt||dd}|dt||d|d d|d d}|d!t||d"|d d|d#|dd||jd|zdzd$zd%zdzd z|d| }t d t|z|dt|d |d d d}|dt||dd}|dt||d&|d d|d d}|d!t||d"|d d|d#|dd||jd|zdzd$zd'zd(zd)z|d| }t d t|z|dt|d |d d d}|dt||dd}|dt||d*|d d|d d}|d!t||d+|d d|d,|dddS)-Nrrrrrzadd: carLicense zcarLicense: license-01 rOr?rarbrrcrdrerfrrgrhrri carLicenserkr4rnrz license-01rzcarLicense: license-02 z license-02zcarLicense: license-03 zcarLicense: license-04 r>z license-03z license-04zchangetype: delete zdelete: carLicense rzreplace: carLicense zcarLicense: license-05 zcarLicense: license-06 rmz license-05z license-06)r3r-rBr*rr@rqrrrsrtrwrgruryrxrrA) r6rr}r~rrrirkrs r; test_modifyzAuditLogDsdbTests.test_modifys Y  - < !!"%%%  RK$  " #   ' ' ( ( ( ''b'11 $s8}}4555 h--K M M M L) 5#5666 23444 U4[)))   !7!%!3 5 5 5  U;%788999%%''  U;%7888"::<< ,f555<(  C OO,,,\*95 CLL)))  8 4555H% CKK((( vay'9:::   RK$  " #   ' ' ( ( ( ''b'11 $s8}}4555 h--K M M Ma[.|<  C OO,,,\*95 CLL)))  8 4555H% CKK((( vay'9:::   RK$  " #   ' ' '  ' ( ( (''b'11 $s8}}4555 h--K M M Ma[.|<  C OO,,,\*95 CLL)))  8 4555H% CKK((( vay'9::: vay'9:::   RK$  " # " # ' ' '  ' ( ( (''b'11 $s8}}4555 h--K M M Ma[.|<  C OO,,,\*95 CLL))) 71:h#7888H% CKK((( vay'9::: vay'9:::   RK$  " # # $ ' ' '  ' ( ( (''b'11 $s8}}4555 h--K M M Ma[.|<  C OO,,,\*95 CLL))) GAJx$8999H% CKK((( vay'9::: vay'9:::::r<rD)__name__ __module__ __qualname__r$rBrErMrVrrrrrrrrr __classcell__)r:s@r;rr&s, , , , , b22222****$(:(:(:T':':':R(6(6(6T$:$:$:L*0*0*0X / / /D&/&/&/PT9T9T9tM;M;M;M;M;M;M;r<r)__doc__ samba.testsrsamba.dcerpc.messagingrrr*r samba.samdbr samba.authrr%rRsamba.tests.audit_log_baserr samba.netr samba.dcerpcr r r3rr5rr<r;rs,$@@@@@@@@""""""%%%%%% 777777$$$$$$ &&&&&&&&  *E *2r 2 2 T ;T ;T ;T ;T ;(T ;T ;T ;T ;T ;r<