bl3dZddlZddlmZmZddlmZddlm Z ddl Z ddl m Z ddlm Z ddlmZdd lmZdd lmZmZd Zejd d Zd Zejd d ZGdde ZdS)z1Tests for the SamDb logging of password changes. N)MSG_DSDB_PWD_LOGDSDB_PWD_EVENT_NAME)SamDB)system_session)AuditLogTestBase) delete_force)Net)ERR_INSUFFICIENT_ACCESS_RIGHTS)EVT_ID_PASSWORD_CHANGEEVT_ID_PASSWORD_RESETauditlogtestuser auditlogtestuser02cReZdZfdZdZfdZdZdZdZdZ dZ d Z xZ S) AuditLogPassChangeTestscxt|_t|_t t |tjd|_ dtjdz}t|t| | |_tjd|_|j|_|j}|jd||jj||j}|jd|j|_||jj|t/|jdt0zdz|jzt/|jdt2zdz|jz|jdt0zdz|jzd t0t6d dS) N SERVER_IPz ldap://%sSERVER)url session_info credentialslp 0000000010cn= ,cn=users,user)dn objectclasssAMAccountName userPassword)r message_typer event_typesuperrsetUposenviron server_iprrget_credentials get_loadparmldbserver domain_dnbase_dnget_dsheuristicsset_dsheuristics addCleanup get_minPwdAge set_minPwdAger USER_NAMESECOND_USER_NAMEadd USER_PASS)selfhost dsheuristics minPwdAge __class__s C/usr/lib/python3/dist-packages/samba/tests/audit_log_pass_change.pyr%zAuditLogPassChangeTests.setUp-s,- %t,,22444K0RZ11T&4&6&6%)%9%9%;%; --//111j* x))++ x0022  !!+... 1<@@@H**,,  s###x))++  . ::: TXuy0<?$,NOOO H $ $| 3dl B D D D  )#l2T\A!'%        c\|d||dS)Nr)waitForMessagesdiscardMessages)r8rs r=discardSetupMessagesz,AuditLogPassChangeTests.discardSetupMessagesas3 Q2&&& r>cVtt|dS)N)r$rtearDown)r8r<s r=rFz AuditLogPassChangeTests.tearDownes& %t,,5577777r>cdtzdz|jz}||||}|}t |||j}d}||tt| d||}tdt|z| dt|d |d d }| t|d | d |d| ||d||d|j|}| ||d|} | | d|||ddS)NCN= ,CN=Users,templater,newPassword!!42) newpasswordusername oldpasswordr@Received %d messages/Did not receive the expected number of messagesrpasswordChangeeventIdChangeactionr remoteAddress sessionIdDCE/RPC transactionId)r4r.rD insta_credsr)r*r r,change_passwordr7rBprintlen assertEqualr assertRegexpMatchesrW get_sessionget_service_description assertTrueis_guid) r8rcredsrnetpasswordmessagesaudit session_idservice_descriptions r=test_net_change_passwordz0AuditLogPassChangeTests.test_net_change_passwordhs Y  - < !!"%%%  $*>*>*@*@ AA    %DK000$ %.(1  3 3 3''333 $s8}}4555 h--K M M M ,- /y1ABBB 5?333 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,i888  U?%;<<=====r>c* dtzdz|jz}|||jt t dt zdz|jz}|d|}tdt|z| dt|d|dd}| t|d | d |d | ||d | |d |j |}| ||d|}| |d|||d| d|d| d|d|||t t d}|}t-|||j}d} |d} || t| |dn#t6$rYnwxYwdtzdz|jz}|d||}tdt|z| dt|d|dd}| t|d | d |d | ||d | |d |j |}| ||d|}| |d|||d| t8|d| d|ddS)NrHrIr@rArQrRrrSrTResetrVrrWrXLDAPrZ statusCodeSuccessstatus)rKrOuserpasskerberos_staterLrM workgrouprN account_name domain_namezExpected exception not thrownrYzinsufficient access rights)r4r.rDr+newuserr5SECOND_USER_PASSrBr]r^r_r r`rWrarbrcrdrCr[r)r*r r,get set_passwordfail Exceptionr ) r8rrhrirjrkrerrfrgdomains r=-test_net_set_password_user_without_permissionzEAuditLogPassChangeTests.test_net_set_password_user_without_permissions Y  - < !!"%%% )+;<<< % % 4t| C''b'11 $s8}}4555 h--K M M M ,- .i0@AAA %/222 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,f555  U?%;<<=== E,/000 E(O444   ))++%% !!!    %DK000$ $$    *3)/  1 1 1 II5 6 6 6 6    D Y  - <''32'66 $s8}}4555 h--K M M M ,- .i0@AAA %/222 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,i888  U?%;<<=== 7|9LMMM 5uXGGGGGs2K KKcdtzdz|jz}||||}|}t |||j}d}|d}| |t|dtzdz|jz}| d||}td t|z| dt|d |d d }| t|d | d|d| ||d||d|j|} | | |d|} | | d|} | | |d|||ddS)NrHrIrJrLrMrurvr@rQrRrrSrTrnrVrrWrXrYrZ)r4r.rDr[r)r*r r,r{r|rBr]r^r_r r`rWrarbrcrd) r8rrerrfrgrrhrirjrks r=test_net_set_passwordz-AuditLogPassChangeTests.test_net_set_passwordsR Y  - < !!"%%%  $*>*>*@*@ AA    %DK000$ $$ X&/%+  - - -Y  - <''333 $s8}}4555 h--K M M M ,- .i0@AAA %/222 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,i888%%''  U;%7888  U?%;<<=====r>c4dtzdz|jz}||tjdd}|jd|zdzdzdzdztzdzd zdz|zdz|d | }td t|z| d t|d |dd}| t|d| d|d| ||d| |d|j|||d|}| ||d|}| |d|||ddS)Nrrrdn:  changetype: modify zdelete: userPassword userPassword: zadd: userPassword r@rArQrRrrSrTrUrVrrWrXrorZ)r4r.rDsambagenerate_random_passwordr+ modify_ldifr7rBr]r^r_r r`rWrcrdrarbr8r new_passwordrhrirjrks r=test_ldap_change_passwordz1AuditLogPassChangeTests.test_ldap_change_passwords> Y  - < !!"%%%5b"==   RK$  " # $ %   ) ),0 0 "  "    ,  , /3  3 4 4 4''b'11 $s8}}4555 h--K M M M ,- /y1ABBB 5?333 U4[)))   !7!%!3 5 5 5  U;%788999%%''  U;%7888"::<< ,f555  U?%;<<=====r>cdtzdz|jz}||tjdd}|jd|zdzdzdzdz|zdz|d | }td t|z| d t|d |d d}| t|d| d|d| ||d| |d|j |||d|}| ||d|}| |d|||ddS)Nrrrrrrzreplace: userPassword rr@rArQrRrrSrTrnrVrrWrXrorZ)r4r.rDrrr+rrBr]r^r_r r`rWrcrdrarbrs r=test_ldap_replace_passwordz2AuditLogPassChangeTests.test_ldap_replace_passwords Y  - < !!"%%%5b"==   RK$  " # % &   , ,/3 3 4 4 4 ''b'11 $s8}}4555 h--K M M M ,- .i0@AAA %/222 U4[)))   !7!%!3 5 5 5  U;%788999%%''  U;%7888"::<< ,f555  U?%;<<=====r>c`dtzdz|jz}|d|}tdt |z|dt |d|dd}|t |d |d |d |||d ||d |j| }|||d| }||d| | |d| | |ddS)Nrrr@rArQrRrrSrTrnrVrrWrXrorZ) r4r.rBr]r^r_r r`rWrarbrcrd)r8rrhrirjrks r=test_ldap_add_userz*AuditLogPassChangeTests.test_ldap_add_user5sY  - <''b'11 $s8}}4555 h--K M M M ,- .i0@AAA %/222 U4[)))   !7!%!3 5 5 5%%''  U;%7888"::<< ,f555  U;%788999  U?%;<<=====r>) __name__ __module__ __qualname__r%rDrFrlrrrrr __classcell__)r<s@r=rr+s/ / / / / h88888>>>@FHFHFHP#>#>#>J>>>B>>>>>>>>>>>r>r)__doc__ samba.testsrsamba.dcerpc.messagingrr samba.samdbr samba.authrr&samba.tests.audit_log_baserr samba.netr r+r samba.dcerpc.windows_event_idsr r r4rr7r5rzrr>r=rsG$HHHHHHHH%%%%%% 777777$$$$$$......  *E *2r 2 2 '151"b99c>c>c>c>c>.c>c>c>c>c>r>