Fcl/dZddlZddlmZddlmZddlZddlZddlm Z ddl m Z ddlZddl m Z ddlmZdd lmZdd lmZmZmZd Zejd d ZGd dejjjZdS)z:Tests for the Auth and AuthZ logging of password changes. N)SamDB)system_session) delete_force)Net)call)LdbError)PasswordCommon)EVT_ID_SUCCESSFUL_LOGONEVT_ID_UNSUCCESSFUL_LOGONEVT_LOGON_NETWORKauthlogtestuser cXeZdZfdZdZfdZdZdZdZdZ dZ d Z d Z xZ S) AuthLogPassChangeTestsctt|tjd|_dtjdz}t |t|| |_ tdt|j z|j }td|ztj||j |j |_t#|j dt$zdz|jz|j dt$zdz|jzd t$t(d |t,jd d }|d}t3t5||_dS)N SERVER_IPz ldap://%sSERVER)url session_info credentialslpzldb %sz base_dn %szcn= ,cn=users,user)dn objectclasssAMAccountName userPasswordGNUTLS_PBKDF2_SUPPORTT) allow_missing0)superrsetUposenviron server_iprrget_credentials get_loadparmldbprinttype domain_dnr allow_password_changesbase_dnr USER_NAMEadd USER_PASSdiscardMessagessambatestsenv_get_var_valueboolintgnutls_pbkdf2_support)selfhostr-r7 __class__s B/usr/lib/python3/dist-packages/samba/tests/auth_log_pass_change.pyr"zAuthLogPassChangeTests.setUp,s $d++11333K0RZ11T&4&6&6%)%9%9%;%; --//111 hdh'(((($$&& lW$%%% -dDH===x))++  TXuy0<?$,NOOO  )#l2T\A!'%        % = = #!>! !  ! ($' !%)#.C*D*D%E%E"""c|jrdSdS)Nsamr_ChangePasswordUser4samr_ChangePasswordUser3)r7)r8s r;_authDescriptionz'AuthLogPassChangeTests._authDescriptionSs  % .----r<cVtt|dS)N)r!rtearDown)r8r:s r;rBzAuthLogPassChangeTests.tearDownYs& $d++4466666r<cRfd}}}t||j}d}||t t |ddS)Nc|ddkou|dddkoc|dddkoQ|ddko-|ddtko|dd tkS) Nr*Authenticationstatus NT_STATUS_OKserviceDescriptionSAMR Password ChangeauthDescriptioneventId logonType)r@r r msgr8s r;isLastExpectedMessagezPAuthLogPassChangeTests.test_admin_change_password..isLastExpectedMessage]s[$44 +)*84F +)*+?@./ +)*+<=--//0 + )*95/0 +)*;7)* ,r<templateservernewPassword!!42) newpasswordusername oldpassword$Did not receive the expected message) insta_credsr&r'rr%change_passwordr.r0 assertTruewaitForMessages)r8rOcredsrnetpasswords` r;test_admin_change_passwordz1AuthLogPassChangeTests.test_admin_change_password\s , , , , ,  $*>*>*@*@ AA    %DN333$ %.(1  3 3 3 ,,-BCC> @ @ @ @ @r<cfd}}}t||j}d}d} ||t tn#t$rd}YnwxYw d|d |d dS) Nc|ddkou|dddkoc|dddkoQ|ddko-|ddtko|dd tkS) Nr*rErFNT_STATUS_PASSWORD_RESTRICTIONrHrIrJrKrLr@r r rMs r;rOzoAuthLogPassChangeTests.test_admin_change_password_new_password_fails_restriction..isLastExpectedMessagevs[$44 +)*8489 +)*+?@./ + )*+<=--//0 +)*9512 +)*;7)* ,r<rPrR newPasswordFrUrWrVTExpected exception not thrownrX) rYr&r'rr%rZr0r. Exception assertEqualr[r\r8rOr]rr^r_exception_throwns` r;9test_admin_change_password_new_password_fails_restrictionzPAuthLogPassChangeTests.test_admin_change_password_new_password_fails_restrictionus# , , , , ,  $*>*>*@*@ AA    %DN333   $   H,5)2  4 4 4 4 $ $ $#    $ /9 ; ; ; ,,-BCC> @ @ @ @ @s"B BBcfd}}}t||j}d}d} ||t dn#t$rd}YnwxYwd|d  |d dS) Nc|ddkou|dddkoc|dddkoQ|ddko-|ddtko|dd tkS) Nr*rErFNT_STATUS_NO_SUCH_USERrHrIrJrKrLrdrMs r;rOz]AuthLogPassChangeTests.test_admin_change_password_unknown_user..isLastExpectedMessages[$44 +)*8401 +)*+?@./ + )*+<=--//0 +)*9512 +)*;7)* ,r<rPrRrTFbadUserrfTrgrX) rYr&r'rr%rZr0rhrir[r\rjs` r;'test_admin_change_password_unknown_userz>AuthLogPassChangeTests.test_admin_change_password_unknown_users% , , , , ,  $*>*>*@*@ AA    %DN333$  $   H,5)2  4 4 4 4 $ $ $#    $ /9 ; ; ; ,,-BCC> @ @ @ @ @A== B  B cfd}}}t||j}d}d} ||dt n#t$rd}YnwxYwd|d  |d dS) Nc|ddkou|dddkoc|dddkoQ|ddko-|ddtko|dd tkS) Nr*rErFNT_STATUS_WRONG_PASSWORDrHrIrJrKrLrdrMs r;rOzfAuthLogPassChangeTests.test_admin_change_password_bad_original_password..isLastExpectedMessages[$44 +)*8423 +)*+?@./ + )*+<=--//0 +)*9512 +)*;7)* ,r<rPrRrTF badPasswordrfTrgrX) rYr&r'rr%rZr.rhrir[r\rjs` r;0test_admin_change_password_bad_original_passwordzGAuthLogPassChangeTests.test_admin_change_password_bad_original_passwords% , , , , ,  $*>*>*@*@ AA    %DN333$  $   H,9)2  4 4 4 4 $ $ $#    $ /9 ; ; ; ,,-BCC> @ @ @ @ @rrc(d}tjdd}|jdtzdz|jzdzdzdzdzt zdzd zdz|zdz|||d dS) Nc|ddkoc|dddkoQ|dddko?|dddko-|dd tko|dd tkS) Nr*rErFrGrHLDAP Password ChangerJ LDAP ModifyrKrL)r r rNs r;rOzOAuthLogPassChangeTests.test_ldap_change_password..isLastExpectedMessages[$44 +)*84F +)*+?@./ +)*+<=%& + )*95/0 +)*;7)* ,r<rdn: cn=r changetype: modify delete: userPassword userPassword: add: userPassword rX) r2generate_random_passwordr( modify_ldifr.r-r0r[r\)r8rO new_passwords r;test_ldap_change_passwordz0AuthLogPassChangeTests.test_ldap_change_passwords , , ,5b"==    !L 04< ?$ F " # $ %   ) ),0 0 "  "    ,  , /3  3 4 4 4 ,,-BCC> @ @ @ @ @r<cd}tjdd} |jd|jzdzdzdzdzt zdzdzdz|zdz|n!#t$r}|j\}}Yd}~nd}~wwxYw| | |d dS) Ncb|ddko#|dddko|dddkS)Nr* AuthorizationrHLDAPauthTypekrb5r|s r;rOzXAuthLogPassChangeTests.test_ldap_change_password_bad_user..isLastExpectedMessagesCK?2?()=>&H?(4> @r<rzdn: cn=badUser,cn=users,r~rrrrrX) r2rr(rr-r0failrargsr[r\)r8rOrenumrNs r;"test_ldap_change_password_bad_userz9AuthLogPassChangeTests.test_ldap_change_password_bad_users- @ @ @ 5b"==   H 4t|CdJ&'()!!$--044& & ! ! $0 0 37 7 8 8 8 IIKKKK   JS# DDDD  ,,-BCC> @ @ @ @ @sAA44 B> B  Bcd}tjdd} |jdtzdz|jzdzdzdzdzd zdzd zdz|zdz|n!#t$r}|j\}}Yd}~nd}~wwxYw| | |d dS) Nc|ddkoc|dddkoQ|dddko?|dddko-|dd tko|dd tkS) Nr*rErFrurHrzrJr{rKrL)r r r|s r;rOzeAuthLogPassChangeTests.test_ldap_change_password_bad_original_password..isLastExpectedMessage s[$44 +)*8423 +)*+?@./ + )*+<=%& +)*9512 +)*;7)* ,r<rr}rr~rrrrvrrX) r2rr(rr.r-rrrr[r\)r8rOre1rrNs r;/test_ldap_change_password_bad_original_passwordzFAuthLogPassChangeTests.test_ldap_change_password_bad_original_password s4 , , ,5b"==   H I% 4t|CdJ&'()!!$11488& & ! ! $0 0 37 7 8 8 8 IIKKKK   JS# DDDD  ,,-BCC> @ @ @ @ @sAA:: B BB)__name__ __module__ __qualname__r"r@rBr`rlrqrwrrr __classcell__)r:s@r;rr*s%F%F%F%F%FN... 77777@@@2@@@@@@@B@@@B@@@:@@@.@@@@@@@r<r)__doc__ samba.testsr2 samba.samdbr samba.authrr#samba.tests.auth_log_baser samba.netr subprocessrr(rsamba.tests.password_testr samba.dcerpc.windows_event_idsr r r r.rr0r3 auth_log_baseAuthLogTestBaserrr<r;rsV$%%%%%% $$$$$$ 444444  *E *2r 2 2 ~@~@~@~@~@U[6F~@~@~@~@~@r<