b/rdZddlmZmZmZmZddlmZddlm Z ddl Z ddl m Z ddl Z GddeZdS) a Tests for source4/dsdb/samdb/ldb_modules/password_hash.c These tests need to be run in an environment in which io->ac->gpg_key_ids != NULL, so that the gpg supplemental credentials are generated. The functional level needs to be >= 2008 so that the kerberos newer keys are generated. )PassWordHashTests get_package USER_PASS USER_NAME) ndr_unpack)drsblobsN)PasswordSettingscDeZdZfdZdZdZd dZdZdZdZ xZ S) PassWordHashGpgmeTestscVtt|dSN)superr setUp)self __class__s A/usr/lib/python3/dist-packages/samba/tests/password_hash_gpgme.pyrzPassWordHashGpgmeTests.setUp+s& $d++1133333cF||jds|d|}t |jj}|d|t|d\}}|d||d|j t|d\}}|d||d|j t|d\}}|d ||d|j t|d \}}|d ||d |j t|d \}}|d||d |j ttj tj|j}||dS) Npassword hash gpg key idsDNo password hash gpg key ids, Primary:SambaGPG will not be generatedPrimary:Kerberos-Newer-KeysPrimary:KerberosPrimary:WDigestPackagesPrimary:SambaGPG)add_userlpgetskipTestget_supplemental_credslensubpackages assertEqualrnamerrpackage_PrimaryWDigestBlobbinasciia2b_hexdatacheck_wdigests)rscsizepospackage wd_packagedigestss r$test_default_supplementalCredentialsz;PassWordHashGpgmeTests.test_default_supplementalCredentials.s w{{677 D MMC D D D ( ( * *26?## D!!!$R)FGGg C    6 EEE$R);<<g C    +W\:::',=>>j C    *JO<<<$R44g C    W\222$R);<<g C    +W\:::X@%-jo>>@@ G$$$$$rc|d|jds|d|}t |jj}|d|t|d\}}|d||d|j t|d\}}|d ||d|j t|d \}}|d ||d |j t|d \}}|d ||d |j t|d\}}|d||d|j t|d\}}|d||d|j ttj tj|j}||ttjtj|j}|t'jd|jdS)NT clear_textrrrrrrrrPrimary:CLEARTEXTrrrr utf-16-le)r!r"r#r$r%r&r'r(r)rr*rrr+r,r-r.r/package_PrimaryCLEARTEXTBlobrencode cleartext) rr0r1r2r3r4 ct_packager5cts r&test_supplementalCredentials_cleartextz=PassWordHashGpgmeTests.test_supplementalCredentials_cleartextTs  &&&w{{677 D MMC D D D ( ( * *26?## D!!!$R)FGGg C    6 EEE$R);<<g C    +W\:::',=>>j C    *JO<<<',?@@j C    ,jo>>>$R44g C    W\222$R);<<g C    +W\:::X@%-jo>>@@ G$$$= (99;; )+66 EEEEErNc|}|rt|d\}}||dudttjt j|j}| | d|j dSt|d}||duddS)z3Checks cleartext is (or isn't) returned as expectedr;NzFailed to retrieve cleartextr<z$Got cleartext when we shouldn't have) r%r assertTruerrr=r,r-r.r)r>r?)rexpect_cleartextpasswordr0r2r@rAs rassert_cleartextz'PassWordHashGpgmeTests.assert_cleartexts  ( ( * *  D +B0C D D S* OOJd24R S S SHA$,Z_==??B   X__[992< H H H H H$R)<==J OOJ$.B D D D D Drc|d|dttd|jdd}||jj|jdtzd z|j z}| |tj d d }|j d tz||d ||tj d d }|j d tz||d||dtj d d }|j d tz||d td |jdd}||jj|j| |tj d d }|j d tz||d|dS)z?Checks that a PSO's cleartext setting can override the domain'sTr8)rErFzno-plaintext-PSOF) precedencestore_plaintextzcn=z ,cn=users, z(sAMAccountName=%s))rEz plaintext-PSOdN)r!rGrr ldb addCleanupdeletednrbase_dnapply_tosambagenerate_random_password setpasswordunapplyset_store_cleartext)rno_plaintext_psouserdn new_password plaintext_psos r*test_supplementalCredentials_cleartext_psozAPassWordHashGpgmeTests.test_supplementalCredentials_cleartext_psosK  &&& tiHHH,,>7: MMM u555   (((5b"==  2Y> MMM tlKKK   '''5b"==  2Y> MMM u555)$(47OOO  )9:::v&&&5b"==  2Y> MMM tlKKKKKrcR|dg|}t|jj}|d|t |d\}}|d||d|jt |d\}}|d||d|jt |d\}}|d ||d|jt |d \}}|d ||d |jt |d \}}|d ||d |jt |d\}}|d||d|jttj tj |j }||ttjtj |j }||gd|t$|jjdS)N)"password hash userPassword schemesz#CryptSHA512 CryptSHA256 CryptSHA512optionsr:rrrrrrPrimary:userPasswordrrrr ){CRYPT}6N)rd5Nrcr!r%r&r'r(r)rr*rrr+r,r-r.r/package_PrimaryUserPasswordBlobcheckUserPassword checkNtHashrcurrent_nt_hashhash rr0r1r2r3 wp_package up_packager5ups r!test_userPassword_multiple_hashesz8PassWordHashGpgmeTests.test_userPassword_multiple_hashess  34  5 5 5 ( ( * *26?## D!!!$R)FGGg C    6 EEE$R);<<g C    +W\:::',=>>j C    *JO<<<',BCCj C    /AAA$R44g C    W\222$R);<<g C    +W\:::X@%-jo>>@@ G$$$@ (99;; r$ $ $    B$6$;<<<<>j C    *JO<<<',BCCj C    /AAA$R44g C    W\222$R);<<g C    +W\:::X@%-jo>>@@ G$$$@ (99;; r$ $ $    B$6$;<<<<r~s& ! !!!!!!,,,,,, =====.=====r