def run(self, credopts=None, sambaopts=None, versionopts=None,
newpassword=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
# get old password now, to get the password prompts in the right order
old_password = creds.get_password()
net = Net(creds, lp, server=credopts.ipaddress)
password = newpassword
while True:
if password is not None and password is not '':
break
password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n")
try:
net.change_password(password)
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : {0!s}".format(msg))
def test_admin_change_password(self):
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication")
and (msg["Authentication"]["status"] == "NT_STATUS_OK")
and (msg["Authentication"]["serviceDescription"]
== "SAMR Password Change")
and (msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
and (msg["Authentication"]["eventId"]
== EVT_ID_SUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
net.change_password(newpassword=password,
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(isLastExpectedMessage)
print("Received %d messages" % len(messages))
self.assertEquals(8, len(messages),
"Did not receive the expected number of messages")
def run(self,
credopts=None,
sambaopts=None,
versionopts=None,
newpassword=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
# get old password now, to get the password prompts in the right order
old_password = creds.get_password()
net = Net(creds, lp, server=credopts.ipaddress)
password = newpassword
while True:
if password is not None and password is not '':
break
password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n")
try:
net.change_password(password)
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : %s" % msg)
def test_net_change_password(self):
dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn
self.discardSetupMessages(dn)
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server)
password = "******"
net.change_password(newpassword=password,
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(1, net, dn)
print("Received %d messages" % len(messages))
self.assertEqual(1, len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEqual(EVT_ID_PASSWORD_CHANGE, audit["eventId"])
self.assertEqual("Change", audit["action"])
self.assertEqual(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"], self.remoteAddress)
session_id = self.get_session()
self.assertEqual(session_id, audit["sessionId"])
service_description = self.get_service_description()
self.assertEqual(service_description, "DCE/RPC")
self.assertTrue(self.is_guid(audit["transactionId"]))
def test_admin_change_password_bad_original_password(self):
def isLastExpectedMessage(msg):
return (
(msg["type"] == "Authentication") and
(msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD")
and (msg["Authentication"]["serviceDescription"]
== "SAMR Password Change")
and (msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3") and
(msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
and (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password,
oldpassword="******",
username=USER_NAME)
except Exception:
exception_thrown = True
self.assertEquals(True, exception_thrown,
"Expected exception not thrown")
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(8, len(messages),
"Did not receive the expected number of messages")
def test_admin_change_password_unknown_user(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["status"]
== "NT_STATUS_NO_SUCH_USER" and
msg["Authentication"]["serviceDescription"]
== "SAMR Password Change" and
msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password.encode('utf-8'),
oldpassword=USER_PASS,
username="******")
except Exception as msg:
exception_thrown = True
self.assertEquals(True, exception_thrown,
"Expected exception not thrown")
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(8,
len(messages),
"Did not receive the expected number of messages")
def test_admin_change_password(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["status"]
== "NT_STATUS_OK" and
msg["Authentication"]["serviceDescription"]
== "SAMR Password Change" and
msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
creds = self.insta_creds(template = self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
net.change_password(newpassword=password.encode('utf-8'),
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(isLastExpectedMessage)
print "Received %d messages" % len(messages)
self.assertEquals(8,
len(messages),
"Did not receive the expected number of messages")
def test_admin_change_password_bad_original_password(self):
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication") and
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3"))
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password.encode('utf-8'),
oldpassword="******",
username=USER_NAME)
except Exception:
exception_thrown = True
self.assertEquals(True, exception_thrown,
"Expected exception not thrown")
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(8,
len(messages),
"Did not receive the expected number of messages")
def test_admin_change_password_new_password_fails_restriction(self):
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication")
and (msg["Authentication"]["status"]
== "NT_STATUS_PASSWORD_RESTRICTION")
and (msg["Authentication"]["serviceDescription"]
== "SAMR Password Change")
and (msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
and (msg["Authentication"]["eventId"]
== EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password,
oldpassword=USER_PASS,
username=USER_NAME)
except Exception:
exception_thrown = True
self.assertEqual(True, exception_thrown,
"Expected exception not thrown")
self.assertTrue(self.waitForMessages(isLastExpectedMessage),
"Did not receive the expected message")
def test_admin_change_password_new_password_fails_restriction(self):
def isLastExpectedMessage(msg):
return ((msg["type"] == "Authentication") and
(msg["Authentication"]["status"] ==
"NT_STATUS_PASSWORD_RESTRICTION") and
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3"))
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password.encode('utf-8'),
oldpassword=USER_PASS,
username=USER_NAME)
except Exception:
exception_thrown = True
self.assertEquals(True, exception_thrown,
"Expected exception not thrown")
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(8,
len(messages),
"Did not receive the expected number of messages")
def test_admin_change_password(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["status"]
== "NT_STATUS_OK" and
msg["Authentication"]["serviceDescription"]
== "SAMR Password Change" and
msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
creds = self.insta_creds(template = self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
net.change_password(newpassword=password.encode('utf-8'),
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(isLastExpectedMessage)
print "Received %d messages" % len(messages)
self.assertEquals(8,
len(messages),
"Did not receive the expected number of messages")
def test_net_change_password(self):
dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn
self.discardSetupMessages(dn)
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server)
password = "******"
net.change_password(newpassword=password,
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(1, net, dn=dn)
print("Received %d messages" % len(messages))
self.assertEquals(1,
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["dsdbChange"]
self.assertEquals("Modify", audit["operation"])
self.assertFalse(audit["performedAsSystem"])
self.assertTrue(dn.lower(), audit["dn"].lower())
self.assertRegexpMatches(audit["remoteAddress"],
self.remoteAddress)
session_id = self.get_session()
self.assertEquals(session_id, audit["sessionId"])
# We skip the check for self.get_service_description() as this
# is subject to a race between smbd and the s4 rpc_server code
# as to which will set the description as it is DCE/RPC over SMB
self.assertTrue(self.is_guid(audit["transactionId"]))
attributes = audit["attributes"]
self.assertEquals(1, len(attributes))
actions = attributes["clearTextPassword"]["actions"]
self.assertEquals(1, len(actions))
self.assertTrue(actions[0]["redacted"])
self.assertEquals("replace", actions[0]["action"])
def test_net_change_password(self):
dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn
self.discardSetupMessages(dn)
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server)
password = "******"
net.change_password(newpassword=password.encode('utf-8'),
username=USER_NAME,
oldpassword=USER_PASS)
messages = self.waitForMessages(1, net, dn=dn)
print("Received %d messages" % len(messages))
self.assertEquals(1,
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["dsdbChange"]
self.assertEquals("Modify", audit["operation"])
self.assertFalse(audit["performedAsSystem"])
self.assertTrue(dn.lower(), audit["dn"].lower())
self.assertRegexpMatches(audit["remoteAddress"],
self.remoteAddress)
session_id = self.get_session()
self.assertEquals(session_id, audit["sessionId"])
# We skip the check for self.get_service_description() as this
# is subject to a race between smbd and the s4 rpc_server code
# as to which will set the description as it is DCE/RPC over SMB
self.assertTrue(self.is_guid(audit["transactionId"]))
attributes = audit["attributes"]
self.assertEquals(1, len(attributes))
actions = attributes["clearTextPassword"]["actions"]
self.assertEquals(1, len(actions))
self.assertTrue(actions[0]["redacted"])
self.assertEquals("replace", actions[0]["action"])
def run(self, credopts=None, sambaopts=None, versionopts=None,
newpassword=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
# get old password now, to get the password prompts in the right order
old_password = creds.get_password()
net = Net(creds, lp, server=credopts.ipaddress)
password = newpassword
while 1:
if password is not None and password is not '':
break
password = getpass("New Password: "******"Failed to change password : %s" % msg)
def run(self, credopts=None, sambaopts=None, versionopts=None,
newpassword=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
connect_password = ""
if len(creds.get_user_to_connect()) > 0:
connect_password = getpass("Password for [%s\\%s]: " % (
creds.get_user_to_connect_domain(),
creds.get_user_to_connect())
)
creds.set_password_to_connect(connect_password)
# get old password now, to get the password prompts in the right order
old_password = creds.get_password()
if len(creds.get_user_to_connect()) < 1:
connect_password = old_password
import pdb; pdb.set_trace()
net = Net(creds, lp, server=credopts.ipaddress)
password = newpassword
while True:
if password is not None and password is not '':
break
password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n")
try:
net.change_password(password)
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : %s" % msg)
def test_admin_change_password_bad_original_password(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["status"]
== "NT_STATUS_WRONG_PASSWORD" and
msg["Authentication"]["serviceDescription"]
== "SAMR Password Change" and
msg["Authentication"]["authDescription"]
== "samr_ChangePasswordUser3")
creds = self.insta_creds(template=self.get_credentials())
lp = self.get_loadparm()
net = Net(creds, lp, server=self.server_ip)
password = "******"
exception_thrown = False
try:
net.change_password(newpassword=password.encode('utf-8'),
oldpassword="******",
username=USER_NAME)
except Exception, msg:
exception_thrown = True
