def test_default_supplementalCredentials(self): self.add_user() sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(4, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(3, pos) self.assertEquals("Packages", package.name) (pos, package) = get_package(sc, "Primary:WDigest") self.assertEquals(4, pos) self.assertEquals("Primary:WDigest", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(package.data)) self.check_wdigests(digests)
def test_default_supplementalCredentials(self): self.add_user() sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(3, size) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(2, pos) self.assertEquals("Packages", package.name) (pos, package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(package.data)) self.check_wdigests(digests)
def test_userPassword_cleartext_sha512(self): self.add_user(clear_text=True, options=[("password hash userPassword schemes", "CryptSHA512:rounds=10000")]) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(2, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertEquals(3, pos) self.assertEquals("Primary:CLEARTEXT", ct_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, up_package) = get_package(sc, "Primary:userPassword") self.assertEquals(5, pos) self.assertEquals("Primary:userPassword", up_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests) # Check the clear text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(USER_PASS.encode('utf-16-le'), ct.cleartext) # Check that the userPassword hashes are computed correctly # up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob, binascii.a2b_hex(up_package.data)) self.checkUserPassword(up, [("{CRYPT}", "6",10000 )]) self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
def test_userPassword_cleartext_sha512(self): self.add_user(clear_text=True, options=[("password hash userPassword schemes", "CryptSHA512:rounds=10000")]) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(2, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertEquals(3, pos) self.assertEquals("Primary:CLEARTEXT", ct_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, up_package) = get_package(sc, "Primary:userPassword") self.assertEquals(5, pos) self.assertEquals("Primary:userPassword", up_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests) # Check the clear text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(USER_PASS.encode('utf-16-le'), ct.cleartext) # Check that the userPassword hashes are computed correctly # up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob, binascii.a2b_hex(up_package.data)) self.checkUserPassword(up, [("{CRYPT}", "6", 10000)]) self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
def assert_cleartext(self, expect_cleartext, password=None): """Checks cleartext is (or isn't) returned as expected""" sc = self.get_supplemental_creds() if expect_cleartext: (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertTrue(ct_package != None, "Failed to retrieve cleartext") # Check the clear-text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(password.encode('utf-16-le'), ct.cleartext) else: ct_package = get_package(sc, "Primary:CLEARTEXT") self.assertTrue(ct_package == None, "Got cleartext when we shouldn't have")
def assert_cleartext(self, expect_cleartext, password=None): """Checks cleartext is (or isn't) returned as expected""" sc = self.get_supplemental_creds() if expect_cleartext: (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertTrue(ct_package != None, "Failed to retrieve cleartext") # Check the clear-text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(password.encode('utf-16-le'), ct.cleartext) else: ct_package = get_package(sc, "Primary:CLEARTEXT") self.assertTrue(ct_package == None, "Got cleartext when we shouldn't have")
def test_userPassword_sha512(self): self.add_user(options=[("password hash userPassword schemes", "CryptSHA512")]) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wp_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wp_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, up_package) = get_package(sc, "Primary:userPassword") self.assertEquals(5, pos) self.assertEquals("Primary:userPassword", up_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wp_package.data)) self.check_wdigests(digests) # Check that the userPassword hashes are computed correctly # up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob, binascii.a2b_hex(up_package.data)) self.checkUserPassword(up, [("{CRYPT}", "6", None)]) self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
def test_userPassword_sha512(self): self.add_user(options=[("password hash userPassword schemes", "CryptSHA512")]) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wp_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wp_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, up_package) = get_package(sc, "Primary:userPassword") self.assertEquals(5, pos) self.assertEquals("Primary:userPassword", up_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wp_package.data)) self.check_wdigests(digests) # Check that the userPassword hashes are computed correctly # up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob, binascii.a2b_hex(up_package.data)) self.checkUserPassword(up, [("{CRYPT}", "6",None)]) self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
def test_supplementalCredentials_cleartext(self): self.add_user(clear_text=True) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertEquals(5, pos) self.assertEquals("Primary:CLEARTEXT", ct_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests) # Check the clear text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(USER_PASS.encode('utf-16-le'), ct.cleartext)
def test_supplementalCredentials_cleartext(self): self.add_user(clear_text=True) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, ct_package) = get_package(sc, "Primary:CLEARTEXT") self.assertEquals(5, pos) self.assertEquals("Primary:CLEARTEXT", ct_package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests) # Check the clear text value is correct. ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob, binascii.a2b_hex(ct_package.data)) self.assertEquals(USER_PASS.encode('utf-16-le'), ct.cleartext)
def test_default_supplementalCredentials(self): self.add_user() if not self.lp.get("password hash gpg key ids"): self.skipTest("No password hash gpg key ids, " + "Primary:SambaGPG will not be generated") sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, package) = get_package(sc, "Primary:SambaGPG") self.assertEquals(5, pos) self.assertEquals("Primary:SambaGPG", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests)
def test_default_supplementalCredentials(self): self.add_user() if not self.lp.get("password hash gpg key ids"): self.skipTest("No password hash gpg key ids, " + "Primary:SambaGPG will not be generated"); sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEquals(5, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEquals(1, pos) self.assertEquals("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEquals(2, pos) self.assertEquals("Primary:Kerberos", package.name) (pos, wd_package) = get_package(sc, "Primary:WDigest") self.assertEquals(3, pos) self.assertEquals("Primary:WDigest", wd_package.name) (pos, package) = get_package(sc, "Packages") self.assertEquals(4, pos) self.assertEquals("Packages", package.name) (pos, package) = get_package(sc, "Primary:SambaGPG") self.assertEquals(5, pos) self.assertEquals("Primary:SambaGPG", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wd_package.data)) self.check_wdigests(digests)
def test_userPassword_multiple_hashes_rounds_specified(self): self.add_user(options=[( "password hash userPassword schemes", "CryptSHA512:rounds=5120 CryptSHA256:rounds=2560 CryptSHA512:rounds=5122" )]) sc = self.get_supplemental_creds() # Check that we got all the expected supplemental credentials # And they are in the expected order. size = len(sc.sub.packages) self.assertEqual(6, size) (pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys") self.assertEqual(1, pos) self.assertEqual("Primary:Kerberos-Newer-Keys", package.name) (pos, package) = get_package(sc, "Primary:Kerberos") self.assertEqual(2, pos) self.assertEqual("Primary:Kerberos", package.name) (pos, wp_package) = get_package(sc, "Primary:WDigest") self.assertEqual(3, pos) self.assertEqual("Primary:WDigest", wp_package.name) (pos, up_package) = get_package(sc, "Primary:userPassword") self.assertEqual(4, pos) self.assertEqual("Primary:userPassword", up_package.name) (pos, package) = get_package(sc, "Packages") self.assertEqual(5, pos) self.assertEqual("Packages", package.name) (pos, package) = get_package(sc, "Primary:SambaGPG") self.assertEqual(6, pos) self.assertEqual("Primary:SambaGPG", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(wp_package.data)) self.check_wdigests(digests) # Check that the userPassword hashes are computed correctly # Expect three hashes to be calculated up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob, binascii.a2b_hex(up_package.data)) self.checkUserPassword(up, [("{CRYPT}", "6", 5120), ("{CRYPT}", "5", 2560), ("{CRYPT}", "6", 5122)]) self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
def test_wDigest_supplementalCredentials(self): self.creds = Credentials() self.creds.set_username(os.environ["USERNAME"]) self.creds.set_password(os.environ["PASSWORD"]) self.creds.guess(self.lp) ldb = SamDB("ldap://" + os.environ["SERVER"], credentials=self.creds, lp=self.lp) self.add_user(ldb=ldb) sc = self.get_supplemental_creds_drs() (pos, package) = get_package(sc, "Primary:WDigest") self.assertEquals("Primary:WDigest", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(package.data)) self.check_wdigests(digests)
def test_wDigest_supplementalCredentials(self): self.creds = Credentials() self.creds.set_username(os.environ["USERNAME"]) self.creds.set_password(os.environ["PASSWORD"]) self.creds.guess(self.lp) ldb = SamDB("ldap://" + os.environ["SERVER"], credentials=self.creds, lp=self.lp) self.add_user(ldb=ldb) sc = self.get_supplemental_creds_drs() (pos, package) = get_package(sc, "Primary:WDigest") self.assertEquals("Primary:WDigest", package.name) # Check that the WDigest values are correct. # digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob, binascii.a2b_hex(package.data)) self.check_wdigests(digests)