def test_smb_encryption(self):
creds = credentials.Credentials()
self.assertEqual(creds.get_smb_encryption(),
credentials.SMB_ENCRYPTION_DEFAULT)
creds.set_smb_encryption(credentials.SMB_ENCRYPTION_REQUIRED)
self.assertEqual(creds.get_smb_encryption(),
credentials.SMB_ENCRYPTION_REQUIRED)
def setUp(self):
super(SMBNotifyTests, self).setUp()
self.server = samba.tests.env_get_var_value("SERVER")
# create an SMB connection to the server
self.lp = s3param.get_context()
self.lp.load(samba.tests.env_get_var_value("SMB_CONF_PATH"))
self.share = samba.tests.env_get_var_value("NOTIFY_SHARE")
creds = credentials.Credentials()
creds.guess(self.lp)
creds.set_username(samba.tests.env_get_var_value("USERNAME"))
creds.set_password(samba.tests.env_get_var_value("PASSWORD"))
strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True)
if strict_checking is None:
strict_checking = '1'
self.strict_checking = bool(int(strict_checking))
self.smb_conn = libsmb.Conn(self.server, self.share, self.lp, creds)
self.smb_conn_unpriv = None
try:
self.smb_conn.deltree(test_dir)
except:
pass
self.smb_conn.mkdir(test_dir)
def connect(self, **kwargs):
host = kwargs.get("host")
share = kwargs.get("share")
username = kwargs.get("username")
password = kwargs.get("password")
smb1 = kwargs.get("smb1", False)
self._lp = s3param.get_context()
self._lp.load_default()
self._cred = credentials.Credentials()
self._cred.guess(self._lp)
if username is not None:
self._cred.set_username(username)
if password is not None:
self._cred.set_password(password)
self._host = host
self._share = share
self._smb1 = smb1
self._connection = libsmb.Conn(
host,
share,
self._lp,
self._cred,
force_smb1=smb1,
)
def test_smb_ipc_signing(self):
creds = credentials.Credentials()
self.assertEqual(creds.get_smb_ipc_signing(),
credentials.SMB_SIGNING_REQUIRED)
creds.set_smb_ipc_signing(credentials.SMB_SIGNING_OFF)
self.assertEqual(creds.get_smb_ipc_signing(),
credentials.SMB_SIGNING_OFF)
def GenerateSessions():
lp = s3param.get_context()
lp.load('/usr/local/etc/smb4.conf')
creds = credentials.Credentials()
creds.guess(lp)
if args.domain is not None:
creds.set_domain(args.domain)
creds.set_password(args.password)
mythreads = []
c = {}
for i in range(args.count):
if args.increment is None:
creds.set_username(args.user)
else:
creds.set_username(f'{args.user}{args.increment}')
c[i] = libsmb.Conn(args.host, args.share, lp, creds)
t = Open_Close(c[i], "test" + str(i), args.numops)
mythreads.append(t)
for t in mythreads:
t.start()
for t in mythreads:
t.join()
if t.exc:
raise t.exc[0](t.exc[1])
time.sleep(60)
def connect_unpriv(self):
creds_unpriv = credentials.Credentials()
creds_unpriv.guess(self.lp)
creds_unpriv.set_username(samba.tests.env_get_var_value("USERNAME_UNPRIV"))
creds_unpriv.set_password(samba.tests.env_get_var_value("PASSWORD_UNPRIV"))
self.smb_conn_unpriv = libsmb.Conn(self.server, self.share, self.lp, creds_unpriv)
def test_OpenClose(self):
lp = s3param.get_context()
lp.load(os.getenv("SMB_CONF_PATH"))
creds = credentials.Credentials()
creds.guess(lp)
creds.set_username(os.getenv("USERNAME"))
creds.set_password(os.getenv("PASSWORD"))
c = libsmb.Conn(os.getenv("SERVER_IP"),
"tmp",
lp,
creds,
multi_threaded=True,
force_smb1=True)
mythreads = []
for i in range(3):
t = LibsmbTestCase.OpenClose(c, "test" + str(i), 10)
mythreads.append(t)
for t in mythreads:
t.start()
for t in mythreads:
t.join()
if t.exc:
raise t.exc[0](t.exc[1])
def __retrieve_trusted_domain_gc_list(self, domain):
"""
Retrieves domain information and preferred GC list
Returns dictionary with following keys
name -- NetBIOS name of the trusted domain
dns_domain -- DNS name of the trusted domain
auth -- encrypted credentials for trusted domain account
gc -- array of tuples (server, port) for Global Catalog
"""
if domain in self._info:
return self._info[domain]
if not self._creds:
self._parm = param.LoadParm()
self._parm.load(os.path.join(ipautil.SHARE_DIR, "smb.conf.empty"))
self._parm.set('netbios name', self.flatname)
self._creds = credentials.Credentials()
self._creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
self._creds.guess(self._parm)
self._creds.set_workstation(self.flatname)
netrc = net.Net(creds=self._creds, lp=self._parm)
finddc_error = None
result = None
try:
result = netrc.finddc(domain=domain,
flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_GC
| nbt.NBT_SERVER_CLOSEST)
except RuntimeError, e:
finddc_error = e
def __perform_authentication(self, username, password):
""" Performs User Authentication
Keyword arguments:
username -- username provided by the login form
password -- password provided by the login form
"""
from samba import credentials, param
auth_success = False
lp = param.LoadParm()
lp.load_default()
creds = credentials.Credentials()
creds.set_username(username)
creds.set_password(password)
creds.set_domain("")
if request.environ.has_key("REMOTE_HOST"):
creds.set_workstation(request.environ.get("REMOTE_HOST"))
else:
creds.set_workstation("")
auth_success = self.__auth_samr(lp, creds)
log.info("using samr authentication")
return auth_success
def get_instance(self):
# Fetch data from foreign domain using password only
rd = TrustDomainInstance('')
rd.parm.set('workgroup', self.local_domain.info['name'])
rd.creds = credentials.Credentials()
rd.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS)
rd.creds.guess(rd.parm)
return rd
def __populate_local_domain(self):
# Initialize local domain info using kerberos only
ld = TrustDomainInstance(self.local_flatname)
ld.creds = credentials.Credentials()
ld.creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
ld.creds.guess(ld.parm)
ld.creds.set_workstation(ld.hostname)
ld.retrieve(installutils.get_fqdn())
self.local_domain = ld
def setUp(self):
super(CredentialsTests, self).setUp()
self.creds = credentials.Credentials()
if PY3:
# Because Python 2 does not support 'x' mode and Python 3
# does not support 'wx' mode in open() function
# for exclusive creation
self.open_mode = 'x'
else:
self.open_mode = 'wx'
def test_guess(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
self.assertEqual(creds.get_username(), "env_user")
self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
self.assertEqual(creds.get_realm(), lp.get("realm").upper())
self.assertEqual(creds.is_anonymous(), False)
self.assertEqual(creds.authentication_requested(), False)
def prep_creds(self):
lp = s3param.get_context()
lp.load(os.getenv("SMB_CONF_PATH"))
creds = credentials.Credentials()
creds.guess(lp)
creds.set_username(os.getenv("USERNAME"))
creds.set_password(os.getenv("PASSWORD"))
return (lp,creds)
def _connect(username, password, hostname='localhost'):
try:
creds = credentials.Credentials()
creds.set_username(username)
creds.set_password(password)
creds.set_domain("")
creds.set_workstation("")
conn = samba.Ldb("ldap://" + hostname, lp=lp, credentials=creds)
except Exception, e:
return False
def test_set_anonymous(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
creds.set_anonymous()
self.assertEqual(creds.get_username(), "")
self.assertEqual(creds.get_domain(), "")
self.assertEqual(creds.get_realm(), None)
self.assertEqual(creds.is_anonymous(), True)
self.assertEqual(creds.authentication_requested(), False)
def test_parse_username_with_realm(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
creds.parse_string("*****@*****.**")
self.assertEqual(creds.get_username(), "env_user")
self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
self.assertEqual(creds.get_realm(), "SAMBA.ORG")
self.assertEqual(creds.is_anonymous(), False)
self.assertEqual(creds.authentication_requested(), True)
def test_smb_signing_set_conf(self):
lp = samba.tests.env_loadparm()
creds = credentials.Credentials()
creds.set_conf(lp)
self.assertEqual(creds.get_smb_signing(),
credentials.SMB_SIGNING_DEFAULT)
creds.set_smb_signing(credentials.SMB_SIGNING_OFF)
self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_OFF)
creds.set_conf(lp)
self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_OFF)
def test_parse_username_pw(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
creds.parse_string("user%pass")
self.assertEqual(creds.get_username(), "user")
self.assertEqual(creds.get_password(), "pass")
self.assertEqual(creds.get_domain(), lp.get("workgroup"))
self.assertEqual(creds.get_realm(), lp.get("realm"))
self.assertEqual(creds.is_anonymous(), False)
self.assertEqual(creds.authentication_requested(), True)
def __init__(self, user, password):
self.user = user
self.password = password
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
def __init__(self,username,password):
self.creds = credentials.Credentials()
self.creds.set_username(username)
self.creds.set_password(password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
self.samdb = SamDB(url='ldap://%s' % self.server_address,session_info=system_session(), credentials=self.creds, lp=self.lp)
self.samrpipe = samr.samr("ncalrpc:%s"% self.server_address, self.lp, credentials=self.creds)
self.connect_handle = self.samrpipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
self._GetDomainNames()
self._SetCurrentDomain(0)
def test_parse_username_with_domain_0(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
creds.parse_string("domain\\user")
self.assertEqual(creds.get_username(), "user")
self.assertEqual(creds.get_domain(), "DOMAIN")
self.assertEqual(creds.get_realm(), None)
self.assertEqual(creds.get_principal(), "user@DOMAIN")
self.assertEqual(creds.is_anonymous(), False)
self.assertEqual(creds.authentication_requested(), True)
def setUp(self):
super(DNSTKeyTest, self).setUp()
self.settings = {}
self.settings["lp_ctx"] = self.lp_ctx = tests.env_loadparm()
self.settings["target_hostname"] = self.server
self.creds = credentials.Credentials()
self.creds.guess(self.lp_ctx)
self.creds.set_username(tests.env_get_var_value('USERNAME'))
self.creds.set_password(tests.env_get_var_value('PASSWORD'))
self.creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
self.newrecname = "tkeytsig.%s" % self.get_dns_domain()
def test_rpc_anonymous(self):
mach_name = self.host
anon_creds = credentials.Credentials()
anon_creds.set_anonymous()
binding_str = "ncacn_np:%s[\\pipe\\lsarpc]" % mach_name
conn = lsa.lsarpc(binding_str, self.get_lp(), anon_creds)
(account_name, _) = conn.GetUserName(None, None, None)
self.assertEqual('ANONYMOUS LOGON', account_name.string.upper())
def test_smb_encryption_set_conf(self):
lp = samba.tests.env_loadparm()
creds = credentials.Credentials()
creds.set_conf(lp)
self.assertEqual(creds.get_smb_encryption(),
credentials.SMB_ENCRYPTION_DEFAULT)
creds.set_smb_encryption(credentials.SMB_ENCRYPTION_OFF)
self.assertEqual(creds.get_smb_encryption(),
credentials.SMB_ENCRYPTION_OFF)
creds.set_conf(lp)
self.assertEqual(creds.get_smb_encryption(),
credentials.SMB_ENCRYPTION_OFF)
def connect(self, host=None, share=None, username=None, password=None):
self._lp = s3param.get_context()
self._lp.load_default()
self._cred = credentials.Credentials()
self._cred.guess(self._lp)
if username is not None:
self._cred.set_username(username)
if password is not None:
self._cred.set_password(password)
self._host = host
self._share = share
self._connection = libsmb.Conn(host, share, self._lp, self._cred)
def test_parse_username_1(self):
creds = credentials.Credentials()
lp = samba.tests.env_loadparm()
os.environ["USER"] = "******"
creds.guess(lp)
realm = "realm.example.com"
creds.set_realm(realm, credentials.UNINITIALISED)
creds.parse_string("user")
self.assertEqual(creds.get_username(), "user")
self.assertEqual(creds.get_domain(), lp.get("workgroup").upper())
self.assertEqual(creds.get_realm(), realm.upper())
self.assertEqual(creds.get_principal(), "user@%s" % realm.upper())
self.assertEqual(creds.is_anonymous(), False)
self.assertEqual(creds.authentication_requested(), True)
def _connect(self):
try:
self.creds = credentials.Credentials()
self.creds.set_username(self.username)
self.creds.set_password(self.password)
#self.creds.set_domain("SAMDOM")
self.creds.set_domain("")
self.creds.set_workstation("")
self.LdapConn = samba.Ldb("ldap://127.0.0.1",lp=self.lp,credentials=self.creds)
self.samrpipe = samr.samr("ncalrpc:", self.lp, self.creds)
self.connect_handle = self.samrpipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
except ldb.LdbError, (num, msg):
self.SetError(msg,num)
return False;
def _connect(self):
try:
username = session['username']
password = session['password']
creds = credentials.Credentials()
creds.set_username(username)
creds.set_password(password)
#creds.set_domain("SAMDOM")
creds.set_domain("")
creds.set_workstation("")
self.conn = samba.Ldb("ldap://127.0.0.1",
lp=self.lp,
credentials=creds)
except Exception, e:
raise
def test_SMB3EncryptionRequired(self):
test_dir = 'testing_%d' % random.randint(0, 0xFFFF)
lp = s3param.get_context()
lp.load(os.getenv("SMB_CONF_PATH"))
creds = credentials.Credentials()
creds.guess(lp)
creds.set_username(os.getenv("USERNAME"))
creds.set_password(os.getenv("PASSWORD"))
creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
c = libsmb.Conn(os.getenv("SERVER_IP"), "tmp", lp, creds)
c.mkdir(test_dir)
c.rmdir(test_dir)