def run(self, credopts=None, sambaopts=None, versionopts=None, newpassword=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) # get old password now, to get the password prompts in the right order old_password = creds.get_password() net = Net(creds, lp, server=credopts.ipaddress) password = newpassword while True: if password is not None and password is not '': break password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n") try: net.change_password(password) except Exception, msg: # FIXME: catch more specific exception raise CommandError("Failed to change password : {0!s}".format(msg))
def test_admin_change_password(self): def isLastExpectedMessage(msg): return ((msg["type"] == "Authentication") and (msg["Authentication"]["status"] == "NT_STATUS_OK") and (msg["Authentication"]["serviceDescription"] == "SAMR Password Change") and (msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") and (msg["Authentication"]["eventId"] == EVT_ID_SUCCESSFUL_LOGON) and (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" net.change_password(newpassword=password, username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(isLastExpectedMessage) print("Received %d messages" % len(messages)) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def run(self, credopts=None, sambaopts=None, versionopts=None, newpassword=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) # get old password now, to get the password prompts in the right order old_password = creds.get_password() net = Net(creds, lp, server=credopts.ipaddress) password = newpassword while True: if password is not None and password is not '': break password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n") try: net.change_password(password) except Exception, msg: # FIXME: catch more specific exception raise CommandError("Failed to change password : %s" % msg)
def test_net_change_password(self): dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn self.discardSetupMessages(dn) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server) password = "******" net.change_password(newpassword=password, username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(1, net, dn) print("Received %d messages" % len(messages)) self.assertEqual(1, len(messages), "Did not receive the expected number of messages") audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_PASSWORD_CHANGE, audit["eventId"]) self.assertEqual("Change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertRegexpMatches(audit["remoteAddress"], self.remoteAddress) session_id = self.get_session() self.assertEqual(session_id, audit["sessionId"]) service_description = self.get_service_description() self.assertEqual(service_description, "DCE/RPC") self.assertTrue(self.is_guid(audit["transactionId"]))
def test_admin_change_password_bad_original_password(self): def isLastExpectedMessage(msg): return ( (msg["type"] == "Authentication") and (msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD") and (msg["Authentication"]["serviceDescription"] == "SAMR Password Change") and (msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") and (msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON) and (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password, oldpassword="******", username=USER_NAME) except Exception: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def test_admin_change_password_unknown_user(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_NO_SUCH_USER" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword=USER_PASS, username="******") except Exception as msg: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def test_admin_change_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_OK" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template = self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" net.change_password(newpassword=password.encode('utf-8'), username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(isLastExpectedMessage) print "Received %d messages" % len(messages) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def test_admin_change_password_bad_original_password(self): def isLastExpectedMessage(msg): return ((msg["type"] == "Authentication") and (msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD") and (msg["Authentication"]["serviceDescription"] == "SAMR Password Change") and (msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3")) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword="******", username=USER_NAME) except Exception: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def test_admin_change_password_new_password_fails_restriction(self): def isLastExpectedMessage(msg): return ((msg["type"] == "Authentication") and (msg["Authentication"]["status"] == "NT_STATUS_PASSWORD_RESTRICTION") and (msg["Authentication"]["serviceDescription"] == "SAMR Password Change") and (msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") and (msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON) and (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password, oldpassword=USER_PASS, username=USER_NAME) except Exception: exception_thrown = True self.assertEqual(True, exception_thrown, "Expected exception not thrown") self.assertTrue(self.waitForMessages(isLastExpectedMessage), "Did not receive the expected message")
def test_admin_change_password_new_password_fails_restriction(self): def isLastExpectedMessage(msg): return ((msg["type"] == "Authentication") and (msg["Authentication"]["status"] == "NT_STATUS_PASSWORD_RESTRICTION") and (msg["Authentication"]["serviceDescription"] == "SAMR Password Change") and (msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3")) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword=USER_PASS, username=USER_NAME) except Exception: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages")
def test_net_change_password(self): dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn self.discardSetupMessages(dn) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server) password = "******" net.change_password(newpassword=password, username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(1, net, dn=dn) print("Received %d messages" % len(messages)) self.assertEquals(1, len(messages), "Did not receive the expected number of messages") audit = messages[0]["dsdbChange"] self.assertEquals("Modify", audit["operation"]) self.assertFalse(audit["performedAsSystem"]) self.assertTrue(dn.lower(), audit["dn"].lower()) self.assertRegexpMatches(audit["remoteAddress"], self.remoteAddress) session_id = self.get_session() self.assertEquals(session_id, audit["sessionId"]) # We skip the check for self.get_service_description() as this # is subject to a race between smbd and the s4 rpc_server code # as to which will set the description as it is DCE/RPC over SMB self.assertTrue(self.is_guid(audit["transactionId"])) attributes = audit["attributes"] self.assertEquals(1, len(attributes)) actions = attributes["clearTextPassword"]["actions"] self.assertEquals(1, len(actions)) self.assertTrue(actions[0]["redacted"]) self.assertEquals("replace", actions[0]["action"])
def test_net_change_password(self): dn = "CN=" + USER_NAME + ",CN=Users," + self.base_dn self.discardSetupMessages(dn) creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server) password = "******" net.change_password(newpassword=password.encode('utf-8'), username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(1, net, dn=dn) print("Received %d messages" % len(messages)) self.assertEquals(1, len(messages), "Did not receive the expected number of messages") audit = messages[0]["dsdbChange"] self.assertEquals("Modify", audit["operation"]) self.assertFalse(audit["performedAsSystem"]) self.assertTrue(dn.lower(), audit["dn"].lower()) self.assertRegexpMatches(audit["remoteAddress"], self.remoteAddress) session_id = self.get_session() self.assertEquals(session_id, audit["sessionId"]) # We skip the check for self.get_service_description() as this # is subject to a race between smbd and the s4 rpc_server code # as to which will set the description as it is DCE/RPC over SMB self.assertTrue(self.is_guid(audit["transactionId"])) attributes = audit["attributes"] self.assertEquals(1, len(attributes)) actions = attributes["clearTextPassword"]["actions"] self.assertEquals(1, len(actions)) self.assertTrue(actions[0]["redacted"]) self.assertEquals("replace", actions[0]["action"])
def run(self, credopts=None, sambaopts=None, versionopts=None, newpassword=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) # get old password now, to get the password prompts in the right order old_password = creds.get_password() net = Net(creds, lp, server=credopts.ipaddress) password = newpassword while 1: if password is not None and password is not '': break password = getpass("New Password: "******"Failed to change password : %s" % msg)
def run(self, credopts=None, sambaopts=None, versionopts=None, newpassword=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) connect_password = "" if len(creds.get_user_to_connect()) > 0: connect_password = getpass("Password for [%s\\%s]: " % ( creds.get_user_to_connect_domain(), creds.get_user_to_connect()) ) creds.set_password_to_connect(connect_password) # get old password now, to get the password prompts in the right order old_password = creds.get_password() if len(creds.get_user_to_connect()) < 1: connect_password = old_password import pdb; pdb.set_trace() net = Net(creds, lp, server=credopts.ipaddress) password = newpassword while True: if password is not None and password is not '': break password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n") try: net.change_password(password) except Exception, msg: # FIXME: catch more specific exception raise CommandError("Failed to change password : %s" % msg)
def test_admin_change_password_bad_original_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "******" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword="******", username=USER_NAME) except Exception, msg: exception_thrown = True