From: Joseph Sutton Date: Tue, 23 Feb 2021 10:50:30 +0000 (+1300) Subject: provision tests: Add test for the CryptSHA256 and CryptSHA512 password hashing schemes X-Git-Tag: tevent-0.11.0~1306 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05d70f92b633284044d1cd14314eadb3645c1e09;p=thirdparty%2Fsamba.git provision tests: Add test for the CryptSHA256 and CryptSHA512 password hashing schemes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621 Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/samba_tool/provision_userPassword_crypt.py b/python/samba/tests/samba_tool/provision_userPassword_crypt.py new file mode 100644 index 00000000000..234daba3064 --- /dev/null +++ b/python/samba/tests/samba_tool/provision_userPassword_crypt.py @@ -0,0 +1,63 @@ +# Unix SMB/CIFS implementation. +# Copyright (C) Catalyst IT Ltd. 2021 +# +# based on provision_lmdb_size.py: +# Copyright (C) Catalyst IT Ltd. 2019 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from samba.tests.samba_tool.base import SambaToolCmdTest +import os +import shutil + + +class ProvisionUserPasswordTestCase(SambaToolCmdTest): + """Test for crypt() hashed passwords""" + + def setUp(self): + super(ProvisionUserPasswordTestCase, self).setUp() + self.tempsambadir = os.path.join(self.tempdir, "samba") + os.mkdir(self.tempsambadir) + + # provision a domain + # + # returns the tuple (ret, stdout, stderr) + def provision(self, machinepass=None): + command = ( + "samba-tool " + + "domain provision " + + "--use-rfc230 " + + "--realm=\"EXAMPLE.COM\" " + + "--domain=\"EXAMPLE\" " + + "--adminpass=\"FooBar123\" " + + "--server-role=dc " + + "--host-ip=10.166.183.55 " + + "--option=\"password hash userPassword " + + "schemes=CryptSHA256 CryptSHA512\" " + + ("--targetdir=\"%s\" " % self.tempsambadir) + + "--use-ntvfs" + ) + if machinepass: + command += ("--machinepass=\"%s\"" % machinepass) + + return self.run_command(command) + + def test_crypt(self): + (result, out, err) = self.provision("FooBar123") + self.assertEqual(0, result) + + def tearDown(self): + super(ProvisionUserPasswordTestCase, self).tearDown() + shutil.rmtree(self.tempsambadir) diff --git a/selftest/knownfail.d/bug-14621 b/selftest/knownfail.d/bug-14621 new file mode 100644 index 00000000000..65acac7f07b --- /dev/null +++ b/selftest/knownfail.d/bug-14621 @@ -0,0 +1 @@ +^samba.tests.samba_tool.provision_userPassword_crypt diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index cd5730e672f..6017f5b6481 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -792,6 +792,7 @@ planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema") planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl") planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check") planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size") +planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt") planpythontestsuite("none", "samba.tests.samba_tool.help") planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings") planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl")