From: Andrew Bartlett Date: Mon, 11 Dec 2023 08:40:44 +0000 (+1300) Subject: selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant X-Git-Tag: talloc-2.4.2~245 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=175a13ca134a2c990ae20df83f80ed4194055c96;p=thirdparty%2Fsamba.git selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant This is consistant with ;format= support for time attributes and other users of this parameter style elsewhere in LDAP. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py b/python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py index a07891bb1e2..6517eeecc3f 100644 --- a/python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py +++ b/python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py @@ -134,13 +134,13 @@ class UserCmdCryptShaTestCaseGPG(UserCmdCryptShaTestCase): "virtualCryptSHA256;rounds=10123,virtualCryptSHA512;rounds=10456", True) - self.assertIn("virtualCryptSHA256:", out) - self.assertIn("virtualCryptSHA512:", out) + self.assertIn("virtualCryptSHA256;rounds=10123:", out) + self.assertIn("virtualCryptSHA512;rounds=10456:", out) - sha256 = self._get_attribute(out, "virtualCryptSHA256") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=10123") self.assertTrue(sha256.startswith("{CRYPT}$5$rounds=10123$")) - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=10456") self.assertTrue(sha512.startswith("{CRYPT}$6$rounds=10456$")) # gpg decryption enabled. @@ -154,14 +154,14 @@ class UserCmdCryptShaTestCaseGPG(UserCmdCryptShaTestCase): "virtualCryptSHA256;rounds=invalid,virtualCryptSHA512;rounds=3125", True) - self.assertIn("virtualCryptSHA256:", out) - self.assertIn("virtualCryptSHA512:", out) + self.assertIn("virtualCryptSHA256;rounds=invalid:", out) + self.assertIn("virtualCryptSHA512;rounds=3125:", out) - sha256 = self._get_attribute(out, "virtualCryptSHA256") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=invalid") self.assertTrue(sha256.startswith("{CRYPT}$5$")) self.assertNotIn("rounds", sha256) - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=3125") self.assertTrue(sha512.startswith("{CRYPT}$6$rounds=3125$")) # gpg decryption enabled. @@ -175,14 +175,14 @@ class UserCmdCryptShaTestCaseGPG(UserCmdCryptShaTestCase): "virtualCryptSHA512;rounds=5129", True) - self.assertIn("virtualCryptSHA256:", out) - self.assertIn("virtualCryptSHA512:", out) - self.assertIn("rounds=", out) + self.assertIn("virtualCryptSHA256;rounds=2561:", out) + self.assertIn("virtualCryptSHA512;rounds=5129:", out) + self.assertIn("$rounds=", out) # Should be calculating the hashes # so they should change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129") out = self._get_password("virtualCryptSHA256;rounds=2561," + "virtualCryptSHA512;rounds=5129", @@ -208,20 +208,20 @@ class UserCmdCryptShaTestCaseGPG(UserCmdCryptShaTestCase): "virtualCryptSHA512;rounds=5129", True) - self.assertIn("virtualCryptSHA256:", out) - self.assertIn("virtualCryptSHA512:", out) - self.assertIn("rounds=", out) + self.assertIn("virtualCryptSHA256;rounds=2561:", out) + self.assertIn("virtualCryptSHA512;rounds=5129:", out) + self.assertIn("$rounds=", out) # Should be using the pre computed hash in supplementalCredentials # so it should not change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129") out = self._get_password("virtualCryptSHA256;rounds=2561," + "virtualCryptSHA512;rounds=5129", True) - self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256")) - self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512")) + self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=2561")) + self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5129")) # The returned hashes should specify the correct number of rounds self.assertTrue(sha256.startswith("{CRYPT}$5$rounds=2561")) @@ -242,20 +242,20 @@ class UserCmdCryptShaTestCaseGPG(UserCmdCryptShaTestCase): "virtualCryptSHA512;rounds=5000", True) - self.assertIn("virtualCryptSHA256:", out) - self.assertIn("virtualCryptSHA512:", out) - self.assertIn("rounds=", out) + self.assertIn("virtualCryptSHA256;rounds=4000:", out) + self.assertIn("virtualCryptSHA512;rounds=5000:", out) + self.assertIn("$rounds=", out) # Should be calculating the hashes # so they should change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=4000") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5000") out = self._get_password("virtualCryptSHA256;rounds=4000," + "virtualCryptSHA512;rounds=5000", True) - self.assertNotEqual(sha256, self._get_attribute(out, "virtualCryptSHA256")) - self.assertNotEqual(sha512, self._get_attribute(out, "virtualCryptSHA512")) + self.assertNotEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=4000")) + self.assertNotEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5000")) # The calculated hashes should specify the correct number of rounds self.assertTrue(sha256.startswith("{CRYPT}$5$rounds=4000")) diff --git a/python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py b/python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py index 317b008dfab..1f84af0564b 100644 --- a/python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py +++ b/python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py @@ -106,18 +106,20 @@ class UserCmdCryptShaTestCaseUserPassword(UserCmdCryptShaTestCase): out = self._get_password("virtualCryptSHA256;rounds=2561," + "virtualCryptSHA512;rounds=5129") - self.assertTrue("virtualCryptSHA256:" in out) - self.assertTrue("virtualCryptSHA512:" in out) - self.assertTrue("rounds=" not in out) + self.assertTrue("virtualCryptSHA256;rounds=2561:" in out) + self.assertTrue("virtualCryptSHA512;rounds=5129:" in out) + self.assertTrue("$rounds=" not in out) # Should be using the pre computed hash in supplementalCredentials # so it should not change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129") out = self._get_password("virtualCryptSHA256,virtualCryptSHA512") - self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256")) - self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512")) + self.assertEqual(sha256, self._get_attribute(out, + "virtualCryptSHA256")) + self.assertEqual(sha512, self._get_attribute(out, + "virtualCryptSHA512")) # gpg decryption not enabled. # both virtual attributes specified, rounds specified @@ -132,19 +134,19 @@ class UserCmdCryptShaTestCaseUserPassword(UserCmdCryptShaTestCase): out = self._get_password("virtualCryptSHA256;rounds=2561," + "virtualCryptSHA512;rounds=5129") - self.assertTrue("virtualCryptSHA256:" in out) - self.assertTrue("virtualCryptSHA512:" in out) - self.assertTrue("rounds=" in out) + self.assertTrue("virtualCryptSHA256;rounds=2561:" in out) + self.assertTrue("virtualCryptSHA512;rounds=5129:" in out) + self.assertTrue("$rounds=" in out) # Should be using the pre computed hash in supplementalCredentials # so it should not change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=2561") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5129") out = self._get_password("virtualCryptSHA256;rounds=2561," + "virtualCryptSHA512;rounds=5129") - self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256")) - self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512")) + self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=2561")) + self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5129")) # Number of rounds should match that specified self.assertTrue(sha256.startswith("{CRYPT}$5$rounds=2561")) @@ -164,19 +166,19 @@ class UserCmdCryptShaTestCaseUserPassword(UserCmdCryptShaTestCase): out = self._get_password("virtualCryptSHA256;rounds=4000," + "virtualCryptSHA512;rounds=5000") - self.assertTrue("virtualCryptSHA256:" in out) - self.assertTrue("virtualCryptSHA512:" in out) - self.assertTrue("rounds=" not in out) + self.assertTrue("virtualCryptSHA256;rounds=4000:" in out) + self.assertTrue("virtualCryptSHA512;rounds=5000:" in out) + self.assertTrue("$rounds=" not in out) # Should be using the pre computed hash in supplementalCredentials # so it should not change between calls. - sha256 = self._get_attribute(out, "virtualCryptSHA256") - sha512 = self._get_attribute(out, "virtualCryptSHA512") + sha256 = self._get_attribute(out, "virtualCryptSHA256;rounds=4000") + sha512 = self._get_attribute(out, "virtualCryptSHA512;rounds=5000") out = self._get_password("virtualCryptSHA256;rounds=4000," + "virtualCryptSHA512;rounds=5000") - self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256")) - self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512")) + self.assertEqual(sha256, self._get_attribute(out, "virtualCryptSHA256;rounds=4000")) + self.assertEqual(sha512, self._get_attribute(out, "virtualCryptSHA512;rounds=5000")) # As the number of rounds did not match, should have returned the # first hash of the corresponding scheme diff --git a/selftest/knownfail.d/user_virtualCryptSHA b/selftest/knownfail.d/user_virtualCryptSHA new file mode 100644 index 00000000000..282e3e8491f --- /dev/null +++ b/selftest/knownfail.d/user_virtualCryptSHA @@ -0,0 +1,16 @@ +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match +^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid