OXIESEC PANEL
- Current Dir:
/
/
usr
/
lib
/
python2.7
/
dist-packages
/
samba
/
tests
Server IP: 10.0.0.4
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
__init__.py
14.23 KB
11/15/2017 07:42:13 AM
rw-r--r--
📄
__init__.pyc
17.38 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth.py
2.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
auth.pyc
2.47 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log.py
56.47 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log.pyc
40.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_base.py
4.18 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_base.pyc
4.1 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_ncalrpc.py
4.07 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_ncalrpc.pyc
3.79 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_netlogon.py
5.05 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_netlogon.pyc
4.56 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_netlogon_bad_creds.py
7.06 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_netlogon_bad_creds.pyc
6.55 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_pass_change.py
12.91 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
auth_log_pass_change.pyc
10.67 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_samlogon.py
6.66 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_samlogon.pyc
6.19 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
blackbox
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
common.py
3.04 KB
02/07/2018 08:37:51 AM
rw-r--r--
📄
common.pyc
2.86 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
core.py
2.7 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
core.pyc
3.77 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
credentials.py
19.83 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
credentials.pyc
19.06 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
dcerpc
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
dns.py
51.4 KB
01/25/2022 03:20:03 PM
rw-r--r--
📄
dns.pyc
36.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_base.py
13.99 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_base.pyc
13.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_forwarder.py
21.23 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_forwarder.pyc
20.21 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
dns_forwarder_helpers
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
dns_packet.py
6.6 KB
01/25/2022 03:20:03 PM
rw-r--r--
📄
dns_packet.pyc
6.97 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_tkey.py
7.24 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_tkey.pyc
6.13 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_wildcard.py
10.9 KB
11/02/2017 11:38:36 AM
rw-r--r--
📄
dns_wildcard.pyc
8.4 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
docs.py
13.95 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
docs.pyc
11.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dsdb.py
18.84 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
dsdb.pyc
14.93 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dsdb_schema_attributes.py
7.93 KB
11/02/2017 11:38:36 AM
rw-r--r--
📄
dsdb_schema_attributes.pyc
6.96 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
gensec.py
7.85 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
gensec.pyc
6.61 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
get_opt.py
1.86 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
get_opt.pyc
1.75 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
glue.py
2.59 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
glue.pyc
3.43 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
hostconfig.py
2.15 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
hostconfig.pyc
3.45 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
join.py
6.5 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
join.pyc
5.45 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
kcc
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
libsmb_samba_internal.py
2.38 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
libsmb_samba_internal.pyc
2.71 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
lsa_string.py
2.52 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
lsa_string.pyc
2.21 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
messaging.py
4.97 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
messaging.pyc
5.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
net_join.py
2.29 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
net_join.pyc
2.22 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
net_join_no_spnego.py
3.34 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
net_join_no_spnego.pyc
3.15 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
netcmd.py
3 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
netcmd.pyc
3.95 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
netlogonsvc.py
2.43 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
netlogonsvc.pyc
2.14 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
ntacls.py
4.09 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
ntacls.pyc
4.69 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
ntlmauth.py
3 KB
08/29/2017 04:12:36 AM
rw-r--r--
📄
ntlmauth.pyc
2.73 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
pam_winbind.py
1.67 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
pam_winbind.pyc
1.43 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
param.py
3.59 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
param.pyc
4.8 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash.py
12.44 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash.pyc
7.84 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_fl2003.py
7.38 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_fl2003.pyc
5.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_fl2008.py
7.94 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_fl2008.pyc
5.66 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_gpgme.py
8.78 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_gpgme.pyc
6.41 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_ldap.py
4.85 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_ldap.pyc
4.63 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
policy.py
1.15 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
policy.pyc
1.03 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
posixacl.py
37.62 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
posixacl.pyc
26.85 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
provision.py
6.22 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
provision.pyc
9.79 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
py_credentials.py
13.71 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
py_credentials.pyc
10.64 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
registry.py
1.73 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
registry.pyc
2.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
samba3.py
8.24 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samba3.pyc
11.54 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
samba3sam.py
48.33 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samba3sam.pyc
31.65 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
samba_tool
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
samdb.py
3.51 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samdb.pyc
3.11 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
security.py
5.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
security.pyc
7.81 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
source.py
8.06 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
source.pyc
7.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
strings.py
4.12 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
strings.pyc
2.96 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
subunitrun.py
2.33 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
subunitrun.pyc
1.84 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
unicodenames.py
1.07 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
unicodenames.pyc
555 bytes
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgrade.py
1.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgrade.pyc
1.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgradeprovision.py
6.66 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgradeprovision.pyc
6.57 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgradeprovisionneeddc.py
7.29 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgradeprovisionneeddc.pyc
8.08 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
xattr.py
4.11 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
xattr.pyc
4.57 KB
02/03/2022 06:37:41 AM
rw-r--r--
Editing: auth_log_pass_change.py
Close
# Unix SMB/CIFS implementation. # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # """Tests for the Auth and AuthZ logging of password changes. """ from samba import auth import samba.tests from samba.messaging import Messaging from samba.samdb import SamDB from samba.auth import system_session import json import os import samba.tests.auth_log_base from samba.tests import delete_force from samba.net import Net from samba import ntstatus import samba from subprocess import call from ldb import LdbError USER_NAME = "authlogtestuser" USER_PASS = samba.generate_random_password(32,32) class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): def setUp(self): super(AuthLogPassChangeTests, self).setUp() self.remoteAddress = os.environ["CLIENT_IP"] self.server_ip = os.environ["SERVER_IP"] host = "ldap://%s" % os.environ["SERVER"] self.ldb = SamDB(url=host, session_info=system_session(), credentials=self.get_credentials(), lp=self.get_loadparm()) print "ldb %s" % type(self.ldb) # Gets back the basedn base_dn = self.ldb.domain_dn() print "base_dn %s" % base_dn # Gets back the configuration basedn configuration_dn = self.ldb.get_config_basedn().get_linearized() # Get the old "dSHeuristics" if it was set dsheuristics = self.ldb.get_dsheuristics() # Set the "dSHeuristics" to activate the correct "userPassword" # behaviour self.ldb.set_dsheuristics("000000001") # Reset the "dSHeuristics" as they were before self.addCleanup(self.ldb.set_dsheuristics, dsheuristics) # Get the old "minPwdAge" minPwdAge = self.ldb.get_minPwdAge() # Set it temporarily to "0" self.ldb.set_minPwdAge("0") self.base_dn = self.ldb.domain_dn() # Reset the "minPwdAge" as it was before self.addCleanup(self.ldb.set_minPwdAge, minPwdAge) # (Re)adds the test user USER_NAME with password USER_PASS delete_force(self.ldb, "cn=" + USER_NAME + ",cn=users," + self.base_dn) self.ldb.add({ "dn": "cn=" + USER_NAME + ",cn=users," + self.base_dn, "objectclass": "user", "sAMAccountName": USER_NAME, "userPassword": USER_PASS }) # discard any auth log messages for the password setup self.discardMessages() def tearDown(self): super(AuthLogPassChangeTests, self).tearDown() def test_admin_change_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_OK" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template = self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "newPassword!!42" net.change_password(newpassword=password.encode('utf-8'), username=USER_NAME, oldpassword=USER_PASS) messages = self.waitForMessages(isLastExpectedMessage) print "Received %d messages" % len(messages) self.assertEquals(8, len(messages), "Did not receive the expected number of messages") def test_admin_change_password_new_password_fails_restriction(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_PASSWORD_RESTRICTION" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "newPassword" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword=USER_PASS, username=USER_NAME) except Exception, msg: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages") def test_admin_change_password_unknown_user(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_NO_SUCH_USER" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "newPassword!!42" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword=USER_PASS, username="badUser") except Exception, msg: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages") def test_admin_change_password_bad_original_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["authDescription"] == "samr_ChangePasswordUser3") creds = self.insta_creds(template=self.get_credentials()) lp = self.get_loadparm() net = Net(creds, lp, server=self.server_ip) password = "newPassword!!42" exception_thrown = False try: net.change_password(newpassword=password.encode('utf-8'), oldpassword="badPassword", username=USER_NAME) except Exception, msg: exception_thrown = True self.assertEquals(True, exception_thrown, "Expected exception not thrown") messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(8, len(messages), "Did not receive the expected number of messages") # net rap password changes are broken, but they trigger enough of the # server side behaviour to exercise the code paths of interest. # if we used the real password it would be too long and does not hash # correctly, so we just check it triggers the wrong password path. def test_rap_change_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "SAMR Password Change" and msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD" and msg["Authentication"]["authDescription"] == "OemChangePasswordUser2") username = os.environ["USERNAME"] server = os.environ["SERVER"] password = os.environ["PASSWORD"] server_param = "--server=%s" % server creds = "-U%s%%%s" % (username,password) call(["bin/net", "rap", server_param, "password", USER_NAME, "notMyPassword", "notGoingToBeMyPassword", server, creds, "--option=client ipc max protocol=nt1"]) messages = self.waitForMessages(isLastExpectedMessage) self.assertEquals(7, len(messages), "Did not receive the expected number of messages") def test_ldap_change_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_OK" and msg["Authentication"]["serviceDescription"] == "LDAP Password Change" and msg["Authentication"]["authDescription"] == "LDAP Modify") new_password = samba.generate_random_password(32,32) self.ldb.modify_ldif( "dn: cn=" + USER_NAME + ",cn=users," + self.base_dn + "\n" + "changetype: modify\n" + "delete: userPassword\n" + "userPassword: " + USER_PASS + "\n" + "add: userPassword\n" + "userPassword: " + new_password + "\n" ) messages = self.waitForMessages(isLastExpectedMessage) print "Received %d messages" % len(messages) self.assertEquals(4, len(messages), "Did not receive the expected number of messages") # # Currently this does not get logged, so we expect to only see the log # entries for the underlying ldap bind. # def test_ldap_change_password_bad_user(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "LDAP" and msg["Authorization"]["authType"] == "krb5") new_password = samba.generate_random_password(32,32) try: self.ldb.modify_ldif( "dn: cn=" + "badUser" + ",cn=users," + self.base_dn + "\n" + "changetype: modify\n" + "delete: userPassword\n" + "userPassword: " + USER_PASS + "\n" + "add: userPassword\n" + "userPassword: " + new_password + "\n" ) self.fail() except LdbError, (num, msg): pass messages = self.waitForMessages(isLastExpectedMessage) print "Received %d messages" % len(messages) self.assertEquals(3, len(messages), "Did not receive the expected number of messages") def test_ldap_change_password_bad_original_password(self): def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["status"] == "NT_STATUS_WRONG_PASSWORD" and msg["Authentication"]["serviceDescription"] == "LDAP Password Change" and msg["Authentication"]["authDescription"] == "LDAP Modify") new_password = samba.generate_random_password(32,32) try: self.ldb.modify_ldif( "dn: cn=" + USER_NAME + ",cn=users," + self.base_dn + "\n" + "changetype: modify\n" + "delete: userPassword\n" + "userPassword: " + "badPassword" + "\n" + "add: userPassword\n" + "userPassword: " + new_password + "\n" ) self.fail() except LdbError, (num, msg): pass messages = self.waitForMessages(isLastExpectedMessage) print "Received %d messages" % len(messages) self.assertEquals(4, len(messages), "Did not receive the expected number of messages")