aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGary Lockyer <gary@catalyst.net.nz>2018-10-17 09:10:10 +1300
committerAndrew Bartlett <abartlet@samba.org>2018-10-19 06:17:25 +0200
commitb6e45fb479689cff028b1fe626533b035e313ce3 (patch)
tree51092751bbe73a7f5363fd9646652f9e6e0222d3
parenta0bad1364a9403afc5f457bf71a1eae48ab7b54e (diff)
downloadsamba-b6e45fb479689cff028b1fe626533b035e313ce3.tar.gz
samba-b6e45fb479689cff028b1fe626533b035e313ce3.tar.xz
samba-b6e45fb479689cff028b1fe626533b035e313ce3.zip
python tests Blackbox: add random_password
Add the random_password method to the BlackboxTestCase class and remove duplicated copies from other test cases. Also use SystemRandom so that the generated passwords are more cryptographically sound. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--python/samba/tests/__init__.py13
-rw-r--r--python/samba/tests/samba_tool/base.py7
-rw-r--r--python/samba/tests/samba_tool/user.py8
-rw-r--r--python/samba/tests/samba_tool/user_virtualCryptSHA.py18
4 files changed, 19 insertions, 27 deletions
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index 870258a6fb9..4ec3e31bcca 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -38,6 +38,8 @@ import samba.dcerpc.base
from samba.compat import PY3, text_type
from samba.compat import string_types
from random import randint
+from random import SystemRandom
+import string
try:
from samba.samdb import SamDB
except ImportError:
@@ -400,6 +402,17 @@ class BlackboxTestCase(TestCaseInTempDir):
raise BlackboxProcessError(retcode, line, stdoutdata, stderrdata)
return stdoutdata
+ # Generate a random password that can be safely passed on the command line
+ # i.e. it does not contain any shell meta characters.
+ def random_password(self, count=32):
+ password = SystemRandom().choice(string.ascii_uppercase)
+ password += SystemRandom().choice(string.digits)
+ password += SystemRandom().choice(string.ascii_lowercase)
+ password += ''.join(SystemRandom().choice(string.ascii_uppercase +
+ string.ascii_lowercase +
+ string.digits) for x in range(count - 3))
+ return password
+
def connect_samdb(samdb_url, lp=None, session_info=None, credentials=None,
flags=0, ldb_options=None, ldap_only=False, global_schema=True):
diff --git a/python/samba/tests/samba_tool/base.py b/python/samba/tests/samba_tool/base.py
index 2aee4816fc4..58d9b3d6b9f 100644
--- a/python/samba/tests/samba_tool/base.py
+++ b/python/samba/tests/samba_tool/base.py
@@ -124,13 +124,6 @@ class SambaToolCmdTest(samba.tests.BlackboxTestCase):
name += ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(count - 1))
return name
- def randomPass(self, count=16):
- name = random.choice(string.ascii_uppercase)
- name += random.choice(string.digits)
- name += random.choice(string.ascii_lowercase)
- name += ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(count - 3))
- return name
-
def randomXid(self):
# pick some hopefully unused, high UID/GID range to avoid interference
# from the system the test runs on
diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py
index 750d9ad8e5a..77ab9bfb59d 100644
--- a/python/samba/tests/samba_tool/user.py
+++ b/python/samba/tests/samba_tool/user.py
@@ -196,7 +196,7 @@ class UserCmdTestCase(SambaToolCmdTest):
def test_setpassword(self):
for user in self.users:
- newpasswd = self.randomPass()
+ newpasswd = self.random_password(16)
(result, out, err) = self.runsubcmd("user", "setpassword",
user["name"],
"--newpassword=%s" % newpasswd,
@@ -238,7 +238,7 @@ class UserCmdTestCase(SambaToolCmdTest):
"syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
for user in self.users:
- newpasswd = self.randomPass()
+ newpasswd = self.random_password(16)
creds = credentials.Credentials()
creds.set_anonymous()
creds.set_password(newpasswd)
@@ -300,7 +300,7 @@ class UserCmdTestCase(SambaToolCmdTest):
"getpassword virtualSSHA: out[%s]" % out)
for user in self.users:
- newpasswd = self.randomPass()
+ newpasswd = self.random_password(16)
(result, out, err) = self.runsubcmd("user", "setpassword",
user["name"],
"--newpassword=%s" % newpasswd,
@@ -508,7 +508,7 @@ sAMAccountName: %s
"""create a user with random attribute values, you can specify base attributes"""
user = {
"name": self.randomName(),
- "password": self.randomPass(),
+ "password": self.random_password(16),
"surname": self.randomName(),
"given-name": self.randomName(),
"job-title": self.randomName(),
diff --git a/python/samba/tests/samba_tool/user_virtualCryptSHA.py b/python/samba/tests/samba_tool/user_virtualCryptSHA.py
index 0a707628dcf..f488bc7799d 100644
--- a/python/samba/tests/samba_tool/user_virtualCryptSHA.py
+++ b/python/samba/tests/samba_tool/user_virtualCryptSHA.py
@@ -29,23 +29,8 @@ from samba.ndr import ndr_unpack
from samba.dcerpc import drsblobs
from samba import dsdb
import re
-import random
-import string
USER_NAME = "CryptSHATestUser"
-# Create a random 32 character password, containing only letters and
-# digits to avoid issues when used on the command line.
-# Ensuring the password includes at least:
-# 1 upper case letter
-# 1 lower case letter
-# 1 digit.
-#
-USER_PASS = (''.join(random.choice(string.ascii_uppercase +
- string.ascii_lowercase +
- string.digits) for _ in range(29)) +
- random.choice(string.ascii_uppercase) +
- random.choice(string.ascii_lowercase) +
- random.choice(string.digits))
HASH_OPTION = "password hash userPassword schemes"
# Get the value of an attribute from the output string
@@ -86,10 +71,11 @@ class UserCmdCryptShaTestCase(SambaToolCmdTest):
credentials=self.creds,
lp=self.lp)
+ password = self.random_password()
self.runsubcmd("user",
"create",
USER_NAME,
- USER_PASS)
+ password)
def tearDown(self):
super(UserCmdCryptShaTestCase, self).tearDown()