本文整理汇总了Python中samba.credentials.Credentials.guess方法的典型用法代码示例。如果您正苦于以下问题:Python Credentials.guess方法的具体用法?Python Credentials.guess怎么用?Python Credentials.guess使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类samba.credentials.Credentials的用法示例。
在下文中一共展示了Credentials.guess方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _test_netlogon
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def _test_netlogon(self, binding, checkFunction):
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authorization" and
msg["Authorization"]["serviceDescription"] == "DCE/RPC" and
msg["Authorization"]["authType"] == "schannel" and
msg["Authorization"]["transportProtection"] == "SEAL")
if binding:
binding = "[schannel,%s]" % binding
else:
binding = "[schannel]"
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(self.machinepass)
machine_creds.set_username(self.netbios_name + "$")
netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding,
self.get_loadparm(),
machine_creds)
messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn)
checkFunction(messages)示例2: KCCTests
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
class KCCTests(samba.tests.TestCase):
def setUp(self):
super(KCCTests, self).setUp()
self.lp = LoadParm()
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_username(os.environ["USERNAME"])
self.creds.set_password(os.environ["PASSWORD"])
def test_list_dsas(self):
my_kcc = kcc.KCC(unix_now, False, False, False, False)
my_kcc.load_samdb("ldap://%s" % os.environ["SERVER"],
self.lp, self.creds)
dsas = my_kcc.list_dsas()
env = os.environ['TEST_ENV']
for expected_dsa in ENV_DSAS[env]:
self.assertIn(expected_dsa, dsas)
def test_verify(self):
"""check that the KCC generates graphs that pass its own verify
option. This is not a spectacular achievement when there are
only a couple of nodes to connect, but it shows something.
"""
my_kcc = kcc.KCC(unix_now, readonly=True, verify=True,
debug=False, dot_file_dir=None)
my_kcc.run("ldap://%s" % os.environ["SERVER"],
self.lp, self.creds,
attempt_live_connections=False)示例3: _test_netlogon
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def _test_netlogon(self, name, pwd, status, checkFunction):
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and
msg["Authentication"]["status"] == status)
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(pwd)
machine_creds.set_username(name + "$")
try:
netlogon.netlogon("ncalrpc:[schannel]",
self.get_loadparm(),
machine_creds)
self.fail("NTSTATUSError not raised")
except NTSTATUSError:
pass
messages = self.waitForMessages(isLastExpectedMessage)
checkFunction(messages)示例4: CredentialsOptionsDouble
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
class CredentialsOptionsDouble(CredentialsOptions):
"""Command line options for specifying credentials of two servers."""
def __init__(self, parser):
CredentialsOptions.__init__(self, parser)
self.no_pass2 = True
self.add_option("--simple-bind-dn2", metavar="DN2", action="callback",
callback=self._set_simple_bind_dn2, type=str,
help="DN to use for a simple bind")
self.add_option("--password2", metavar="PASSWORD2", action="callback",
help="Password", type=str,
callback=self._set_password2)
self.add_option("--username2", metavar="USERNAME2",
action="callback", type=str,
help="Username for second server",
callback=self._parse_username2)
self.add_option("--workgroup2", metavar="WORKGROUP2",
action="callback", type=str,
help="Workgroup for second server",
callback=self._parse_workgroup2)
self.add_option("--no-pass2", action="store_true",
help="Don't ask for a password for the second server")
self.add_option("--kerberos2", metavar="KERBEROS2",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos2)
self.creds2 = Credentials()
def _parse_username2(self, option, opt_str, arg, parser):
self.creds2.parse_string(arg)
def _parse_workgroup2(self, option, opt_str, arg, parser):
self.creds2.set_domain(arg)
def _set_password2(self, option, opt_str, arg, parser):
self.creds2.set_password(arg)
self.no_pass2 = False
def _set_kerberos2(self, option, opt_str, arg, parser):
if bool(arg) or arg.lower() == "yes":
self.creds2.set_kerberos_state(MUST_USE_KERBEROS)
else:
self.creds2.set_kerberos_state(DONT_USE_KERBEROS)
def _set_simple_bind_dn2(self, option, opt_str, arg, parser):
self.creds2.set_bind_dn(arg)
def get_credentials2(self, lp, guess=True):
"""Obtain the credentials set on the command-line.
:param lp: Loadparm object to use.
:param guess: Try guess Credentials from environment
:return: Credentials object
"""
if guess:
self.creds2.guess(lp)
elif not self.creds2.get_username():
self.creds2.set_anonymous()
if self.no_pass2:
self.creds2.set_cmdline_callbacks()
return self.creds2示例5: setUp
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def setUp(self):
super(DrsRodcTestCase, self).setUp()
self.base_dn = self.ldb_dc1.get_default_basedn()
rand = random.randint(1, 10000000)
self.ou = "OU=test_drs_rodc%s,%s" % (rand, self.base_dn)
self.ldb_dc1.add({
"dn": self.ou,
"objectclass": "organizationalUnit"
})
self.allowed_group = "CN=Allowed RODC Password Replication Group,CN=Users,%s" % self.base_dn
self.site = self.ldb_dc1.server_site_name()
self.rodc_name = "TESTRODCDRS%s" % rand
self.rodc_pass = "password12#"
self.computer_dn = "CN=%s,OU=Domain Controllers,%s" % (self.rodc_name, self.base_dn)
self.rodc_ctx = dc_join(server=self.ldb_dc1.host_dns_name(), creds=self.get_credentials(), lp=self.get_loadparm(),
site=self.site, netbios_name=self.rodc_name,
targetdir=None, domain=None, machinepass=self.rodc_pass)
self._create_rodc(self.rodc_ctx)
self.rodc_ctx.create_tmp_samdb()
self.tmp_samdb = self.rodc_ctx.tmp_samdb
rodc_creds = Credentials()
rodc_creds.guess(self.rodc_ctx.lp)
rodc_creds.set_username(self.rodc_name+'$')
rodc_creds.set_password(self.rodc_pass)
self.rodc_creds = rodc_creds
(self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1)
(self.rodc_drs, self.rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, rodc_creds)示例6: test_join_records_can_update
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def test_join_records_can_update(self):
dc_creds = Credentials()
dc_creds.guess(self.join_ctx.lp)
dc_creds.set_machine_account(self.join_ctx.lp)
self.tkey_trans(creds=dc_creds)
p = self.make_name_packet(dns.DNS_OPCODE_UPDATE)
q = self.make_name_question(self.join_ctx.dnsdomain,
dns.DNS_QTYPE_SOA,
dns.DNS_QCLASS_IN)
questions = []
questions.append(q)
self.finish_name_packet(p, questions)
updates = []
# Delete the old expected IPs
IPs = samba.interface_ips(self.lp)
for IP in IPs[1:]:
if ":" in IP:
r = dns.res_rec()
r.name = self.join_ctx.dnshostname
r.rr_type = dns.DNS_QTYPE_AAAA
r.rr_class = dns.DNS_QCLASS_NONE
r.ttl = 0
r.length = 0xffff
rdata = IP
else:
r = dns.res_rec()
r.name = self.join_ctx.dnshostname
r.rr_type = dns.DNS_QTYPE_A
r.rr_class = dns.DNS_QCLASS_NONE
r.ttl = 0
r.length = 0xffff
rdata = IP
r.rdata = rdata
updates.append(r)
p.nscount = len(updates)
p.nsrecs = updates
mac = self.sign_packet(p, self.key_name)
(response, response_p) = self.dns_transaction_udp(p, self.server_ip)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.verify_packet(response, response_p, mac)
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
name = self.join_ctx.dnshostname
q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
(response, response_packet) = self.dns_transaction_tcp(p, host=self.server_ip)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
self.assertEquals(response.ancount, 1)示例7: _get_smb_connection
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def _get_smb_connection(self, service='SysVol'):
# Connect to SMB using kerberos
parm = param.LoadParm()
creds = Credentials()
creds.set_kerberos_state(MUST_USE_KERBEROS)
creds.guess(parm)
conn = smb.SMB(self._get_server_name(), service, lp=parm, creds=creds)
return conn示例8: join_replicate
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def join_replicate(ctx):
'''replicate the SAM'''
print "Starting replication"
ctx.local_samdb.transaction_start()
try:
source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id())
if ctx.ntds_guid is None:
print("Using DS_BIND_GUID_W2K3")
destination_dsa_guid = misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID_W2K3)
else:
destination_dsa_guid = ctx.ntds_guid
if ctx.RODC:
repl_creds = Credentials()
repl_creds.guess(ctx.lp)
repl_creds.set_kerberos_state(DONT_USE_KERBEROS)
repl_creds.set_username(ctx.samname)
repl_creds.set_password(ctx.acct_pass)
else:
repl_creds = ctx.creds
binding_options = "seal"
if int(ctx.lp.get("log level")) >= 5:
binding_options += ",print"
repl = drs_utils.drs_Replicate(
"ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
ctx.lp, repl_creds, ctx.local_samdb)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
destination_dsa_guid, schema=True, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
if not ctx.subdomain:
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id,
destination_dsa_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
ctx.repl = repl
ctx.source_dsa_invocation_id = source_dsa_invocation_id
ctx.destination_dsa_guid = destination_dsa_guid
print "Committing SAM database"
except:
ctx.local_samdb.transaction_cancel()
raise
else:
ctx.local_samdb.transaction_commit()示例9: _load_samba_environment
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def _load_samba_environment():
"""Load the samba configuration vars from smb.conf and the sam.db."""
params = samba.param.LoadParm()
params.load_default()
netbiosname = params.get("netbios name")
hostname = netbiosname.lower()
dnsdomain = params.get("realm")
dnsdomain = dnsdomain.lower()
creds = Credentials()
creds.guess(params)
creds.set_machine_account(params)
samdb_url = params.get('dcerpc_mapiproxy:samdb_url')
if samdb_url is None:
samdb_url = params.samdb_url()
samdb_ldb = SamDBWrapper(url=samdb_url,
session_info=system_session(),
credentials=creds,
lp=params)
domaindn = samdb_ldb.domain_dn()
rootdn = domaindn
configdn = "CN=Configuration," + rootdn
# FIXME: Hardcoded strings, those should be queried to LDB, just like
# openchange.provision.guess_names_from_smbconf does.
firstorg = FIRST_ORGANIZATION
firstou = FIRST_ORGANIZATION_UNIT
username_mail = False
if params.get("auth:usernames are emails") == 'yes':
username_mail = True
sam_environ = {"samdb_ldb": samdb_ldb,
"private_dir": params.get("private dir"),
"domaindn": domaindn,
"oc_user_basedn": "CN=%s,CN=%s,CN=%s,%s" \
% (firstou, firstorg, netbiosname, domaindn),
"firstorgdn": ("CN=%s,CN=Microsoft Exchange,CN=Services,%s"
% (firstorg, configdn)),
"legacyserverdn": ("/o=%s/ou=%s/cn=Configuration/cn=Servers"
"/cn=%s"
% (firstorg, firstou, netbiosname)),
"hostname": hostname,
"dnsdomain": dnsdomain,
'username_mail': username_mail,
}
# OpenChange dispatcher DB names
return sam_environ示例10: run
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def run():
param_samba = {
'basedn' : config.get('samba', 'path'),
'pathsamdb':'%s/sam.ldb' % config.get('samba', 'private'),
'adbase': config.get('samba', 'base')
}
# SAMDB
lp = LoadParm()
creds = Credentials()
creds.guess(lp)
samdb_loc = SamDB(url=param_samba['pathsamdb'], session_info=system_session(),credentials=creds, lp=lp)
testpawd = GetPasswordCommand()
testpawd.lp = lp
passwordattr = config.get('common', 'attr_password')
allmail = {}
# Search all users
for user in samdb_loc.search(base=param_samba['adbase'], expression="(&(objectClass=user)(mail=*))", attrs=["mail","sAMAccountName","pwdLastSet"]):
mail = str(user["mail"])
#replace mail if replace_domain in config
if config.getboolean('common', 'replace_domain'):
mail = mail.split('@')[0] + '@' + config.get('common', 'domain')
pwdlastset = user.get('pwdLastSet','')
#add mail in all mail
allmail[mail] = None
if str(pwdlastset) != dict_mail_pwdlastset.get(mail,''):
Random.atfork()
# Update if password different in dict mail pwdlastset
password = testpawd.get_account_attributes(samdb_loc,None,param_samba['basedn'],filter="(sAMAccountName=%s)" % (str(user["sAMAccountName"])),scope=ldb.SCOPE_SUBTREE,attrs=[passwordattr],decrypt=False)
if not passwordattr in password:
continue
password = str(password[passwordattr])
update_password(mail, password, pwdlastset)
#delete user found in dict mail pwdlastset but not found in samba
listdelete = []
for user in dict_mail_pwdlastset :
if not user in allmail:
listdelete.append(user)
for user in listdelete:
del dict_mail_pwdlastset[user]
#write new json dict mail password
if listdelete:
open(filename,'w').write(json.dumps(dict_mail_pwdlastset))示例11: test_max_update_size
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def test_max_update_size(self):
"""Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
"""Start up a client and server GENSEC instance to test things with"""
self.gensec_client = gensec.Security.start_client(self.settings)
self.gensec_client.set_credentials(self.get_credentials())
self.gensec_client.want_feature(gensec.FEATURE_SIGN)
self.gensec_client.set_max_update_size(5)
self.gensec_client.start_mech_by_name("spnego")
self.gensec_server = gensec.Security.start_server(
settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)
)
creds = Credentials()
creds.guess(self.lp_ctx)
creds.set_machine_account(self.lp_ctx)
self.gensec_server.set_credentials(creds)
self.gensec_server.want_feature(gensec.FEATURE_SIGN)
self.gensec_server.set_max_update_size(5)
self.gensec_server.start_mech_by_name("spnego")
client_finished = False
server_finished = False
server_to_client = ""
"""Run the actual call loop"""
i = 0
while not client_finished or not server_finished:
i += 1
if not client_finished:
print("running client gensec_update: %d: %r" % (len(server_to_client), server_to_client))
(client_finished, client_to_server) = self.gensec_client.update(server_to_client)
if not server_finished:
print("running server gensec_update: %d: %r" % (len(client_to_server), client_to_server))
(server_finished, server_to_client) = self.gensec_server.update(client_to_server)
"""Here we expect a lot more than the typical 1 or 2 roundtrips"""
self.assertTrue(i > 10)
session_info = self.gensec_server.session_info()
test_string = "Hello Server"
test_wrapped = self.gensec_client.wrap(test_string)
test_unwrapped = self.gensec_server.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
test_string = "Hello Client"
test_wrapped = self.gensec_server.wrap(test_string)
test_unwrapped = self.gensec_client.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
client_session_key = self.gensec_client.session_key()
server_session_key = self.gensec_server.session_key()
self.assertEqual(client_session_key, server_session_key)示例12: NtlmDisabledTests
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
class NtlmDisabledTests(TestCase):
def setUp(self):
super(NtlmDisabledTests, self).setUp()
self.lp = self.get_loadparm()
self.server = os.getenv("SERVER")
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_username(os.getenv("USERNAME"))
self.creds.set_domain(self.server)
self.creds.set_password(os.getenv("PASSWORD"))
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
def tearDown(self):
super(NtlmDisabledTests, self).tearDown()
def test_ntlm_connection(self):
try:
conn = srvsvc.srvsvc("ncacn_np:%s[smb2,ntlm]" % self.server, self.lp, self.creds)
self.assertIsNotNone(conn)
except NTSTATUSError as e:
# NTLM might be blocked on this server
enum = ctypes.c_uint32(e[0]).value
if enum == ntstatus.NT_STATUS_NTLM_BLOCKED:
self.fail("NTLM is disabled on this server")
else:
raise
def test_samr_change_password(self):
self.creds.set_kerberos_state(MUST_USE_KERBEROS)
conn = samr.samr("ncacn_np:%s[krb5,seal,smb2]" % os.getenv("SERVER"))
# we want to check whether this gets rejected outright because NTLM is
# disabled, so we don't actually need to encrypt a valid password here
server = lsa.String()
server.string = self.server
username = lsa.String()
username.string = os.getenv("USERNAME")
try:
conn.ChangePasswordUser2(server, username, None, None, True, None, None)
except NTSTATUSError as e:
# changing passwords should be rejected when NTLM is disabled
enum = ctypes.c_uint32(e[0]).value
if enum == ntstatus.NT_STATUS_NTLM_BLOCKED:
self.fail("NTLM is disabled on this server")
elif enum == ntstatus.NT_STATUS_WRONG_PASSWORD:
# expected error case when NTLM is enabled
pass
else:
raise示例13: LdifImportExportTests
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
class LdifImportExportTests(samba.tests.TestCaseInTempDir):
def setUp(self):
super(LdifImportExportTests, self).setUp()
self.lp = LoadParm()
self.creds = Credentials()
self.creds.guess(self.lp)
def remove_files(self, *files):
for f in files:
assert f.startswith(self.tempdir)
os.unlink(f)
def test_write_search_url(self):
pass
def test_ldif_to_samdb(self):
dburl = os.path.join(self.tempdir, "ldap")
samdb = ldif_import_export.ldif_to_samdb(dburl, self.lp, MULTISITE_LDIF)
self.assertIsInstance(samdb, SamDB)
dsa = (
"CN=WIN01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,"
"CN=Configuration,DC=ad,DC=samba,DC=example,DC=com"
)
res = samdb.search(ldb.Dn(samdb, "CN=NTDS Settings," + dsa), scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
ntds_guid = misc.GUID(samdb.get_ntds_GUID())
self.assertEqual(misc.GUID(res[0]["objectGUID"][0]), ntds_guid)
service_name_res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
dn = ldb.Dn(samdb, service_name_res[0]["dsServiceName"][0])
self.assertEqual(dn, ldb.Dn(samdb, "CN=NTDS Settings," + dsa))
self.remove_files(dburl)
def test_ldif_to_samdb_forced_local_dsa(self):
for dsa, site in MULTISITE_LDIF_DSAS:
dburl = os.path.join(self.tempdir, "ldif-to-samba-forced-local-dsa" "-%s" % dsa)
samdb = ldif_import_export.ldif_to_samdb(dburl, self.lp, MULTISITE_LDIF, forced_local_dsa=dsa)
self.assertIsInstance(samdb, SamDB)
self.assertEqual(samdb.server_site_name(), site)
res = samdb.search(ldb.Dn(samdb, "CN=NTDS Settings," + dsa), scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
ntds_guid = misc.GUID(samdb.get_ntds_GUID())
self.assertEqual(misc.GUID(res[0]["objectGUID"][0]), ntds_guid)
service_name_res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
dn = ldb.Dn(samdb, service_name_res[0]["dsServiceName"][0])
self.assertEqual(dn, ldb.Dn(samdb, "CN=NTDS Settings," + dsa))
self.remove_files(dburl)
def samdb_to_ldif_file(self):
# samdb_to_ldif_file(samdb, dburl, lp, creds, ldif_file):
pass示例14: test_find_key_param
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def test_find_key_param(self):
paths = get_paths(param, None, smb_conf_path)
creds = Credentials()
lp = env_loadparm()
creds.guess(lp)
rootdn = "dc=samba,dc=example,dc=com"
ldbs = get_ldbs(paths, creds, system_session(), lp)
names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap, paths, smb_conf_path, lp)
self.assertEquals(names.realm, "SAMBA.EXAMPLE.COM")
self.assertEquals(str(names.rootdn).lower(), rootdn.lower())
self.assertNotEquals(names.policyid_dc, None)
self.assertNotEquals(names.ntdsguid, "")示例15: test_msDSRevealedUsers_using_other_RODC
# 需要导入模块: from samba.credentials import Credentials [as 别名]
# 或者: from samba.credentials.Credentials import guess [as 别名]
def test_msDSRevealedUsers_using_other_RODC(self):
"""
Ensure that the machine account is tied to the destination DSA.
"""
# Create a new identical RODC with just the first letter missing
other_rodc_name = self.rodc_name[1:]
other_rodc_ctx = dc_join(server=self.ldb_dc1.host_dns_name(), creds=self.get_credentials(), lp=self.get_loadparm(),
site=self.site, netbios_name=other_rodc_name,
targetdir=None, domain=None, machinepass=self.rodc_pass)
self._create_rodc(other_rodc_ctx)
other_rodc_creds = Credentials()
other_rodc_creds.guess(other_rodc_ctx.lp)
other_rodc_creds.set_username(other_rodc_name+'$')
other_rodc_creds.set_password(self.rodc_pass)
(other_rodc_drs, other_rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, other_rodc_creds)
rand = random.randint(1, 10000000)
expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
drsuapi.DRSUAPI_ATTID_supplementalCredentials,
drsuapi.DRSUAPI_ATTID_ntPwdHistory,
drsuapi.DRSUAPI_ATTID_unicodePwd,
drsuapi.DRSUAPI_ATTID_dBCSPwd]
user_name = "test_rodcF_%s" % rand
user_dn = "CN=%s,%s" % (user_name, self.ou)
self.ldb_dc1.add({
"dn": user_dn,
"objectclass": "user",
"sAMAccountName": user_name
})
# Store some secret on this user
self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
self.ldb_dc1.add_remove_group_members("Allowed RODC Password Replication Group",
[user_name],
add_members_operation=True)
req10 = self._getnc_req10(dest_dsa=str(other_rodc_ctx.ntds_guid),
invocation_id=self.ldb_dc1.get_invocation_id(),
nc_dn_str=user_dn,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
max_objects=133,
replica_flags=0)
try:
(level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
except WERRORError as (enum, estr):
self.assertEquals(enum, 8630) # ERROR_DS_DRA_SECRETS_DENIED