python tests Blackbox: add random_password

Add the random_password method to the BlackboxTestCase class and remove
duplicated copies from other test cases. Also use SystemRandom so that
the generated passwords are more cryptographically sound.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/__init__.py

@@ -38,6 +38,8 @@ import samba.dcerpc.base
 from samba.compat import PY3, text_type
 from samba.compat import string_types
 from random import randint
+from random import SystemRandom
+import string
 try:
     from samba.samdb import SamDB
 except ImportError:
@@ -400,6 +402,17 @@ class BlackboxTestCase(TestCaseInTempDir):
             raise BlackboxProcessError(retcode, line, stdoutdata, stderrdata)
         return stdoutdata
 
+    # Generate a random password that can be safely  passed on the command line
+    # i.e. it does not contain any shell meta characters.
+    def random_password(self, count=32):
+        password = SystemRandom().choice(string.ascii_uppercase)
+        password += SystemRandom().choice(string.digits)
+        password += SystemRandom().choice(string.ascii_lowercase)
+        password += ''.join(SystemRandom().choice(string.ascii_uppercase +
+                    string.ascii_lowercase +
+                    string.digits) for x in range(count - 3))
+        return password
+
 
 def connect_samdb(samdb_url, lp=None, session_info=None, credentials=None,
                   flags=0, ldb_options=None, ldap_only=False, global_schema=True):

python/samba/tests/samba_tool/base.py

@@ -124,13 +124,6 @@ class SambaToolCmdTest(samba.tests.BlackboxTestCase):
         name += ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(count - 1))
         return name
 
-    def randomPass(self, count=16):
-        name = random.choice(string.ascii_uppercase)
-        name += random.choice(string.digits)
-        name += random.choice(string.ascii_lowercase)
-        name += ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(count - 3))
-        return name
-
     def randomXid(self):
         # pick some hopefully unused, high UID/GID range to avoid interference
         # from the system the test runs on

python/samba/tests/samba_tool/user.py

@@ -196,7 +196,7 @@ class UserCmdTestCase(SambaToolCmdTest):
 
     def test_setpassword(self):
         for user in self.users:
-            newpasswd = self.randomPass()
+            newpasswd = self.random_password(16)
             (result, out, err) = self.runsubcmd("user", "setpassword",
                                                 user["name"],
                                                 "--newpassword=%s" % newpasswd,
@@ -238,7 +238,7 @@ class UserCmdTestCase(SambaToolCmdTest):
                              "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
 
         for user in self.users:
-            newpasswd = self.randomPass()
+            newpasswd = self.random_password(16)
             creds = credentials.Credentials()
             creds.set_anonymous()
             creds.set_password(newpasswd)
@@ -300,7 +300,7 @@ class UserCmdTestCase(SambaToolCmdTest):
                                  "getpassword virtualSSHA: out[%s]" % out)
 
         for user in self.users:
-            newpasswd = self.randomPass()
+            newpasswd = self.random_password(16)
             (result, out, err) = self.runsubcmd("user", "setpassword",
                                                 user["name"],
                                                 "--newpassword=%s" % newpasswd,
@@ -508,7 +508,7 @@ sAMAccountName: %s
         """create a user with random attribute values, you can specify base attributes"""
         user = {
             "name": self.randomName(),
-            "password": self.randomPass(),
+            "password": self.random_password(16),
             "surname": self.randomName(),
             "given-name": self.randomName(),
             "job-title": self.randomName(),

python/samba/tests/samba_tool/user_virtualCryptSHA.py

@@ -29,23 +29,8 @@ from samba.ndr import ndr_unpack
 from samba.dcerpc import drsblobs
 from samba import dsdb
 import re
-import random
-import string
 
 USER_NAME = "CryptSHATestUser"
-# Create a random 32 character password, containing only letters and
-# digits to avoid issues when used on the command line.
-# Ensuring the password includes at least:
-#   1 upper case letter
-#   1 lower case letter
-#   1 digit.
-#
-USER_PASS = (''.join(random.choice(string.ascii_uppercase +
-                                   string.ascii_lowercase +
-                                   string.digits) for _ in range(29)) +
-             random.choice(string.ascii_uppercase) +
-             random.choice(string.ascii_lowercase) +
-             random.choice(string.digits))
 HASH_OPTION = "password hash userPassword schemes"
 
 # Get the value of an attribute from the output string
@@ -86,10 +71,11 @@ class UserCmdCryptShaTestCase(SambaToolCmdTest):
             credentials=self.creds,
             lp=self.lp)
 
+        password = self.random_password()
         self.runsubcmd("user",
                        "create",
                        USER_NAME,
-                       USER_PASS)
+                       password)
 
     def tearDown(self):
         super(UserCmdCryptShaTestCase, self).tearDown()