1
0
mirror of https://github.com/samba-team/samba.git synced 2025-06-09 11:17:03 +03:00
Douglas Bagnall 5636d30c09 pytest: test that _glue.crypt works
The test vectors were generated via Python 3.10 crypt module, which
directly wraps crypt(3), which in this case is from glibc 2.39-0ubuntu8.3.

We mainly test the sha256 and sha512 vectors, which seems to be all we
use, and which are said to be widely supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-20 07:04:31 +00:00

156 lines
6.7 KiB
Python

# Unix SMB/CIFS implementation.
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
"""Tests for the _glue Python bindings."""
from samba import _glue
from samba import param
import samba.tests
class GlueTests(samba.tests.TestCase):
def test_generate_random_str(self):
string = _glue.generate_random_str(10)
self.assertEqual(type(string), str)
self.assertEqual(len(string), 10)
def test_generate_random_password(self):
password = _glue.generate_random_password(5, 10)
self.assertEqual(type(password), str)
self.assertTrue(5 <= len(password) <= 10)
def test_unix2nttime(self):
self.assertEqual(_glue.unix2nttime(1), 116444736010000000)
def test_nttime2unix(self):
self.assertEqual(_glue.nttime2unix(116444736010000000), 1)
def test_float2nttime(self):
self.assertEqual(_glue.float2nttime(1.0), 116444736010000000)
self.assertEqual(_glue.float2nttime(1611058908.0), 132555325080000000)
# NTTIME has a resolution of 100ns
self.assertEqual(_glue.float2nttime(1611058908.1234567), 132555325081234567)
self.assertEqual(_glue.float2nttime(1611058908.123456789), 132555325081234567)
def test_nttime2float(self):
self.assertEqual(_glue.nttime2float(1), -11644473600.0)
self.assertEqual(_glue.nttime2float(0x7fffffffffffffff), 910692730085.4775)
self.assertEqual(_glue.nttime2float(0x8000000000000000), 910692730085.4775)
self.assertEqual(_glue.nttime2float(0xf000000000000000), 910692730085.4775)
self.assertEqual(_glue.nttime2float(116444736010000000), 1.0)
self.assertEqual(_glue.nttime2float(132555325080000000), 1611058908.0)
self.assertEqual(_glue.nttime2float(132555325081234567), 1611058908.1234567)
# NTTIME_OMIT (0) and NTTIME_FREEZE (UINT64_MAX) map to SAMBA_UTIME_OMIT (1)
self.assertEqual(_glue.nttime2float(0), 1.0)
self.assertEqual(_glue.nttime2float(0xffffffffffffffff), 1.0)
def test_nttime2string(self):
string = _glue.nttime2string(116444736010000000)
self.assertEqual(type(string), str)
self.assertIn('1970', string)
def test_debug_level(self):
prev_level = _glue.get_debug_level()
try:
self.assertIsNone(_glue.set_debug_level(0))
self.assertEqual(_glue.get_debug_level(), 0)
self.assertIsNone(_glue.set_debug_level(5))
self.assertEqual(_glue.get_debug_level(), 5)
finally:
_glue.set_debug_level(prev_level)
def test_interface_ips(self):
lp = param.LoadParm()
ips = _glue.interface_ips(lp)
self.assertEqual(type(ips), list)
def test_strcasecmp(self):
self.assertEqual(_glue.strcasecmp_m('aA', 'Aa'), 0)
self.assertNotEqual(_glue.strcasecmp_m('ab', 'Aa'), 0)
def test_strstr_m(self):
string = 'testing_string_num__one'
self.assertEqual(_glue.strstr_m(string, '_'), '_string_num__one')
self.assertEqual(_glue.strstr_m(string, '__'), '__one')
self.assertEqual(_glue.strstr_m(string, 'ring'), 'ring_num__one')
def test_crypt(self):
# We hopefully only use schemes 5 and 6 (sha256 and sha512),
# which are OK and also quite widely supported according to
# https://en.wikipedia.org/wiki/Crypt_(C)
for phrase, setting, expected in [
("a", "$5$aaaaaa",
"$5$aaaaaa$F4lxguL7mZR7TGlvukPTJIxoRhVmHMZs8ZdH8oDP0.6"),
# with scheme 5, 5000 rounds is default, so hash is the same as above
('a', '$5$rounds=5000$aaaaaa',
'$5$rounds=5000$aaaaaa$F4lxguL7mZR7TGlvukPTJIxoRhVmHMZs8ZdH8oDP0.6'),
('a',
'$5$rounds=4999$aaaaaa',
'$5$rounds=4999$aaaaaa$FiP70gtxOJUFLokUJvET06E7jbL6aNmF6Wtv2ddzjY8'),
('a', '$5$aaaaab',
'$5$aaaaab$e9qR2F833/JyuMu.nkQc9kn184vBWLo0ODqnCe./mj0'),
('', '$5$aaaaaa', '$5$aaaaaa$5B4WTdWp5n/v/aNUw2N8RsEitqvlZJEaAKhH/pOkGg4'),
("a", "$6$aaaaaa",
"$6$aaaaaa$KHs/Ez7X/I5/K.V8FR7kEsx9rOvjXnEDUmGC.dLBWP87XWy.oUEAM7QYcZQRVhiDwGepOF2pKrCVETYLyASh60"),
('', '$5$', '$5$$3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.'),
# scheme 1 (md5) should be supported if not used
('a', '$1$aaaaaa',
'$1$aaaaaa$MUMWPbGfzrHFCNm7ZHg31.'),
('', '$6$',
'$6$$/chiBau24cE26QQVW3IfIe68Xu5.JQ4E8Ie7lcRLwqxO5cxGuBhqF2HmTL.zWJ9zjChg3yJYFXeGBQ2y3Ba1d1'),
(' ',
'$6$6',
'$6$6$asLnbxf0obyuv3ybNvDE9ZcdwGFkDhLe7uW.wzdOdKCm4/M3vGFKq4Ttk1tBQrOn4wALZ3tj1L8IarIu5i8hR/'),
# original DES scheme, 12 bits of salt
("a", "lalala", "laKGbFzgh./R2"),
("a", "lalalaLALALAla", "laKGbFzgh./R2"),
("a", "arrgh", "ar7VUiUvDhX2c"),
("a", "arrggghhh", "ar7VUiUvDhX2c"),
]:
hash = _glue.crypt(phrase, setting)
self.assertEqual(hash, expected)
def test_crypt_bad(self):
# We can't be too strident in our assertions, because every
# system allows a different set of algorithms, and some have
# different ideas of how to parse.
for phrase, setting, exception in [
("a", "$5", ValueError),
("a", "$0$", ValueError),
("a", None, TypeError),
(None, "", TypeError),
('a', '$66$', ValueError),
('a', '$$', ValueError),
('a', '*0', ValueError),
('a', '*', ValueError),
('a', '++', ValueError),
# this next one is too long, except on Rocky Linux 8.
#('a' * 10000, '$5$5', ValueError),
# this is invalid, except on Debian 11.
# (' ', '$6$ ', ValueError),
]:
with self.assertRaises(exception,
msg=f"crypt({phrase!r}, {setting!r}) didn't fail"):
_glue.crypt(phrase, setting)