/ usr / lib / python3 / dist-packages / samba / tests / krb5 / [ HOME SHELL ]

Name	Size	Permission	Action
__pycache__	[ DIR ]	drwxr-xr-x
alias_tests.py	7.01 KB	-rw-r--r--
as_canonicalization_tests.py	14.1 KB	-rw-r--r--
as_req_tests.py	10.06 KB	-rw-r--r--
compatability_tests.py	10.3 KB	-rw-r--r--
etype_tests.py	24.97 KB	-rw-r--r--
fast_tests.py	56.11 KB	-rw-r--r--
kcrypto.py	33.52 KB	-rw-r--r--
kdc_base_test.py	72.76 KB	-rw-r--r--
kdc_tests.py	7.35 KB	-rw-r--r--
kdc_tgs_tests.py	108.09 KB	-rw-r--r--
kpasswd_tests.py	39 KB	-rw-r--r--
ms_kile_client_principal_looku...	31.29 KB	-rw-r--r--
raw_testcase.py	168.26 KB	-rw-r--r--
rfc4120_constants.py	7.12 KB	-rw-r--r--
rfc4120_pyasn1.py	45.11 KB	-rw-r--r--
rodc_tests.py	2.52 KB	-rw-r--r--
s4u_tests.py	57.83 KB	-rw-r--r--
salt_tests.py	11.85 KB	-rw-r--r--
simple_tests.py	6.73 KB	-rw-r--r--
spn_tests.py	6.93 KB	-rw-r--r--
test_ccache.py	5.92 KB	-rw-r--r--
test_idmap_nss.py	8.83 KB	-rw-r--r--
test_ldap.py	6.11 KB	-rw-r--r--
test_min_domain_uid.py	4.35 KB	-rw-r--r--
test_rpc.py	4.52 KB	-rw-r--r--
test_smb.py	5.32 KB	-rw-r--r--
xrealm_tests.py	6.76 KB	-rw-r--r--

Code Editor : test_min_domain_uid.py

#!/usr/bin/env python3
# Unix SMB/CIFS implementation.
# Copyright (C) Samuel Cabrero 2021
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import sys
import os

sys.path.insert(0, "bin/python")
os.environ["PYTHONUNBUFFERED"] = "1"

import pwd
import ctypes

from samba.tests import env_get_var_value
from samba.samba3 import libsmb_samba_internal as libsmb
from samba.samba3 import param as s3param
from samba import NTSTATUSError, ntstatus

from samba.tests.krb5.kdc_base_test import KDCBaseTest
from samba.credentials import MUST_USE_KERBEROS, DONT_USE_KERBEROS

class SmbMinDomainUid(KDCBaseTest):
    """Test for SMB authorization without NSS winbind. In such setup domain
       accounts are mapped to local accounts using the 'username map' option.
    """

def setUp(self):
        super(KDCBaseTest, self).setUp()

# Create a user account, along with a Kerberos credentials cache file
        # where the service ticket authenticating the user are stored.
        self.samdb = self.get_samdb()

self.mach_name = env_get_var_value('SERVER')
        self.user_name = "root"
        self.service = "cifs"
        self.share = "tmp"

# Create the user account.
        (self.user_creds, _) = self.create_account(self.samdb, self.user_name)

# Build the global inject file path
        server_conf = env_get_var_value('SMB_CONF_PATH')
        server_conf_dir = os.path.dirname(server_conf)
        self.global_inject = os.path.join(server_conf_dir, "global_inject.conf")

def _test_min_uid(self, creds):
        # Assert unix root uid is less than 'idmap config ADDOMAIN' minimum
        s3_lp = s3param.get_context()
        s3_lp.load(self.get_lp().configfile)

domain_range = s3_lp.get("idmap config * : range").split('-')
        domain_range_low = int(domain_range[0])
        unix_root_pw = pwd.getpwnam(self.user_name)
        self.assertLess(unix_root_pw.pw_uid, domain_range_low)
        self.assertLess(unix_root_pw.pw_gid, domain_range_low)

conn = libsmb.Conn(self.mach_name, self.share, lp=s3_lp, creds=creds)
        # Disconnect
        conn = None

# Restrict access to local root account uid
        with open(self.global_inject, 'w') as f:
            f.write("min domain uid = %s\n" % (unix_root_pw.pw_uid + 1))

with self.assertRaises(NTSTATUSError) as cm:
            conn = libsmb.Conn(self.mach_name,
                               self.share,
                               lp=s3_lp,
                               creds=creds)
        code = ctypes.c_uint32(cm.exception.args[0]).value
        self.assertEqual(code, ntstatus.NT_STATUS_INVALID_TOKEN)

# check that the local root account uid is now allowed
        with open(self.global_inject, 'w') as f:
            f.write("min domain uid = %s\n" % unix_root_pw.pw_uid)

conn = libsmb.Conn(self.mach_name, self.share, lp=s3_lp, creds=creds)
        # Disconnect
        conn = None

with open(self.global_inject, 'w') as f:
            f.truncate()

def test_min_domain_uid_krb5(self):
        krb5_state = self.user_creds.get_kerberos_state()
        self.user_creds.set_kerberos_state(MUST_USE_KERBEROS)
        ret = self._test_min_uid(self.user_creds)
        self.user_creds.set_kerberos_state(krb5_state)
        return ret

def test_min_domain_uid_ntlmssp(self):
        krb5_state = self.user_creds.get_kerberos_state()
        self.user_creds.set_kerberos_state(DONT_USE_KERBEROS)
        ret = self._test_min_uid(self.user_creds)
        self.user_creds.set_kerberos_state(krb5_state)
        return ret

def tearDown(self):
        # Ensure no leftovers in global inject file
        with open(self.global_inject, 'w') as f:
            f.truncate()

super(KDCBaseTest, self).tearDown()

if __name__ == "__main__":
    import unittest
    unittest.main()

Urban Research Lab

Urban Research Lab

The Urban Research Lab (URL) at IIIT-Delhi was established in 2020, during a time when the pandemic brought the complexities of urban life more visible than ever. What started as an initiative by faculty and students has grown into a collaborative space for critically exploring and reimagining the urban questions through research, dialogue, and interdisciplinary engagement.