HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux spn-python 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64
User: arjun (1000)
PHP: 8.1.2-1ubuntu2.20
Disabled: NONE
$ pwd: /lib/python3/dist-packages/samba/tests/__pycache__/
Upload Files
File: //lib/python3/dist-packages/samba/tests/__pycache__/ldap_spn.cpython-310.pyc
o

��a�@s�ddlZddlZddlZddlZddlmZddlmZddlZddl	m
Z
ddlmZm
Z
ddlmZddlmZmZddlmZmZdd	lmZddlmZddlZdd
lmZmZmZddlm Z m!Z!dZ"hd
�Z#dZ$dZ%dZ&ej'Z(ej)Z*ej+Z,ej-Z.ej/Z0ej1Z2ej3Z4ze5Wn
e6y�dd�Z5Ynwdd�Z7e7�d&dd�Z8d&dd�Z9		d'dd�Z:Gdd�de�Z;eGdd�de;��Z<eGd d!�d!e;��Z=eGd"d#�d#e;��Z>d$d%�Z?e?�dS)(�N)�SamDB)�system_session)�SDUtils)�DONT_USE_KERBEROS�Credentials)�FEATURE_SEAL)�SubunitOptions�TestProgram)�TestCase�ldb_err)�DynamicTestCase)�c_RED�c_GREEN�
c_DARK_YELLOW)�UF_SERVER_TRUST_ACCOUNT�UF_TRUSTED_FOR_DELEGATIONz$f3a64788-5306-11d1-a9c5-0000f80367c1>�dn�dNSHostName�sAMAccountName�servicePrincipalNameTF�reportcCsddl}|��dS)Nr)�pdb�	set_trace)r�r�6/usr/lib/python3/dist-packages/samba/tests/ldap_spn.py�
breakpointAsrcCs�t�d�}t�|�}|�|�t�|�}|�|�t|�a|�t�|jdddt	j
��d�|jddd�|��\}}t
|�d	krJ|��t	�d	�|��a|�t�a|d
at��a|ja|jadS)Nz&python3 ldap_spn.py <server> [options]z--colour�
store_truezuse colour text)�action�help�defaultz--filterz"only run tests matching this regex)r�r)�optparse�OptionParser�options�SambaOptions�add_option_group�CredentialsOptionsr�subunitopts�
add_option�sys�stdout�isatty�
parse_args�len�print_usage�exit�get_loadparm�LP�get_credentials�CREDS�SERVER�	get_realm�REALM�colour�COLOUR_TEXT�filter�FILTER)�parser�	sambaopts�credopts�opts�argsrrr�initFs0�




�


r@cCs0ts|S|dkrt|�S|dkrt|�St|�S)N�error�pass)r8r
rr)�x�staterrr�colour_textlsrEcCs.|dur
t}t�}nd}tdt��t||d�S)Nzldap://)�url�lp�session_info�credentials)r3rrr4r1)�creds�sessionrrr�	get_samdbws
�rL�	samba123@c
Cs�t�}|�|�|�|�|�t���|�t���|�t�	��|�
t��tB�|�
t�d|�d|��}|�dd�d}|j|||d�|rgt|�}|�|�}	|D]}
dt�d|	�d�}|�|
|�qUt|d	�}|S)
N�CN=�,r r)�userouz
(OA;CI;WP;z;;�))rJ)r�set_username�set_password�
set_domainr3�
get_domain�	set_realmr5�set_workstation�get_workstation�set_gensec_features�get_gensec_featuresr�set_kerberos_stater�split�newuserr�get_object_sid�SPN_GUID�dacl_add_acerL)
�samdb�ou�username�writeable_objects�passwordrJ�dnstr�short_ou�sd_utils�sid�obj�mod�unpriv_samdbrrr�add_unpriv_user�s&




rmc@sLeZdZdZedd��Zdd�Zdd�Zdd	�Zd
d�Z	dd
�Z
dd�ZdS)�LdapSpnTestBaseFcCsTt|dd�rdS|jD]^}}trt�t|�sqt�dd|�}|�d|||�qdS)N�	_disabledFz\W+�_�test_spn)�getattr�casesr:�re�search�sub�generate_dynamic_test)�cls�doc�rows�namerrr�setUpDynamicTestCases�s�z%LdapSpnTestBase.setUpDynamicTestCasescCsRtdd�|D��}|D]}d|vr|�dd�\}}nd}t|d|���|�qdS)Ncs��|]}|dVqdS)rNr��.0�rrrr�	<genexpr>���z0LdapSpnTestBase.setup_objects.<locals>.<genexpr>�:r �dc�add_)�setr\rr)�selfrz�objectsr{�objtyperrr�
setup_objects�s�zLdapSpnTestBase.setup_objectscs�d�ji�_tdd�|D��}|D]0}|dkrq|dkr!d}d}nd|�dd�}�fd	d
�|�d�D�}t�j�j||��j|<qdS)N�*csr})�Nrr~rrrr��r�z.LdapSpnTestBase.setup_users.<locals>.<genexpr>��nobody�writes_rOrpcsg|]	}�j|d�qS)r)r��rrC�r�rr�
<listcomp>�sz/LdapSpnTestBase.setup_users.<locals>.<listcomp>)ra�userdbsr��replacer\rmrb)r�rz�permissions�p�userrdrr�r�setup_users�s���zLdapSpnTestBase.setup_userscCs8t|�}t|d�}t|d�}tr&tj��tdtd�d|�d��tj��t�|_	|j	�
�|_|���
dd�ddd	�|_i|_d
|j�d|j��|_|�|j	j|jdg�|j	�|j�|�|�|�|�t|�D�]+\}}t|�d
kr�|\}}	}
}}n	|\}}	}
}tj}|j|
}
d|vr�|�dd�\}}nd}|j|\}}d|i}t|	t�r�|�|	�n|	|d<t|� ��}|�!t"�s�t#d|t"�d���dD]+}t|�$|�t%�r�||j&dt'��d�||<q�t|�$|�t(�r�dd�||D�||<q�tj)�*|
||�}|t+u�rSz|
�,|�Wn&tj-�y4}ztd|d�d|�dt.|��d��WYd}~qmd}~ww|�/d|d�d|
�dt0�1|��d|�d|�d|�d �
�qm|t2u�r�z|
�,|�Wqmtj-�y�}z'|�/d|d�d!|�d"t.|��d#|
�dt0�1|��d|�d|���WYd}~qmd}~ww|t3u�r�z#|j	�,|�td|d�d|�d$td%d��d#t0�1|��d|��
�Wqmtj-�y�}z&td|d�d|�d$td&d��d't.|��d#t0�1|��d|���WYd}~qmd}~ww|t4u�r(z
t4�|
�,|�Wqmtj-�y'}ztd|d�d|�d(t.|��d��WYd}~qmd}~wwz|
�,|�WnHtj-�yw}z:|j5d)|k�rGWYd}~qm|�/d|d�d|�d*t.|��d+t.|��d#|
�dt0�1|��d|�d|���WYd}~nd}~ww|�/d|d�d|�d*t.|��d#|
�dt0�1|��d|�d|���qmdS),NrArB�
z
##########ustarting «u»
�.r �?zOU=rOz
tree_delete:1�r�r�rrzunexpected attr z. Casefold typo?)rr�x.��dnsnamecSsg|]}|jdt��d��qS)r�r�)�formatr6r�rrrr�sz7LdapSpnTestBase._test_spn_with_args.<locals>.<listcomp>zrow z of 'z' failed as expected with z: � z on z should fail (rQz of z
 failed with z:
z' �	SUCCEEDED�FAILEDz with z' FAILED with rz' should have failed with z:
not )6rEr8r)�stderr�flush�printrr*rLra�get_default_basedn�base_dn�id�rsplit�short_idr�rb�
addCleanup�delete�	create_our�r��	enumerater-�ldb�FLAG_MOD_REPLACEr�r\�
isinstance�dict�updater��keys�issubset�RELEVANT_ATTRS�
ValueError�get�strr�r6�list�Message�	from_dict�bad�modify�LdbErrorr�fail�pprint�pformat�okrrr?)r�rzry�cdoc�edoc�pdoc�i�rowrj�data�rights�expected�oprar�rr��mr��k�msg�errr�_test_spn_with_args�s








�

��������
 ������
�����������
0��������������
��z#LdapSpnTestBase._test_spn_with_argscCshd|�d|j��}|�dt����}|j�|dtttB�||��d��|�	|j
|�||f|j|<dS)NrNz,OU=Domain Controllers,r��computer)r�objectclass�userAccountControl�dnsHostName�
carLicense)r�r6�lowerra�addr�rrr�r��
remove_objectr��r�r{rr�rrr�add_dcFs��zLdapSpnTestBase.add_dccCsNd|�d|j��}|j�|||d|��d��|�|j|�|df|j|<dS)NrNrOr�)rr{�samAccountNamer�r�)rbrar�r�r�r�r�)r�r{rrrr�add_userTs�zLdapSpnTestBase.add_usercCs |j�|�\}}|j�|�dS�N)r��poprar�r�rrrr�`szLdapSpnTestBase.remove_objectN)�__name__�
__module__�__qualname__ro�classmethodr|r�r�r�r�r�r�rrrrrn�s

	!mrnc@sT	eZdZdZgddddeff�ddddeff�ddddeff�d	dddefdd
deff�ddddefdd
deff�ddddefdd
deff�d
dddefdd
deeff�ddddefdd
deeff�ddddefdd
deeff�ddddefdddeeff�ddddefdddeeff�ddddefdddeeff�ddddefdddeff�ddddefdddeff�ddddefdddefdddeff�ddddefdddefdddeff�ddddefdddefdddeff�d dddefdddefddd!eff�d"dddefddd#efddd#eff�d$dddefdddefdddeff�d%dddefdd&defdddeff�d'dddefdd&defddd#eff�d(dddefdd&defdddeff�d)dddefdddeff�d*dddefdddeff�d+dddefdddeeff�d,dddefdddeeff�d-dddefdddeeff�d.dddefdddeeff�d/d0ddefdddeff�d1d0ddefdddeff�d2d0ddefddd3eff�d4d0ddefd5d&deff�d6d0ddefd5d&deff�d7d0ddefd5d&d8eff�d9d0ddefd5d&deff�d:dddefddd#eff�d;dddefd5ddeff�d<dddefd5dd=eff�d>dd?defdd@deff�dAdd?defdd@deff�dBdd?defdd@deff�dCddDdefddEdeff�dFd0dEdefd5dDdeff�dGddHdIidefddJdefddJdefddHdKidefddJdefddLdeff�dMddHdNidefddOdefddOdefddHdPidefddOdefddQdefddRdeff�dSddIdefddTdefddUdefddVdefd0dWdeff�gdX�ddYdef�ddZdef�dd[def�dd\def�dd]def�dd^deef�dd_deef�dd`def�ddadef�ddbdef�ddcdef�ddddeef�ddedeef�ddfdef�ddgdef�ddhdef�ddidef�ddjdef�ddkdef�ddldef�ddmdef�d0dndef�d0dodef�ddodef�ddpdef�ddqdef�ddrdef�ddsdef�ddtdef�ddudef�ddvdef�ddwdeef�ddxdef�ddydef�ddydef�ddzdef�dd{def�dd|deef�dd}deef�dd~def�dddef�dd�def�dd�def�dd�def�dd�def�dd�def�dd�def�dd�def�dd�def�R�d�dd�defdd�defdd�defdd�deff�d�dd�defddHdKidefdd�defdd�defdd�deff�d�dddefdddeff�d�dddefdddeff�d�dddefdddeff�d�dddefddHdKidefdddefdd�defdd�deff�d�ddHdIidefdddefddHdKidefdddefdd�defdd�deff�Z	d�S)��LdapSpnTestu�Make sure we can't add clashing servicePrincipalNames.

    This would be possible using sPNMappings aliases — for example, if
    the mapping maps host/ to cifs/, we should not be able to add
    different addresses for each.
    zadd one as admin�A�host/{dnsname}r�zadd one as rightful userzattempt to add one as nobodyr�zadd and replace as adminzhost/x.{dnsname}zreplace as rightful userz attempt to replace one as nobodyzadd second as adminzadd second as rightful userzattempt to add second as nobodyz.add the same one twice, simple duplicate errorz)simple duplicate attributes, as non-adminz+add the same one twice, identical duplicatez%add a conflict, host first, as nobody�host/z.{dnsname}�B�cifs/z.{dnsname}z(add a conflict, service first, as nobody�cifs/{dnsname}z(three way conflict, host first, as admin�C�www/z.{dnsname}z6three way conflict, host first, with sufficient rightszB,A�C,Az0three way conflict, host first, adding duplicatez=three way conflict, host first, adding duplicate, full rightszC,B,Az7three way conflict, host first, with other write rights�A,Bz)three way conflict, host first, as nobodyz,three way conflict, services first, as admin�
www/{dnsname}z=three way conflict, services first, with service write rightsz,three way conflict, service first, as nobodyzreplace host before specificz&replace host after specific, as nobodyz!non-conflict host before specificz non-conflict host after specificz,non-conflict host before specific, non-adminz+non-conflict host after specific, as nobodyz,add a conflict, host first on user, as admin�user:Cz/add a conflict, host first on user, host rightsz/add a conflict, host first on user, both rights�B,Cz'add a conflict, host first both on user�user:Dz4add a conflict, host first both on user, host rightsz4add a conflict, host first both on user, both rightszC,Dz2add a conflict, host first both on user, as nobodyz2add a conflict, host first, with both write rightsz4add a conflict, host first, second on user, as adminz7add a conflict, host first, second on user, with rightszA,Dznonsense SPNs, part 1, as adminza-b-c/{dnsname}zrrrrrrrrrrrrr /{dnsname}znonsense SPNs, part 1, as userz nonsense SPNs, part 1, as nobodyzadd a conflict, using portz
dns/{dnsname}zdns/{dnsname}:53z&add a conflict, using port, port firstzthree part spnsr�	{dnsname}�'cifs/{dnsname}/DomainDNSZones.{dnsname}�y.{dnsname}�)cifs/y.{dnsname}/DomainDNSZones.{dnsname}zthree part nonsense spns�beanzcifs/bean/DomainDNSZones.beanzy.beanzcifs/y.bean/DomainDNSZones.beanzhost/bean/beanzone part spns (no slashes)�cifszcifs/r��hostz
dodgy spnsz\/{dnsname}zcifs/\\{dnsname}zcifs/\\\{dnsname}zcifs/\\\{dnsname}/ucīfs/\\\{dnsname}/ucifs/sficucifs/\\\{dnsname}r�z
/
z
/
/
z
/
/
/
z /* and so on */ u
¯\_(ツ)_/¯u
¯\_(つ)_/¯u
¯\_(㋡)_/¯z//z //z/host/{dnsname}z/host/x.y.zz/ /x.y.zz / / shost/z /hostu /HōSTu	 /ħØştz /H0STu /НoSTz  /hostu /hostu 2/HōST/⌷[ ][]¨(z (//)z ///z /\//z\//z\\/\\/z|//|z\/\/\\r�z:/:z:/:80u:/:( ツz:/:/:scifs/���\example.coms:/����s
:/b/b/b/bsa@b/a@b/a@bs	a/a@b/a@bz%empty part spns (consecutive slashes)zcifs//{dnsname}zcifs/zzzy.{dnsname}/z/host/zzzy.{dnsname}ztoo many spn partsz"cifs/{dnsname}/{dnsname}/{dnsname}zcifs/{dnsname}/{dnsname}/zcifs/y.{dnsname}/{dnsname}/toopzhost/{dnsname}/a/b/cz$add a conflict, host first, as adminz2add a conflict, host first, with host write rightsz8add a conflict, service first, with service write rightsz5adding dNSHostName after cifs with no old dNSHostName�cifs/y.{dnsname}�host/y.{dnsname}zchanging dNSHostName after cifsN)
r�r�r��__doc__r��deniedr�r��
constraintrsrrrrr�es�
��
��
��

��

��

��
��
�� 
��%
��)
��.
��3

��8

��>


��C


��H


��M


��S


��Y


��_


��d


��j


��o

��s

��x
��|
��
���
���


���

���

���

���

���

���"

���&

���+

���/

���4

���8

���<

���A

���E

���I



���Q




���[




���c
�
�
�
�
	��
�
�
�
�
���
�
�
�
�
�
�
�
�
�
�
 �
!�
"�
#�
$�
%�
&�
'�(�
)�
*�
+�
,�
-�.�/�
1�
2�
3�
4�
5�
6�
7�
8�
9�
:��� 



����&



����-

����1

����5

����9



����@



����r�c'@s�eZdZdejvZddddefdddeffddd	defdd
deffddd	defdd
deffddd	defdd
d
effddd
defdddeffddd	defdddefddd
gdeffddddidefdd
defdddidefdd	defddde	fddde	ffddddefdddeffddddefdddeffddd	defdd
defdd	deffd dd	defdd
defdd	deffd!dd	defdd
defdd
dee
fdd	deeffd"dd#defdd	defdd
defdd	deffd$dd#defdd	defdd
d%efdd	d%effd&dd	defdd
deefdddeefdd'deefdd(deefdddee
fdd
dee
fdd
deefdddeefdd(dee
ffd)dd	defdd
deefdddeefdd'deefdd(deefdddee
fdd
dee
fdd
deefdddeefdd(dee
ffd*dddefdddefd+d,d+effd-dddefddde	fd+d,d.effd/dd
defdd	d
efdd	defdd
defd+dd0efd+dd1efdd
d
efdd2defd+dd+efdd	defdd
de	fdd
d0e	fd+dd+ee
fdd	dee
fdd
defd+dd1eefdd	d
effd3dd	defddd0efd+d
d0e	ffd4dd	defdddefd+d
d0e	ffd5dd	defdddefd+d
d+e	ffd6dd	defdd	dee
fddd0efdd
d
e	fdddee
fdd
d
efd+d	d+e	fd+d	d1eff	d7dd	d8efdddefd+d
d8e	ffgZd9S):�LdapSpnSambaOnlyTest�SAMBA_SELFTESTz5add a conflict, host first, with service write rightsr�r�r�r�r�z5add a conflict, service first, with host write rightsr�r�z'add a conflict, service first, as adminz5add a conflict, service first, with both write rightsr�z7add a conflict, host first both on user, service rightsr�r�r��Dz)add a conflict, along with a re-added SPNzcifs/heeble.example.netzchanging dNSHostName after hostrr�r�r�r�z!mystery dnsname clash, host firstzhost/heeble.example.netzwww/heeble.example.netz mystery dnsname clash, www firstzreplace as adminz replace as non-admin with rightsz,replace vial delete as non-admin with rightsz#replace as non-admin without rightszcifs/bzreplace as nobodyr�zaccumulate and delete as adminzwww/...zhost/...z&accumulate and delete with user rightsz9three way conflict, host first, with partial write rightsr�r�z;three way conflict, host first, with partial write rights 2r�z.three way conflict sandwich, sufficient rightszA,B,Cr�zldap/{dnsname}z8three way conflict, service first, with all write rightsz9three way conflict, service first, just sufficient rightsz9three way conflict, service first, with host write rightsz9three way conflict, service first, with both write rightsz7three way conflict, services first, with partial rightszA,CN)
r�r�r��os�environror�r�r�r�r�r�rsrrrrr�s8


�

�

�

�

�

�



�	

�

�


�


�

�



�



�
�
�


�


�













�


�


�


�





�



���rc@s�eZdZdZddddefdddeffdd	ddefd	d
deeffdd	ddeffd
dd	d	d�dej	fdddidefdddidefdddidefdddideffdd	ddidefd	ddefd	ddidefdddefdddefdddefd	ddeffgZ
dS)�LdapSpnAmbitiousTestTz1add a conflict with port, host first both on userr�r�r�r�zwww/{dnsname}:80z2add the same one twice, case-insensitive duplicater�zHost/{dnsname}zspecial SPNzSE3514235-4B06-11D1-AB04-00C04FC2DCD2/75b84f00-a81b-4a19-8ef2-8e483cccff11/{dnsname}z(single part SPNs matching sAMAccountNamezuser:A)rrzuser:Brr�rr�z three part spns with dnsHostNamerr�r�r�r�zhost/{y.dnsname}/{y.dnsname}zhost/y.{dnsname}/{dnsname}N)r�r�r�ror�r�r�r�r��ERR_NO_SUCH_OBJECTrsrrrrrpsH

�
������





��rcCstttd�dS)N)�moduler>)r	r�r'rrrr�main�srr�)NrM)@r)rr�rt�samba.samdbr�
samba.authrr��samba.sd_utilsr�samba.credentialsrr�samba.gensecr�samba.tests.subunitrunrr	�samba.testsr
rr�samba.getopt�getoptr#r!�samba.colourr
rr�
samba.dsdbrrr_r�r�r�r�ERR_OPERATIONS_ERROR�operr�ERR_INSUFFICIENT_ACCESS_RIGHTSr��ERR_CONSTRAINT_VIOLATIONr��ERR_ENTRY_ALREADY_EXISTS�exists�FLAG_MOD_ADDr�r�r��FLAG_MOD_DELETEr�r�	NameErrorr@rErLrmrnr�rrrrrrr�<module>sl�#


�E^.(

@ Telegram