summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
authorSean Dague <sdague@linux.vnet.ibm.com>2011-11-02 10:02:29 -0400
committerAndrew Tridgell <tridge@samba.org>2011-11-10 14:24:20 +1100
commita818253960d25f3f48cdf8cd3fab5e13f39d29ee (patch)
tree88a77394b6f24ad55ebf06dbf692066e2dc203ff /source4/scripting
parenta66eae9a6d599f9bf5572dbe1be8ee0450c5df21 (diff)
downloadsamba-a818253960d25f3f48cdf8cd3fab5e13f39d29ee.tar.gz
samba-a818253960d25f3f48cdf8cd3fab5e13f39d29ee.tar.bz2
samba-a818253960d25f3f48cdf8cd3fab5e13f39d29ee.zip
test: add samba-tool user tests
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/samba/tests/samba_tool/user.py215
1 files changed, 215 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/samba_tool/user.py b/source4/scripting/python/samba/tests/samba_tool/user.py
new file mode 100644
index 0000000000..4fe43e5526
--- /dev/null
+++ b/source4/scripting/python/samba/tests/samba_tool/user.py
@@ -0,0 +1,215 @@
+#!/usr/bin/env python
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import sys
+import pprint
+import time
+import ldb
+from samba.tests.samba_tool.base import SambaToolCmdTest
+from samba import nttime2unix
+
+class UserCmdTestCase(SambaToolCmdTest):
+ """Tests for samba-tool user subcommands"""
+ users = []
+ samdb = None
+
+ def setUp(self):
+ super(UserCmdTestCase, self).setUp()
+ self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ self.users = []
+ self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
+ self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
+ self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
+ self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
+
+ # setup the 4 users and ensure they are correct
+ for user in self.users:
+ (result, out, err) = self._create_user(user)
+
+ self.assertCmdSuccess(result)
+ self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertIn("User '%s' created successfully" % user["name"], out)
+
+ found = self._find_user(user["name"])
+
+ self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
+ self.assertEquals("%s" % found.get("title"), user["job-title"])
+ self.assertEquals("%s" % found.get("company"), user["company"])
+ self.assertEquals("%s" % found.get("description"), user["description"])
+ self.assertEquals("%s" % found.get("department"), user["department"])
+
+ def tearDown(self):
+ super(UserCmdTestCase, self).tearDown()
+ # clean up all the left over users, just in case
+ for user in self.users:
+ if self._find_user(user["name"]):
+ self.runsubcmd("user", "delete", user["name"])
+
+
+ def test_newuser(self):
+ # try to add all the users again, this should fail
+ for user in self.users:
+ (result, out, err) = self._create_user(user)
+ self.assertCmdFail(result, "Ensure that create user files")
+ self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
+
+ # try to delete all the 4 users we just added
+ for user in self.users:
+ (result, out, err) = self.runsubcmd("user", "delete", user["name"])
+ self.assertCmdSuccess(result, "Can we delete users")
+ found = self._find_user(user["name"])
+ self.assertIsNone(found)
+
+ # test adding users with --use-username-as-cn
+ for user in self.users:
+ (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
+ "--use-username-as-cn",
+ "--surname=%s" % user["surname"],
+ "--given-name=%s" % user["given-name"],
+ "--job-title=%s" % user["job-title"],
+ "--department=%s" % user["department"],
+ "--description=%s" % user["description"],
+ "--company=%s" % user["company"],
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+
+ self.assertCmdSuccess(result)
+ self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertIn("User '%s' created successfully" % user["name"], out)
+
+ found = self._find_user(user["name"])
+
+ self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
+ self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
+
+
+
+ def test_setpassword(self):
+ for user in self.users:
+ newpasswd = self.randomPass()
+ (result, out, err) = self.runsubcmd("user", "setpassword",
+ user["name"],
+ "--newpassword=%s" % newpasswd,
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ # self.assertCmdSuccess(result, "Ensure setpassword runs")
+ self.assertEquals(err,"","setpassword with url")
+ self.assertMatch(out, "Changed password OK", "setpassword with url")
+
+ for user in self.users:
+ newpasswd = self.randomPass()
+ (result, out, err) = self.runsubcmd("user", "setpassword",
+ user["name"],
+ "--newpassword=%s" % newpasswd)
+ # self.assertCmdSuccess(result, "Ensure setpassword runs")
+ self.assertEquals(err,"","setpassword without url")
+ self.assertMatch(out, "Changed password OK", "setpassword without url")
+
+ for user in self.users:
+ newpasswd = self.randomPass()
+ (result, out, err) = self.runsubcmd("user", "setpassword",
+ user["name"],
+ "--newpassword=%s" % newpasswd,
+ "--must-change-at-next-login",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ # self.assertCmdSuccess(result, "Ensure setpassword runs")
+ self.assertEquals(err,"","setpassword with forced change")
+ self.assertMatch(out, "Changed password OK", "setpassword with forced change")
+
+
+
+
+ def test_setexpiry(self):
+ twodays = time.time() + (2 * 24 * 60 * 60)
+
+ for user in self.users:
+ (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
+ "--days=2",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ self.assertCmdSuccess(result, "Can we run setexpiry with names")
+ self.assertIn("Set expiry for user '%s' to 2 days" % user["name"], out)
+
+ for user in self.users:
+ found = self._find_user(user["name"])
+
+ expires = nttime2unix(int("%s" % found.get("accountExpires")))
+ self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
+
+ # TODO: renable this after the filter case is sorted out
+ if "filters are broken, bail now":
+ return
+
+ # now run the expiration based on a filter
+ fourdays = time.time() + (4 * 24 * 60 * 60)
+ (result, out, err) = self.runsubcmd("user", "setexpiry",
+ "--filter", "(&(objectClass=user)(company=comp2))",
+ "--days=4",
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+ self.assertCmdSuccess(result, "Can we run setexpiry with a filter")
+
+ for user in self.users:
+ found = self._find_user(user["name"])
+ if ("%s" % found.get("company")) == "comp2":
+ expires = nttime2unix(int("%s" % found.get("accountExpires")))
+ self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
+ else:
+ expires = nttime2unix(int("%s" % found.get("accountExpires")))
+ self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
+
+
+ def _randomUser(self, base={}):
+ """create a user with random attribute values, you can specify base attributes"""
+ user = {
+ "name": self.randomName(),
+ "password": self.randomPass(),
+ "surname": self.randomName(),
+ "given-name": self.randomName(),
+ "job-title": self.randomName(),
+ "department": self.randomName(),
+ "company": self.randomName(),
+ "description": self.randomName(count=100),
+ }
+ user.update(base)
+ return user
+
+ def _create_user(self, user):
+ return self.runsubcmd("user", "add", user["name"], user["password"],
+ "--surname=%s" % user["surname"],
+ "--given-name=%s" % user["given-name"],
+ "--job-title=%s" % user["job-title"],
+ "--department=%s" % user["department"],
+ "--description=%s" % user["description"],
+ "--company=%s" % user["company"],
+ "-H", "ldap://%s" % os.environ["DC_SERVER"],
+ "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+
+ def _find_user(self, name):
+ search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
+ userlist = self.samdb.search(base=self.samdb.domain_dn(),
+ scope=ldb.SCOPE_SUBTREE,
+ expression=search_filter, attrs=[])
+ if userlist:
+ return userlist[0]
+ else:
+ return None