summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rwxr-xr-xsource4/auth/credentials/tests/bind.py80
1 files changed, 60 insertions, 20 deletions
diff --git a/source4/auth/credentials/tests/bind.py b/source4/auth/credentials/tests/bind.py
index 231852ca9e..7bfc1f53a6 100755
--- a/source4/auth/credentials/tests/bind.py
+++ b/source4/auth/credentials/tests/bind.py
@@ -7,6 +7,8 @@ import sys
import base64
import re
import os
+import copy
+import time
sys.path.append("bin/python")
import samba
@@ -44,37 +46,44 @@ host = args[0]
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
-creds_machine = creds
+creds_machine = copy.deepcopy(creds)
+creds_user1 = copy.deepcopy(creds)
+creds_user2 = copy.deepcopy(creds)
+creds_user3 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
+
+ info_dc = None
+
+ def setUp(self):
+ super(BindTests, self).setUp()
+ # fetch rootDSEs
+ if self.info_dc is None:
+ res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ self.assertEquals(len(res), 1)
+ BindTests.info_dc = res[0]
+ # cache some of RootDSE props
+ self.schema_dn = self.info_dc["schemaNamingContext"][0]
+ self.domain_dn = self.info_dc["defaultNamingContext"][0]
+ self.config_dn = self.info_dc["configurationNamingContext"][0]
+ self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
+ self.password = "P@ssw0rd"
+ self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+
def delete_force(self, ldb, dn):
try:
ldb.delete(dn)
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- def find_basedn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["defaultNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["defaultNamingContext"][0]
-
- def setUp(self):
- super(BindTests, self).setUp()
- self.base_dn = self.find_basedn(ldb)
-
def tearDown(self):
super(BindTests, self).tearDown()
def test_computer_account_bind(self):
# create a computer acocount for the test
- self.user_dn = "CN=centos53,CN=Computers,%s" % self.base_dn
- self.password = "P@ssw0rd"
- self.acc_name = "centos53$"
-
- self.delete_force(ldb, self.user_dn)
+ self.delete_force(ldb, self.computer_dn)
ldb.add_ldif("""
-dn: """ + self.user_dn + """
+dn: """ + self.computer_dn + """
cn: CENTOS53
displayName: CENTOS53$
name: CENTOS53
@@ -92,17 +101,48 @@ operatingSystemVersion: 5.2 (3790)
operatingSystem: Windows Server 2003
""")
ldb.modify_ldif("""
-dn: """ + self.user_dn + """
+dn: """ + self.computer_dn + """
changetype: modify
replace: unicodePwd
unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
""")
# do a simple bind and search with the machine account
- creds_machine.set_bind_dn(self.user_dn)
+ creds_machine.set_bind_dn(self.computer_dn)
creds_machine.set_password(self.password)
+ print "BindTest with: " + creds_machine.get_bind_dn()
ldb_machine = SamDB(host, credentials=creds_machine, session_info=system_session(), lp=lp)
- self.find_basedn(ldb_machine)
+ res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ def test_user_account_bind(self):
+ # create user
+ ldb.newuser(username=self.username, password=self.password)
+ ldb_res = ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEquals(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+
+ # do a simple bind and search with the user account in format user@realm
+ creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
+ creds_user1.set_password(self.password)
+ print "BindTest with: " + creds_user1.get_bind_dn()
+ ldb_user1 = SamDB(host, credentials=creds_user1, session_info=system_session(), lp=lp)
+ res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the user account in format domain\user
+ creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
+ creds_user2.set_password(self.password)
+ print "BindTest with: " + creds_user2.get_bind_dn()
+ ldb_user2 = SamDB(host, credentials=creds_user2, lp=lp)
+ res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+ # do a simple bind and search with the user account DN
+ creds_user3.set_bind_dn(str(user_dn))
+ creds_user3.set_password(self.password)
+ print "BindTest with: " + creds_user3.get_bind_dn()
+ ldb_user3 = SamDB(host, credentials=creds_user3, session_info=system_session(), lp=lp)
+ res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
if not "://" in host:
host = "ldap://%s" % host