summaryrefslogtreecommitdiff
path: root/source4/scripting/python/samba/tests/samba_tool/user.py
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting/python/samba/tests/samba_tool/user.py')
-rw-r--r--source4/scripting/python/samba/tests/samba_tool/user.py362
1 files changed, 0 insertions, 362 deletions
diff --git a/source4/scripting/python/samba/tests/samba_tool/user.py b/source4/scripting/python/samba/tests/samba_tool/user.py
deleted file mode 100644
index 33344cd3d3..0000000000
--- a/source4/scripting/python/samba/tests/samba_tool/user.py
+++ /dev/null
@@ -1,362 +0,0 @@
-# Unix SMB/CIFS implementation.
-# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-import os
-import time
-import ldb
-from samba.tests.samba_tool.base import SambaToolCmdTest
-from samba import (
- nttime2unix,
- dsdb
- )
-
-class UserCmdTestCase(SambaToolCmdTest):
- """Tests for samba-tool user subcommands"""
- users = []
- samdb = None
-
- def setUp(self):
- super(UserCmdTestCase, self).setUp()
- self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.users = []
- self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
- self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
- self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
- self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
- self.users.append(self._randomPosixUser({"name": "posixuser1"}))
- self.users.append(self._randomPosixUser({"name": "posixuser2"}))
- self.users.append(self._randomPosixUser({"name": "posixuser3"}))
- self.users.append(self._randomPosixUser({"name": "posixuser4"}))
-
- # setup the 8 users and ensure they are correct
- for user in self.users:
- (result, out, err) = user["createUserFn"](user)
-
- self.assertCmdSuccess(result)
- self.assertEquals(err,"","Shouldn't be any error messages")
- self.assertIn("User '%s' created successfully" % user["name"], out)
-
- user["checkUserFn"](user)
-
-
- def tearDown(self):
- super(UserCmdTestCase, self).tearDown()
- # clean up all the left over users, just in case
- for user in self.users:
- if self._find_user(user["name"]):
- self.runsubcmd("user", "delete", user["name"])
-
-
- def test_newuser(self):
- # try to add all the users again, this should fail
- for user in self.users:
- (result, out, err) = self._create_user(user)
- self.assertCmdFail(result, "Ensure that create user fails")
- self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
-
- # try to delete all the 4 users we just added
- for user in self.users:
- (result, out, err) = self.runsubcmd("user", "delete", user["name"])
- self.assertCmdSuccess(result, "Can we delete users")
- found = self._find_user(user["name"])
- self.assertIsNone(found)
-
- # test adding users with --use-username-as-cn
- for user in self.users:
- (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
- "--use-username-as-cn",
- "--surname=%s" % user["surname"],
- "--given-name=%s" % user["given-name"],
- "--job-title=%s" % user["job-title"],
- "--department=%s" % user["department"],
- "--description=%s" % user["description"],
- "--company=%s" % user["company"],
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-
- self.assertCmdSuccess(result)
- self.assertEquals(err,"","Shouldn't be any error messages")
- self.assertIn("User '%s' created successfully" % user["name"], out)
-
- found = self._find_user(user["name"])
-
- self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
- self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
-
-
-
- def test_setpassword(self):
- for user in self.users:
- newpasswd = self.randomPass()
- (result, out, err) = self.runsubcmd("user", "setpassword",
- user["name"],
- "--newpassword=%s" % newpasswd,
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- # self.assertCmdSuccess(result, "Ensure setpassword runs")
- self.assertEquals(err,"","setpassword with url")
- self.assertMatch(out, "Changed password OK", "setpassword with url")
-
- for user in self.users:
- newpasswd = self.randomPass()
- (result, out, err) = self.runsubcmd("user", "setpassword",
- user["name"],
- "--newpassword=%s" % newpasswd)
- # self.assertCmdSuccess(result, "Ensure setpassword runs")
- self.assertEquals(err,"","setpassword without url")
- self.assertMatch(out, "Changed password OK", "setpassword without url")
-
- for user in self.users:
- newpasswd = self.randomPass()
- (result, out, err) = self.runsubcmd("user", "setpassword",
- user["name"],
- "--newpassword=%s" % newpasswd,
- "--must-change-at-next-login",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- # self.assertCmdSuccess(result, "Ensure setpassword runs")
- self.assertEquals(err,"","setpassword with forced change")
- self.assertMatch(out, "Changed password OK", "setpassword with forced change")
-
-
-
-
- def test_setexpiry(self):
- twodays = time.time() + (2 * 24 * 60 * 60)
-
- for user in self.users:
- (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
- "--days=2",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.assertCmdSuccess(result, "Can we run setexpiry with names")
- self.assertIn("Expiry for user '%s' set to 2 days." % user["name"], out)
-
- for user in self.users:
- found = self._find_user(user["name"])
-
- expires = nttime2unix(int("%s" % found.get("accountExpires")))
- self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
-
- # TODO: renable this after the filter case is sorted out
- if "filters are broken, bail now":
- return
-
- # now run the expiration based on a filter
- fourdays = time.time() + (4 * 24 * 60 * 60)
- (result, out, err) = self.runsubcmd("user", "setexpiry",
- "--filter", "(&(objectClass=user)(company=comp2))",
- "--days=4",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.assertCmdSuccess(result, "Can we run setexpiry with a filter")
-
- for user in self.users:
- found = self._find_user(user["name"])
- if ("%s" % found.get("company")) == "comp2":
- expires = nttime2unix(int("%s" % found.get("accountExpires")))
- self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
- else:
- expires = nttime2unix(int("%s" % found.get("accountExpires")))
- self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
-
-
- def test_list(self):
- (result, out, err) = self.runsubcmd("user", "list",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"],
- os.environ["DC_PASSWORD"]))
- self.assertCmdSuccess(result, "Error running list")
-
- search_filter = ("(&(objectClass=user)(userAccountControl:%s:=%u))" %
- (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT))
-
- userlist = self.samdb.search(base=self.samdb.domain_dn(),
- scope=ldb.SCOPE_SUBTREE,
- expression=search_filter,
- attrs=["samaccountname"])
-
- self.assertTrue(len(userlist) > 0, "no users found in samdb")
-
- for userobj in userlist:
- name = userobj.get("samaccountname", idx=0)
- found = self.assertMatch(out, name,
- "user '%s' not found" % name)
- def test_getpwent(self):
- try:
- import pwd
- except ImportError:
- self.skipTest("Skipping getpwent test, no 'pwd' module available")
- return
-
- # get the current user's data for the test
- uid = os.geteuid()
- try:
- u = pwd.getpwuid(uid)
- except KeyError:
- self.skipTest("Skipping getpwent test, current EUID not found in NSS")
- return
-
- user = self._randomPosixUser({
- "name": u[0],
- "uid": u[0],
- "uidNumber": u[2],
- "gidNumber": u[3],
- "gecos": u[4],
- "loginShell": u[6],
- })
- # check if --rfc2307-from-nss sets the same values as we got from pwd.getpwuid()
- (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
- "--surname=%s" % user["surname"],
- "--given-name=%s" % user["given-name"],
- "--job-title=%s" % user["job-title"],
- "--department=%s" % user["department"],
- "--description=%s" % user["description"],
- "--company=%s" % user["company"],
- "--rfc2307-from-nss",
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-
- self.assertCmdSuccess(result)
- self.assertEquals(err,"","Shouldn't be any error messages")
- self.assertIn("User '%s' created successfully" % user["name"], out)
-
- self._check_posix_user(user)
- self.runsubcmd("user", "delete", user["name"])
-
- # Check if overriding the attributes from NSS with explicit values works
- #
- # get a user with all random posix attributes
- user = self._randomPosixUser({"name": u[0]})
- # create a user with posix attributes from nss but override all of them with the
- # random ones just obtained
- (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
- "--surname=%s" % user["surname"],
- "--given-name=%s" % user["given-name"],
- "--job-title=%s" % user["job-title"],
- "--department=%s" % user["department"],
- "--description=%s" % user["description"],
- "--company=%s" % user["company"],
- "--rfc2307-from-nss",
- "--gecos=%s" % user["gecos"],
- "--login-shell=%s" % user["loginShell"],
- "--uid=%s" % user["uid"],
- "--uid-number=%s" % user["uidNumber"],
- "--gid-number=%s" % user["gidNumber"],
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-
- self.assertCmdSuccess(result)
- self.assertEquals(err,"","Shouldn't be any error messages")
- self.assertIn("User '%s' created successfully" % user["name"], out)
-
- self._check_posix_user(user)
- self.runsubcmd("user", "delete", user["name"])
-
- def _randomUser(self, base={}):
- """create a user with random attribute values, you can specify base attributes"""
- user = {
- "name": self.randomName(),
- "password": self.randomPass(),
- "surname": self.randomName(),
- "given-name": self.randomName(),
- "job-title": self.randomName(),
- "department": self.randomName(),
- "company": self.randomName(),
- "description": self.randomName(count=100),
- "createUserFn": self._create_user,
- "checkUserFn": self._check_user,
- }
- user.update(base)
- return user
-
- def _randomPosixUser(self, base={}):
- """create a user with random attribute values and additional RFC2307
- attributes, you can specify base attributes"""
- user = self._randomUser({})
- user.update(base)
- posixAttributes = {
- "uid": self.randomName(),
- "loginShell": self.randomName(),
- "gecos": self.randomName(),
- "uidNumber": self.randomXid(),
- "gidNumber": self.randomXid(),
- "createUserFn": self._create_posix_user,
- "checkUserFn": self._check_posix_user,
- }
- user.update(posixAttributes)
- user.update(base)
- return user
-
- def _check_user(self, user):
- """ check if a user from SamDB has the same attributes as its template """
- found = self._find_user(user["name"])
-
- self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
- self.assertEquals("%s" % found.get("title"), user["job-title"])
- self.assertEquals("%s" % found.get("company"), user["company"])
- self.assertEquals("%s" % found.get("description"), user["description"])
- self.assertEquals("%s" % found.get("department"), user["department"])
-
- def _check_posix_user(self, user):
- """ check if a posix_user from SamDB has the same attributes as its template """
- found = self._find_user(user["name"])
-
- self.assertEquals("%s" % found.get("loginShell"), user["loginShell"])
- self.assertEquals("%s" % found.get("gecos"), user["gecos"])
- self.assertEquals("%s" % found.get("uidNumber"), "%s" % user["uidNumber"])
- self.assertEquals("%s" % found.get("gidNumber"), "%s" % user["gidNumber"])
- self.assertEquals("%s" % found.get("uid"), user["uid"])
- self._check_user(user)
-
- def _create_user(self, user):
- return self.runsubcmd("user", "add", user["name"], user["password"],
- "--surname=%s" % user["surname"],
- "--given-name=%s" % user["given-name"],
- "--job-title=%s" % user["job-title"],
- "--department=%s" % user["department"],
- "--description=%s" % user["description"],
- "--company=%s" % user["company"],
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- def _create_posix_user(self, user):
- """ create a new user with RFC2307 attributes """
- return self.runsubcmd("user", "create", user["name"], user["password"],
- "--surname=%s" % user["surname"],
- "--given-name=%s" % user["given-name"],
- "--job-title=%s" % user["job-title"],
- "--department=%s" % user["department"],
- "--description=%s" % user["description"],
- "--company=%s" % user["company"],
- "--gecos=%s" % user["gecos"],
- "--login-shell=%s" % user["loginShell"],
- "--uid=%s" % user["uid"],
- "--uid-number=%s" % user["uidNumber"],
- "--gid-number=%s" % user["gidNumber"],
- "-H", "ldap://%s" % os.environ["DC_SERVER"],
- "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-
- def _find_user(self, name):
- search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
- userlist = self.samdb.search(base=self.samdb.domain_dn(),
- scope=ldb.SCOPE_SUBTREE,
- expression=search_filter, attrs=[])
- if userlist:
- return userlist[0]
- else:
- return None
generated by cgit (git 2.34.1) at 2024-07-11 01:12:45 +0000