From 9cdb0b5cee1210fc44d9e6f2f87ab63d263b4cc6 Mon Sep 17 00:00:00 2001
From: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Date: Mon, 8 Nov 2010 08:11:11 +0200
Subject: s4/test: Expand BindTest

The test now binds with user@realm, domain\user, user dn, computer dn

Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
---
 source4/auth/credentials/tests/bind.py | 80 +++++++++++++++++++++++++---------
 1 file changed, 60 insertions(+), 20 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/credentials/tests/bind.py b/source4/auth/credentials/tests/bind.py
index 231852ca9e..7bfc1f53a6 100755
--- a/source4/auth/credentials/tests/bind.py
+++ b/source4/auth/credentials/tests/bind.py
@@ -7,6 +7,8 @@ import sys
 import base64
 import re
 import os
+import copy
+import time
 
 sys.path.append("bin/python")
 import samba
@@ -44,37 +46,44 @@ host = args[0]
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
-creds_machine = creds
+creds_machine = copy.deepcopy(creds)
+creds_user1 = copy.deepcopy(creds)
+creds_user2 = copy.deepcopy(creds)
+creds_user3 = copy.deepcopy(creds)
 
 class BindTests(samba.tests.TestCase):
+
+    info_dc = None
+
+    def setUp(self):
+        super(BindTests, self).setUp()
+        # fetch rootDSEs
+        if self.info_dc is None:
+            res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+            self.assertEquals(len(res), 1)
+            BindTests.info_dc = res[0]
+        # cache some of RootDSE props
+        self.schema_dn = self.info_dc["schemaNamingContext"][0]
+        self.domain_dn = self.info_dc["defaultNamingContext"][0]
+        self.config_dn = self.info_dc["configurationNamingContext"][0]
+        self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
+        self.password = "P@ssw0rd"
+        self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+
     def delete_force(self, ldb, dn):
         try:
             ldb.delete(dn)
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NO_SUCH_OBJECT)
 
-    def find_basedn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE,
-                         attrs=["defaultNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["defaultNamingContext"][0]
-
-    def setUp(self):
-        super(BindTests, self).setUp()
-        self.base_dn = self.find_basedn(ldb)
-
     def tearDown(self):
         super(BindTests, self).tearDown()
 
     def test_computer_account_bind(self):
         # create a computer acocount for the test
-        self.user_dn = "CN=centos53,CN=Computers,%s" % self.base_dn
-        self.password = "P@ssw0rd"
-        self.acc_name = "centos53$"
-
-        self.delete_force(ldb, self.user_dn)
+        self.delete_force(ldb, self.computer_dn)
         ldb.add_ldif("""
-dn: """ + self.user_dn + """
+dn: """ + self.computer_dn + """
 cn: CENTOS53
 displayName: CENTOS53$
 name: CENTOS53
@@ -92,17 +101,48 @@ operatingSystemVersion: 5.2 (3790)
 operatingSystem: Windows Server 2003
 """)
         ldb.modify_ldif("""
-dn: """ + self.user_dn + """
+dn: """ + self.computer_dn + """
 changetype: modify
 replace: unicodePwd
 unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
 """)
 
         # do a simple bind and search with the machine account
-        creds_machine.set_bind_dn(self.user_dn)
+        creds_machine.set_bind_dn(self.computer_dn)
         creds_machine.set_password(self.password)
+        print "BindTest with: " + creds_machine.get_bind_dn()
         ldb_machine = SamDB(host, credentials=creds_machine, session_info=system_session(), lp=lp)
-        self.find_basedn(ldb_machine)
+        res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+    def test_user_account_bind(self):
+        # create user
+        ldb.newuser(username=self.username, password=self.password)
+        ldb_res = ldb.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % self.username)
+        self.assertEquals(len(ldb_res), 1)
+        user_dn = ldb_res[0]["dn"]
+
+        # do a simple bind and search with the user account in format user@realm
+        creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
+        creds_user1.set_password(self.password)
+        print "BindTest with: " + creds_user1.get_bind_dn()
+        ldb_user1 = SamDB(host, credentials=creds_user1, session_info=system_session(), lp=lp)
+        res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+        # do a simple bind and search with the user account in format domain\user
+        creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
+        creds_user2.set_password(self.password)
+        print "BindTest with: " + creds_user2.get_bind_dn()
+        ldb_user2 = SamDB(host, credentials=creds_user2, lp=lp)
+        res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+
+        # do a simple bind and search with the user account DN
+        creds_user3.set_bind_dn(str(user_dn))
+        creds_user3.set_password(self.password)
+        print "BindTest with: " + creds_user3.get_bind_dn()
+        ldb_user3 = SamDB(host, credentials=creds_user3, session_info=system_session(), lp=lp)
+        res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 
 if not "://" in host:
     host = "ldap://%s" % host
-- 
cgit