2011-11-02 18:02:29 +04:00
# Unix SMB/CIFS implementation.
# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import time
2016-02-16 05:19:58 +03:00
import base64
2011-11-02 18:02:29 +04:00
import ldb
from samba . tests . samba_tool . base import SambaToolCmdTest
2012-03-09 17:32:55 +04:00
from samba import (
2016-02-16 05:19:58 +03:00
credentials ,
2012-03-09 17:32:55 +04:00
nttime2unix ,
2022-05-10 04:01:43 +03:00
dsdb ,
werror ,
2012-03-09 17:32:55 +04:00
)
2016-02-16 05:19:58 +03:00
from samba . ndr import ndr_unpack
from samba . dcerpc import drsblobs
2020-09-11 23:29:46 +03:00
from samba . common import get_bytes
from samba . common import get_string
2018-08-14 13:43:44 +03:00
from samba . tests import env_loadparm
2011-11-02 18:02:29 +04:00
2018-07-30 09:20:39 +03:00
2011-11-02 18:02:29 +04:00
class UserCmdTestCase ( SambaToolCmdTest ) :
""" Tests for samba-tool user subcommands """
users = [ ]
samdb = None
def setUp ( self ) :
2023-11-28 06:38:22 +03:00
super ( ) . setUp ( )
2011-11-02 18:02:29 +04:00
self . samdb = self . getSamDB ( " -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
2018-07-30 09:16:12 +03:00
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2020-08-27 22:13:06 +03:00
# Modify the default template homedir
lp = self . get_loadparm ( )
self . template_homedir = lp . get ( ' template homedir ' )
lp . set ( ' template homedir ' , ' /home/test/ % D/ % U ' )
2011-11-02 18:02:29 +04:00
self . users = [ ]
self . users . append ( self . _randomUser ( { " name " : " sambatool1 " , " company " : " comp1 " } ) )
self . users . append ( self . _randomUser ( { " name " : " sambatool2 " , " company " : " comp1 " } ) )
self . users . append ( self . _randomUser ( { " name " : " sambatool3 " , " company " : " comp2 " } ) )
self . users . append ( self . _randomUser ( { " name " : " sambatool4 " , " company " : " comp2 " } ) )
2012-09-30 06:32:00 +04:00
self . users . append ( self . _randomPosixUser ( { " name " : " posixuser1 " } ) )
self . users . append ( self . _randomPosixUser ( { " name " : " posixuser2 " } ) )
self . users . append ( self . _randomPosixUser ( { " name " : " posixuser3 " } ) )
self . users . append ( self . _randomPosixUser ( { " name " : " posixuser4 " } ) )
2019-07-02 15:41:34 +03:00
self . users . append ( self . _randomUnixUser ( { " name " : " unixuser1 " } ) )
self . users . append ( self . _randomUnixUser ( { " name " : " unixuser2 " } ) )
self . users . append ( self . _randomUnixUser ( { " name " : " unixuser3 " } ) )
self . users . append ( self . _randomUnixUser ( { " name " : " unixuser4 " } ) )
2011-11-02 18:02:29 +04:00
python:tests: Make sure we do not run into issues with already existing users
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_getpwent(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 1044, in test_getpwent
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'mockbuild': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountName 'mockbuild' already in use!> <>
]:
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_list(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 69, in setUp
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'sambatool1': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountNa me 'sambatool1' already in use!> <>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 12:17:05 +03:00
# Make sure users don't exist
for user in self . users :
if self . _find_user ( user [ " name " ] ) :
self . runsubcmd ( " user " , " delete " , user [ " name " ] )
2019-07-02 15:41:34 +03:00
# setup the 12 users and ensure they are correct
2011-11-02 18:02:29 +04:00
for user in self . users :
2012-09-30 06:32:00 +04:00
( result , out , err ) = user [ " createUserFn " ] ( user )
2011-11-02 18:02:29 +04:00
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
2019-07-02 15:41:34 +03:00
if ' unix ' in user [ " name " ] :
self . assertIn ( " Modified User ' %s ' successfully " % user [ " name " ] ,
out )
else :
2020-08-27 10:19:37 +03:00
self . assertIn ( " User ' %s ' added successfully " % user [ " name " ] ,
2019-07-02 15:41:34 +03:00
out )
2011-11-02 18:02:29 +04:00
2012-09-30 06:32:00 +04:00
user [ " checkUserFn " ] ( user )
2011-11-02 18:02:29 +04:00
def tearDown ( self ) :
2023-11-28 06:38:22 +03:00
super ( ) . tearDown ( )
2011-11-02 18:02:29 +04:00
# clean up all the left over users, just in case
for user in self . users :
if self . _find_user ( user [ " name " ] ) :
self . runsubcmd ( " user " , " delete " , user [ " name " ] )
2018-08-14 13:43:44 +03:00
lp = env_loadparm ( )
2019-03-20 06:14:25 +03:00
# second run of this test
2018-08-14 13:43:44 +03:00
# the cache is still there and '--cache-ldb-initialize'
# will fail
cachedb = lp . private_path ( " user-syncpasswords-cache.ldb " )
if os . path . exists ( cachedb ) :
os . remove ( cachedb )
2020-08-27 22:13:06 +03:00
lp . set ( ' template homedir ' , self . template_homedir )
2011-11-02 18:02:29 +04:00
def test_newuser ( self ) :
# try to add all the users again, this should fail
for user in self . users :
( result , out , err ) = self . _create_user ( user )
2012-03-14 04:00:06 +04:00
self . assertCmdFail ( result , " Ensure that create user fails " )
2011-11-02 18:02:29 +04:00
self . assertIn ( " LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS " , err )
# try to delete all the 4 users we just added
for user in self . users :
( result , out , err ) = self . runsubcmd ( " user " , " delete " , user [ " name " ] )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Can we delete users " )
2011-11-02 18:02:29 +04:00
found = self . _find_user ( user [ " name " ] )
self . assertIsNone ( found )
# test adding users with --use-username-as-cn
for user in self . users :
2018-07-30 09:17:44 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " create " , user [ " name " ] , user [ " password " ] ,
2018-09-03 16:05:48 +03:00
" --use-username-as-cn " ,
" --surname= %s " % user [ " surname " ] ,
" --given-name= %s " % user [ " given-name " ] ,
" --job-title= %s " % user [ " job-title " ] ,
" --department= %s " % user [ " department " ] ,
" --description= %s " % user [ " description " ] ,
" --company= %s " % user [ " company " ] ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2011-11-02 18:02:29 +04:00
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
2020-08-27 10:19:37 +03:00
self . assertIn ( " User ' %s ' added successfully " % user [ " name " ] , out )
2011-11-02 18:02:29 +04:00
found = self . _find_user ( user [ " name " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " cn " ) , " %(name)s " % user )
self . assertEqual ( " %s " % found . get ( " name " ) , " %(name)s " % user )
2011-11-02 18:02:29 +04:00
2022-05-10 04:01:43 +03:00
def test_newuser_weak_password ( self ) :
# Ensure that when we try to create a user over LDAP (thus no
# transactions) and the password is too weak, we do not get a
# half-created account.
def cleanup_user ( username ) :
try :
self . samdb . deleteuser ( username )
except Exception as err :
estr = err . args [ 0 ]
if ' Unable to find user ' not in estr :
raise
server = os . environ [ ' DC_SERVER ' ]
dc_username = os . environ [ ' DC_USERNAME ' ]
dc_password = os . environ [ ' DC_PASSWORD ' ]
username = self . randomName ( )
password = ' a '
self . addCleanup ( cleanup_user , username )
# Try to add the user and ensure it fails.
result , out , err = self . runsubcmd ( ' user ' , ' add ' ,
username , password ,
' -H ' , f ' ldap:// { server } ' ,
f ' -U { dc_username } % { dc_password } ' )
self . assertCmdFail ( result )
self . assertIn ( ' Failed to add user ' , err )
self . assertIn ( ' LDAP_CONSTRAINT_VIOLATION ' , err )
self . assertIn ( f ' { werror . WERR_PASSWORD_RESTRICTION : 08X } ' , err )
# Now search for the user, and make sure we don't find anything.
res = self . samdb . search ( self . samdb . domain_dn ( ) ,
expression = f ' (sAMAccountName= { username } ) ' ,
scope = ldb . SCOPE_SUBTREE )
self . assertEqual ( 0 , len ( res ) , ' expected not to find the user ' )
2016-02-16 05:19:58 +03:00
def _verify_supplementalCredentials ( self , ldif ,
min_packages = 3 ,
2016-02-16 05:19:58 +03:00
max_packages = 6 ) :
2016-02-16 05:19:58 +03:00
msgs = self . samdb . parse_ldif ( ldif )
( changetype , obj ) = next ( msgs )
self . assertIn ( " supplementalCredentials " , obj , " supplementalCredentials attribute required " )
sc_blob = obj [ " supplementalCredentials " ] [ 0 ]
sc = ndr_unpack ( drsblobs . supplementalCredentialsBlob , sc_blob )
self . assertGreaterEqual ( sc . sub . num_packages ,
min_packages , " min_packages check " )
self . assertLessEqual ( sc . sub . num_packages ,
max_packages , " max_packages check " )
if max_packages == 0 :
return
def find_package ( packages , name , start_idx = 0 ) :
2018-05-04 14:16:38 +03:00
for i in range ( start_idx , len ( packages ) ) :
2016-02-16 05:19:58 +03:00
if packages [ i ] . name == name :
return ( i , packages [ i ] )
return ( None , None )
# The ordering is this
#
# Primary:Kerberos-Newer-Keys (optional)
# Primary:Kerberos
# Primary:WDigest
# Primary:CLEARTEXT (optional)
2016-02-16 05:19:58 +03:00
# Primary:SambaGPG (optional)
2016-02-16 05:19:58 +03:00
#
# And the 'Packages' package is insert before the last
# other package.
nidx = 0
( pidx , pp ) = find_package ( sc . sub . packages , " Packages " , start_idx = nidx )
self . assertIsNotNone ( pp , " Packages required " )
self . assertEqual ( pidx + 1 , sc . sub . num_packages - 1 ,
" Packages needs to be at num_packages - 1 " )
( knidx , knp ) = find_package ( sc . sub . packages , " Primary:Kerberos-Newer-Keys " ,
start_idx = nidx )
if knidx is not None :
self . assertEqual ( knidx , nidx , " Primary:Kerberos-Newer-Keys at wrong position " )
nidx = nidx + 1
if nidx == pidx :
nidx = nidx + 1
( kidx , kp ) = find_package ( sc . sub . packages , " Primary:Kerberos " ,
2018-07-30 09:15:34 +03:00
start_idx = nidx )
2016-02-16 05:19:58 +03:00
self . assertIsNotNone ( pp , " Primary:Kerberos required " )
self . assertEqual ( kidx , nidx , " Primary:Kerberos at wrong position " )
nidx = nidx + 1
if nidx == pidx :
nidx = nidx + 1
( widx , wp ) = find_package ( sc . sub . packages , " Primary:WDigest " ,
start_idx = nidx )
self . assertIsNotNone ( pp , " Primary:WDigest required " )
self . assertEqual ( widx , nidx , " Primary:WDigest at wrong position " )
nidx = nidx + 1
if nidx == pidx :
nidx = nidx + 1
( cidx , cp ) = find_package ( sc . sub . packages , " Primary:CLEARTEXT " ,
2018-07-30 09:15:34 +03:00
start_idx = nidx )
2016-02-16 05:19:58 +03:00
if cidx is not None :
self . assertEqual ( cidx , nidx , " Primary:CLEARTEXT at wrong position " )
nidx = nidx + 1
if nidx == pidx :
nidx = nidx + 1
2016-02-16 05:19:58 +03:00
( gidx , gp ) = find_package ( sc . sub . packages , " Primary:SambaGPG " ,
start_idx = nidx )
if gidx is not None :
self . assertEqual ( gidx , nidx , " Primary:SambaGPG at wrong position " )
nidx = nidx + 1
if nidx == pidx :
nidx = nidx + 1
2016-02-16 05:19:58 +03:00
self . assertEqual ( nidx , sc . sub . num_packages , " Unknown packages found " )
2011-11-02 18:02:29 +04:00
def test_setpassword ( self ) :
2022-03-31 11:16:03 +03:00
expect_nt_hash = bool ( int ( os . environ . get ( " EXPECT_NT_HASH " , " 1 " ) ) )
2011-11-02 18:02:29 +04:00
for user in self . users :
2018-10-16 23:10:10 +03:00
newpasswd = self . random_password ( 16 )
2011-11-02 18:02:29 +04:00
( result , out , err ) = self . runsubcmd ( " user " , " setpassword " ,
user [ " name " ] ,
" --newpassword= %s " % newpasswd ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure setpassword runs " )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " setpassword with url " )
2011-11-02 18:02:29 +04:00
self . assertMatch ( out , " Changed password OK " , " setpassword with url " )
2016-02-16 05:19:58 +03:00
attributes = " sAMAccountName,unicodePwd,supplementalCredentials,virtualClearTextUTF8,virtualClearTextUTF16,virtualSSHA,virtualSambaGPG "
2016-02-16 05:19:58 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " syncpasswords " ,
" --cache-ldb-initialize " ,
2016-02-16 05:19:58 +03:00
" --attributes= %s " % attributes ,
" --decrypt-samba-gpg " )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure syncpasswords --cache-ldb-initialize runs " )
2018-07-30 09:19:05 +03:00
self . assertEqual ( err , " " , " getpassword without url " )
2016-02-16 05:19:58 +03:00
cache_attrs = {
2018-07-30 09:17:02 +03:00
" objectClass " : { " value " : " userSyncPasswords " } ,
2018-07-30 09:16:43 +03:00
" samdbUrl " : { } ,
" dirsyncFilter " : { } ,
" dirsyncAttribute " : { } ,
" dirsyncControl " : { " value " : " dirsync:1:0:0 " } ,
" passwordAttribute " : { } ,
" decryptSambaGPG " : { } ,
" currentTime " : { } ,
2016-02-16 05:19:58 +03:00
}
for a in cache_attrs . keys ( ) :
v = cache_attrs [ a ] . get ( " value " , " " )
self . assertMatch ( out , " %s : %s " % ( a , v ) ,
2018-07-30 09:16:12 +03:00
" syncpasswords --cache-ldb-initialize: %s : %s out[ %s ] " % ( a , v , out ) )
2016-02-16 05:19:58 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " syncpasswords " , " --no-wait " )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure syncpasswords --no-wait runs " )
2018-07-30 09:19:05 +03:00
self . assertEqual ( err , " " , " syncpasswords --no-wait " )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " dirsync_loop(): results 0 " ,
2018-07-30 09:16:12 +03:00
" syncpasswords --no-wait: ' dirsync_loop(): results 0 ' : out[ %s ] " % ( out ) )
2016-02-16 05:19:58 +03:00
for user in self . users :
self . assertMatch ( out , " sAMAccountName: %s " % ( user [ " name " ] ) ,
2018-07-30 09:16:12 +03:00
" syncpasswords --no-wait: ' sAMAccountName ' : %s out[ %s ] " % ( user [ " name " ] , out ) )
2016-02-16 05:19:58 +03:00
2011-11-02 18:02:29 +04:00
for user in self . users :
2018-10-16 23:10:10 +03:00
newpasswd = self . random_password ( 16 )
2016-02-16 05:19:58 +03:00
creds = credentials . Credentials ( )
creds . set_anonymous ( )
creds . set_password ( newpasswd )
2018-05-04 17:29:59 +03:00
unicodePwd = base64 . b64encode ( creds . get_nt_hash ( ) ) . decode ( ' utf8 ' )
2018-08-14 13:25:35 +03:00
virtualClearTextUTF8 = base64 . b64encode ( get_bytes ( newpasswd ) ) . decode ( ' utf8 ' )
virtualClearTextUTF16 = base64 . b64encode ( get_string ( newpasswd ) . encode ( ' utf-16-le ' ) ) . decode ( ' utf8 ' )
2016-02-16 05:19:58 +03:00
2011-11-02 18:02:29 +04:00
( result , out , err ) = self . runsubcmd ( " user " , " setpassword " ,
user [ " name " ] ,
" --newpassword= %s " % newpasswd )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure setpassword runs " )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " setpassword without url " )
2011-11-02 18:02:29 +04:00
self . assertMatch ( out , " Changed password OK " , " setpassword without url " )
2016-02-16 05:19:58 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " syncpasswords " , " --no-wait " )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure syncpasswords --no-wait runs " )
2018-07-30 09:19:05 +03:00
self . assertEqual ( err , " " , " syncpasswords --no-wait " )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " dirsync_loop(): results 0 " ,
2018-07-30 09:16:12 +03:00
" syncpasswords --no-wait: ' dirsync_loop(): results 0 ' : out[ %s ] " % ( out ) )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " sAMAccountName: %s " % ( user [ " name " ] ) ,
2018-07-30 09:16:12 +03:00
" syncpasswords --no-wait: ' sAMAccountName ' : %s out[ %s ] " % ( user [ " name " ] , out ) )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " # unicodePwd::: REDACTED SECRET ATTRIBUTE " ,
2018-07-30 09:16:12 +03:00
" getpassword ' # unicodePwd::: REDACTED SECRET ATTRIBUTE ' : out[ %s ] " % out )
2023-12-15 02:36:14 +03:00
if expect_nt_hash or " virtualSambaGPG:: " in out :
2022-03-31 11:16:03 +03:00
self . assertMatch ( out , " unicodePwd:: %s " % unicodePwd ,
" getpassword unicodePwd: out[ %s ] " % out )
else :
self . assertNotIn ( " unicodePwd:: %s " % unicodePwd , out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " # supplementalCredentials::: REDACTED SECRET ATTRIBUTE " ,
2018-07-30 09:16:12 +03:00
" getpassword ' # supplementalCredentials::: REDACTED SECRET ATTRIBUTE ' : out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " supplementalCredentials:: " ,
2018-07-30 09:16:12 +03:00
" getpassword supplementalCredentials: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
if " virtualSambaGPG:: " in out :
self . assertMatch ( out , " virtualClearTextUTF8:: %s " % virtualClearTextUTF8 ,
2018-07-30 09:16:12 +03:00
" getpassword virtualClearTextUTF8: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " virtualClearTextUTF16:: %s " % virtualClearTextUTF16 ,
2018-07-30 09:16:12 +03:00
" getpassword virtualClearTextUTF16: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " virtualSSHA: " ,
2018-07-30 09:16:12 +03:00
" getpassword virtualSSHA: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
2016-02-16 05:19:58 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " getpassword " ,
user [ " name " ] ,
2016-02-16 05:19:58 +03:00
" --attributes= %s " % attributes ,
" --decrypt-samba-gpg " )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure getpassword runs " )
2024-02-29 04:57:40 +03:00
self . assertEqual ( err , " Any available password returned OK \n " , " getpassword without url " )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " sAMAccountName: %s " % ( user [ " name " ] ) ,
2018-07-30 09:16:12 +03:00
" getpassword: ' sAMAccountName ' : %s out[ %s ] " % ( user [ " name " ] , out ) )
2023-12-15 02:36:14 +03:00
if expect_nt_hash or " virtualSambaGPG:: " in out :
2022-03-31 11:16:03 +03:00
self . assertMatch ( out , " unicodePwd:: %s " % unicodePwd ,
" getpassword unicodePwd: out[ %s ] " % out )
else :
self . assertNotIn ( " unicodePwd:: %s " % unicodePwd , out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " supplementalCredentials:: " ,
2018-07-30 09:16:12 +03:00
" getpassword supplementalCredentials: out[ %s ] " % out )
2023-12-07 05:28:04 +03:00
self . _verify_supplementalCredentials ( out )
2016-02-16 05:19:58 +03:00
if " virtualSambaGPG:: " in out :
self . assertMatch ( out , " virtualClearTextUTF8:: %s " % virtualClearTextUTF8 ,
2018-07-30 09:16:12 +03:00
" getpassword virtualClearTextUTF8: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " virtualClearTextUTF16:: %s " % virtualClearTextUTF16 ,
2018-07-30 09:16:12 +03:00
" getpassword virtualClearTextUTF16: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
self . assertMatch ( out , " virtualSSHA: " ,
2018-07-30 09:16:12 +03:00
" getpassword virtualSSHA: out[ %s ] " % out )
2016-02-16 05:19:58 +03:00
2011-11-02 18:02:29 +04:00
for user in self . users :
2018-10-16 23:10:10 +03:00
newpasswd = self . random_password ( 16 )
2011-11-02 18:02:29 +04:00
( result , out , err ) = self . runsubcmd ( " user " , " setpassword " ,
user [ " name " ] ,
" --newpassword= %s " % newpasswd ,
" --must-change-at-next-login " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Ensure setpassword runs " )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " setpassword with forced change " )
2011-11-02 18:02:29 +04:00
self . assertMatch ( out , " Changed password OK " , " setpassword with forced change " )
def test_setexpiry ( self ) :
for user in self . users :
2018-05-15 03:26:03 +03:00
twodays = time . time ( ) + ( 2 * 24 * 60 * 60 )
2011-11-02 18:02:29 +04:00
( result , out , err ) = self . runsubcmd ( " user " , " setexpiry " , user [ " name " ] ,
" --days=2 " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Can we run setexpiry with names " )
2012-10-19 11:53:02 +04:00
self . assertIn ( " Expiry for user ' %s ' set to 2 days. " % user [ " name " ] , out )
2011-11-02 18:02:29 +04:00
found = self . _find_user ( user [ " name " ] )
expires = nttime2unix ( int ( " %s " % found . get ( " accountExpires " ) ) )
self . assertWithin ( expires , twodays , 5 , " Ensure account expires is within 5 seconds of the expected time " )
2023-06-06 14:28:13 +03:00
# TODO: re-enable this after the filter case is sorted out
2011-11-02 18:02:29 +04:00
if " filters are broken, bail now " :
return
# now run the expiration based on a filter
fourdays = time . time ( ) + ( 4 * 24 * 60 * 60 )
( result , out , err ) = self . runsubcmd ( " user " , " setexpiry " ,
2018-07-30 09:15:34 +03:00
" --filter " , " (&(objectClass=user)(company=comp2)) " ,
" --days=4 " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Can we run setexpiry with a filter " )
2011-11-02 18:02:29 +04:00
for user in self . users :
found = self . _find_user ( user [ " name " ] )
if ( " %s " % found . get ( " company " ) ) == " comp2 " :
expires = nttime2unix ( int ( " %s " % found . get ( " accountExpires " ) ) )
self . assertWithin ( expires , fourdays , 5 , " Ensure account expires is within 5 seconds of the expected time " )
else :
expires = nttime2unix ( int ( " %s " % found . get ( " accountExpires " ) ) )
self . assertWithin ( expires , twodays , 5 , " Ensure account expires is within 5 seconds of the expected time " )
2012-03-09 17:32:55 +04:00
def test_list ( self ) :
( result , out , err ) = self . runsubcmd ( " user " , " list " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err , " Error running list " )
2012-03-09 17:32:55 +04:00
search_filter = ( " (&(objectClass=user)(userAccountControl: %s := %u )) " %
( ldb . OID_COMPARATOR_AND , dsdb . UF_NORMAL_ACCOUNT ) )
userlist = self . samdb . search ( base = self . samdb . domain_dn ( ) ,
scope = ldb . SCOPE_SUBTREE ,
expression = search_filter ,
attrs = [ " samaccountname " ] )
self . assertTrue ( len ( userlist ) > 0 , " no users found in samdb " )
for userobj in userlist :
2018-08-14 13:25:35 +03:00
name = str ( userobj . get ( " samaccountname " , idx = 0 ) )
2023-04-12 22:47:39 +03:00
self . assertMatch ( out , name ,
" user ' %s ' not found " % name )
2017-11-29 17:22:20 +03:00
2024-03-05 12:41:32 +03:00
# Test: samba-tool user list --locked-only
# This test does not verify that the command lists the locked user, it just
# tests that it does not list unlocked users. The funcional test, which
# lists locked users, is located in the 'samba4.ldap.password_lockout' test
# in source8/dsdb/tests/python/password_lockout.py
def test_list_locked ( self ) :
( result , out , err ) = self . runsubcmd ( " user " , " list " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) ,
" --locked-only " )
self . assertCmdSuccess ( result , out , err , " Error running list " )
search_filter = ( " (&(objectClass=user)(userAccountControl: %s := %u )) " %
( ldb . OID_COMPARATOR_AND , dsdb . UF_NORMAL_ACCOUNT ) )
userlist = self . samdb . search ( base = self . samdb . domain_dn ( ) ,
scope = ldb . SCOPE_SUBTREE ,
expression = search_filter ,
attrs = [ " samaccountname " ] )
for userobj in userlist :
name = str ( userobj . get ( " samaccountname " , idx = 0 ) )
self . assertNotIn ( name , out ,
" user ' %s ' is incorrectly listed as locked " % name )
2019-08-28 12:06:13 +03:00
def test_list_base_dn ( self ) :
base_dn = " CN=Users "
( result , out , err ) = self . runsubcmd ( " user " , " list " , " -b " , base_dn ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
search_filter = ( " (&(objectClass=user)(userAccountControl: %s := %u )) " %
( ldb . OID_COMPARATOR_AND , dsdb . UF_NORMAL_ACCOUNT ) )
userlist = self . samdb . search ( base = self . samdb . normalize_dn_in_domain ( base_dn ) ,
scope = ldb . SCOPE_SUBTREE ,
expression = search_filter ,
attrs = [ " samaccountname " ] )
self . assertTrue ( len ( userlist ) > 0 , " no users found in samdb " )
for userobj in userlist :
name = str ( userobj . get ( " samaccountname " , idx = 0 ) )
2023-04-12 22:47:39 +03:00
self . assertMatch ( out , name ,
" user ' %s ' not found " % name )
2019-08-28 12:06:13 +03:00
2019-08-28 11:40:39 +03:00
def test_list_full_dn ( self ) :
( result , out , err ) = self . runsubcmd ( " user " , " list " , " --full-dn " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
search_filter = ( " (&(objectClass=user)(userAccountControl: %s := %u )) " %
( ldb . OID_COMPARATOR_AND , dsdb . UF_NORMAL_ACCOUNT ) )
userlist = self . samdb . search ( base = self . samdb . domain_dn ( ) ,
scope = ldb . SCOPE_SUBTREE ,
expression = search_filter ,
attrs = [ " dn " ] )
self . assertTrue ( len ( userlist ) > 0 , " no users found in samdb " )
for userobj in userlist :
name = str ( userobj . get ( " dn " , idx = 0 ) )
2023-04-12 22:47:39 +03:00
self . assertMatch ( out , name ,
" user ' %s ' not found " % name )
2019-08-28 11:40:39 +03:00
2020-12-23 15:00:34 +03:00
def test_list_hide_expired ( self ) :
expire_username = " expireUser "
expire_user = self . _randomUser ( { " name " : expire_username } )
self . _create_user ( expire_user )
( result , out , err ) = self . runsubcmd (
" user " ,
" list " ,
" --hide-expired " ,
" -H " ,
" ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
self . assertTrue ( expire_username in out ,
" user ' %s ' not found " % expire_username )
# user will be expired one second ago
self . samdb . setexpiry (
" (sAMAccountname= %s ) " % expire_username ,
- 1 ,
False )
( result , out , err ) = self . runsubcmd (
" user " ,
" list " ,
" --hide-expired " ,
" -H " ,
" ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
self . assertFalse ( expire_username in out ,
" user ' %s ' found " % expire_username )
self . samdb . deleteuser ( expire_username )
def test_list_hide_disabled ( self ) :
disable_username = " disableUser "
disable_user = self . _randomUser ( { " name " : disable_username } )
self . _create_user ( disable_user )
( result , out , err ) = self . runsubcmd (
" user " ,
" list " ,
" --hide-disabled " ,
" -H " ,
" ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
self . assertTrue ( disable_username in out ,
" user ' %s ' not found " % disable_username )
self . samdb . disable_account ( " (sAMAccountname= %s ) " % disable_username )
( result , out , err ) = self . runsubcmd (
" user " ,
" list " ,
" --hide-disabled " ,
" -H " ,
" ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
self . assertCmdSuccess ( result , out , err , " Error running list " )
self . assertFalse ( disable_username in out ,
" user ' %s ' found " % disable_username )
self . samdb . deleteuser ( disable_username )
2017-11-29 17:22:20 +03:00
def test_show ( self ) :
for user in self . users :
( result , out , err ) = self . runsubcmd (
" user " , " show " , user [ " name " ] ,
" --attributes=sAMAccountName,company " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
2018-07-30 09:16:12 +03:00
os . environ [ " DC_PASSWORD " ] ) )
2017-11-29 17:22:20 +03:00
self . assertCmdSuccess ( result , out , err , " Error running show " )
expected_out = """ dn: CN= %s %s ,CN=Users, %s
company : % s
sAMAccountName : % s
""" % (user[ " given-name " ], user[ " surname " ], self.samdb.domain_dn(),
2018-07-30 09:14:21 +03:00
user [ " company " ] , user [ " name " ] )
2017-11-29 17:22:20 +03:00
self . assertEqual ( out , expected_out ,
" Unexpected show output for user ' %s ' " %
user [ " name " ] )
2021-01-20 18:10:48 +03:00
time_attrs = [
" name " , # test that invalid values are just ignored
" whenCreated " ,
" whenChanged " ,
" accountExpires " ,
" badPasswordTime " ,
" lastLogoff " ,
" lastLogon " ,
" lastLogonTimestamp " ,
" lockoutTime " ,
" msDS-UserPasswordExpiryTimeComputed " ,
" pwdLastSet " ,
]
attrs = [ ]
for ta in time_attrs :
attrs . append ( ta )
for fm in [ " GeneralizedTime " , " UnixTime " , " TimeSpec " ] :
attrs . append ( " %s ;format= %s " % ( ta , fm ) )
( result , out , err ) = self . runsubcmd (
" user " , " show " , user [ " name " ] ,
" --attributes= %s " % " , " . join ( attrs ) ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
2024-02-29 00:38:38 +03:00
self . assertCmdSuccess ( result , out , err ,
" Error running show --attributes= %s "
% " , " . join ( attrs ) )
2021-01-20 18:10:48 +03:00
self . assertIn ( " ;format=GeneralizedTime " , out )
self . assertIn ( " ;format=UnixTime " , out )
self . assertIn ( " ;format=TimeSpec " , out )
self . assertIn ( " name: " , out )
self . assertNotIn ( " name;format=GeneralizedTime: " , out )
self . assertNotIn ( " name;format=UnixTime: " , out )
self . assertNotIn ( " name;format=TimeSpec: " , out )
self . assertIn ( " whenCreated: 20 " , out )
self . assertIn ( " whenCreated;format=GeneralizedTime: 20 " , out )
self . assertIn ( " whenCreated;format=UnixTime: 1 " , out )
self . assertIn ( " whenCreated;format=TimeSpec: 1 " , out )
self . assertIn ( " whenChanged: 20 " , out )
self . assertIn ( " whenChanged;format=GeneralizedTime: 20 " , out )
self . assertIn ( " whenChanged;format=UnixTime: 1 " , out )
self . assertIn ( " whenChanged;format=TimeSpec: 1 " , out )
self . assertIn ( " accountExpires: 9223372036854775807 " , out )
self . assertNotIn ( " accountExpires;format=GeneralizedTime: " , out )
self . assertNotIn ( " accountExpires;format=UnixTime: " , out )
self . assertNotIn ( " accountExpires;format=TimeSpec: " , out )
self . assertIn ( " badPasswordTime: 0 " , out )
self . assertNotIn ( " badPasswordTime;format=GeneralizedTime: " , out )
self . assertNotIn ( " badPasswordTime;format=UnixTime: " , out )
self . assertNotIn ( " badPasswordTime;format=TimeSpec: " , out )
self . assertIn ( " lastLogoff: 0 " , out )
self . assertNotIn ( " lastLogoff;format=GeneralizedTime: " , out )
self . assertNotIn ( " lastLogoff;format=UnixTime: " , out )
self . assertNotIn ( " lastLogoff;format=TimeSpec: " , out )
self . assertIn ( " lastLogon: 0 " , out )
self . assertNotIn ( " lastLogon;format=GeneralizedTime: " , out )
self . assertNotIn ( " lastLogon;format=UnixTime: " , out )
self . assertNotIn ( " lastLogon;format=TimeSpec: " , out )
# If a specified attribute is not available on a user object
# it's silently omitted.
self . assertNotIn ( " lastLogonTimestamp: " , out )
self . assertNotIn ( " lockoutTime: " , out )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed: 1 " , out )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=GeneralizedTime: 20 " , out )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=UnixTime: 1 " , out )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=TimeSpec: 1 " , out )
self . assertIn ( " pwdLastSet: 1 " , out )
self . assertIn ( " pwdLastSet;format=GeneralizedTime: 20 " , out )
self . assertIn ( " pwdLastSet;format=UnixTime: 1 " , out )
self . assertIn ( " pwdLastSet;format=TimeSpec: 1 " , out )
out_msgs = self . samdb . parse_ldif ( out )
out_msg = next ( out_msgs ) [ 1 ]
self . assertIn ( " whenCreated " , out_msg )
when_created_str = str ( out_msg [ " whenCreated " ] [ 0 ] )
self . assertIn ( " whenCreated;format=GeneralizedTime " , out_msg )
self . assertEqual ( str ( out_msg [ " whenCreated;format=GeneralizedTime " ] [ 0 ] ) , when_created_str )
when_created_time = ldb . string_to_time ( when_created_str )
self . assertIn ( " whenCreated;format=UnixTime " , out_msg )
self . assertEqual ( str ( out_msg [ " whenCreated;format=UnixTime " ] [ 0 ] ) , str ( when_created_time ) )
self . assertIn ( " whenCreated;format=TimeSpec " , out_msg )
self . assertEqual ( str ( out_msg [ " whenCreated;format=TimeSpec " ] [ 0 ] ) ,
" %d .000000000 " % ( when_created_time ) )
self . assertIn ( " whenChanged " , out_msg )
when_changed_str = str ( out_msg [ " whenChanged " ] [ 0 ] )
self . assertIn ( " whenChanged;format=GeneralizedTime " , out_msg )
self . assertEqual ( str ( out_msg [ " whenChanged;format=GeneralizedTime " ] [ 0 ] ) , when_changed_str )
when_changed_time = ldb . string_to_time ( when_changed_str )
self . assertIn ( " whenChanged;format=UnixTime " , out_msg )
self . assertEqual ( str ( out_msg [ " whenChanged;format=UnixTime " ] [ 0 ] ) , str ( when_changed_time ) )
self . assertIn ( " whenChanged;format=TimeSpec " , out_msg )
self . assertEqual ( str ( out_msg [ " whenChanged;format=TimeSpec " ] [ 0 ] ) ,
" %d .000000000 " % ( when_changed_time ) )
self . assertIn ( " pwdLastSet;format=GeneralizedTime " , out_msg )
pwd_last_set_str = str ( out_msg [ " pwdLastSet;format=GeneralizedTime " ] [ 0 ] )
pwd_last_set_time = ldb . string_to_time ( pwd_last_set_str )
self . assertIn ( " pwdLastSet;format=UnixTime " , out_msg )
self . assertEqual ( str ( out_msg [ " pwdLastSet;format=UnixTime " ] [ 0 ] ) , str ( pwd_last_set_time ) )
self . assertIn ( " pwdLastSet;format=TimeSpec " , out_msg )
self . assertIn ( " %d . " % pwd_last_set_time , str ( out_msg [ " pwdLastSet;format=TimeSpec " ] [ 0 ] ) )
self . assertNotIn ( " .000000000 " , str ( out_msg [ " pwdLastSet;format=TimeSpec " ] [ 0 ] ) )
# assert that the pwd has been set in the minute after user creation
self . assertGreaterEqual ( pwd_last_set_time , when_created_time )
self . assertLess ( pwd_last_set_time , when_created_time + 60 )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=GeneralizedTime " , out_msg )
pwd_expires_str = str ( out_msg [ " msDS-UserPasswordExpiryTimeComputed;format=GeneralizedTime " ] [ 0 ] )
pwd_expires_time = ldb . string_to_time ( pwd_expires_str )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=UnixTime " , out_msg )
self . assertEqual ( str ( out_msg [ " msDS-UserPasswordExpiryTimeComputed;format=UnixTime " ] [ 0 ] ) , str ( pwd_expires_time ) )
self . assertIn ( " msDS-UserPasswordExpiryTimeComputed;format=TimeSpec " , out_msg )
self . assertIn ( " %d . " % pwd_expires_time , str ( out_msg [ " msDS-UserPasswordExpiryTimeComputed;format=TimeSpec " ] [ 0 ] ) )
self . assertNotIn ( " .000000000 " , str ( out_msg [ " msDS-UserPasswordExpiryTimeComputed;format=TimeSpec " ] [ 0 ] ) )
# assert that the pwd expires after it was set
self . assertGreater ( pwd_expires_time , pwd_last_set_time )
2017-12-18 18:12:13 +03:00
def test_move ( self ) :
python:tests: Make sure we delete the OU for movetest
UNEXPECTED(failure): samba.tests.samba_tool.group.samba.tests.samba_tool.group.GroupCmdTestCase.test_move(ad_dc_default:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "python/samba/tests/samba_tool/group.py", line 341, in test_move
self.assertCmdSuccess(result, out, err)
File "python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add ou "OU=movetest,DC=addom,DC=samba,DC=example,DC=com" - Entry
OU=movetest,DC=addom,DC=samba,DC=example,DC=com already exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 17:44:43 +03:00
full_ou_dn = str ( self . samdb . normalize_dn_in_domain ( " OU=movetest_usr " ) )
self . addCleanup ( self . samdb . delete , full_ou_dn , [ " tree_delete:1 " ] )
2020-08-27 10:25:44 +03:00
( result , out , err ) = self . runsubcmd ( " ou " , " add " , full_ou_dn )
2017-12-18 18:12:13 +03:00
self . assertCmdSuccess ( result , out , err )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " There shouldn ' t be any error message " )
2020-08-27 10:25:44 +03:00
self . assertIn ( ' Added ou " %s " ' % full_ou_dn , out )
2017-12-18 18:12:13 +03:00
for user in self . users :
( result , out , err ) = self . runsubcmd (
" user " , " move " , user [ " name " ] , full_ou_dn )
self . assertCmdSuccess ( result , out , err , " Error running move " )
self . assertIn ( ' Moved user " %s " into " %s " ' %
( user [ " name " ] , full_ou_dn ) , out )
# Should fail as users objects are in OU
2018-07-30 09:17:44 +03:00
( result , out , err ) = self . runsubcmd ( " ou " , " delete " , full_ou_dn )
2017-12-18 18:12:13 +03:00
self . assertCmdFail ( result )
self . assertIn ( ( " subtree_delete: Unable to delete a non-leaf node "
" (it has %d children)! " ) % len ( self . users ) , err )
for user in self . users :
new_dn = " CN=Users, %s " % self . samdb . domain_dn ( )
( result , out , err ) = self . runsubcmd (
" user " , " move " , user [ " name " ] , new_dn )
self . assertCmdSuccess ( result , out , err , " Error running move " )
self . assertIn ( ' Moved user " %s " into " %s " ' %
( user [ " name " ] , new_dn ) , out )
2020-08-06 16:26:13 +03:00
def test_rename_surname_initials_givenname ( self ) :
""" rename the existing surname and given name and add missing
initials , then remove them , for all users """
for user in self . users :
new_givenname = " new_given_name_of_ " + user [ " name " ]
new_initials = " A "
new_surname = " new_surname_of_ " + user [ " name " ]
found = self . _find_user ( user [ " name " ] )
old_cn = str ( found . get ( " cn " ) )
# rename given name, initials and surname
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --surname= %s " % new_surname ,
" --initials= %s " % new_initials ,
" --given-name= %s " % new_givenname )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( " %s " % found . get ( " givenName " ) , new_givenname )
self . assertEqual ( " %s " % found . get ( " initials " ) , new_initials )
self . assertEqual ( " %s " % found . get ( " sn " ) , new_surname )
self . assertEqual ( " %s " % found . get ( " name " ) ,
" %s %s . %s " % ( new_givenname , new_initials , new_surname ) )
self . assertEqual ( " %s " % found . get ( " cn " ) ,
" %s %s . %s " % ( new_givenname , new_initials , new_surname ) )
# remove given name, initials and surname
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --surname= " ,
" --initials= " ,
" --given-name= " )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( found . get ( " givenName " ) , None )
self . assertEqual ( found . get ( " initials " ) , None )
self . assertEqual ( found . get ( " sn " ) , None )
self . assertEqual ( " %s " % found . get ( " cn " ) , user [ " name " ] )
# reset changes (initials are removed)
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --surname= %(surname)s " % user ,
" --given-name= % (given-name)s " % user )
self . assertCmdSuccess ( result , out , err )
if old_cn :
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --force-new-cn= %s " % old_cn )
def test_rename_cn_samaccountname ( self ) :
""" rename and try to remove the cn and the samaccount of all users """
for user in self . users :
new_cn = " new_cn_of_ " + user [ " name " ]
new_samaccountname = " new_samaccount_of_ " + user [ " name " ]
new_surname = " new_surname_of_ " + user [ " name " ]
# rename cn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --samaccountname= %s "
% new_samaccountname ,
" --force-new-cn= %s " % new_cn )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( new_samaccountname )
self . assertEqual ( " %s " % found . get ( " cn " ) , new_cn )
self . assertEqual ( " %s " % found . get ( " sAMAccountName " ) ,
new_samaccountname )
# changing the surname has no effect to the cn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , new_samaccountname ,
" --surname= %s " % new_surname )
self . assertCmdSuccess ( result , out , err )
found = self . _find_user ( new_samaccountname )
self . assertEqual ( " %s " % found . get ( " cn " ) , new_cn )
# trying to remove cn (throws an error)
( result , out , err ) = self . runsubcmd ( " user " , " rename " ,
new_samaccountname ,
" --force-new-cn= " )
self . assertCmdFail ( result )
self . assertIn ( ' Failed to rename user ' , err )
self . assertIn ( " delete protected attribute " , err )
# trying to remove the samccountname (throws an error)
( result , out , err ) = self . runsubcmd ( " user " , " rename " ,
new_samaccountname ,
" --samaccountname= " )
self . assertCmdFail ( result )
self . assertIn ( ' Failed to rename user ' , err )
self . assertIn ( ' delete protected attribute ' , err )
# reset changes (cn must be the name)
( result , out , err ) = self . runsubcmd ( " user " , " rename " , new_samaccountname ,
" --samaccountname= %(name)s "
% user ,
" --force-new-cn= %(name)s " % user )
self . assertCmdSuccess ( result , out , err )
def test_rename_standard_cn ( self ) :
""" reset the cn of all users to the standard """
for user in self . users :
new_cn = " new_cn_of_ " + user [ " name " ]
new_givenname = " new_given_name_of_ " + user [ " name " ]
new_initials = " A "
new_surname = " new_surname_of_ " + user [ " name " ]
# set different cn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --force-new-cn= %s " % new_cn )
self . assertCmdSuccess ( result , out , err )
# remove given name, initials and surname
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --surname= " ,
" --initials= " ,
" --given-name= " )
self . assertCmdSuccess ( result , out , err )
# reset the CN (no given name, initials or surname --> samaccountname)
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --reset-cn " )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( " %s " % found . get ( " cn " ) , user [ " name " ] )
# set given name, initials and surname and set different cn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --force-new-cn= %s " % new_cn ,
" --surname= %s " % new_surname ,
" --initials= %s " % new_initials ,
" --given-name= %s " % new_givenname )
self . assertCmdSuccess ( result , out , err )
# reset the CN (given name, initials or surname are given --> given name)
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --reset-cn " )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( " %s " % found . get ( " cn " ) ,
" %s %s . %s " % ( new_givenname , new_initials , new_surname ) )
# reset changes
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --reset-cn " ,
" --initials= " ,
" --surname= %(surname)s " % user ,
" --given-name= % (given-name)s " % user )
self . assertCmdSuccess ( result , out , err )
def test_rename_mailaddress_displayname ( self ) :
for user in self . users :
new_mail = " new_mailaddress_of_ " + user [ " name " ]
new_displayname = " new displayname of " + user [ " name " ]
# change mail and displayname
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --mail-address= %s "
% new_mail ,
" --display-name= %s "
% new_displayname )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( " %s " % found . get ( " mail " ) , new_mail )
self . assertEqual ( " %s " % found . get ( " displayName " ) , new_displayname )
# remove mail and displayname
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --mail-address= " ,
" --display-name= " )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( found . get ( " mail " ) , None )
self . assertEqual ( found . get ( " displayName " ) , None )
def test_rename_upn ( self ) :
""" rename upn of all users """
for user in self . users :
found = self . _find_user ( user [ " name " ] )
old_upn = " %s " % found . get ( " userPrincipalName " )
valid_suffix = old_upn . split ( ' @ ' ) [ 1 ] # samba.example.com
valid_new_upn = " new_ %s @ %s " % ( user [ " name " ] , valid_suffix )
invalid_new_upn = " %s @invalid.suffix " + user [ " name " ]
# trying to set invalid upn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --upn= %s "
% invalid_new_upn )
self . assertCmdFail ( result )
self . assertIn ( ' is not a valid upn ' , err )
# set valid upn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --upn= %s "
% valid_new_upn )
self . assertCmdSuccess ( result , out , err )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
self . assertIn ( ' successfully ' , out )
found = self . _find_user ( user [ " name " ] )
self . assertEqual ( " %s " % found . get ( " userPrincipalName " ) , valid_new_upn )
# trying to remove upn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --upn= %s " )
self . assertCmdFail ( result )
self . assertIn ( ' is not a valid upn ' , err )
# reset upn
( result , out , err ) = self . runsubcmd ( " user " , " rename " , user [ " name " ] ,
" --upn= %s " % old_upn )
self . assertCmdSuccess ( result , out , err )
2012-09-30 06:32:00 +04:00
def test_getpwent ( self ) :
try :
import pwd
except ImportError :
self . skipTest ( " Skipping getpwent test, no ' pwd ' module available " )
return
# get the current user's data for the test
uid = os . geteuid ( )
try :
u = pwd . getpwuid ( uid )
except KeyError :
self . skipTest ( " Skipping getpwent test, current EUID not found in NSS " )
return
2013-05-14 17:20:18 +04:00
2016-08-28 11:29:33 +03:00
# samba-tool user create command didn't support users with empty gecos if none is
2013-05-14 17:20:18 +04:00
# specified on the command line and the user hasn't one in the passwd file it
# will fail, so let's add some contents
gecos = u [ 4 ]
if ( gecos is None or len ( gecos ) == 0 ) :
gecos = " Foo GECOS "
2012-09-30 06:32:00 +04:00
user = self . _randomPosixUser ( {
" name " : u [ 0 ] ,
" uid " : u [ 0 ] ,
" uidNumber " : u [ 2 ] ,
" gidNumber " : u [ 3 ] ,
2013-05-14 17:20:18 +04:00
" gecos " : gecos ,
2012-09-30 06:32:00 +04:00
" loginShell " : u [ 6 ] ,
} )
python:tests: Make sure we do not run into issues with already existing users
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_getpwent(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 1044, in test_getpwent
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'mockbuild': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountName 'mockbuild' already in use!> <>
]:
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_list(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 69, in setUp
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'sambatool1': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountNa me 'sambatool1' already in use!> <>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 12:17:05 +03:00
# Remove user if it already exists
if self . _find_user ( u [ 0 ] ) :
self . runsubcmd ( " user " , " delete " , u [ 0 ] )
2012-09-30 06:32:00 +04:00
# check if --rfc2307-from-nss sets the same values as we got from pwd.getpwuid()
2016-08-28 11:29:33 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " create " , user [ " name " ] , user [ " password " ] ,
2018-07-30 09:15:34 +03:00
" --surname= %s " % user [ " surname " ] ,
" --given-name= %s " % user [ " given-name " ] ,
" --job-title= %s " % user [ " job-title " ] ,
" --department= %s " % user [ " department " ] ,
" --description= %s " % user [ " description " ] ,
" --company= %s " % user [ " company " ] ,
" --gecos= %s " % user [ " gecos " ] ,
" --rfc2307-from-nss " ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2012-09-30 06:32:00 +04:00
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
2020-08-27 10:19:37 +03:00
self . assertIn ( " User ' %s ' added successfully " % user [ " name " ] , out )
2012-09-30 06:32:00 +04:00
self . _check_posix_user ( user )
self . runsubcmd ( " user " , " delete " , user [ " name " ] )
# Check if overriding the attributes from NSS with explicit values works
#
# get a user with all random posix attributes
user = self . _randomPosixUser ( { " name " : u [ 0 ] } )
python:tests: Make sure we do not run into issues with already existing users
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_getpwent(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 1044, in test_getpwent
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'mockbuild': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountName 'mockbuild' already in use!> <>
]:
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_list(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 69, in setUp
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'sambatool1': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountNa me 'sambatool1' already in use!> <>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 12:17:05 +03:00
# Remove user if it already exists
if self . _find_user ( u [ 0 ] ) :
self . runsubcmd ( " user " , " delete " , u [ 0 ] )
2012-09-30 06:32:00 +04:00
# create a user with posix attributes from nss but override all of them with the
# random ones just obtained
2016-08-28 11:29:33 +03:00
( result , out , err ) = self . runsubcmd ( " user " , " create " , user [ " name " ] , user [ " password " ] ,
2018-07-30 09:15:34 +03:00
" --surname= %s " % user [ " surname " ] ,
" --given-name= %s " % user [ " given-name " ] ,
" --job-title= %s " % user [ " job-title " ] ,
" --department= %s " % user [ " department " ] ,
" --description= %s " % user [ " description " ] ,
" --company= %s " % user [ " company " ] ,
" --rfc2307-from-nss " ,
" --gecos= %s " % user [ " gecos " ] ,
" --login-shell= %s " % user [ " loginShell " ] ,
" --uid= %s " % user [ " uid " ] ,
" --uid-number= %s " % user [ " uidNumber " ] ,
" --gid-number= %s " % user [ " gidNumber " ] ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2012-09-30 06:32:00 +04:00
2016-08-02 13:33:34 +03:00
self . assertCmdSuccess ( result , out , err )
2020-02-07 01:02:38 +03:00
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
2020-08-27 10:19:37 +03:00
self . assertIn ( " User ' %s ' added successfully " % user [ " name " ] , out )
2012-03-09 17:32:55 +04:00
2012-09-30 06:32:00 +04:00
self . _check_posix_user ( user )
self . runsubcmd ( " user " , " delete " , user [ " name " ] )
2012-03-09 17:32:55 +04:00
2020-10-29 14:38:51 +03:00
# Test: samba-tool user unlock
# This test does not verify that the command unlocks the user, it just
# tests the command itself. The unlock test, which unlocks locked users,
# is located in the 'samba4.ldap.password_lockout' test in
# source4/dsdb/tests/python/password_lockout.py
def test_unlock ( self ) :
# try to unlock a nonexistent user, this should fail
nonexistentusername = " userdoesnotexist "
( result , out , err ) = self . runsubcmd (
" user " , " unlock " , nonexistentusername )
self . assertCmdFail ( result , " Ensure that unlock nonexistent user fails " )
self . assertIn ( " Failed to unlock user ' %s ' " % nonexistentusername , err )
self . assertIn ( " Unable to find user " , err )
# try to unlock with insufficient permissions, this should fail
unprivileged_username = " unprivilegedunlockuser "
unlocktest_username = " usertounlock "
self . runsubcmd ( " user " , " add " , unprivileged_username , " Passw0rd " )
self . runsubcmd ( " user " , " add " , unlocktest_username , " Passw0rd " )
( result , out , err ) = self . runsubcmd (
" user " , " unlock " , unlocktest_username ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( unprivileged_username ,
" Passw0rd " ) )
self . assertCmdFail ( result , " Fail with LDAP_INSUFFICIENT_ACCESS_RIGHTS " )
self . assertIn ( " Failed to unlock user ' %s ' " % unlocktest_username , err )
self . assertIn ( " LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS " , err )
self . runsubcmd ( " user " , " delete " , unprivileged_username )
self . runsubcmd ( " user " , " delete " , unlocktest_username )
# run unlock against test users
for user in self . users :
( result , out , err ) = self . runsubcmd (
" user " , " unlock " , user [ " name " ] )
self . assertCmdSuccess ( result , out , err , " Error running user unlock " )
self . assertEqual ( err , " " , " Shouldn ' t be any error messages " )
2023-02-23 05:54:37 +03:00
def _randomUser ( self , base = None ) :
2011-11-02 18:02:29 +04:00
""" create a user with random attribute values, you can specify base attributes """
2023-02-23 05:54:37 +03:00
if base is None :
base = { }
2011-11-02 18:02:29 +04:00
user = {
" name " : self . randomName ( ) ,
2018-10-16 23:10:10 +03:00
" password " : self . random_password ( 16 ) ,
2011-11-02 18:02:29 +04:00
" surname " : self . randomName ( ) ,
" given-name " : self . randomName ( ) ,
" job-title " : self . randomName ( ) ,
" department " : self . randomName ( ) ,
" company " : self . randomName ( ) ,
" description " : self . randomName ( count = 100 ) ,
2012-09-30 06:32:00 +04:00
" createUserFn " : self . _create_user ,
" checkUserFn " : self . _check_user ,
2018-07-30 09:14:37 +03:00
}
2011-11-02 18:02:29 +04:00
user . update ( base )
return user
2023-02-23 05:54:37 +03:00
def _randomPosixUser ( self , base = None ) :
2012-09-30 06:32:00 +04:00
""" create a user with random attribute values and additional RFC2307
attributes , you can specify base attributes """
2023-02-23 05:54:37 +03:00
if base is None :
base = { }
2012-09-30 06:32:00 +04:00
user = self . _randomUser ( { } )
user . update ( base )
posixAttributes = {
" uid " : self . randomName ( ) ,
" loginShell " : self . randomName ( ) ,
" gecos " : self . randomName ( ) ,
" uidNumber " : self . randomXid ( ) ,
" gidNumber " : self . randomXid ( ) ,
" createUserFn " : self . _create_posix_user ,
" checkUserFn " : self . _check_posix_user ,
}
user . update ( posixAttributes )
user . update ( base )
return user
2023-02-23 05:54:37 +03:00
def _randomUnixUser ( self , base = None ) :
2019-07-02 15:41:34 +03:00
""" create a user with random attribute values and additional RFC2307
attributes , you can specify base attributes """
2023-02-23 05:54:37 +03:00
if base is None :
base = { }
2019-07-02 15:41:34 +03:00
user = self . _randomUser ( { } )
user . update ( base )
posixAttributes = {
" uidNumber " : self . randomXid ( ) ,
" gidNumber " : self . randomXid ( ) ,
" uid " : self . randomName ( ) ,
" loginShell " : self . randomName ( ) ,
" gecos " : self . randomName ( ) ,
" createUserFn " : self . _create_unix_user ,
" checkUserFn " : self . _check_unix_user ,
}
user . update ( posixAttributes )
user . update ( base )
return user
2012-09-30 06:32:00 +04:00
def _check_user ( self , user ) :
""" check if a user from SamDB has the same attributes as its template """
found = self . _find_user ( user [ " name " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " name " ) , " % (given-name)s %(surname)s " % user )
self . assertEqual ( " %s " % found . get ( " title " ) , user [ " job-title " ] )
self . assertEqual ( " %s " % found . get ( " company " ) , user [ " company " ] )
self . assertEqual ( " %s " % found . get ( " description " ) , user [ " description " ] )
self . assertEqual ( " %s " % found . get ( " department " ) , user [ " department " ] )
2012-09-30 06:32:00 +04:00
def _check_posix_user ( self , user ) :
""" check if a posix_user from SamDB has the same attributes as its template """
found = self . _find_user ( user [ " name " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " loginShell " ) , user [ " loginShell " ] )
self . assertEqual ( " %s " % found . get ( " gecos " ) , user [ " gecos " ] )
self . assertEqual ( " %s " % found . get ( " uidNumber " ) , " %s " % user [ " uidNumber " ] )
self . assertEqual ( " %s " % found . get ( " gidNumber " ) , " %s " % user [ " gidNumber " ] )
self . assertEqual ( " %s " % found . get ( " uid " ) , user [ " uid " ] )
2012-09-30 06:32:00 +04:00
self . _check_user ( user )
2019-07-02 15:41:34 +03:00
def _check_unix_user ( self , user ) :
""" check if a unix_user from SamDB has the same attributes as its
template """
found = self . _find_user ( user [ " name " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " loginShell " ) , user [ " loginShell " ] )
self . assertEqual ( " %s " % found . get ( " gecos " ) , user [ " gecos " ] )
self . assertEqual ( " %s " % found . get ( " uidNumber " ) , " %s " %
2019-07-02 15:41:34 +03:00
user [ " uidNumber " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " gidNumber " ) , " %s " %
2019-07-02 15:41:34 +03:00
user [ " gidNumber " ] )
2020-02-07 01:02:38 +03:00
self . assertEqual ( " %s " % found . get ( " uid " ) , user [ " uid " ] )
2020-08-27 22:13:06 +03:00
self . assertIn ( ' /home/test/ ' , " %s " % found . get ( " unixHomeDirectory " ) )
2019-07-02 15:41:34 +03:00
self . _check_user ( user )
2011-11-02 18:02:29 +04:00
def _create_user ( self , user ) :
2020-08-27 10:19:37 +03:00
return self . runsubcmd ( " user " , " add " , user [ " name " ] , user [ " password " ] ,
2018-07-30 09:15:34 +03:00
" --surname= %s " % user [ " surname " ] ,
" --given-name= %s " % user [ " given-name " ] ,
" --job-title= %s " % user [ " job-title " ] ,
" --department= %s " % user [ " department " ] ,
" --description= %s " % user [ " description " ] ,
" --company= %s " % user [ " company " ] ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2018-07-30 09:19:59 +03:00
2012-09-30 06:32:00 +04:00
def _create_posix_user ( self , user ) :
""" create a new user with RFC2307 attributes """
return self . runsubcmd ( " user " , " create " , user [ " name " ] , user [ " password " ] ,
2018-07-30 09:15:34 +03:00
" --surname= %s " % user [ " surname " ] ,
" --given-name= %s " % user [ " given-name " ] ,
" --job-title= %s " % user [ " job-title " ] ,
" --department= %s " % user [ " department " ] ,
" --description= %s " % user [ " description " ] ,
" --company= %s " % user [ " company " ] ,
" --gecos= %s " % user [ " gecos " ] ,
" --login-shell= %s " % user [ " loginShell " ] ,
" --uid= %s " % user [ " uid " ] ,
" --uid-number= %s " % user [ " uidNumber " ] ,
" --gid-number= %s " % user [ " gidNumber " ] ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] , os . environ [ " DC_PASSWORD " ] ) )
2011-11-02 18:02:29 +04:00
2019-07-02 15:41:34 +03:00
def _create_unix_user ( self , user ) :
""" Add RFC2307 attributes to a user """
self . _create_user ( user )
return self . runsubcmd ( " user " , " addunixattrs " , user [ " name " ] ,
" %s " % user [ " uidNumber " ] ,
" --gid-number= %s " % user [ " gidNumber " ] ,
" --gecos= %s " % user [ " gecos " ] ,
" --login-shell= %s " % user [ " loginShell " ] ,
" --uid= %s " % user [ " uid " ] ,
" -H " , " ldap:// %s " % os . environ [ " DC_SERVER " ] ,
" -U %s %% %s " % ( os . environ [ " DC_USERNAME " ] ,
os . environ [ " DC_PASSWORD " ] ) )
2011-11-02 18:02:29 +04:00
def _find_user ( self , name ) :
search_filter = " (&(sAMAccountName= %s )(objectCategory= %s , %s )) " % ( ldb . binary_encode ( name ) , " CN=Person,CN=Schema,CN=Configuration " , self . samdb . domain_dn ( ) )
userlist = self . samdb . search ( base = self . samdb . domain_dn ( ) ,
2018-07-30 09:16:12 +03:00
scope = ldb . SCOPE_SUBTREE ,
2019-03-28 05:54:06 +03:00
expression = search_filter )
2011-11-02 18:02:29 +04:00
if userlist :
return userlist [ 0 ]
else :
return None