sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-30 19:42:05 +03:00
Code Activity

python tests: fix format() strings for Python 2.6

Browse Source 
Python 2.6 wants "{0}".format(x), not "{}".format(x).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall
2018-09-21 13:22:56 +12:00
committed by Andrew Bartlett
parent 3b94d31d24
commit 198bcfbac3
13 changed files with 108 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/samba/tests/blackbox/check_output.py
View File

@ -55,7 +55,9 @@ class TimeoutHelper():
def _make_cmdline(data='$', repeat=(5 * 1024 * 1024), retcode=0): def _make_cmdline(data='$', repeat=(5 * 1024 * 1024), retcode=0):
"""Build a command to call gen_output.py to generate large output""" """Build a command to call gen_output.py to generate large output"""
return 'gen_output.py --data {} --repeat {} --retcode {}'.format(data, repeat, retcode) return 'gen_output.py --data {0} --repeat {1} --retcode {2}'.format(data,
repeat,
retcode)
class CheckOutputTests(BlackboxTestCase): class CheckOutputTests(BlackboxTestCase):

6
python/samba/tests/blackbox/samba_dnsupdate.py
View File

@ -99,14 +99,14 @@ class SambaDnsUpdateTests(samba.tests.BlackboxTestCase):
m = ldb.Message() m = ldb.Message()
m.dn = ldb.Dn(self.samdb, 'CN=DEFAULTIPSITELINK,CN=IP,' m.dn = ldb.Dn(self.samdb, 'CN=DEFAULTIPSITELINK,CN=IP,'
'CN=Inter-Site Transports,CN=Sites,{}'.format( 'CN=Inter-Site Transports,CN=Sites,{0}'.format(
self.samdb.get_config_basedn())) self.samdb.get_config_basedn()))
m['siteList'] = ldb.MessageElement("CN={},CN=Sites,{}".format( m['siteList'] = ldb.MessageElement("CN={0},CN=Sites,{1}".format(
site_name, site_name,
self.samdb.get_config_basedn()), self.samdb.get_config_basedn()),
ldb.FLAG_MOD_ADD, "siteList") ldb.FLAG_MOD_ADD, "siteList")
dns_c = "samba_dnsupdate --verbose --use-file={}".format(tmp_uc) dns_c = "samba_dnsupdate --verbose --use-file={0}".format(tmp_uc)
out = self.check_output(dns_c) out = self.check_output(dns_c)
self.assertFalse(site_name.lower() in out, out) self.assertFalse(site_name.lower() in out, out)

12
python/samba/tests/dns.py
View File

@ -1002,7 +1002,7 @@ class TestZones(DNSTest):
self.fail(str(e)) self.fail(str(e))
def ldap_modify_dnsrecs(self, name, func): def ldap_modify_dnsrecs(self, name, func):
dn = 'DC={},{}'.format(name, self.zone_dn) dn = 'DC={0},{1}'.format(name, self.zone_dn)
dns_recs = self.ldap_get_dns_records(name) dns_recs = self.ldap_get_dns_records(name)
for rec in dns_recs: for rec in dns_recs:
func(rec) func(rec)
@ -1033,7 +1033,7 @@ class TestZones(DNSTest):
# The use of SCOPE_SUBTREE here avoids raising an exception in the # The use of SCOPE_SUBTREE here avoids raising an exception in the
# 0 results case for a test below. # 0 results case for a test below.
expr = "(&(objectClass=dnsNode)(name={}))".format(name) expr = "(&(objectClass=dnsNode)(name={0}))".format(name)
return self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE, return self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE,
expression=expr, attrs=["*"]) expression=expr, attrs=["*"])
@ -1045,7 +1045,7 @@ class TestZones(DNSTest):
def ldap_get_zone_settings(self): def ldap_get_zone_settings(self):
records = self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_BASE, records = self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_BASE,
expression="(&(objectClass=dnsZone)" + expression="(&(objectClass=dnsZone)" +
"(name={}))".format(self.zone), "(name={0}))".format(self.zone),
attrs=["dNSProperty"]) attrs=["dNSProperty"])
self.assertEqual(len(records), 1) self.assertEqual(len(records), 1)
props = [ndr_unpack(dnsp.DnsProperty, r) props = [ndr_unpack(dnsp.DnsProperty, r)
@ -1259,7 +1259,7 @@ class TestZones(DNSTest):
self.dns_tombstone(name5, txt5, self.zone) self.dns_tombstone(name5, txt5, self.zone)
self.ldap_get_dns_records(name3) self.ldap_get_dns_records(name3)
expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={})" expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={0})"
expr = expr.format(int(last_update.dwTimeStamp) - 1) expr = expr.format(int(last_update.dwTimeStamp) - 1)
try: try:
res = self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE, res = self.samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE,
@ -1281,7 +1281,7 @@ class TestZones(DNSTest):
Aging=1, zone=self.zone, Aging=1, zone=self.zone,
AllowUpdate=dnsp.DNS_ZONE_UPDATE_UNSECURE) AllowUpdate=dnsp.DNS_ZONE_UPDATE_UNSECURE)
expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={})" expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={0})"
expr = expr.format(1) expr = expr.format(1)
try: try:
@ -1328,7 +1328,7 @@ class TestZones(DNSTest):
# Tombstone time longer than 64 characters # Tombstone time longer than 64 characters
try: try:
expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={})" expr = "(dnsRecord:1.3.6.1.4.1.7165.4.5.3:={0})"
expr = expr.format("1" * 65) expr = expr.format("1" * 65)
res = samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE, res = samdb.search(base=self.zone_dn, scope=ldb.SCOPE_SUBTREE,
expression=expr, attrs=["*"]) expression=expr, attrs=["*"])

2
python/samba/tests/domain_backup_offline.py
View File

@ -111,7 +111,7 @@ class DomainBackupOfflineCmp(SambaToolCmdTest, TestCaseInTempDir):
fn.endswith(".tar.bz2")] fn.endswith(".tar.bz2")]
if len(tar_files) != 1: if len(tar_files) != 1:
raise CommandError("expected domain backup to create one tar" + raise CommandError("expected domain backup to create one tar" +
" file but got {}".format(len(tar_files))) " file but got {0}".format(len(tar_files)))
backup_file = os.path.join(prov_dir, tar_files[0]) backup_file = os.path.join(prov_dir, tar_files[0])
return prov_dir, backup_file return prov_dir, backup_file

6
python/samba/tests/kcc/kcc_utils.py
View File

@ -69,7 +69,7 @@ class SiteCoverageTests(samba.tests.TestCase):
self.samdb.transaction_commit() self.samdb.transaction_commit()
def _add_server(self, name, site): def _add_server(self, name, site):
dn = "CN={},CN=Servers,{}".format(name, site) dn = "CN={0},CN=Servers,{1}".format(name, site)
self.samdb.add({ self.samdb.add({
"dn": dn, "dn": dn,
"objectClass": "server", "objectClass": "server",
@ -78,7 +78,7 @@ class SiteCoverageTests(samba.tests.TestCase):
return dn return dn
def _add_site(self, name): def _add_site(self, name):
dn = "CN={},CN=Sites,{}".format( dn = "CN={0},CN=Sites,{1}".format(
name, self.samdb.get_config_basedn() name, self.samdb.get_config_basedn()
) )
self.samdb.add({ self.samdb.add({
@ -94,7 +94,7 @@ class SiteCoverageTests(samba.tests.TestCase):
return dn, name.lower() return dn, name.lower()
def _add_site_link(self, name, links=[], cost=100): def _add_site_link(self, name, links=[], cost=100):
dn = "CN={},CN=IP,CN=Inter-Site Transports,CN=Sites,{}".format( dn = "CN={0},CN=IP,CN=Inter-Site Transports,CN=Sites,{1}".format(
name, self.samdb.get_config_basedn() name, self.samdb.get_config_basedn()
) )
self.samdb.add({ self.samdb.add({

2
python/samba/tests/krb5_credentials.py
View File

@ -95,7 +95,7 @@ class PyKrb5CredentialsTests(TestCase):
delete_force(self.ldb, self.machine_dn) delete_force(self.ldb, self.machine_dn)
# get unicode str for both py2 and py3 # get unicode str for both py2 and py3
pass_unicode = self.machine_pass.encode('utf-8').decode('utf-8') pass_unicode = self.machine_pass.encode('utf-8').decode('utf-8')
utf16pw = u'"{}"'.format(pass_unicode).encode('utf-16-le') utf16pw = u'"{0}"'.format(pass_unicode).encode('utf-16-le')
self.ldb.add({ self.ldb.add({
"dn": self.machine_dn, "dn": self.machine_dn,
"objectclass": "computer", "objectclass": "computer",

4
python/samba/tests/posixacl.py
View File

@ -823,7 +823,7 @@ class SessionedPosixAclMappingTests(PosixAclMappingTests):
# fake it with admin session as domsid is not in local db # fake it with admin session as domsid is not in local db
return auth.admin_session(self.lp, str(domsid)) return auth.admin_session(self.lp, str(domsid))
dn = '<SID={}-{}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR) dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS | flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS |
auth.AUTH_SESSION_INFO_AUTHENTICATED | auth.AUTH_SESSION_INFO_AUTHENTICATED |
auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
@ -844,7 +844,7 @@ class UnixSessionedPosixAclMappingTests(PosixAclMappingTests):
# fake it with admin session as domsid is not in local db # fake it with admin session as domsid is not in local db
return auth.admin_session(self.lp, str(domsid)) return auth.admin_session(self.lp, str(domsid))
dn = '<SID={}-{}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR) dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS | flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS |
auth.AUTH_SESSION_INFO_AUTHENTICATED | auth.AUTH_SESSION_INFO_AUTHENTICATED |
auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)

22
python/samba/tests/pso.py
View File

@ -228,18 +228,18 @@ class PasswordSettings:
# all the following fields are mandatory for the PSO object # all the following fields are mandatory for the PSO object
ldif = """ ldif = """
dn: {} dn: {0}
objectClass: msDS-PasswordSettings objectClass: msDS-PasswordSettings
msDS-PasswordSettingsPrecedence: {} msDS-PasswordSettingsPrecedence: {1}
msDS-PasswordReversibleEncryptionEnabled: {} msDS-PasswordReversibleEncryptionEnabled: {2}
msDS-PasswordHistoryLength: {} msDS-PasswordHistoryLength: {3}
msDS-PasswordComplexityEnabled: {} msDS-PasswordComplexityEnabled: {4}
msDS-MinimumPasswordLength: {} msDS-MinimumPasswordLength: {5}
msDS-MinimumPasswordAge: {} msDS-MinimumPasswordAge: {6}
msDS-MaximumPasswordAge: {} msDS-MaximumPasswordAge: {7}
msDS-LockoutThreshold: {} msDS-LockoutThreshold: {8}
msDS-LockoutObservationWindow: {} msDS-LockoutObservationWindow: {9}
msDS-LockoutDuration: {} msDS-LockoutDuration: {10}
""".format(self.dn, self.precedence, plaintext_str, self.history_len, """.format(self.dn, self.precedence, plaintext_str, self.history_len,
complexity_str, self.password_len, min_age, max_age, complexity_str, self.password_len, min_age, max_age,
self.lockout_attempts, lockout_window, lockout_duration) self.lockout_attempts, lockout_window, lockout_duration)

10
python/samba/tests/samba_tool/computer.py
View File

@ -254,14 +254,14 @@ class ComputerCmdTestCase(SambaToolCmdTest):
return ou return ou
def _create_computer(self, computer): def _create_computer(self, computer):
args = '{} {} --description={}'.format( args = '{0} {1} --description={2}'.format(
computer['name'], self.creds, computer["description"]) computer['name'], self.creds, computer["description"])
for ip_address in computer.get('ip_address_list', []): for ip_address in computer.get('ip_address_list', []):
args += ' --ip-address={}'.format(ip_address) args += ' --ip-address={0}'.format(ip_address)
for service_principal_name in computer.get('service_principal_name_list', []): for service_principal_name in computer.get('service_principal_name_list', []):
args += ' --service-principal-name={}'.format(service_principal_name) args += ' --service-principal-name={0}'.format(service_principal_name)
args = args.split() args = args.split()
@ -290,9 +290,9 @@ class ComputerCmdTestCase(SambaToolCmdTest):
def _find_dns_record(self, name, ip_address): def _find_dns_record(self, name, ip_address):
name = name.rstrip('$') # computername name = name.rstrip('$') # computername
records = self.samdb.search( records = self.samdb.search(
base="DC=DomainDnsZones,{}".format(self.samdb.get_default_basedn()), base="DC=DomainDnsZones,{0}".format(self.samdb.get_default_basedn()),
scope=ldb.SCOPE_SUBTREE, scope=ldb.SCOPE_SUBTREE,
expression="(&(objectClass=dnsNode)(name={}))".format(name), expression="(&(objectClass=dnsNode)(name={0}))".format(name),
attrs=['dnsRecord', 'dNSTombstoned']) attrs=['dnsRecord', 'dNSTombstoned'])
# unpack data and compare # unpack data and compare

6
python/samba/tests/samba_tool/demote.py
View File

@ -25,7 +25,7 @@ class DemoteCmdTestCase(SambaToolCmdTest):
def setUp(self): def setUp(self):
super(DemoteCmdTestCase, self).setUp() super(DemoteCmdTestCase, self).setUp()
self.creds_string = "-U{}%{}".format( self.creds_string = "-U{0}%{1}".format(
os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]) os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"])
self.dc_server = os.environ['DC_SERVER'] self.dc_server = os.environ['DC_SERVER']
@ -58,10 +58,10 @@ class DemoteCmdTestCase(SambaToolCmdTest):
self.assertCmdSuccess(result, out, err) self.assertCmdSuccess(result, out, err)
# the above A record points to this host # the above A record points to this host
dnshostname = '{}.{}'.format(server, zone) dnshostname = '{0}.{1}'.format(server, zone)
# add a SRV record points to above host # add a SRV record points to above host
srv_record = "{} 65530 65530 65530".format(dnshostname) srv_record = "{0} 65530 65530 65530".format(dnshostname)
self.runsubcmd( self.runsubcmd(
"dns", "add", self.dc_server, zone, 'testrecord', "SRV", "dns", "add", self.dc_server, zone, 'testrecord', "SRV",
srv_record, self.creds_string) srv_record, self.creds_string)

32
python/samba/tests/samba_tool/dnscmd.py
View File

@ -670,7 +670,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
'testa', "A", self.testip, self.creds_string) 'testa', "A", self.testip, self.creds_string)
# the above A record points to this host # the above A record points to this host
dnshostname = '{}.{}'.format('testa', self.zone.lower()) dnshostname = '{0}.{1}'.format('testa', self.zone.lower())
# add a CNAME record points to above host # add a CNAME record points to above host
self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone, self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone,
@ -685,7 +685,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
'testptr', "PTR", dnshostname, self.creds_string) 'testptr', "PTR", dnshostname, self.creds_string)
# add a SRV record points to above host # add a SRV record points to above host
srv_record = "{} 65530 65530 65530".format(dnshostname) srv_record = "{0} 65530 65530 65530".format(dnshostname)
self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone, self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone,
'testsrv', "SRV", srv_record, self.creds_string) 'testsrv', "SRV", srv_record, self.creds_string)
@ -697,9 +697,9 @@ class DnsCmdTestCase(SambaToolCmdTest):
for record_name in ['testa', 'testcname', 'testns', 'testptr', 'testsrv']: for record_name in ['testa', 'testcname', 'testns', 'testptr', 'testsrv']:
records = self.samdb.search( records = self.samdb.search(
base="DC=DomainDnsZones,{}".format(self.samdb.get_default_basedn()), base="DC=DomainDnsZones,{0}".format(self.samdb.get_default_basedn()),
scope=ldb.SCOPE_SUBTREE, scope=ldb.SCOPE_SUBTREE,
expression="(&(objectClass=dnsNode)(name={}))".format(record_name), expression="(&(objectClass=dnsNode)(name={0}))".format(record_name),
attrs=["dNSTombstoned"]) attrs=["dNSTombstoned"])
self.assertEqual(len(records), 1) self.assertEqual(len(records), 1)
@ -716,7 +716,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
'notesta', "A", self.testip, self.creds_string) 'notesta', "A", self.testip, self.creds_string)
# the above A record points to this host # the above A record points to this host
dnshostname = '{}.{}'.format('testa', self.zone.lower()) dnshostname = '{0}.{1}'.format('testa', self.zone.lower())
# add a CNAME record points to above host # add a CNAME record points to above host
self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone, self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone,
@ -731,7 +731,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
'notestptr', "PTR", dnshostname, self.creds_string) 'notestptr', "PTR", dnshostname, self.creds_string)
# add a SRV record points to above host # add a SRV record points to above host
srv_record = "{} 65530 65530 65530".format(dnshostname) srv_record = "{0} 65530 65530 65530".format(dnshostname)
self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone, self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone,
'notestsrv', "SRV", srv_record, self.creds_string) 'notestsrv', "SRV", srv_record, self.creds_string)
@ -747,9 +747,9 @@ class DnsCmdTestCase(SambaToolCmdTest):
for record_name in ['notestcname', 'notestns', 'notestptr', 'notestsrv']: for record_name in ['notestcname', 'notestns', 'notestptr', 'notestsrv']:
records = self.samdb.search( records = self.samdb.search(
base="DC=DomainDnsZones,{}".format(self.samdb.get_default_basedn()), base="DC=DomainDnsZones,{0}".format(self.samdb.get_default_basedn()),
scope=ldb.SCOPE_SUBTREE, scope=ldb.SCOPE_SUBTREE,
expression="(&(objectClass=dnsNode)(name={}))".format(record_name), expression="(&(objectClass=dnsNode)(name={0}))".format(record_name),
attrs=["dNSTombstoned"]) attrs=["dNSTombstoned"])
self.assertEqual(len(records), 1) self.assertEqual(len(records), 1)
@ -776,30 +776,30 @@ class DnsCmdTestCase(SambaToolCmdTest):
host, "A", self.testip, self.creds_string) host, "A", self.testip, self.creds_string)
# the above A record points to this host # the above A record points to this host
dnshostname = '{}.{}'.format(host, self.zone.lower()) dnshostname = '{0}.{1}'.format(host, self.zone.lower())
# add a SRV record points to above host # add a SRV record points to above host
srv_record = "{} 65530 65530 65530".format(dnshostname) srv_record = "{0} 65530 65530 65530".format(dnshostname)
self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone, self.runsubcmd("dns", "add", os.environ["SERVER"], self.zone,
srv_name, "SRV", srv_record, self.creds_string) srv_name, "SRV", srv_record, self.creds_string)
records = self.samdb.search( records = self.samdb.search(
base="DC=DomainDnsZones,{}".format(self.samdb.get_default_basedn()), base="DC=DomainDnsZones,{0}".format(self.samdb.get_default_basedn()),
scope=ldb.SCOPE_SUBTREE, scope=ldb.SCOPE_SUBTREE,
expression="(&(objectClass=dnsNode)(name={}))".format(srv_name), expression="(&(objectClass=dnsNode)(name={0}))".format(srv_name),
attrs=['dnsRecord']) attrs=['dnsRecord'])
# should have 2 records here # should have 2 records here
self.assertEqual(len(records[0]['dnsRecord']), 2) self.assertEqual(len(records[0]['dnsRecord']), 2)
# cleanup record for dns host1 # cleanup record for dns host1
dnshostname1 = 'host1.{}'.format(self.zone.lower()) dnshostname1 = 'host1.{0}'.format(self.zone.lower())
self.runsubcmd("dns", "cleanup", os.environ["SERVER"], self.runsubcmd("dns", "cleanup", os.environ["SERVER"],
dnshostname1, self.creds_string) dnshostname1, self.creds_string)
records = self.samdb.search( records = self.samdb.search(
base="DC=DomainDnsZones,{}".format(self.samdb.get_default_basedn()), base="DC=DomainDnsZones,{0}".format(self.samdb.get_default_basedn()),
scope=ldb.SCOPE_SUBTREE, scope=ldb.SCOPE_SUBTREE,
expression="(&(objectClass=dnsNode)(name={}))".format(srv_name), expression="(&(objectClass=dnsNode)(name={0}))".format(srv_name),
attrs=['dnsRecord', 'dNSTombstoned']) attrs=['dnsRecord', 'dNSTombstoned'])
# dnsRecord for host1 should be deleted # dnsRecord for host1 should be deleted
@ -810,7 +810,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
dns_record_obj = ndr_unpack(dnsp.DnssrvRpcRecord, dns_record_bin) dns_record_obj = ndr_unpack(dnsp.DnssrvRpcRecord, dns_record_bin)
# dnsRecord for host2 is still there and is the only one # dnsRecord for host2 is still there and is the only one
dnshostname2 = 'host2.{}'.format(self.zone.lower()) dnshostname2 = 'host2.{0}'.format(self.zone.lower())
self.assertEqual(dns_record_obj.data.nameTarget, dnshostname2) self.assertEqual(dns_record_obj.data.nameTarget, dnshostname2)
# assert that the record isn't spuriously tombstoned # assert that the record isn't spuriously tombstoned

106
source4/dsdb/tests/python/confidential_attr.py
View File

@ -106,10 +106,10 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# schemaIdGuid for homePostalAddress (used for ACE tests) # schemaIdGuid for homePostalAddress (used for ACE tests)
self.conf_attr_guid = "16775781-47f3-11d1-a9c3-0000f80367c1" self.conf_attr_guid = "16775781-47f3-11d1-a9c3-0000f80367c1"
self.conf_attr_sec_guid = "77b5b886-944a-11d1-aebd-0000f80367c1" self.conf_attr_sec_guid = "77b5b886-944a-11d1-aebd-0000f80367c1"
self.attr_dn = "{},{}".format(attr_cn, self.schema_dn) self.attr_dn = "{0},{1}".format(attr_cn, self.schema_dn)
userou = "OU=conf-attr-test" userou = "OU=conf-attr-test"
self.ou = "{},{}".format(userou, self.base_dn) self.ou = "{0},{1}".format(userou, self.base_dn)
self.ldb_admin.create_ou(self.ou) self.ldb_admin.create_ou(self.ou)
# use a common username prefix, so we can use sAMAccountName=CATC-* as # use a common username prefix, so we can use sAMAccountName=CATC-* as
@ -118,13 +118,13 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# add a test object with this attribute set # add a test object with this attribute set
self.conf_value = "abcdef" self.conf_value = "abcdef"
self.conf_user = "{}conf-user".format(self.user_prefix) self.conf_user = "{0}conf-user".format(self.user_prefix)
self.ldb_admin.newuser(self.conf_user, self.user_pass, userou=userou) self.ldb_admin.newuser(self.conf_user, self.user_pass, userou=userou)
self.conf_dn = self.get_user_dn(self.conf_user) self.conf_dn = self.get_user_dn(self.conf_user)
self.add_attr(self.conf_dn, self.conf_attr, self.conf_value) self.add_attr(self.conf_dn, self.conf_attr, self.conf_value)
# add a sneaky user that will try to steal our secrets # add a sneaky user that will try to steal our secrets
self.user = "{}sneaky-user".format(self.user_prefix) self.user = "{0}sneaky-user".format(self.user_prefix)
self.ldb_admin.newuser(self.user, self.user_pass, userou=userou) self.ldb_admin.newuser(self.user, self.user_pass, userou=userou)
self.ldb_user = self.get_ldb_connection(self.user, self.user_pass) self.ldb_user = self.get_ldb_connection(self.user, self.user_pass)
@ -133,10 +133,10 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# add some other users that also have confidential attributes, so we can # add some other users that also have confidential attributes, so we can
# check we don't disclose their details, particularly in '!' searches # check we don't disclose their details, particularly in '!' searches
for i in range(1, 3): for i in range(1, 3):
username = "{}other-user{}".format(self.user_prefix, i) username = "{0}other-user{1}".format(self.user_prefix, i)
self.ldb_admin.newuser(username, self.user_pass, userou=userou) self.ldb_admin.newuser(username, self.user_pass, userou=userou)
userdn = self.get_user_dn(username) userdn = self.get_user_dn(username)
self.add_attr(userdn, self.conf_attr, "xyz{}".format(i)) self.add_attr(userdn, self.conf_attr, "xyz{0}".format(i))
self.all_users.append(username) self.all_users.append(username)
# there are 4 users in the OU, plus the OU itself # there are 4 users in the OU, plus the OU itself
@ -148,8 +148,8 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# previous test run didn't clean up properly) # previous test run didn't clean up properly)
search_flags = self.get_attr_search_flags(self.attr_dn) search_flags = self.get_attr_search_flags(self.attr_dn)
self.assertTrue(int(search_flags) & SEARCH_FLAG_CONFIDENTIAL == 0, self.assertTrue(int(search_flags) & SEARCH_FLAG_CONFIDENTIAL == 0,
"{} searchFlags already {}".format(self.conf_attr, "{0} searchFlags already {1}".format(self.conf_attr,
search_flags)) search_flags))
def tearDown(self): def tearDown(self):
super(ConfidentialAttrCommon, self).tearDown() super(ConfidentialAttrCommon, self).tearDown()
@ -210,7 +210,7 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
return DC_MODE_RETURN_NONE return DC_MODE_RETURN_NONE
def get_user_dn(self, name): def get_user_dn(self, name):
return "CN={},{}".format(name, self.ou) return "CN={0},{1}".format(name, self.ou)
def get_user_sid_string(self, username): def get_user_sid_string(self, username):
user_dn = self.get_user_dn(username) user_dn = self.get_user_dn(username)
@ -233,7 +233,7 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
def assert_not_in_result(self, res, exclude_dn): def assert_not_in_result(self, res, exclude_dn):
for msg in res: for msg in res:
self.assertNotEqual(msg.dn, exclude_dn, self.assertNotEqual(msg.dn, exclude_dn,
"Search revealed object {}".format(exclude_dn)) "Search revealed object {0}".format(exclude_dn))
def assert_search_result(self, expected_num, expr, samdb): def assert_search_result(self, expected_num, expr, samdb):
@ -256,21 +256,21 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
searches = [ searches = [
# search for the attribute using a sub-string wildcard # search for the attribute using a sub-string wildcard
# (which could reveal the attribute's actual value) # (which could reveal the attribute's actual value)
"({}={}*)".format(test_attr, first_char), "({0}={1}*)".format(test_attr, first_char),
"({}=*{})".format(test_attr, last_char), "({0}=*{1})".format(test_attr, last_char),
# sanity-check equality against an exact match on value # sanity-check equality against an exact match on value
"({}={})".format(test_attr, self.conf_value), "({0}={1})".format(test_attr, self.conf_value),
# '~=' searches don't work against Samba # '~=' searches don't work against Samba
# sanity-check an approx search against an exact match on value # sanity-check an approx search against an exact match on value
# "({}~={})".format(test_attr, self.conf_value), # "({0}~={1})".format(test_attr, self.conf_value),
# check wildcard in an AND search... # check wildcard in an AND search...
"(&({}={}*)(objectclass=*))".format(test_attr, first_char), "(&({0}={1}*)(objectclass=*))".format(test_attr, first_char),
# ...an OR search (against another term that will never match) # ...an OR search (against another term that will never match)
"(|({}={}*)(objectclass=banana))".format(test_attr, first_char)] "(|({0}={1}*)(objectclass=banana))".format(test_attr, first_char)]
return searches return searches
@ -279,17 +279,17 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
searches = [ searches = [
# check a full wildcard against the confidential attribute # check a full wildcard against the confidential attribute
# (which could reveal the attribute's presence/absence) # (which could reveal the attribute's presence/absence)
"({}=*)".format(self.conf_attr), "({0}=*)".format(self.conf_attr),
# check wildcard in an AND search... # check wildcard in an AND search...
"(&(objectclass=*)({}=*))".format(self.conf_attr), "(&(objectclass=*)({0}=*))".format(self.conf_attr),
# ...an OR search (against another term that will never match) # ...an OR search (against another term that will never match)
"(|(objectclass=banana)({}=*))".format(self.conf_attr), "(|(objectclass=banana)({0}=*))".format(self.conf_attr),
# check <=, and >= expressions that would normally find a match # check <=, and >= expressions that would normally find a match
"({}>=0)".format(self.conf_attr), "({0}>=0)".format(self.conf_attr),
"({}<=ZZZZZZZZZZZ)".format(self.conf_attr)] "({0}<=ZZZZZZZZZZZ)".format(self.conf_attr)]
return searches return searches
@ -323,8 +323,8 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
not_last_char = chr(ord(last_char) + 1) not_last_char = chr(ord(last_char) + 1)
searches = [ searches = [
"(!({}={}*))".format(self.conf_attr, not_first_char), "(!({0}={1}*))".format(self.conf_attr, not_first_char),
"(!({}=*{}))".format(self.conf_attr, not_last_char)] "(!({0}=*{1}))".format(self.conf_attr, not_last_char)]
return searches return searches
# the following searches will not match against the test object(s). So # the following searches will not match against the test object(s). So
@ -335,8 +335,8 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
first_char = self.conf_value[:1] first_char = self.conf_value[:1]
last_char = self.conf_value[-1:] last_char = self.conf_value[-1:]
searches = [ searches = [
"(!({}={}*))".format(self.conf_attr, first_char), "(!({0}={1}*))".format(self.conf_attr, first_char),
"(!({}=*{}))".format(self.conf_attr, last_char)] "(!({0}=*{1}))".format(self.conf_attr, last_char)]
return searches return searches
def negative_searches_all_rights(self, total_objects=None): def negative_searches_all_rights(self, total_objects=None):
@ -350,7 +350,7 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
expected_results[search] = total_objects expected_results[search] = total_objects
# a ! wildcard should only match the objects without the attribute # a ! wildcard should only match the objects without the attribute
search = "(!({}=*))".format(self.conf_attr) search = "(!({0}=*))".format(self.conf_attr)
expected_results[search] = total_objects - self.objects_with_attr expected_results[search] = total_objects - self.objects_with_attr
# whereas the inverse searches should match all objects *except* the # whereas the inverse searches should match all objects *except* the
@ -379,7 +379,7 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# if the search is matching on an inverse subset (everything except the # if the search is matching on an inverse subset (everything except the
# object under test), the # object under test), the
inverse_searches = self.get_inverse_match_searches() inverse_searches = self.get_inverse_match_searches()
inverse_searches += ["(!({}=*))".format(self.conf_attr)] inverse_searches += ["(!({0}=*))".format(self.conf_attr)]
for search in inverse_searches: for search in inverse_searches:
expected_results[search] = total_objects - has_rights_to expected_results[search] = total_objects - has_rights_to
@ -399,7 +399,7 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# for inverse matches, we should NOT be told about any objects at all # for inverse matches, we should NOT be told about any objects at all
inverse_searches = self.get_inverse_match_searches() inverse_searches = self.get_inverse_match_searches()
inverse_searches += ["(!({}=*))".format(self.conf_attr)] inverse_searches += ["(!({0}=*))".format(self.conf_attr)]
for search in inverse_searches: for search in inverse_searches:
expected_results[search] = 0 expected_results[search] = 0
@ -522,7 +522,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# set the SEC_ADS_CONTROL_ACCESS bit ('CR') for the user for the # set the SEC_ADS_CONTROL_ACCESS bit ('CR') for the user for the
# attribute under test, so the user can see it once more # attribute under test, so the user can see it once more
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OA;;CR;{};;{})".format(self.conf_attr_guid, user_sid) ace = "(OA;;CR;{0};;{1})".format(self.conf_attr_guid, user_sid)
self._test_search_with_allow_acl(ace) self._test_search_with_allow_acl(ace)
@ -533,7 +533,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# property-set containing the attribute under test (i.e. the # property-set containing the attribute under test (i.e. the
# attributeSecurityGuid), so the user can see it once more # attributeSecurityGuid), so the user can see it once more
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OA;;CR;{};;{})".format(self.conf_attr_sec_guid, user_sid) ace = "(OA;;CR;{0};;{1})".format(self.conf_attr_sec_guid, user_sid)
self._test_search_with_allow_acl(ace) self._test_search_with_allow_acl(ace)
@ -542,7 +542,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# set the allow SEC_ADS_CONTROL_ACCESS bit ('CR') for the user # set the allow SEC_ADS_CONTROL_ACCESS bit ('CR') for the user
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(A;;CR;;;{})".format(user_sid) ace = "(A;;CR;;;{0})".format(user_sid)
self._test_search_with_allow_acl(ace) self._test_search_with_allow_acl(ace)
@ -552,7 +552,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# this just checks that an Object Access (OA) ACE without a GUID # this just checks that an Object Access (OA) ACE without a GUID
# specified will work the same as an 'Access' (A) ACE # specified will work the same as an 'Access' (A) ACE
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OA;;CR;;;{})".format(user_sid) ace = "(OA;;CR;;;{0})".format(user_sid)
self._test_search_with_allow_acl(ace) self._test_search_with_allow_acl(ace)
@ -583,7 +583,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# give the user all rights *except* CR and check it makes no difference # give the user all rights *except* CR and check it makes no difference
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;{})".format(user_sid) ace = "(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;{0})".format(user_sid)
self._test_search_with_neutral_acl(ace) self._test_search_with_neutral_acl(ace)
def test_search_with_neutral_attr_acl(self): def test_search_with_neutral_attr_acl(self):
@ -592,7 +592,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
# giving user all OA rights *except* CR should make no difference # giving user all OA rights *except* CR should make no difference
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
rights = "RPWPCCDCLCLORCWOWDSDDTSW" rights = "RPWPCCDCLCLORCWOWDSDDTSW"
ace = "(OA;;{};{};;{})".format(rights, self.conf_attr_guid, user_sid) ace = "(OA;;{0};{1};;{2})".format(rights, self.conf_attr_guid, user_sid)
self._test_search_with_neutral_acl(ace) self._test_search_with_neutral_acl(ace)
def test_search_with_neutral_cr_acl(self): def test_search_with_neutral_cr_acl(self):
@ -602,7 +602,7 @@ class ConfidentialAttrTest(ConfidentialAttrCommon):
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
# use the GUID for sAMAccountName here (for no particular reason) # use the GUID for sAMAccountName here (for no particular reason)
unrelated_attr = "3e0abfd0-126a-11d0-a060-00aa006c33ed" unrelated_attr = "3e0abfd0-126a-11d0-a060-00aa006c33ed"
ace = "(OA;;CR;{};;{})".format(unrelated_attr, user_sid) ace = "(OA;;CR;{0};;{1})".format(unrelated_attr, user_sid)
self._test_search_with_neutral_acl(ace) self._test_search_with_neutral_acl(ace)
@ -612,7 +612,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
def assert_not_in_result(self, res, exclude_dn): def assert_not_in_result(self, res, exclude_dn):
for msg in res: for msg in res:
self.assertNotEqual(msg.dn, exclude_dn, self.assertNotEqual(msg.dn, exclude_dn,
"Search revealed object {}".format(exclude_dn)) "Search revealed object {0}".format(exclude_dn))
# deny ACL tests are slightly different as we are only denying access to # deny ACL tests are slightly different as we are only denying access to
# the one object under test (rather than any objects with that attribute). # the one object under test (rather than any objects with that attribute).
@ -677,7 +677,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
expected_results[search] = self.total_objects - 1 expected_results[search] = self.total_objects - 1
# The wildcard returns the objects without this attribute as normal. # The wildcard returns the objects without this attribute as normal.
search = "(!({}=*))".format(self.conf_attr) search = "(!({0}=*))".format(self.conf_attr)
expected_results[search] = self.total_objects - self.objects_with_attr expected_results[search] = self.total_objects - self.objects_with_attr
return expected_results return expected_results
@ -694,7 +694,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
# in the wildcard case, the one object we don't have rights to gets # in the wildcard case, the one object we don't have rights to gets
# bundled in with the objects that don't have the attribute at all # bundled in with the objects that don't have the attribute at all
search = "(!({}=*))".format(self.conf_attr) search = "(!({0}=*))".format(self.conf_attr)
has_rights_to = self.objects_with_attr - 1 has_rights_to = self.objects_with_attr - 1
expected_results[search] = self.total_objects - has_rights_to expected_results[search] = self.total_objects - has_rights_to
return expected_results return expected_results
@ -747,7 +747,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
# add an ACE that denies the user Read Property (RP) access to the attr # add an ACE that denies the user Read Property (RP) access to the attr
# (which is similar to making the attribute confidential) # (which is similar to making the attribute confidential)
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OD;;RP;{};;{})".format(self.conf_attr_guid, user_sid) ace = "(OD;;RP;{0};;{1})".format(self.conf_attr_guid, user_sid)
# check the user cannot see the attribute anymore # check the user cannot see the attribute anymore
self._test_search_with_deny_acl(ace) self._test_search_with_deny_acl(ace)
@ -758,7 +758,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
# add an blanket deny ACE for Read Property (RP) rights # add an blanket deny ACE for Read Property (RP) rights
user_dn = self.get_user_dn(self.user) user_dn = self.get_user_dn(self.user)
user_sid = self.sd_utils.get_object_sid(user_dn) user_sid = self.sd_utils.get_object_sid(user_dn)
ace = "(D;;RP;;;{})".format(str(user_sid)) ace = "(D;;RP;;;{0})".format(str(user_sid))
# check the user cannot see the attribute anymore # check the user cannot see the attribute anymore
self._test_search_with_deny_acl(ace) self._test_search_with_deny_acl(ace)
@ -768,7 +768,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
# add an blanket deny ACE for Read Property (RP) rights # add an blanket deny ACE for Read Property (RP) rights
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OD;;RP;{};;{})".format(self.conf_attr_sec_guid, user_sid) ace = "(OD;;RP;{0};;{1})".format(self.conf_attr_sec_guid, user_sid)
# check the user cannot see the attribute anymore # check the user cannot see the attribute anymore
self._test_search_with_deny_acl(ace) self._test_search_with_deny_acl(ace)
@ -779,7 +779,7 @@ class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
# this just checks that adding a 'Object Deny' (OD) ACE without # this just checks that adding a 'Object Deny' (OD) ACE without
# specifying a GUID will work the same way as a 'Deny' (D) ACE # specifying a GUID will work the same way as a 'Deny' (D) ACE
user_sid = self.get_user_sid_string(self.user) user_sid = self.get_user_sid_string(self.user)
ace = "(OD;;RP;;;{})".format(user_sid) ace = "(OD;;RP;;;{0})".format(user_sid)
# check the user cannot see the attribute anymore # check the user cannot see the attribute anymore
self._test_search_with_deny_acl(ace) self._test_search_with_deny_acl(ace)
@ -796,9 +796,9 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
# controls, we need an extra filter for the inverse ('!') search, # controls, we need an extra filter for the inverse ('!') search,
# so we don't get thousands of objects returned # so we don't get thousands of objects returned
self.extra_filter = \ self.extra_filter = \
"(&(samaccountname={}*)(!(isDeleted=*)))".format(self.user_prefix) "(&(samaccountname={0}*)(!(isDeleted=*)))".format(self.user_prefix)
self.single_obj_filter = \ self.single_obj_filter = \
"(&(samaccountname={})(!(isDeleted=*)))".format(self.conf_user) "(&(samaccountname={0})(!(isDeleted=*)))".format(self.conf_user)
self.attr_filters = [None, ["*"], ["name"]] self.attr_filters = [None, ["*"], ["name"]]
@ -820,7 +820,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
# thousands of unrelated results, and # thousands of unrelated results, and
# - we make the test attribute preserve-on-delete in one case, so we # - we make the test attribute preserve-on-delete in one case, so we
# want to weed out results from any previous test runs # want to weed out results from any previous test runs
search = "(&{}{})".format(expr, self.extra_filter) search = "(&{0}{1})".format(expr, self.extra_filter)
for attr in self.attr_filters: for attr in self.attr_filters:
res = samdb.search(base_dn, expression=search, scope=SCOPE_SUBTREE, res = samdb.search(base_dn, expression=search, scope=SCOPE_SUBTREE,
@ -937,7 +937,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
def change_attr_under_test(self, attr_name, attr_cn): def change_attr_under_test(self, attr_name, attr_cn):
# change the attribute that the test code uses # change the attribute that the test code uses
self.conf_attr = attr_name self.conf_attr = attr_name
self.attr_dn = "{},{}".format(attr_cn, self.schema_dn) self.attr_dn = "{0},{1}".format(attr_cn, self.schema_dn)
# set the new attribute for the user-under-test # set the new attribute for the user-under-test
self.add_attr(self.conf_dn, self.conf_attr, self.conf_value) self.add_attr(self.conf_dn, self.conf_attr, self.conf_value)
@ -970,23 +970,23 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
# this by matching lastKnownParent against this test case's OU, which # this by matching lastKnownParent against this test case's OU, which
# will match any deleted child objects. # will match any deleted child objects.
ou_guid = self.get_guid(self.ou) ou_guid = self.get_guid(self.ou)
deleted_filter = "(lastKnownParent=<GUID={}>)".format(ou_guid) deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)
# the extra-filter will get combined via AND with the search expression # the extra-filter will get combined via AND with the search expression
# we're testing, i.e. filter on the confidential attribute AND only # we're testing, i.e. filter on the confidential attribute AND only
# include non-deleted objects, OR deleted objects from this test run # include non-deleted objects, OR deleted objects from this test run
exclude_deleted_objs_filter = self.extra_filter exclude_deleted_objs_filter = self.extra_filter
self.extra_filter = "(|{}{})".format(exclude_deleted_objs_filter, self.extra_filter = "(|{0}{1})".format(exclude_deleted_objs_filter,
deleted_filter) deleted_filter)
# for matching on a single object, the search expresseion becomes: # for matching on a single object, the search expresseion becomes:
# match exactly by account-name AND either a non-deleted object OR a # match exactly by account-name AND either a non-deleted object OR a
# deleted object from this test run # deleted object from this test run
match_by_name = "(samaccountname={})".format(self.conf_user) match_by_name = "(samaccountname={0})".format(self.conf_user)
not_deleted = "(!(isDeleted=*))" not_deleted = "(!(isDeleted=*))"
self.single_obj_filter = "(&{}(|{}{}))".format(match_by_name, self.single_obj_filter = "(&{0}(|{1}{2}))".format(match_by_name,
not_deleted, not_deleted,
deleted_filter) deleted_filter)
# check that the search filters work as expected # check that the search filters work as expected
self.assert_conf_attr_searches(has_rights_to="all") self.assert_conf_attr_searches(has_rights_to="all")

2
source4/dsdb/tests/python/password_settings.py
View File

@ -712,7 +712,7 @@ class PasswordSettingsTestCase(PasswordTestCase):
def format_password_for_ldif(self, password): def format_password_for_ldif(self, password):
"""Encodes/decodes the password so that it's accepted in an LDIF""" """Encodes/decodes the password so that it's accepted in an LDIF"""
pwd = '"{}"'.format(password) pwd = '"{0}"'.format(password)
return base64.b64encode(pwd.encode('utf-16-le')).decode('utf8') return base64.b64encode(pwd.encode('utf-16-le')).decode('utf8')
# The 'user add' case is a bit more complicated as you can't really query # The 'user add' case is a bit more complicated as you can't really query