mirror of
https://github.com/samba-team/samba.git
synced 2025-08-02 00:22:11 +03:00
test: add samba-tool user tests
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This commit is contained in:
Sean Dague
committed by
Andrew Tridgell
Andrew Tridgell
parent
a66eae9a6d
commit
a818253960
215
source4/scripting/python/samba/tests/samba_tool/user.py
Normal file
215
source4/scripting/python/samba/tests/samba_tool/user.py
Normal file
@ -0,0 +1,215 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
# Unix SMB/CIFS implementation.
|
||||
# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import os
|
||||
import sys
|
||||
import pprint
|
||||
import time
|
||||
import ldb
|
||||
from samba.tests.samba_tool.base import SambaToolCmdTest
|
||||
from samba import nttime2unix
|
||||
|
||||
class UserCmdTestCase(SambaToolCmdTest):
|
||||
"""Tests for samba-tool user subcommands"""
|
||||
users = []
|
||||
samdb = None
|
||||
|
||||
def setUp(self):
|
||||
super(UserCmdTestCase, self).setUp()
|
||||
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
self.users = []
|
||||
self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
|
||||
self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
|
||||
self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
|
||||
self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
|
||||
|
||||
# setup the 4 users and ensure they are correct
|
||||
for user in self.users:
|
||||
(result, out, err) = self._create_user(user)
|
||||
|
||||
self.assertCmdSuccess(result)
|
||||
self.assertEquals(err,"","Shouldn't be any error messages")
|
||||
self.assertIn("User '%s' created successfully" % user["name"], out)
|
||||
|
||||
found = self._find_user(user["name"])
|
||||
|
||||
self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
|
||||
self.assertEquals("%s" % found.get("title"), user["job-title"])
|
||||
self.assertEquals("%s" % found.get("company"), user["company"])
|
||||
self.assertEquals("%s" % found.get("description"), user["description"])
|
||||
self.assertEquals("%s" % found.get("department"), user["department"])
|
||||
|
||||
def tearDown(self):
|
||||
super(UserCmdTestCase, self).tearDown()
|
||||
# clean up all the left over users, just in case
|
||||
for user in self.users:
|
||||
if self._find_user(user["name"]):
|
||||
self.runsubcmd("user", "delete", user["name"])
|
||||
|
||||
|
||||
def test_newuser(self):
|
||||
# try to add all the users again, this should fail
|
||||
for user in self.users:
|
||||
(result, out, err) = self._create_user(user)
|
||||
self.assertCmdFail(result, "Ensure that create user files")
|
||||
self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
|
||||
|
||||
# try to delete all the 4 users we just added
|
||||
for user in self.users:
|
||||
(result, out, err) = self.runsubcmd("user", "delete", user["name"])
|
||||
self.assertCmdSuccess(result, "Can we delete users")
|
||||
found = self._find_user(user["name"])
|
||||
self.assertIsNone(found)
|
||||
|
||||
# test adding users with --use-username-as-cn
|
||||
for user in self.users:
|
||||
(result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
|
||||
"--use-username-as-cn",
|
||||
"--surname=%s" % user["surname"],
|
||||
"--given-name=%s" % user["given-name"],
|
||||
"--job-title=%s" % user["job-title"],
|
||||
"--department=%s" % user["department"],
|
||||
"--description=%s" % user["description"],
|
||||
"--company=%s" % user["company"],
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
|
||||
self.assertCmdSuccess(result)
|
||||
self.assertEquals(err,"","Shouldn't be any error messages")
|
||||
self.assertIn("User '%s' created successfully" % user["name"], out)
|
||||
|
||||
found = self._find_user(user["name"])
|
||||
|
||||
self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
|
||||
self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
|
||||
|
||||
|
||||
|
||||
def test_setpassword(self):
|
||||
for user in self.users:
|
||||
newpasswd = self.randomPass()
|
||||
(result, out, err) = self.runsubcmd("user", "setpassword",
|
||||
user["name"],
|
||||
"--newpassword=%s" % newpasswd,
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
# self.assertCmdSuccess(result, "Ensure setpassword runs")
|
||||
self.assertEquals(err,"","setpassword with url")
|
||||
self.assertMatch(out, "Changed password OK", "setpassword with url")
|
||||
|
||||
for user in self.users:
|
||||
newpasswd = self.randomPass()
|
||||
(result, out, err) = self.runsubcmd("user", "setpassword",
|
||||
user["name"],
|
||||
"--newpassword=%s" % newpasswd)
|
||||
# self.assertCmdSuccess(result, "Ensure setpassword runs")
|
||||
self.assertEquals(err,"","setpassword without url")
|
||||
self.assertMatch(out, "Changed password OK", "setpassword without url")
|
||||
|
||||
for user in self.users:
|
||||
newpasswd = self.randomPass()
|
||||
(result, out, err) = self.runsubcmd("user", "setpassword",
|
||||
user["name"],
|
||||
"--newpassword=%s" % newpasswd,
|
||||
"--must-change-at-next-login",
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
# self.assertCmdSuccess(result, "Ensure setpassword runs")
|
||||
self.assertEquals(err,"","setpassword with forced change")
|
||||
self.assertMatch(out, "Changed password OK", "setpassword with forced change")
|
||||
|
||||
|
||||
|
||||
|
||||
def test_setexpiry(self):
|
||||
twodays = time.time() + (2 * 24 * 60 * 60)
|
||||
|
||||
for user in self.users:
|
||||
(result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
|
||||
"--days=2",
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
self.assertCmdSuccess(result, "Can we run setexpiry with names")
|
||||
self.assertIn("Set expiry for user '%s' to 2 days" % user["name"], out)
|
||||
|
||||
for user in self.users:
|
||||
found = self._find_user(user["name"])
|
||||
|
||||
expires = nttime2unix(int("%s" % found.get("accountExpires")))
|
||||
self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
|
||||
|
||||
# TODO: renable this after the filter case is sorted out
|
||||
if "filters are broken, bail now":
|
||||
return
|
||||
|
||||
# now run the expiration based on a filter
|
||||
fourdays = time.time() + (4 * 24 * 60 * 60)
|
||||
(result, out, err) = self.runsubcmd("user", "setexpiry",
|
||||
"--filter", "(&(objectClass=user)(company=comp2))",
|
||||
"--days=4",
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
self.assertCmdSuccess(result, "Can we run setexpiry with a filter")
|
||||
|
||||
for user in self.users:
|
||||
found = self._find_user(user["name"])
|
||||
if ("%s" % found.get("company")) == "comp2":
|
||||
expires = nttime2unix(int("%s" % found.get("accountExpires")))
|
||||
self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
|
||||
else:
|
||||
expires = nttime2unix(int("%s" % found.get("accountExpires")))
|
||||
self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
|
||||
|
||||
|
||||
def _randomUser(self, base={}):
|
||||
"""create a user with random attribute values, you can specify base attributes"""
|
||||
user = {
|
||||
"name": self.randomName(),
|
||||
"password": self.randomPass(),
|
||||
"surname": self.randomName(),
|
||||
"given-name": self.randomName(),
|
||||
"job-title": self.randomName(),
|
||||
"department": self.randomName(),
|
||||
"company": self.randomName(),
|
||||
"description": self.randomName(count=100),
|
||||
}
|
||||
user.update(base)
|
||||
return user
|
||||
|
||||
def _create_user(self, user):
|
||||
return self.runsubcmd("user", "add", user["name"], user["password"],
|
||||
"--surname=%s" % user["surname"],
|
||||
"--given-name=%s" % user["given-name"],
|
||||
"--job-title=%s" % user["job-title"],
|
||||
"--department=%s" % user["department"],
|
||||
"--description=%s" % user["description"],
|
||||
"--company=%s" % user["company"],
|
||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||
|
||||
def _find_user(self, name):
|
||||
search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
|
||||
userlist = self.samdb.search(base=self.samdb.domain_dn(),
|
||||
scope=ldb.SCOPE_SUBTREE,
|
||||
expression=search_filter, attrs=[])
|
||||
if userlist:
|
||||
return userlist[0]
|
||||
else:
|
||||
return None
|
||||
Reference in New Issue
Block a user