sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-21 20:23:50 +03:00
Code Activity

netcmd: tests: add tests for user auth policy and silo commands

Browse Source 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Rob van der Linde
2023-10-31 15:20:25 +13:00
committed by Andrew Bartlett
parent ca9a11c6e8
commit c9ba99a948
3 changed files with 172 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
python/samba/tests/samba_tool/user_auth_policy.py Normal file
View File

@@ -0,0 +1,86 @@
# Unix SMB/CIFS implementation.
#
# Tests for samba-tool user auth policy command
#
# Copyright (C) Catalyst.Net Ltd. 2023
#
# Written by Rob van der Linde <rob@catalyst.net.nz>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba.netcmd.domain.models import AuthenticationPolicy, User
from .silo_base import SiloTest
class AuthPolicyCmdTestCase(SiloTest):
def test_assign(self):
"""Test assigning an authentication policy to a user."""
self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "alice")
result, out, err = self.runcmd("user", "auth", "policy", "assign",
"alice", "--policy", "User Policy")
self.assertIsNone(result, msg=err)
# Assigned policy should be 'Developers'
user = User.get(self.samdb, username="alice")
policy = AuthenticationPolicy.get(self.samdb, dn=user.assigned_policy)
self.assertEqual(policy.name, "User Policy")
def test_assign__invalid_policy(self):
"""Test assigning a non-existing authentication policy to a user."""
result, out, err = self.runcmd("user", "auth", "policy", "assign",
"alice", "--policy", "doesNotExist")
self.assertEqual(result, -1)
self.assertIn("Authentication policy doesNotExist not found.", err)
def test_remove(self):
"""Test removing the assigned authentication policy from a user."""
# First assign a policy, so we can test removing it.
self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
"User Policy")
# Assigned policy should be set
user = User.get(self.samdb, username="bob")
self.assertIsNotNone(user.assigned_policy)
# Now try removing it
result, out, err = self.runcmd("user", "auth", "policy", "remove",
"bob")
self.assertIsNone(result, msg=err)
# Assigned policy should be None
user = User.get(self.samdb, username="bob")
self.assertIsNone(user.assigned_policy)
def test_view(self):
"""Test viewing the current assigned authentication policy on a user."""
# Assign a policy on one of the users.
self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "bob")
self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
"User Policy")
# Test user with a policy assigned.
result, out, err = self.runcmd("user", "auth", "policy", "view",
"bob")
self.assertIsNone(result, msg=err)
self.assertEqual(
out, "User bob assigned to authentication policy User Policy\n")
# Test user without a policy assigned.
result, out, err = self.runcmd("user", "auth", "policy", "view",
"joe")
self.assertIsNone(result, msg=err)
self.assertEqual(
out, "User joe has no assigned authentication policy.\n")

84
python/samba/tests/samba_tool/user_auth_silo.py Normal file
View File

@@ -0,0 +1,84 @@
# Unix SMB/CIFS implementation.
#
# Tests for samba-tool user auth silo command
#
# Copyright (C) Catalyst.Net Ltd. 2023
#
# Written by Rob van der Linde <rob@catalyst.net.nz>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba.netcmd.domain.models import AuthenticationSilo, User
from .silo_base import SiloTest
class AuthPolicyCmdTestCase(SiloTest):
def test_assign(self):
"""Test assigning an authentication silo to a user."""
self.addCleanup(self.runcmd, "user", "auth", "silo", "remove", "alice")
result, out, err = self.runcmd("user", "auth", "silo", "assign",
"alice", "--silo", "Developers")
self.assertIsNone(result, msg=err)
# Assigned silo should be 'Developers'
user = User.get(self.samdb, username="alice")
silo = AuthenticationSilo.get(self.samdb, dn=user.assigned_silo)
self.assertEqual(silo.name, "Developers")
def test_assign__invalid_silo(self):
"""Test assigning a non-existing authentication silo to a user."""
result, out, err = self.runcmd("user", "auth", "silo", "assign",
"alice", "--silo", "doesNotExist")
self.assertEqual(result, -1)
self.assertIn("Authentication silo doesNotExist not found.", err)
def test_remove(self):
"""Test removing the assigned authentication silo from a user."""
# First assign a silo, so we can test removing it.
self.runcmd("user", "auth", "silo", "assign", "bob", "--silo", "QA")
# Assigned silo should be set
user = User.get(self.samdb, username="bob")
self.assertIsNotNone(user.assigned_silo)
# Now try removing it
result, out, err = self.runcmd("user", "auth", "silo", "remove",
"bob")
self.assertIsNone(result, msg=err)
# Assigned silo should be None
user = User.get(self.samdb, username="bob")
self.assertIsNone(user.assigned_silo)
def test_view(self):
"""Test viewing the current assigned authentication silo on a user."""
# Assign a silo on one of the users.
self.addCleanup(self.runcmd, "user", "auth", "silo", "remove", "bob")
self.runcmd("user", "auth", "silo", "assign", "bob", "--silo", "QA")
# Test user with a silo assigned.
result, out, err = self.runcmd("user", "auth", "silo", "view",
"bob")
self.assertIsNone(result, msg=err)
self.assertEqual(
out, "User bob assigned to authentication silo QA (revoked)\n")
# Test user without a silo assigned.
result, out, err = self.runcmd("user", "auth", "silo", "view",
"joe")
self.assertIsNone(result, msg=err)
self.assertEqual(
out, "User joe has no assigned authentication silo.\n")

2
source4/selftest/tests.py
View File

@@ -1138,6 +1138,8 @@ for env in ["ad_dc_ntvfs", "ad_dc"]:
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes") planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user") planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]: for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest") planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
for env, nt_hash in [("ad_dc:local", True), for env, nt_hash in [("ad_dc:local", True),