sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-04-28 10:50:25 +03:00
Code
samba-mirror/source4/scripting/python/samba/tests/samba_tool/user.py
Sean Dague a818253960 test: add samba-tool user tests 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-10 14:24:20 +11:00

216 lines
11 KiB
Python
Raw Blame History

#!/usr/bin/env python
# Unix SMB/CIFS implementation.
# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import sys
import pprint
import time
import ldb
from samba.tests.samba_tool.base import SambaToolCmdTest
from samba import nttime2unix
class UserCmdTestCase(SambaToolCmdTest):
"""Tests for samba-tool user subcommands"""
users = []
samdb = None
def setUp(self):
super(UserCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.users = []
self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
# setup the 4 users and ensure they are correct
for user in self.users:
(result, out, err) = self._create_user(user)
self.assertCmdSuccess(result)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("User '%s' created successfully" % user["name"], out)
found = self._find_user(user["name"])
self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
self.assertEquals("%s" % found.get("title"), user["job-title"])
self.assertEquals("%s" % found.get("company"), user["company"])
self.assertEquals("%s" % found.get("description"), user["description"])
self.assertEquals("%s" % found.get("department"), user["department"])
def tearDown(self):
super(UserCmdTestCase, self).tearDown()
# clean up all the left over users, just in case
for user in self.users:
if self._find_user(user["name"]):
self.runsubcmd("user", "delete", user["name"])
def test_newuser(self):
# try to add all the users again, this should fail
for user in self.users:
(result, out, err) = self._create_user(user)
self.assertCmdFail(result, "Ensure that create user files")
self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
# try to delete all the 4 users we just added
for user in self.users:
(result, out, err) = self.runsubcmd("user", "delete", user["name"])
self.assertCmdSuccess(result, "Can we delete users")
found = self._find_user(user["name"])
self.assertIsNone(found)
# test adding users with --use-username-as-cn
for user in self.users:
(result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
"--use-username-as-cn",
"--surname=%s" % user["surname"],
"--given-name=%s" % user["given-name"],
"--job-title=%s" % user["job-title"],
"--department=%s" % user["department"],
"--description=%s" % user["description"],
"--company=%s" % user["company"],
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("User '%s' created successfully" % user["name"], out)
found = self._find_user(user["name"])
self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
def test_setpassword(self):
for user in self.users:
newpasswd = self.randomPass()
(result, out, err) = self.runsubcmd("user", "setpassword",
user["name"],
"--newpassword=%s" % newpasswd,
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
# self.assertCmdSuccess(result, "Ensure setpassword runs")
self.assertEquals(err,"","setpassword with url")
self.assertMatch(out, "Changed password OK", "setpassword with url")
for user in self.users:
newpasswd = self.randomPass()
(result, out, err) = self.runsubcmd("user", "setpassword",
user["name"],
"--newpassword=%s" % newpasswd)
# self.assertCmdSuccess(result, "Ensure setpassword runs")
self.assertEquals(err,"","setpassword without url")
self.assertMatch(out, "Changed password OK", "setpassword without url")
for user in self.users:
newpasswd = self.randomPass()
(result, out, err) = self.runsubcmd("user", "setpassword",
user["name"],
"--newpassword=%s" % newpasswd,
"--must-change-at-next-login",
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
# self.assertCmdSuccess(result, "Ensure setpassword runs")
self.assertEquals(err,"","setpassword with forced change")
self.assertMatch(out, "Changed password OK", "setpassword with forced change")
def test_setexpiry(self):
twodays = time.time() + (2 * 24 * 60 * 60)
for user in self.users:
(result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
"--days=2",
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, "Can we run setexpiry with names")
self.assertIn("Set expiry for user '%s' to 2 days" % user["name"], out)
for user in self.users:
found = self._find_user(user["name"])
expires = nttime2unix(int("%s" % found.get("accountExpires")))
self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
# TODO: renable this after the filter case is sorted out
if "filters are broken, bail now":
return
# now run the expiration based on a filter
fourdays = time.time() + (4 * 24 * 60 * 60)
(result, out, err) = self.runsubcmd("user", "setexpiry",
"--filter", "(&(objectClass=user)(company=comp2))",
"--days=4",
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, "Can we run setexpiry with a filter")
for user in self.users:
found = self._find_user(user["name"])
if ("%s" % found.get("company")) == "comp2":
expires = nttime2unix(int("%s" % found.get("accountExpires")))
self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
else:
expires = nttime2unix(int("%s" % found.get("accountExpires")))
self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
def _randomUser(self, base={}):
"""create a user with random attribute values, you can specify base attributes"""
user = {
"name": self.randomName(),
"password": self.randomPass(),
"surname": self.randomName(),
"given-name": self.randomName(),
"job-title": self.randomName(),
"department": self.randomName(),
"company": self.randomName(),
"description": self.randomName(count=100),
}
user.update(base)
return user
def _create_user(self, user):
return self.runsubcmd("user", "add", user["name"], user["password"],
"--surname=%s" % user["surname"],
"--given-name=%s" % user["given-name"],
"--job-title=%s" % user["job-title"],
"--department=%s" % user["department"],
"--description=%s" % user["description"],
"--company=%s" % user["company"],
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
def _find_user(self, name):
search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
userlist = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression=search_filter, attrs=[])
if userlist:
return userlist[0]
else:
return None
View Git Blame Copy Permalink