2 # -*- coding: utf-8 -*-
3 # This is unit with tests for LDAP access checks
11 sys
.path
.insert(0, "bin/python")
13 from samba
.tests
.subunitrun
import SubunitOptions
, TestProgram
15 import samba
.getopt
as options
17 from ldb
import SCOPE_BASE
, SCOPE_SUBTREE
19 from samba
import gensec
21 from samba
.tests
import delete_force
23 parser
= optparse
.OptionParser("ldap [options] <host>")
24 sambaopts
= options
.SambaOptions(parser
)
25 parser
.add_option_group(sambaopts
)
27 # use command line creds if available
28 credopts
= options
.CredentialsOptions(parser
)
29 parser
.add_option_group(credopts
)
30 subunitopts
= SubunitOptions(parser
)
31 parser
.add_option_group(subunitopts
)
32 opts
, args
= parser
.parse_args()
39 lp
= sambaopts
.get_loadparm()
40 creds
= credopts
.get_credentials(lp
)
41 creds
.set_gensec_features(creds
.get_gensec_features() | gensec
.FEATURE_SEAL
)
42 creds_machine
= copy
.deepcopy(creds
)
43 creds_user1
= copy
.deepcopy(creds
)
44 creds_user2
= copy
.deepcopy(creds
)
45 creds_user3
= copy
.deepcopy(creds
)
46 creds_user4
= copy
.deepcopy(creds
)
48 class BindTests(samba
.tests
.TestCase
):
53 super(BindTests
, self
).setUp()
56 self
.ldb
= samba
.tests
.connect_samdb(host
, credentials
=creds
, lp
=lp
, ldap_only
=True)
58 if self
.info_dc
is None:
59 res
= self
.ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
60 self
.assertEquals(len(res
), 1)
61 BindTests
.info_dc
= res
[0]
62 # cache some of RootDSE props
63 self
.schema_dn
= self
.info_dc
["schemaNamingContext"][0]
64 self
.domain_dn
= self
.info_dc
["defaultNamingContext"][0]
65 self
.config_dn
= self
.info_dc
["configurationNamingContext"][0]
66 self
.computer_dn
= "CN=centos53,CN=Computers,%s" % self
.domain_dn
67 self
.password
= "P@ssw0rd"
68 self
.username
= "BindTestUser"
71 super(BindTests
, self
).tearDown()
73 def test_computer_account_bind(self
):
74 # create a computer acocount for the test
75 delete_force(self
.ldb
, self
.computer_dn
)
77 dn: """ + self
.computer_dn
+ """
79 displayName: CENTOS53$
81 sAMAccountName: CENTOS53$
84 objectClass: organizationalPerson
89 userAccountControl: 4096
90 dNSHostName: centos53.alabala.test
91 operatingSystemVersion: 5.2 (3790)
92 operatingSystem: Windows Server 2003
94 self
.ldb
.modify_ldif("""
95 dn: """ + self
.computer_dn
+ """
98 unicodePwd:: """ + base64
.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
101 # do a simple bind and search with the machine account
102 creds_machine
.set_bind_dn(self
.computer_dn
)
103 creds_machine
.set_password(self
.password
)
104 print "BindTest with: " + creds_machine
.get_bind_dn()
105 ldb_machine
= samba
.tests
.connect_samdb(host
, credentials
=creds_machine
,
106 lp
=lp
, ldap_only
=True)
107 res
= ldb_machine
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
109 def test_user_account_bind(self
):
111 self
.ldb
.newuser(username
=self
.username
, password
=self
.password
)
112 ldb_res
= self
.ldb
.search(base
=self
.domain_dn
,
114 expression
="(samAccountName=%s)" % self
.username
)
115 self
.assertEquals(len(ldb_res
), 1)
116 user_dn
= ldb_res
[0]["dn"]
117 self
.addCleanup(delete_force
, self
.ldb
, user_dn
)
119 # do a simple bind and search with the user account in format user@realm
120 creds_user1
.set_bind_dn(self
.username
+ "@" + creds
.get_realm())
121 creds_user1
.set_password(self
.password
)
122 print "BindTest with: " + creds_user1
.get_bind_dn()
123 ldb_user1
= samba
.tests
.connect_samdb(host
, credentials
=creds_user1
,
124 lp
=lp
, ldap_only
=True)
125 res
= ldb_user1
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
127 # do a simple bind and search with the user account in format domain\user
128 creds_user2
.set_bind_dn(creds
.get_domain() + "\\" + self
.username
)
129 creds_user2
.set_password(self
.password
)
130 print "BindTest with: " + creds_user2
.get_bind_dn()
131 ldb_user2
= samba
.tests
.connect_samdb(host
, credentials
=creds_user2
,
132 lp
=lp
, ldap_only
=True)
133 res
= ldb_user2
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
135 # do a simple bind and search with the user account DN
136 creds_user3
.set_bind_dn(str(user_dn
))
137 creds_user3
.set_password(self
.password
)
138 print "BindTest with: " + creds_user3
.get_bind_dn()
139 ldb_user3
= samba
.tests
.connect_samdb(host
, credentials
=creds_user3
,
140 lp
=lp
, ldap_only
=True)
141 res
= ldb_user3
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
143 def test_user_account_bind_no_domain(self
):
145 self
.ldb
.newuser(username
=self
.username
, password
=self
.password
)
146 ldb_res
= self
.ldb
.search(base
=self
.domain_dn
,
148 expression
="(samAccountName=%s)" % self
.username
)
149 self
.assertEquals(len(ldb_res
), 1)
150 user_dn
= ldb_res
[0]["dn"]
151 self
.addCleanup(delete_force
, self
.ldb
, user_dn
)
153 creds_user4
.set_username(self
.username
)
154 creds_user4
.set_password(self
.password
)
155 creds_user4
.set_domain('')
156 creds_user4
.set_workstation('')
157 print "BindTest (no domain) with: " + self
.username
159 ldb_user4
= samba
.tests
.connect_samdb(host
, credentials
=creds_user4
,
160 lp
=lp
, ldap_only
=True)
162 self
.fail("Failed to connect without the domain set")
164 res
= ldb_user4
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["*"])
166 TestProgram(module
=__name__
, opts
=subunitopts
)