1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from samba
.tests
.samba_tool
.base
import SambaToolCmdTest
27 class UserCmdTestCase(SambaToolCmdTest
):
28 """Tests for samba-tool user subcommands"""
33 super(UserCmdTestCase
, self
).setUp()
34 self
.samdb
= self
.getSamDB("-H", "ldap://%s" % os
.environ
["DC_SERVER"],
35 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
37 self
.users
.append(self
._randomUser
({"name": "sambatool1", "company": "comp1"}))
38 self
.users
.append(self
._randomUser
({"name": "sambatool2", "company": "comp1"}))
39 self
.users
.append(self
._randomUser
({"name": "sambatool3", "company": "comp2"}))
40 self
.users
.append(self
._randomUser
({"name": "sambatool4", "company": "comp2"}))
42 # setup the 4 users and ensure they are correct
43 for user
in self
.users
:
44 (result
, out
, err
) = self
._create
_user
(user
)
46 self
.assertCmdSuccess(result
)
47 self
.assertEquals(err
,"","Shouldn't be any error messages")
48 self
.assertIn("User '%s' created successfully" % user
["name"], out
)
50 found
= self
._find
_user
(user
["name"])
52 self
.assertEquals("%s" % found
.get("name"), "%(given-name)s %(surname)s" % user
)
53 self
.assertEquals("%s" % found
.get("title"), user
["job-title"])
54 self
.assertEquals("%s" % found
.get("company"), user
["company"])
55 self
.assertEquals("%s" % found
.get("description"), user
["description"])
56 self
.assertEquals("%s" % found
.get("department"), user
["department"])
59 super(UserCmdTestCase
, self
).tearDown()
60 # clean up all the left over users, just in case
61 for user
in self
.users
:
62 if self
._find
_user
(user
["name"]):
63 self
.runsubcmd("user", "delete", user
["name"])
66 def test_newuser(self
):
67 # try to add all the users again, this should fail
68 for user
in self
.users
:
69 (result
, out
, err
) = self
._create
_user
(user
)
70 self
.assertCmdFail(result
, "Ensure that create user files")
71 self
.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err
)
73 # try to delete all the 4 users we just added
74 for user
in self
.users
:
75 (result
, out
, err
) = self
.runsubcmd("user", "delete", user
["name"])
76 self
.assertCmdSuccess(result
, "Can we delete users")
77 found
= self
._find
_user
(user
["name"])
78 self
.assertIsNone(found
)
80 # test adding users with --use-username-as-cn
81 for user
in self
.users
:
82 (result
, out
, err
) = self
.runsubcmd("user", "add", user
["name"], user
["password"],
83 "--use-username-as-cn",
84 "--surname=%s" % user
["surname"],
85 "--given-name=%s" % user
["given-name"],
86 "--job-title=%s" % user
["job-title"],
87 "--department=%s" % user
["department"],
88 "--description=%s" % user
["description"],
89 "--company=%s" % user
["company"],
90 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
91 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
93 self
.assertCmdSuccess(result
)
94 self
.assertEquals(err
,"","Shouldn't be any error messages")
95 self
.assertIn("User '%s' created successfully" % user
["name"], out
)
97 found
= self
._find
_user
(user
["name"])
99 self
.assertEquals("%s" % found
.get("cn"), "%(name)s" % user
)
100 self
.assertEquals("%s" % found
.get("name"), "%(name)s" % user
)
104 def test_setpassword(self
):
105 for user
in self
.users
:
106 newpasswd
= self
.randomPass()
107 (result
, out
, err
) = self
.runsubcmd("user", "setpassword",
109 "--newpassword=%s" % newpasswd
,
110 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
111 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
112 # self.assertCmdSuccess(result, "Ensure setpassword runs")
113 self
.assertEquals(err
,"","setpassword with url")
114 self
.assertMatch(out
, "Changed password OK", "setpassword with url")
116 for user
in self
.users
:
117 newpasswd
= self
.randomPass()
118 (result
, out
, err
) = self
.runsubcmd("user", "setpassword",
120 "--newpassword=%s" % newpasswd
)
121 # self.assertCmdSuccess(result, "Ensure setpassword runs")
122 self
.assertEquals(err
,"","setpassword without url")
123 self
.assertMatch(out
, "Changed password OK", "setpassword without url")
125 for user
in self
.users
:
126 newpasswd
= self
.randomPass()
127 (result
, out
, err
) = self
.runsubcmd("user", "setpassword",
129 "--newpassword=%s" % newpasswd
,
130 "--must-change-at-next-login",
131 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
132 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
133 # self.assertCmdSuccess(result, "Ensure setpassword runs")
134 self
.assertEquals(err
,"","setpassword with forced change")
135 self
.assertMatch(out
, "Changed password OK", "setpassword with forced change")
140 def test_setexpiry(self
):
141 twodays
= time
.time() + (2 * 24 * 60 * 60)
143 for user
in self
.users
:
144 (result
, out
, err
) = self
.runsubcmd("user", "setexpiry", user
["name"],
146 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
147 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
148 self
.assertCmdSuccess(result
, "Can we run setexpiry with names")
149 self
.assertIn("Set expiry for user '%s' to 2 days" % user
["name"], out
)
151 for user
in self
.users
:
152 found
= self
._find
_user
(user
["name"])
154 expires
= nttime2unix(int("%s" % found
.get("accountExpires")))
155 self
.assertWithin(expires
, twodays
, 5, "Ensure account expires is within 5 seconds of the expected time")
157 # TODO: renable this after the filter case is sorted out
158 if "filters are broken, bail now":
161 # now run the expiration based on a filter
162 fourdays
= time
.time() + (4 * 24 * 60 * 60)
163 (result
, out
, err
) = self
.runsubcmd("user", "setexpiry",
164 "--filter", "(&(objectClass=user)(company=comp2))",
166 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
167 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
168 self
.assertCmdSuccess(result
, "Can we run setexpiry with a filter")
170 for user
in self
.users
:
171 found
= self
._find
_user
(user
["name"])
172 if ("%s" % found
.get("company")) == "comp2":
173 expires
= nttime2unix(int("%s" % found
.get("accountExpires")))
174 self
.assertWithin(expires
, fourdays
, 5, "Ensure account expires is within 5 seconds of the expected time")
176 expires
= nttime2unix(int("%s" % found
.get("accountExpires")))
177 self
.assertWithin(expires
, twodays
, 5, "Ensure account expires is within 5 seconds of the expected time")
181 (result
, out
, err
) = self
.runsubcmd("user", "list",
182 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
183 "-U%s%%%s" % (os
.environ
["DC_USERNAME"],
184 os
.environ
["DC_PASSWORD"]))
185 self
.assertCmdSuccess(result
, "Error runing list")
187 search_filter
= ("(&(objectClass=user)(userAccountControl:%s:=%u))" %
188 (ldb
.OID_COMPARATOR_AND
, dsdb
.UF_NORMAL_ACCOUNT
))
190 userlist
= self
.samdb
.search(base
=self
.samdb
.domain_dn(),
191 scope
=ldb
.SCOPE_SUBTREE
,
192 expression
=search_filter
,
193 attrs
=["samaccountname"])
195 self
.assertTrue(len(userlist
) > 0, "no users found in samdb")
197 for userobj
in userlist
:
198 name
= userobj
.get("samaccountname", idx
=0)
199 found
= self
.assertMatch(out
, name
,
200 "user '%s' not found" % name
)
203 def _randomUser(self
, base
={}):
204 """create a user with random attribute values, you can specify base attributes"""
206 "name": self
.randomName(),
207 "password": self
.randomPass(),
208 "surname": self
.randomName(),
209 "given-name": self
.randomName(),
210 "job-title": self
.randomName(),
211 "department": self
.randomName(),
212 "company": self
.randomName(),
213 "description": self
.randomName(count
=100),
218 def _create_user(self
, user
):
219 return self
.runsubcmd("user", "add", user
["name"], user
["password"],
220 "--surname=%s" % user
["surname"],
221 "--given-name=%s" % user
["given-name"],
222 "--job-title=%s" % user
["job-title"],
223 "--department=%s" % user
["department"],
224 "--description=%s" % user
["description"],
225 "--company=%s" % user
["company"],
226 "-H", "ldap://%s" % os
.environ
["DC_SERVER"],
227 "-U%s%%%s" % (os
.environ
["DC_USERNAME"], os
.environ
["DC_PASSWORD"]))
229 def _find_user(self
, name
):
230 search_filter
= "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb
.binary_encode(name
), "CN=Person,CN=Schema,CN=Configuration", self
.samdb
.domain_dn())
231 userlist
= self
.samdb
.search(base
=self
.samdb
.domain_dn(),
232 scope
=ldb
.SCOPE_SUBTREE
,
233 expression
=search_filter
, attrs
=[])