search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:selftest: add a new test for "samba-tool user list"
[Samba/bb.git] / source4 / scripting / python / samba / tests / samba_tool / user.py
blob3861a001df1c191f3e0c0b5eae6ea11fe87a10f3
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 import os
19 import time
20 import ldb
21 from samba.tests.samba_tool.base import SambaToolCmdTest
22 from samba import (
23 nttime2unix,
24 dsdb
25 )
26
27 class UserCmdTestCase(SambaToolCmdTest):
28 """Tests for samba-tool user subcommands"""
29 users = []
30 samdb = None
31
32 def setUp(self):
33 super(UserCmdTestCase, self).setUp()
34 self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
35 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
36 self.users = []
37 self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
38 self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
39 self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
40 self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
41
42 # setup the 4 users and ensure they are correct
43 for user in self.users:
44 (result, out, err) = self._create_user(user)
45
46 self.assertCmdSuccess(result)
47 self.assertEquals(err,"","Shouldn't be any error messages")
48 self.assertIn("User '%s' created successfully" % user["name"], out)
49
50 found = self._find_user(user["name"])
51
52 self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
53 self.assertEquals("%s" % found.get("title"), user["job-title"])
54 self.assertEquals("%s" % found.get("company"), user["company"])
55 self.assertEquals("%s" % found.get("description"), user["description"])
56 self.assertEquals("%s" % found.get("department"), user["department"])
57
58 def tearDown(self):
59 super(UserCmdTestCase, self).tearDown()
60 # clean up all the left over users, just in case
61 for user in self.users:
62 if self._find_user(user["name"]):
63 self.runsubcmd("user", "delete", user["name"])
64
65
66 def test_newuser(self):
67 # try to add all the users again, this should fail
68 for user in self.users:
69 (result, out, err) = self._create_user(user)
70 self.assertCmdFail(result, "Ensure that create user files")
71 self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
72
73 # try to delete all the 4 users we just added
74 for user in self.users:
75 (result, out, err) = self.runsubcmd("user", "delete", user["name"])
76 self.assertCmdSuccess(result, "Can we delete users")
77 found = self._find_user(user["name"])
78 self.assertIsNone(found)
79
80 # test adding users with --use-username-as-cn
81 for user in self.users:
82 (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
83 "--use-username-as-cn",
84 "--surname=%s" % user["surname"],
85 "--given-name=%s" % user["given-name"],
86 "--job-title=%s" % user["job-title"],
87 "--department=%s" % user["department"],
88 "--description=%s" % user["description"],
89 "--company=%s" % user["company"],
90 "-H", "ldap://%s" % os.environ["DC_SERVER"],
91 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
92
93 self.assertCmdSuccess(result)
94 self.assertEquals(err,"","Shouldn't be any error messages")
95 self.assertIn("User '%s' created successfully" % user["name"], out)
96
97 found = self._find_user(user["name"])
98
99 self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
100 self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
101
102
103
104 def test_setpassword(self):
105 for user in self.users:
106 newpasswd = self.randomPass()
107 (result, out, err) = self.runsubcmd("user", "setpassword",
108 user["name"],
109 "--newpassword=%s" % newpasswd,
110 "-H", "ldap://%s" % os.environ["DC_SERVER"],
111 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
112 # self.assertCmdSuccess(result, "Ensure setpassword runs")
113 self.assertEquals(err,"","setpassword with url")
114 self.assertMatch(out, "Changed password OK", "setpassword with url")
115
116 for user in self.users:
117 newpasswd = self.randomPass()
118 (result, out, err) = self.runsubcmd("user", "setpassword",
119 user["name"],
120 "--newpassword=%s" % newpasswd)
121 # self.assertCmdSuccess(result, "Ensure setpassword runs")
122 self.assertEquals(err,"","setpassword without url")
123 self.assertMatch(out, "Changed password OK", "setpassword without url")
124
125 for user in self.users:
126 newpasswd = self.randomPass()
127 (result, out, err) = self.runsubcmd("user", "setpassword",
128 user["name"],
129 "--newpassword=%s" % newpasswd,
130 "--must-change-at-next-login",
131 "-H", "ldap://%s" % os.environ["DC_SERVER"],
132 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
133 # self.assertCmdSuccess(result, "Ensure setpassword runs")
134 self.assertEquals(err,"","setpassword with forced change")
135 self.assertMatch(out, "Changed password OK", "setpassword with forced change")
136
137
138
139
140 def test_setexpiry(self):
141 twodays = time.time() + (2 * 24 * 60 * 60)
142
143 for user in self.users:
144 (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
145 "--days=2",
146 "-H", "ldap://%s" % os.environ["DC_SERVER"],
147 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
148 self.assertCmdSuccess(result, "Can we run setexpiry with names")
149 self.assertIn("Set expiry for user '%s' to 2 days" % user["name"], out)
150
151 for user in self.users:
152 found = self._find_user(user["name"])
153
154 expires = nttime2unix(int("%s" % found.get("accountExpires")))
155 self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
156
157 # TODO: renable this after the filter case is sorted out
158 if "filters are broken, bail now":
159 return
160
161 # now run the expiration based on a filter
162 fourdays = time.time() + (4 * 24 * 60 * 60)
163 (result, out, err) = self.runsubcmd("user", "setexpiry",
164 "--filter", "(&(objectClass=user)(company=comp2))",
165 "--days=4",
166 "-H", "ldap://%s" % os.environ["DC_SERVER"],
167 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
168 self.assertCmdSuccess(result, "Can we run setexpiry with a filter")
169
170 for user in self.users:
171 found = self._find_user(user["name"])
172 if ("%s" % found.get("company")) == "comp2":
173 expires = nttime2unix(int("%s" % found.get("accountExpires")))
174 self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
175 else:
176 expires = nttime2unix(int("%s" % found.get("accountExpires")))
177 self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
178
179
180 def test_list(self):
181 (result, out, err) = self.runsubcmd("user", "list",
182 "-H", "ldap://%s" % os.environ["DC_SERVER"],
183 "-U%s%%%s" % (os.environ["DC_USERNAME"],
184 os.environ["DC_PASSWORD"]))
185 self.assertCmdSuccess(result, "Error runing list")
186
187 search_filter = ("(&(objectClass=user)(userAccountControl:%s:=%u))" %
188 (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT))
189
190 userlist = self.samdb.search(base=self.samdb.domain_dn(),
191 scope=ldb.SCOPE_SUBTREE,
192 expression=search_filter,
193 attrs=["samaccountname"])
194
195 self.assertTrue(len(userlist) > 0, "no users found in samdb")
196
197 for userobj in userlist:
198 name = userobj.get("samaccountname", idx=0)
199 found = self.assertMatch(out, name,
200 "user '%s' not found" % name)
201
202
203 def _randomUser(self, base={}):
204 """create a user with random attribute values, you can specify base attributes"""
205 user = {
206 "name": self.randomName(),
207 "password": self.randomPass(),
208 "surname": self.randomName(),
209 "given-name": self.randomName(),
210 "job-title": self.randomName(),
211 "department": self.randomName(),
212 "company": self.randomName(),
213 "description": self.randomName(count=100),
214 }
215 user.update(base)
216 return user
217
218 def _create_user(self, user):
219 return self.runsubcmd("user", "add", user["name"], user["password"],
220 "--surname=%s" % user["surname"],
221 "--given-name=%s" % user["given-name"],
222 "--job-title=%s" % user["job-title"],
223 "--department=%s" % user["department"],
224 "--description=%s" % user["description"],
225 "--company=%s" % user["company"],
226 "-H", "ldap://%s" % os.environ["DC_SERVER"],
227 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
228
229 def _find_user(self, name):
230 search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
231 userlist = self.samdb.search(base=self.samdb.domain_dn(),
232 scope=ldb.SCOPE_SUBTREE,
233 expression=search_filter, attrs=[])
234 if userlist:
235 return userlist[0]
236 else:
237 return None