a W×aÊŠã@sddlZddlZddlZddlZddlmZddlmZmZm Z ddl m Z ddl m Z ddlmZddlmZddlmZGd d „d eƒZdS) éN)ÚSambaToolCmdTest)Ú credentialsÚ nttime2unixÚdsdb)Ú ndr_unpack)Údrsblobs)Ú get_bytes)Ú get_string)Ú env_loadparmcsâeZdZdZgZdZ‡fdd„Z‡fdd„Zdd„Zd1d d „Z d d„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zifdd„Zifdd „Zifd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Z‡ZS)2ÚUserCmdTestCasez%Tests for samba-tool user subcommandsNcsÖtt|ƒ ¡| ddtjddtjdtjdf¡|_g|_|j |  ddd œ¡¡|j |  d dd œ¡¡|j |  d d d œ¡¡|j |  d d d œ¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|j |  ddi¡¡|jD]x}|d|ƒ\}}}|  |||¡|  |dd¡d|dvr®| d|d|¡n| d|d|¡|d|ƒqXdS)Nú-Hú ldap://%sÚ DC_SERVERú-U%s%%%sÚ DC_USERNAMEÚ DC_PASSWORDZ sambatool1Zcomp1)ÚnameÚcompanyZ sambatool2Z sambatool3Úcomp2Z sambatool4rZ posixuser1Z posixuser2Z posixuser3Z posixuser4Z unixuser1Z unixuser2Z unixuser3Z unixuser4Ú createUserFnÚúShouldn't be any error messagesZunixzModified User '%s' successfullyúUser '%s' created successfullyÚ checkUserFn)Úsuperr ÚsetUpZgetSamDBÚosÚenvironÚsamdbÚusersÚappendÚ _randomUserÚ_randomPosixUserÚ_randomUnixUserÚassertCmdSuccessÚ assertEqualÚassertIn)ÚselfÚuserÚresultÚoutÚerr©Ú __class__©ú=/usr/lib/python3/dist-packages/samba/tests/samba_tool/user.pyr(s:ÿ ÿÿzUserCmdTestCase.setUpcsdtt|ƒ ¡|jD]$}| |d¡r| dd|d¡qtƒ}| d¡}tj   |¡r`t  |¡dS)Nrr(Údeletezuser-syncpasswords-cache.ldb) rr ÚtearDownrÚ _find_userÚ runsubcmdr Z private_pathrÚpathÚexistsÚremove)r'r(ZlpZcachedbr,r.r/r1Is   zUserCmdTestCase.tearDowncCs‚|jD],}| |¡\}}}| |d¡| d|¡q|jD]D}| dd|d¡\}}}| |||d¡| |d¡}| |¡q:|jD]ö}| dd|d|dd d |d d |d d|dd|dd|dd|dddtj ddtj dtj df¡\}}}| |||¡|  |dd¡| d|d|¡| |d¡}|  d|  d ¡d!|¡|  d|  d¡d!|¡q†dS)"NzEnsure that create user failsz'LDAP error 68 LDAP_ENTRY_ALREADY_EXISTSr(r0rzCan we delete usersÚcreateÚpasswordz--use-username-as-cnú --surname=%sÚsurnameú--given-name=%sú given-nameú--job-title=%sú job-titleú--department=%sÚ departmentú--description=%sÚ descriptionú --company=%srr r rrrrrrrú%sZcnz%(name)s) rÚ _create_userÚ assertCmdFailr&r3r$r2Z assertIsNonerrr%Úget)r'r(r)r*r+Úfoundr.r.r/Ú test_newuserWs6           ÷ zUserCmdTestCase.test_newuseréécCs6|j |¡}t|ƒ\}}| d|d¡|dd}ttj|ƒ}| |jj |d¡|  |jj |d¡|dkrndSddd„} d} | |jj d| d \} } |  | d ¡|  | d |jj d d ¡| |jj d | d \} }| durü|  | | d¡| d } | | krü| d } | |jj d| d \}}|  | d¡|  || d¡| d } | | krF| d } | |jj d| d \}}|  | d¡|  || d¡| d } | | kr| d } | |jj d| d \}}|durØ|  || d¡| d } | | krØ| d } | |jj d| d \}}|dur |  || d¡| d } | | kr | d } |  | |jj d¡dS)NZsupplementalCredentialsz*supplementalCredentials attribute requiredrzmin_packages checkzmax_packages checkcSs6t|t|ƒƒD]"}||j|kr|||fSqdS)N)NN)ÚrangeÚlenr)ÚpackagesrÚ start_idxÚir.r.r/Ú find_packageszEUserCmdTestCase._verify_supplementalCredentials..find_packageZPackages)rOzPackages requiredéz(Packages needs to be at num_packages - 1zPrimary:Kerberos-Newer-Keysz-Primary:Kerberos-Newer-Keys at wrong positionzPrimary:KerberoszPrimary:Kerberos requiredz"Primary:Kerberos at wrong positionzPrimary:WDigestzPrimary:WDigest requiredz!Primary:WDigest at wrong positionzPrimary:CLEARTEXTz#Primary:CLEARTEXT at wrong positionzPrimary:SambaGPGz"Primary:SambaGPG at wrong positionzUnknown packages found)r)rZ parse_ldifÚnextr&rrZsupplementalCredentialsBlobZassertGreaterEqualÚsubZ num_packagesZassertLessEqualrNZassertIsNotNoner%)r'ZldifZ min_packagesZ max_packagesZmsgsZ changetypeÚobjZsc_blobZscrQZnidxZpidxZppZknidxZknpZkidxZkpZwidxZwpZcidxZcpZgidxZgpr.r.r/Ú_verify_supplementalCredentials{sz     ÿ ÿ  ÿ ÿ  ÿ    ÿ    ÿ    ÿ   z/UserCmdTestCase._verify_supplementalCredentialscCsÐ|jD]|}| d¡}| dd|dd|ddtjdd tjd tjd f¡\}}}| |||d ¡| |d d¡| |dd¡qd}| dddd|d¡\}}}| |||d¡| |d d¡ddiiiiddiiiidœ}| ¡D]4}||  dd ¡} | |d|| fd|| |f¡qè| ddd¡\}}}| |||d¡| |d d¡| |d d!|¡|jD](}| |d"|dd#|d|f¡qh|jD]¨}| d¡}t   ¡} |   ¡|   |¡|  ¡} t |  ¡¡ d$¡} t t|ƒ¡ d$¡} t t|ƒ d%¡¡ d$¡}| dd|dd|¡\}}}| |||d ¡| |d d&¡| |dd&¡| ddd¡\}}}| |||d¡| |d d¡| |d d!|¡| |d"|dd#|d|f¡| |d'd(|¡| |d)| d*|¡| |d+d,|¡| |d-d.|¡d/|vrP| |d0| d1|¡| |d2|d3|¡| |d4d5|¡| dd6|dd|d¡\}}}| |||d7¡| |d d¡| |d8d¡| |d"|dd9|d|f¡| |d)| d*|¡| |d-d.|¡| | d:d ¡¡d/|vr˜| |d0| d1|¡| |d2|d3|¡| |d4d5|¡q˜|jD]€}| d¡}| dd|dd|d;ddtjdd tjd tjd f¡\}}}| |||d ¡| |d d<¡| |dd<¡qJdS)=Nér(Z setpasswordrz--newpassword=%sr r rrrrzEnsure setpassword runsrzsetpassword with urlzChanged password OKzxsAMAccountName,unicodePwd,supplementalCredentials,virtualClearTextUTF8,virtualClearTextUTF16,virtualSSHA,virtualSambaGPGZ syncpasswordsz--cache-ldb-initializez--attributes=%sz--decrypt-samba-gpgz0Ensure syncpasswords --cache-ldb-initialize runszgetpassword without urlÚvalueZuserSyncPasswordsz dirsync:1:0:0)Z objectClassZsamdbUrlZ dirsyncFilterZdirsyncAttributeZdirsyncControlZpasswordAttributeZdecryptSambaGPGZ currentTimez%s: %sz4syncpasswords --cache-ldb-initialize: %s: %s out[%s]z --no-waitz#Ensure syncpasswords --no-wait runszsyncpasswords --no-waitzdirsync_loop(): results 0z=syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]zsAMAccountName: %sz5syncpasswords --no-wait: 'sAMAccountName': %s out[%s]Úutf8z utf-16-lezsetpassword without urlz)# unicodePwd::: REDACTED SECRET ATTRIBUTEz@getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]zunicodePwd:: %szgetpassword unicodePwd: out[%s]z6# supplementalCredentials::: REDACTED SECRET ATTRIBUTEzMgetpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]zsupplementalCredentials:: z,getpassword supplementalCredentials: out[%s]zvirtualSambaGPG:: zvirtualClearTextUTF8:: %sz)getpassword virtualClearTextUTF8: out[%s]zvirtualClearTextUTF16:: %sz*getpassword virtualClearTextUTF16: out[%s]z virtualSSHA: z getpassword virtualSSHA: out[%s]Z getpasswordzEnsure getpassword runszGot password OKz)getpassword: 'sAMAccountName': %s out[%s]z Got password OK z--must-change-at-next-loginzsetpassword with forced change)rÚrandom_passwordr3rrr$r%Ú assertMatchÚkeysrGrZ CredentialsZ set_anonymousZ set_passwordZ get_nt_hashÚbase64Z b64encodeÚdecoderr ÚencoderVÚreplace)r'r(Z newpasswdr)r*r+Z attributesZ cache_attrsÚaÚvZcredsZnthashZ unicodePwdZvirtualClearTextUTF8ZvirtualClearTextUTF16r.r.r/Útest_setpasswordÎs  ü ý ø  ÿÿ ÿ   þ ÿÿÿ ÿÿÿ  ÿ ÿÿý ÿ ÿÿ  ÿ ÿÿ  û z UserCmdTestCase.test_setpasswordc Cs.|jD]¦}t ¡d}| dd|ddddtjdd tjd tjd f¡\}}}| |||d ¡| d |d|¡| |d¡}tt d|  d¡ƒƒ}|  ||dd¡qdS]v}| |d¡}d|  d¡dkrtt d|  d¡ƒƒ}|  ||dd¡n&tt d|  d¡ƒƒ}|  ||dd¡q²dS)Ni£r(Z setexpiryrz--days=2r r rrrrzCan we run setexpiry with namesz#Expiry for user '%s' set to 2 days.rDZaccountExpireséz?Ensure account expires is within 5 seconds of the expected timeiFz--filterz$(&(objectClass=user)(company=comp2))z--days=4z"Can we run setexpiry with a filterrr) rÚtimer3rrr$r&r2rÚintrGZ assertWithin) r'r(Ztwodaysr)r*r+rHZexpiresZfourdaysr.r.r/Útest_setexpiryCs8  ý üzUserCmdTestCase.test_setexpiryc Csº| ddddtjddtjdtjdf¡\}}}| |||d ¡d tjtjf}|jj |j  ¡tj |d gd }|  t |ƒd kd¡|D](}t|jd d dƒ}| ||d|¡}qŒdS)Nr(Úlistr r rrrrúError running listú0(&(objectClass=user)(userAccountControl:%s:=%u))Úsamaccountname©ÚbaseÚscopeÚ expressionÚattrsrúno users found in samdb©Úidxúuser '%s' not found©r3rrr$ÚldbÚOID_COMPARATOR_ANDrÚUF_NORMAL_ACCOUNTrÚsearchÚ domain_dnÚ SCOPE_SUBTREEÚ assertTruerMÚstrrGr[© r'r)r*r+Ú search_filterÚuserlistÚuserobjrrHr.r.r/Ú test_listis* ÿþ  ÿýÿzUserCmdTestCase.test_listc CsÄd}| ddd|ddtjddtjd tjd f¡\}}}| |||d ¡d tjtjf}|jj |j  |¡tj |d gd}|  t |ƒdkd¡|D](}t|jd ddƒ}| ||d|¡} q–dS)NzCN=Usersr(rhz-br r rrrrrirjrkrlrrqrrrt)r3rrr$rvrwrrxrryÚnormalize_dn_in_domainr{r|rMr}rGr[) r'Zbase_dnr)r*r+rr€rrrHr.r.r/Útest_list_base_dn€s,  ÿþ  ÿýÿz!UserCmdTestCase.test_list_base_dnc Cs¼| dddddtjddtjdtjd f¡\}}}| |||d ¡d tjtjf}|jj |j  ¡tj |d gd }|  t |ƒdkd¡|D](}t|jd ddƒ}| ||d|¡}qŽdS)Nr(rhz --full-dnr r rrrrrirjZdnrlrrqrrrtrur~r.r.r/Útest_list_full_dn—s*  ÿþ  ÿýÿz!UserCmdTestCase.test_list_full_dnc Csœ|jD]}| dd|ddddtjddtjd tjd f¡\}}}| |||d ¡d |d |d|j ¡|d|df}| ||d|d¡qdS)Nr(Zshowrz#--attributes=sAMAccountName,companyr r rrrrzError running showz9dn: CN=%s %s,CN=Users,%s company: %s sAMAccountName: %s r<r:rz$Unexpected show output for user '%s')rr3rrr$rrzr%)r'r(r)r*r+Z expected_outr.r.r/Ú test_show­s(   ÿü  ÿüÿÿzUserCmdTestCase.test_showcCsZt|j d¡ƒ}| dd|¡\}}}| |||¡| |dd¡| d||¡|jD]F}| dd|d |¡\}}}| |||d ¡| d |d |f|¡qV| dd |¡\}}}| |¡| d t |jƒ|¡|jD]T}d|j  ¡}| dd|d |¡\}}}| |||d ¡| d |d |f|¡qØ| dd |¡\}}}| |||d|¡dS)Nz OU=movetestZour7rz$There shouldn't be any error messagezCreated ou "%s"r(ZmoverzError running movezMoved user "%s" into "%s"r0zFsubtree_delete: Unable to delete a non-leaf node (it has %d children)!z CN=Users,%szFailed to delete ou '%s') r}rrƒr3r$r%r&rrFrMrz)r'Z full_ou_dnr)r*r+r(Znew_dnr.r.r/Ú test_moveÂsJ  ÿ  ÿÿ ÿÿ  ÿ  ÿÿ ÿzUserCmdTestCase.test_movec Cs˜z ddl}Wnty*| d¡YdS0t ¡}z| |¡}Wnty`| d¡YdS0|d}|dus~t|ƒdkr‚d}| |d|d|d|d||dd œ¡}|  d d |d |d d|dd|dd|dd|dd|dd|dd|ddddtj dd tj d!tj d"f¡\}}}|  |||¡|  |d#d$¡|  d%|d |¡| |¡|  d d&|d ¡| d |di¡}|  d d |d |d d|dd|dd|dd|dd|dd|ddd|dd'|d(d)|d*d+|d,d-|d.ddtj dd tj d!tj d"f¡\}}}|  |||¡|  |d#d$¡|  d%|d |¡| |¡|  d d&|d ¡dS)/Nrz1Skipping getpwent test, no 'pwd' module availablez5Skipping getpwent test, current EUID not found in NSSéz Foo GECOSérJrK)rÚuidÚ uidNumberÚ gidNumberÚgecosÚ loginShellr(r7rr8r9r:r;r<r=r>r?r@rArBrCrú --gecos=%srz--rfc2307-from-nssr r rrrrrrrr0ú--login-shell=%srŽú--uid=%srŠú--uid-number=%sr‹ú--gid-number=%srŒ)ÚpwdÚ ImportErrorZskipTestrÚgeteuidÚgetpwuidÚKeyErrorrMr"r3rr$r%r&Ú_check_posix_user) r'r”rŠÚurr(r)r*r+r.r.r/Ú test_getpwentâsz     ú        ö             ò  zUserCmdTestCase.test_getpwentc CsR| ¡| d¡| ¡| ¡| ¡| ¡| ¡|jdd|j|jdœ }| |¡|S)zKcreate a user with random attribute values, you can specify base attributesrWéd)Úcount) rr8r:r<r>r@rrBrr)Ú randomNamerZrEÚ _check_userÚupdate)r'rmr(r.r.r/r!2s ö zUserCmdTestCase._randomUsercCsX| i¡}| |¡| ¡| ¡| ¡| ¡| ¡|j|jdœ}| |¡| |¡|S)úucreate a user with random attribute values and additional RFC2307 attributes, you can specify base attributes)rŠrŽrr‹rŒrr)r!r ržÚ randomXidÚ_create_posix_userr™©r'rmr(ZposixAttributesr.r.r/r"Cs  ù  z UserCmdTestCase._randomPosixUsercCsX| i¡}| |¡| ¡| ¡| ¡| ¡| ¡|j|jdœ}| |¡| |¡|S)r¡)r‹rŒrŠrŽrrr)r!r r¢ržÚ_create_unix_userÚ_check_unix_userr¤r.r.r/r#Us  ù  zUserCmdTestCase._randomUnixUsercCs”| |d¡}| d| d¡d|¡| d| d¡|d¡| d| d¡|d¡| d| d¡|d¡| d| d¡|d¡d S) zD check if a user from SamDB has the same attributes as its template rrDz%(given-name)s %(surname)sÚtitler>rrBr@N)r2r%rG©r'r(rHr.r.r/rŸgs zUserCmdTestCase._check_usercCs¦| |d¡}| d| d¡|d¡| d| d¡|d¡| d| d¡d|d¡| d| d¡d|d¡| d| d¡|d¡| |¡dS) zJ check if a posix_user from SamDB has the same attributes as its template rrDrŽrr‹rŒrŠN©r2r%rGrŸr¨r.r.r/r™qsz!UserCmdTestCase._check_posix_usercCs¦| |d¡}| d| d¡|d¡| d| d¡|d¡| d| d¡d|d¡| d| d¡d|d¡| d| d¡|d¡| |¡dS) zI check if a unix_user from SamDB has the same attributes as its template rrDrŽrr‹rŒrŠNr©r¨r.r.r/r¦|sÿÿz UserCmdTestCase._check_unix_usercCsx| dd|d|dd|dd|dd |d d |d d |dd|dddtjddtjdtjdf¡ S)Nr(r7rr8r9r:r;r<r=r>r?r@rArBrCrr r rrrr©r3rr©r'r(r.r.r/rEŠs      øzUserCmdTestCase._create_usercCsª| dd|d|dd|dd|dd |d d |d d |dd|dd|dd|dd|dd|dd|dddtjddtjdtjd f¡S)!z+ create a new user with RFC2307 attributes r(r7rr8r9r:r;r<r=r>r?r@rArBrCrrrrrŽr‘rŠr’r‹r“rŒr r rrrrrªr«r.r.r/r£•s           óz"UserCmdTestCase._create_posix_usercCsr| |¡| dd|dd|dd|dd|d d |d d |d ddtjddtjdtjdf¡ S)z! Add RFC2307 attributes to a userr(Z addunixattrsrrDr‹r“rŒrrrrŽr‘rŠr r rrrr)rEr3rrr«r.r.r/r¥¦s       ÿùz!UserCmdTestCase._create_unix_usercCsHdt |¡d|j ¡f}|jj|j ¡tj|d}|r@|dSdSdS)Nz,(&(sAMAccountName=%s)(objectCategory=%s,%s))z$CN=Person,CN=Schema,CN=Configuration)rmrnror)rvZ binary_encoderrzryr{)r'rrr€r.r.r/r2³sþzUserCmdTestCase._find_user)rJrK)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrr1rIrVrcrgr‚r„r…r†r‡r›r!r"r#rŸr™r¦rEr£r¥r2Ú __classcell__r.r.r,r/r #s6 ! %þ Su& P       r )rrer]rvZsamba.tests.samba_tool.baserZsambarrrZ samba.ndrrZ samba.dcerpcrZ samba.compatrr Z samba.testsr r r.r.r.r/Ús