2 # -*- coding: utf-8 -*-
3 # This is unit with tests for LDAP access checks
5 from __future__ import print_function
12 sys.path.insert(0, "bin/python")
14 from samba.tests.subunitrun import SubunitOptions, TestProgram
16 import samba.getopt as options
18 from ldb import SCOPE_BASE, SCOPE_SUBTREE
20 from samba import gensec
22 from samba.tests import delete_force
24 parser = optparse.OptionParser("ldap [options] <host>")
25 sambaopts = options.SambaOptions(parser)
26 parser.add_option_group(sambaopts)
28 # use command line creds if available
29 credopts = options.CredentialsOptions(parser)
30 parser.add_option_group(credopts)
31 subunitopts = SubunitOptions(parser)
32 parser.add_option_group(subunitopts)
33 opts, args = parser.parse_args()
40 lp = sambaopts.get_loadparm()
41 creds = credopts.get_credentials(lp)
42 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
43 creds_machine = copy.deepcopy(creds)
44 creds_user1 = copy.deepcopy(creds)
45 creds_user2 = copy.deepcopy(creds)
46 creds_user3 = copy.deepcopy(creds)
47 creds_user4 = copy.deepcopy(creds)
50 class BindTests(samba.tests.TestCase):
55 super(BindTests, self).setUp()
58 self.ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
60 if self.info_dc is None:
61 res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
62 self.assertEquals(len(res), 1)
63 BindTests.info_dc = res[0]
64 # cache some of RootDSE props
65 self.schema_dn = self.info_dc["schemaNamingContext"][0]
66 self.domain_dn = self.info_dc["defaultNamingContext"][0]
67 self.config_dn = self.info_dc["configurationNamingContext"][0]
68 self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
69 self.password = "P@ssw0rd"
70 self.username = "BindTestUser"
73 super(BindTests, self).tearDown()
75 def test_computer_account_bind(self):
76 # create a computer acocount for the test
77 delete_force(self.ldb, self.computer_dn)
79 dn: """ + self.computer_dn + """
81 displayName: CENTOS53$
83 sAMAccountName: CENTOS53$
86 objectClass: organizationalPerson
91 userAccountControl: 4096
92 dNSHostName: centos53.alabala.test
93 operatingSystemVersion: 5.2 (3790)
94 operatingSystem: Windows Server 2003
96 self.ldb.modify_ldif("""
97 dn: """ + self.computer_dn + """
100 unicodePwd:: """ + base64.b64encode(u"\"P@ssw0rd\"".encode('utf-16-le')).decode('utf8') + """
103 # do a simple bind and search with the machine account
104 creds_machine.set_bind_dn(self.computer_dn)
105 creds_machine.set_password(self.password)
106 print("BindTest with: " + creds_machine.get_bind_dn())
107 ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
108 lp=lp, ldap_only=True)
109 res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
111 def test_user_account_bind(self):
113 self.ldb.newuser(username=self.username, password=self.password)
114 ldb_res = self.ldb.search(base=self.domain_dn,
116 expression="(samAccountName=%s)" % self.username)
117 self.assertEquals(len(ldb_res), 1)
118 user_dn = ldb_res[0]["dn"]
119 self.addCleanup(delete_force, self.ldb, user_dn)
121 # do a simple bind and search with the user account in format user@realm
122 creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
123 creds_user1.set_password(self.password)
124 print("BindTest with: " + creds_user1.get_bind_dn())
125 ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
126 lp=lp, ldap_only=True)
127 res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
129 # do a simple bind and search with the user account in format domain\user
130 creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
131 creds_user2.set_password(self.password)
132 print("BindTest with: " + creds_user2.get_bind_dn())
133 ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
134 lp=lp, ldap_only=True)
135 res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
137 # do a simple bind and search with the user account DN
138 creds_user3.set_bind_dn(str(user_dn))
139 creds_user3.set_password(self.password)
140 print("BindTest with: " + creds_user3.get_bind_dn())
141 ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
142 lp=lp, ldap_only=True)
143 res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
145 def test_user_account_bind_no_domain(self):
147 self.ldb.newuser(username=self.username, password=self.password)
148 ldb_res = self.ldb.search(base=self.domain_dn,
150 expression="(samAccountName=%s)" % self.username)
151 self.assertEquals(len(ldb_res), 1)
152 user_dn = ldb_res[0]["dn"]
153 self.addCleanup(delete_force, self.ldb, user_dn)
155 creds_user4.set_username(self.username)
156 creds_user4.set_password(self.password)
157 creds_user4.set_domain('')
158 creds_user4.set_workstation('')
159 print("BindTest (no domain) with: " + self.username)
161 ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
162 lp=lp, ldap_only=True)
164 self.fail("Failed to connect without the domain set")
166 res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
169 TestProgram(module=__name__, opts=subunitopts)