auth/credentials/tests/bind.py

   1 #!/usr/bin/env python
   2 # -*- coding: utf-8 -*-
   3 # This is unit with tests for LDAP access checks
   4
   5 from __future__ import print_function
   6 import optparse
   7 import sys
   8 import base64
   9 import copy
  10 import time
  11
  12 sys.path.insert(0, "bin/python")
  13 import samba
  14 from samba.tests.subunitrun import SubunitOptions, TestProgram
  15
  16 import samba.getopt as options
  17
  18 from ldb import SCOPE_BASE, SCOPE_SUBTREE
  19
  20 from samba import gensec
  21 import samba.tests
  22 from samba.tests import delete_force
  23
  24 parser = optparse.OptionParser("ldap [options] <host>")
  25 sambaopts = options.SambaOptions(parser)
  26 parser.add_option_group(sambaopts)
  27
  28 # use command line creds if available
  29 credopts = options.CredentialsOptions(parser)
  30 parser.add_option_group(credopts)
  31 subunitopts = SubunitOptions(parser)
  32 parser.add_option_group(subunitopts)
  33 opts, args = parser.parse_args()
  34
  35 if len(args) < 1:
  36     parser.print_usage()
  37     sys.exit(1)
  38
  39 host = args[0]
  40 lp = sambaopts.get_loadparm()
  41 creds = credopts.get_credentials(lp)
  42 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
  43 creds_machine = copy.deepcopy(creds)
  44 creds_user1 = copy.deepcopy(creds)
  45 creds_user2 = copy.deepcopy(creds)
  46 creds_user3 = copy.deepcopy(creds)
  47 creds_user4 = copy.deepcopy(creds)
  48
  49
  50 class BindTests(samba.tests.TestCase):
  51
  52     info_dc = None
  53
  54     def setUp(self):
  55         super(BindTests, self).setUp()
  56         # fetch rootDSEs
  57
  58         self.ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
  59
  60         if self.info_dc is None:
  61             res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
  62             self.assertEquals(len(res), 1)
  63             BindTests.info_dc = res[0]
  64         # cache some of RootDSE props
  65         self.schema_dn = self.info_dc["schemaNamingContext"][0]
  66         self.domain_dn = self.info_dc["defaultNamingContext"][0]
  67         self.config_dn = self.info_dc["configurationNamingContext"][0]
  68         self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
  69         self.password = "P@ssw0rd"
  70         self.username = "BindTestUser"
  71
  72     def tearDown(self):
  73         super(BindTests, self).tearDown()
  74
  75     def test_computer_account_bind(self):
  76         # create a computer acocount for the test
  77         delete_force(self.ldb, self.computer_dn)
  78         self.ldb.add_ldif("""
  79 dn: """ + self.computer_dn + """
  80 cn: CENTOS53
  81 displayName: CENTOS53$
  82 name: CENTOS53
  83 sAMAccountName: CENTOS53$
  84 countryCode: 0
  85 objectClass: computer
  86 objectClass: organizationalPerson
  87 objectClass: person
  88 objectClass: top
  89 objectClass: user
  90 codePage: 0
  91 userAccountControl: 4096
  92 dNSHostName: centos53.alabala.test
  93 operatingSystemVersion: 5.2 (3790)
  94 operatingSystem: Windows Server 2003
  95 """)
  96         self.ldb.modify_ldif("""
  97 dn: """ + self.computer_dn + """
  98 changetype: modify
  99 replace: unicodePwd
 100 unicodePwd:: """ + base64.b64encode(u"\"P@ssw0rd\"".encode('utf-16-le')).decode('utf8') + """
 101 """)
 102
 103         # do a simple bind and search with the machine account
 104         creds_machine.set_bind_dn(self.computer_dn)
 105         creds_machine.set_password(self.password)
 106         print("BindTest with: " + creds_machine.get_bind_dn())
 107         ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
 108                                                 lp=lp, ldap_only=True)
 109         res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 110
 111     def test_user_account_bind(self):
 112         # create user
 113         self.ldb.newuser(username=self.username, password=self.password)
 114         ldb_res = self.ldb.search(base=self.domain_dn,
 115                                   scope=SCOPE_SUBTREE,
 116                                   expression="(samAccountName=%s)" % self.username)
 117         self.assertEquals(len(ldb_res), 1)
 118         user_dn = ldb_res[0]["dn"]
 119         self.addCleanup(delete_force, self.ldb, user_dn)
 120
 121         # do a simple bind and search with the user account in format user@realm
 122         creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
 123         creds_user1.set_password(self.password)
 124         print("BindTest with: " + creds_user1.get_bind_dn())
 125         ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
 126                                               lp=lp, ldap_only=True)
 127         res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 128
 129         # do a simple bind and search with the user account in format domain\user
 130         creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
 131         creds_user2.set_password(self.password)
 132         print("BindTest with: " + creds_user2.get_bind_dn())
 133         ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
 134                                               lp=lp, ldap_only=True)
 135         res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 136
 137         # do a simple bind and search with the user account DN
 138         creds_user3.set_bind_dn(str(user_dn))
 139         creds_user3.set_password(self.password)
 140         print("BindTest with: " + creds_user3.get_bind_dn())
 141         ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
 142                                               lp=lp, ldap_only=True)
 143         res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 144
 145     def test_user_account_bind_no_domain(self):
 146         # create user
 147         self.ldb.newuser(username=self.username, password=self.password)
 148         ldb_res = self.ldb.search(base=self.domain_dn,
 149                                   scope=SCOPE_SUBTREE,
 150                                   expression="(samAccountName=%s)" % self.username)
 151         self.assertEquals(len(ldb_res), 1)
 152         user_dn = ldb_res[0]["dn"]
 153         self.addCleanup(delete_force, self.ldb, user_dn)
 154
 155         creds_user4.set_username(self.username)
 156         creds_user4.set_password(self.password)
 157         creds_user4.set_domain('')
 158         creds_user4.set_workstation('')
 159         print("BindTest (no domain) with: " + self.username)
 160         try:
 161             ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
 162                                                   lp=lp, ldap_only=True)
 163         except:
 164             self.fail("Failed to connect without the domain set")
 165
 166         res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 167
 168
 169 TestProgram(module=__name__, opts=subunitopts)