samba python tests: convert 'except X, e' to 'except X as e'
[samba.git] / python / samba / tests / auth_log_pass_change.py
index 3a9311a99e110ee0f74a1e4be07eb589bde565d9..8ed92814960b0a1c3b4c2ca9cf58f1d6903817eb 100644 (file)
@@ -31,6 +31,7 @@ from samba.net import Net
 from samba import ntstatus
 import samba
 from subprocess import call
+from ldb import LdbError
 
 USER_NAME = "authlogtestuser"
 USER_PASS = samba.generate_random_password(32,32)
@@ -83,7 +84,8 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
              "dn": "cn=" + USER_NAME + ",cn=users," + self.base_dn,
              "objectclass": "user",
              "sAMAccountName": USER_NAME,
-             "userPassword": USER_PASS})
+             "userPassword": USER_PASS
+        })
 
         # discard any auth log messages for the password setup
         self.discardMessages()
@@ -93,7 +95,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
 
 
     def test_admin_change_password(self):
-        def isLastExpectedMessage( msg):
+        def isLastExpectedMessage(msg):
             return (msg["type"] == "Authentication" and
                     msg["Authentication"]["status"]
                         == "NT_STATUS_OK" and
@@ -108,19 +110,19 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
         net = Net(creds, lp, server=self.server_ip)
         password = "newPassword!!42"
 
-        net.change_password(newpassword = password.encode('utf-8'),
-                            username    = USER_NAME,
-                            oldpassword = USER_PASS)
+        net.change_password(newpassword=password.encode('utf-8'),
+                            username=USER_NAME,
+                            oldpassword=USER_PASS)
 
 
-        messages = self.waitForMessages( isLastExpectedMessage)
+        messages = self.waitForMessages(isLastExpectedMessage)
         print "Received %d messages" % len(messages)
         self.assertEquals(8,
                           len(messages),
                           "Did not receive the expected number of messages")
 
     def test_admin_change_password_new_password_fails_restriction(self):
-        def isLastExpectedMessage( msg):
+        def isLastExpectedMessage(msg):
             return (msg["type"] == "Authentication" and
                     msg["Authentication"]["status"]
                         == "NT_STATUS_PASSWORD_RESTRICTION" and
@@ -137,21 +139,21 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
 
         exception_thrown = False
         try:
-            net.change_password(newpassword = password.encode('utf-8'),
-                                oldpassword = USER_PASS,
-                                username = USER_NAME)
-        except Exception, msg:
+            net.change_password(newpassword=password.encode('utf-8'),
+                                oldpassword=USER_PASS,
+                                username=USER_NAME)
+        except Exception as msg:
             exception_thrown = True
         self.assertEquals(True, exception_thrown,
                           "Expected exception not thrown")
 
-        messages = self.waitForMessages( isLastExpectedMessage)
+        messages = self.waitForMessages(isLastExpectedMessage)
         self.assertEquals(8,
                           len(messages),
                           "Did not receive the expected number of messages")
 
     def test_admin_change_password_unknown_user(self):
-        def isLastExpectedMessage( msg):
+        def isLastExpectedMessage(msg):
             return (msg["type"] == "Authentication" and
                     msg["Authentication"]["status"]
                         == "NT_STATUS_NO_SUCH_USER" and
@@ -168,21 +170,21 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
 
         exception_thrown = False
         try:
-            net.change_password(newpassword = password.encode('utf-8'),
-                                oldpassword = USER_PASS,
-                                username    = "badUser")
-        except Exception, msg:
+            net.change_password(newpassword=password.encode('utf-8'),
+                                oldpassword=USER_PASS,
+                                username="badUser")
+        except Exception as msg:
             exception_thrown = True
         self.assertEquals(True, exception_thrown,
                           "Expected exception not thrown")
 
-        messages = self.waitForMessages( isLastExpectedMessage)
+        messages = self.waitForMessages(isLastExpectedMessage)
         self.assertEquals(8,
                           len(messages),
                           "Did not receive the expected number of messages")
 
     def test_admin_change_password_bad_original_password(self):
-        def isLastExpectedMessage( msg):
+        def isLastExpectedMessage(msg):
             return (msg["type"] == "Authentication" and
                     msg["Authentication"]["status"]
                         == "NT_STATUS_WRONG_PASSWORD" and
@@ -199,15 +201,15 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
 
         exception_thrown = False
         try:
-            net.change_password(newpassword = password.encode('utf-8'),
-                                oldpassword = "badPassword",
-                                username    = USER_NAME)
-        except Exception, msg:
+            net.change_password(newpassword=password.encode('utf-8'),
+                                oldpassword="badPassword",
+                                username=USER_NAME)
+        except Exception as msg:
             exception_thrown = True
         self.assertEquals(True, exception_thrown,
                           "Expected exception not thrown")
 
-        messages = self.waitForMessages( isLastExpectedMessage)
+        messages = self.waitForMessages(isLastExpectedMessage)
         self.assertEquals(8,
                           len(messages),
                           "Did not receive the expected number of messages")
@@ -217,7 +219,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
     # if we used the real password it would be too long and does not hash
     # correctly, so we just check it triggers the wrong password path.
     def test_rap_change_password(self):
-        def isLastExpectedMessage( msg):
+        def isLastExpectedMessage(msg):
             return (msg["type"] == "Authentication" and
                     msg["Authentication"]["serviceDescription"]
                         == "SAMR Password Change" and
@@ -226,17 +228,103 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     msg["Authentication"]["authDescription"]
                         == "OemChangePasswordUser2")
 
-        newPassword  = samba.generate_random_password(32,32)
-        username     = os.environ["USERNAME"]
-        password     = os.environ["PASSWORD"]
-        server       = os.environ["SERVER"]
+        username = os.environ["USERNAME"]
+        server = os.environ["SERVER"]
+        password = os.environ["PASSWORD"]
         server_param = "--server=%s" % server
-        creds        = "-U%s%%%s" % (username,password)
+        creds = "-U%s%%%s" % (username,password)
         call(["bin/net", "rap", server_param,
               "password", USER_NAME, "notMyPassword", "notGoingToBeMyPassword",
               server, creds, "--option=client ipc max protocol=nt1"])
 
-        messages = self.waitForMessages( isLastExpectedMessage)
+        messages = self.waitForMessages(isLastExpectedMessage)
         self.assertEquals(7,
                           len(messages),
                           "Did not receive the expected number of messages")
+
+    def test_ldap_change_password(self):
+        def isLastExpectedMessage(msg):
+            return (msg["type"] == "Authentication" and
+                    msg["Authentication"]["status"]
+                        == "NT_STATUS_OK" and
+                    msg["Authentication"]["serviceDescription"]
+                        == "LDAP Password Change" and
+                    msg["Authentication"]["authDescription"]
+                        == "LDAP Modify")
+
+        new_password = samba.generate_random_password(32,32)
+        self.ldb.modify_ldif(
+            "dn: cn=" + USER_NAME + ",cn=users," + self.base_dn + "\n" +
+            "changetype: modify\n" +
+            "delete: userPassword\n" +
+            "userPassword: " + USER_PASS + "\n" +
+            "add: userPassword\n" +
+            "userPassword: " + new_password + "\n"
+        )
+
+        messages = self.waitForMessages(isLastExpectedMessage)
+        print "Received %d messages" % len(messages)
+        self.assertEquals(4,
+                          len(messages),
+                          "Did not receive the expected number of messages")
+
+    #
+    # Currently this does not get logged, so we expect to only see the log
+    # entries for the underlying ldap bind.
+    #
+    def test_ldap_change_password_bad_user(self):
+        def isLastExpectedMessage(msg):
+            return (msg["type"] == "Authorization" and
+                    msg["Authorization"]["serviceDescription"]
+                        == "LDAP" and
+                    msg["Authorization"]["authType"] == "krb5")
+
+        new_password = samba.generate_random_password(32,32)
+        try:
+            self.ldb.modify_ldif(
+                "dn: cn=" + "badUser" + ",cn=users," + self.base_dn + "\n" +
+                "changetype: modify\n" +
+                "delete: userPassword\n" +
+                "userPassword: " + USER_PASS + "\n" +
+                "add: userPassword\n" +
+                "userPassword: " + new_password + "\n"
+            )
+            self.fail()
+        except LdbError, (num, msg):
+            pass
+
+        messages = self.waitForMessages(isLastExpectedMessage)
+        print "Received %d messages" % len(messages)
+        self.assertEquals(3,
+                          len(messages),
+                          "Did not receive the expected number of messages")
+
+    def test_ldap_change_password_bad_original_password(self):
+        def isLastExpectedMessage(msg):
+            return (msg["type"] == "Authentication" and
+                    msg["Authentication"]["status"]
+                        == "NT_STATUS_WRONG_PASSWORD" and
+                    msg["Authentication"]["serviceDescription"]
+                        == "LDAP Password Change" and
+                    msg["Authentication"]["authDescription"]
+                        == "LDAP Modify")
+
+        new_password = samba.generate_random_password(32,32)
+        try:
+            self.ldb.modify_ldif(
+                "dn: cn=" + USER_NAME + ",cn=users," + self.base_dn + "\n" +
+                "changetype: modify\n" +
+                "delete: userPassword\n" +
+                "userPassword: " + "badPassword" + "\n" +
+                "add: userPassword\n" +
+                "userPassword: " + new_password + "\n"
+            )
+            self.fail()
+        except LdbError, (num, msg):
+            pass
+
+        messages = self.waitForMessages(isLastExpectedMessage)
+        print "Received %d messages" % len(messages)
+        self.assertEquals(4,
+                          len(messages),
+                          "Did not receive the expected number of messages")