o

�/a��@s�dd
lZdd
l
Z
dd
lZdd
lZddlmZ
ddlmZmZm	Z	
ddl
mZ
ddlm
Z

ddlmZ
ddlmZ
ddlmZ
Gd	d
�d
e�Zd
S)�N)
�SambaToolCmdTest)�credentials�nttime2unix�dsdb)
�
ndr_unpack)
�drsblobs)
�	get_bytes)
�
get_string)
�env_loadparmcs&
eZ
dZd
ZgZdZ�f
dd�Z�f
dd�Zdd�Z			
dAdd�
Z	d
d�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zif
d-d.�
Zif
d/d0�
Zif
d1d2�
Zd3d4�Zd5d6�Zd7d8�Zd9d:�Z d;d<�Z!d=d>�Z"d?d@�Z#�Z$S)B�UserCmdTestCasez%Tests for samba-tool user subcommandsNc
s�
tt
|���
|�d
dtjddtjdtjdf�|_|��}
|
�d�
|_	|
�
dd�
g|_|j�|�
d	d
d��
�

|j�|�
dd
d��
�

|j�|�
d
dd��
�

|j�|�
ddd��
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|j�|�ddi
�
�

|jD]:}|d|�
\}}}|�|||�
|�|dd�
d|dvr�|�d|d|�
n
|�d|d|�
|d|�

q�dS) N�-H�	ldap://%s�	DC_SERVER�-U%s%%%s�DC_USERNAME�DC_PASSWORD�template homedirz/home/test/%D/%U�
sambatool1�comp1)�name�company�
sambatool2�
sambatool3�comp2�
sambatool4r�
posixuser1�
posixuser2�
posixuser3�
posixuser4�	unixuser1�	unixuser2�	unixuser3�	unixuser4�createUserFn��Shouldn't be any error messages�unixzModified User '%s' successfully�User '%s' added successfully�checkUserFn)�superr�setUp�getSamDB�os�environ�samdb�get_loadparm�get�template_homedir�set�users�append�_randomUser�_randomPosixUser�_randomUnixUser�assertCmdSuccess�assertEqual�assertIn)�self�lp�user�result�out�err�
�	__class__��=/usr/lib/python3/dist-packages/samba/tests/samba_tool/user.pyr*(sB


�



















�
��zUserCmdTestCase.setUpc
srtt
|���
|jD]}
|�|
d
�
r|�dd|
d
�
q
t�}|�d�
}tj	�
|�
r0t�|�

|�d|j
�
dS)Nrr=�deletezuser-syncpasswords-cache.ldbr)r)r�tearDownr3�
_find_user�	runsubcmdr
�private_pathr,�path�exists�remover2r1)r;r=r<�cachedbrArCrDrFOs



�





zUserCmdTestCase.tearDownc
Cs�
|jD]}
|�
|
�
\}}}|�|d
�
|�d|�
q|jD]"}
|�dd|
d�\}}}|�|||d�
|�|
d�
}|�|�

q|jD]{}
|�dd|
d|
dd	d
|
dd|
d
d|
dd|
dd|
dd|
dddtj	ddtj	dtj	df�\}}}|�|||�
|�
|dd�
|�d|
d|�
|�|
d�
}|�
d|�d �
d!|
�
|�
d|�d�
d!|
�
qCdS)"NzEnsure that create user failsz'LDAP error 68 LDAP_ENTRY_ALREADY_EXISTSr=rErzCan we delete users�create�passwordz--use-username-as-cn�--surname=%s�surname�--given-name=%s�
given-name�--job-title=%s�	job-title�--department=%s�
department�--description=%s�description�--company=%srrr
rrrrr$r%r'�%s�cnz%(name)s)r3�_create_user�
assertCmdFailr:rHr8rG�assertIsNoner,r-r9r0)r;r=r>r?r@�foundrCrCrD�test_newuser^s8


























�


�zUserCmdTestCase.test_newuser��cCs.|j�
|
�
}t|�
\}}|�d
|d�
|d
d}ttj|�}|�|jj	|d�
|�
|jj	|d�
|dkr7dSddd�
}	d}
|	|jjd|
d	�\}}|�|d
�
|�
|d|jj	dd�
|	|jjd
|
d	�\}
}|
du
r~|�
|
|
d�
|
d}
|
|kr~|
d}
|	|jjd|
d	�\}}|�|d�
|�
||
d�
|
d}
|
|kr�|
d}
|	|jjd|
d	�\}}|�|d�
|�
||
d�
|
d}
|
|kr�|
d}
|	|jjd|
d	�\}}|du
r�|�
||
d�
|
d}
|
|kr�|
d}
|	|jjd|
d	�\}}|du
�
r|�
||
d�
|
d}
|
|k�
r|
d}
|�
|
|jj	d�
dS)N�supplementalCredentialsz*supplementalCredentials attribute requiredr
zmin_packages checkzmax_packages checkcSs6t|t
|�
�D]}||j|
kr|||f
Sqd
S)N)NN)�range�lenr)�packagesr�	start_idx�
irCrCrD�find_package�s



�zEUserCmdTestCase._verify_supplementalCredentials.<locals>.find_package�Packages)
rhzPackages required�
z(Packages needs to be at num_packages - 1zPrimary:Kerberos-Newer-Keysz-Primary:Kerberos-Newer-Keys at wrong positionzPrimary:KerberoszPrimary:Kerberos requiredz"Primary:Kerberos at wrong positionzPrimary:WDigestzPrimary:WDigest requiredz!Primary:WDigest at wrong positionzPrimary:CLEARTEXTz#Primary:CLEARTEXT at wrong positionzPrimary:SambaGPGz"Primary:SambaGPG at wrong positionzUnknown packages found)
r
)r.�
parse_ldif�nextr:rr�supplementalCredentialsBlob�assertGreaterEqual�sub�num_packages�assertLessEqualrg�assertIsNotNoner9)r;�ldif�min_packages�max_packages�msgs�
changetype�obj�sc_blob�scrj�nidx�pidx�pp�knidx�knp�kidx�kp�widx�wp�cidx�cp�gidx�gprCrCrD�_verify_supplementalCredentials�sz




�

�





�


�






�






�






�






�





z/UserCmdTestCase._verify_supplementalCredentialsc
Cs�|jD]>}
|�
d
�
}|�dd|
dd|ddtjdd	tjd
tjdf�\}}}|�|||d�
|�|d
d�
|�|dd�
qd}|�dddd|d�\}}}|�|||d�
|�|d
d�
ddi
iiiddi
iiid�}|��D]}||�	dd
�}	|�|d||	fd||	|f�
qt|�ddd�\}}}|�|||d�
|�|d
d�
|�|d d!|�
|jD]}
|�|d"|
dd#|
d|f�
q�|jD�
]S}
|�
d
�
}t
��}
|
��
|
�
|�

|
��}t�|
���
�d$�
}t�t|�
�
�d$�
}
t�t|�
�d%�
�
�d$�
}|�dd|
dd|�\}}}|�|||d�
|�|d
d&�
|�|dd&�
|�ddd�\}}}|�|||d�
|�|d
d�
|�|d d!|�
|�|d"|
dd#|
d|f�
|�|d'd(|�
|�|d)|d*|�
|�|d+d,|�
|�|d-d.|�
d/|v�
r�|�|d0|
d1|�
|�|d2|d3|�
|�|d4d5|�
|�dd6|
dd|d�\}}}|�|||d7�
|�|d
d�
|�|d8d�
|�|d"|
dd9|
d|f�
|�|d)|d*|�
|�|d-d.|�
|�|�d:d
��

d/|v�r|�|d0|
d1|�
|�|d2|d3|�
|�|d4d5|�
q�|jD]@}
|�
d
�
}|�dd|
dd|d;ddtjdd	tjd
tjdf�\}}}|�|||d�
|�|d
d<�
|�|dd<�
�q#dS)=N�r=�setpasswordrz--newpassword=%srr
rrrrzEnsure setpassword runsr$zsetpassword with urlzChanged password OKzxsAMAccountName,unicodePwd,supplementalCredentials,virtualClearTextUTF8,virtualClearTextUTF16,virtualSSHA,virtualSambaGPG�
syncpasswordsz--cache-ldb-initialize�--attributes=%sz--decrypt-samba-gpgz0Ensure syncpasswords --cache-ldb-initialize runszgetpassword without url�value�userSyncPasswordsz
dirsync:1:0:0)�objectClass�samdbUrl�
dirsyncFilter�dirsyncAttribute�dirsyncControl�passwordAttribute�decryptSambaGPG�currentTimez%s: %sz4syncpasswords --cache-ldb-initialize: %s: %s out[%s]z	--no-waitz#Ensure syncpasswords --no-wait runszsyncpasswords --no-waitzdirsync_loop(): results 0z=syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]zsAMAccountName: %sz5syncpasswords --no-wait: 'sAMAccountName': %s out[%s]�utf8z	utf-16-lezsetpassword without urlz)# unicodePwd::: REDACTED SECRET ATTRIBUTEz@getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]zunicodePwd:: %szgetpassword unicodePwd: out[%s]z6# supplementalCredentials::: REDACTED SECRET ATTRIBUTEzMgetpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]zsupplementalCredentials:: z,getpassword supplementalCredentials: out[%s]zvirtualSambaGPG:: zvirtualClearTextUTF8:: %sz)getpassword virtualClearTextUTF8: out[%s]zvirtualClearTextUTF16:: %sz*getpassword virtualClearTextUTF16: out[%s]z
virtualSSHA: z getpassword virtualSSHA: out[%s]�getpasswordzEnsure getpassword runszGot password OKz)getpassword: 'sAMAccountName': %s out[%s]z
Got password OK
z--must-change-at-next-loginzsetpassword with forced change)r3�random_passwordrHr,r-r8r9�assertMatch�keysr0r�Credentials�
set_anonymous�set_password�get_nt_hash�base64�	b64encode�decoderr	�encoder��replace)r;r=�	newpasswdr>r?r@�
attributes�cache_attrs�
a�
v�creds�nthash�
unicodePwd�virtualClearTextUTF8�virtualClearTextUTF16rCrCrD�test_setpassword�s










�






�







�



�



�


�












�





�
�
�
�
�
�


�
�
�



�



�
�
�



�
�
��









�

�z UserCmdTestCase.test_setpasswordc
	
Cs�|jD]S}
t
�
�d
}|�dd|
ddddtjdd	tjd
tjdf�\}}}|�|||d�
|�d
|
d|�
|�|
d�
}tt	d|�
d�
�
�
}|�||dd�
q	dS)Ni�r=�	setexpiryrz--days=2rr
rrrrzCan we run setexpiry with namesz#Expiry for user '%s' set to 2 days.r[�accountExpires�z?Ensure account expires is within 5 seconds of the expected time)r3�timerHr,r-r8r:rGr�intr0�assertWithin)	r;r=�twodaysr>r?r@r`�expires�fourdaysrCrCrD�test_setexpiryJ
s






�


zUserCmdTestCase.test_setexpiryc
	
Cs�|�d
dddt
jddt
jdt
jdf�\}
}}|�|
||d	�
d
tjtjf}|jj	|j�
�tj|dg
d�}|�t
|�
d
kd�
|D]}t|jdd
d��
}|�||d|�}qFdS)Nr=�listrr
rrrr�Error running list�0(&(objectClass=user)(userAccountControl:%s:=%u))�samaccountname��base�scope�
expression�attrsr
�no users found in samdb�
�idx�user '%s' not found�rHr,r-r8�ldb�OID_COMPARATOR_ANDr�UF_NORMAL_ACCOUNTr.�search�	domain_dn�
SCOPE_SUBTREE�
assertTruerf�strr0r��	r;r>r?r@�
search_filter�userlist�userobjrr`rCrCrD�	test_listp
s,




�
�

�


�


��zUserCmdTestCase.test_listc

Cs�d
}
|�ddd|
ddt
jddt
jd	t
jd
f�\}}}|�|||d�
dtjtjf}|jj	|j�
|
�
tj|d
g
d�}|�t
|�
dkd�
|D]}t|jd
dd��
}|�||d|�}	qKdS)NzCN=Usersr=r�z-brr
rrrrr�r�r�r�r
r�r�r�)rHr,r-r8r�r�rr�r.r��normalize_dn_in_domainr�r�rfr�r0r�)
r;�base_dnr>r?r@r�r�r�rr`rCrCrD�test_list_base_dn�
s.





�
�

�


�


��z!UserCmdTestCase.test_list_base_dnc
	Cs�|�d
ddddt
jddt
jdt
jd	f�\}
}}|�|
||d
�
dtjtjf}|jj	|j�
�tj|dg
d
�}|�t
|�
dkd�
|D]}t|jddd��
}|�||d|�}qGdS)Nr=r�z	--full-dnrr
rrrrr�r��dnr�r
r�r�r�r�r�rCrCrD�test_list_full_dn�
s,





�
�

�


�


��z!UserCmdTestCase.test_list_full_dnc
Cs�d
}
|�d|
i
�
}|�
|�

|�dddddtjdd	tjd
tjdf�\}}}|�|||d�
|�|
|vd
|
�
|j�d|
dd�
|�dddddtjdd	tjd
tjdf�\}}}|�|||d�
|�	|
|vd|
�
|j�
|
�

dS)N�
expireUserrr=r�z--hide-expiredrr
rrrrr�r��(sAMAccountname=%s)���F�user '%s' found)r5r]rHr,r-r8r�r.r��assertFalse�
deleteuser)r;�expire_username�expire_userr>r?r@rCrCrD�test_list_hide_expired�
sJ











�
�


�


�







�
�


�z&UserCmdTestCase.test_list_hide_expiredc
Cs�d
}
|�d|
i
�
}|�
|�

|�dddddtjdd	tjd
tjdf�\}}}|�|||d�
|�|
|vd
|
�
|j�d|
�

|�dddddtjdd	tjd
tjdf�\}}}|�|||d�
|�	|
|vd|
�
|j�
|
�

dS)N�disableUserrr=r�z--hide-disabledrr
rrrrr�r�r�r�)r5r]rHr,r-r8r�r.�disable_accountr�r�)r;�disable_username�disable_userr>r?r@rCrCrD�test_list_hide_disabled�
sB











�
�


�







�
�


�z'UserCmdTestCase.test_list_hide_disabledc

Cs�|jD�]�}
|�
d
d|
ddddtjddtjd	tjd
f�\}}}|�|||d�
d|
d
|
d|j��|
d|
df}|�||d|
d�
gd�
}g}|D]}|�|�

dD]}	|�d||	f�

q]qT|�
d
d|
ddd�	|�
ddtjddtjd	tjd
f�\}}}|�|||d�
|�
d|�
|�
d|�
|�
d|�
|�
d|�
|�d|�
|�d|�
|�d|�
|�
d|�
|�
d|�
|�
d|�
|�
d |�
|�
d!|�
|�
d"|�
|�
d#|�
|�
d$|�
|�
d%|�
|�d&|�
|�d'|�
|�d(|�
|�
d)|�
|�d*|�
|�d+|�
|�d,|�
|�
d-|�
|�d.|�
|�d/|�
|�d0|�
|�
d1|�
|�d2|�
|�d3|�
|�d4|�
|�d5|�
|�d6|�
|�
d7|�
|�
d8|�
|�
d9|�
|�
d:|�
|�
d;|�
|�
d<|�
|�
d=|�
|�
d>|�
|j�|�
}
t
|
�
d?}|�
d@|�
t|d@dA�
}|�
dB|�
|�t|dBdA�
|�
t�|�
}
|�
dC|�
|�t|dCdA�
t|
�
�
|�
dD|�
|�t|dDdA�
dE|
�
|�
dF|�
t|dFdA�
}|�
dG|�
|�t|dGdA�
|�
t�|�
}|�
dH|�
|�t|dHdA�
t|�
�
|�
dI|�
|�t|dIdA�
dE|�
|�
dJ|�
t|dJdA�
}t�|�
}|�
dK|�
|�t|dKdA�
t|�
�
|�
dL|�
|�
dM|t|dLdA�
�
|�dNt|dLdA�
�
|�||
�
|�||
dO�
|�
dP|�
t|dPdA�
}t�|�
}|�
dQ|�
|�t|dQdA�
t|�
�
|�
dR|�
|�
dM|t|dRdA�
�
|�dNt|dRdA�
�
|�||�
qdS)SNr=�showrz#--attributes=sAMAccountName,companyrr
rrrrzError running showz9dn: CN=%s %s,CN=Users,%s
company: %s
sAMAccountName: %s

rSrQrz$Unexpected show output for user '%s')r�whenCreated�whenChangedr��badPasswordTime�
lastLogoff�	lastLogon�lastLogonTimestamp�lockoutTimez#msDS-UserPasswordExpiryTimeComputed�
pwdLastSet)�GeneralizedTime�UnixTime�TimeSpecz%s;format=%sr��
,z;format=GeneralizedTimez;format=UnixTimez;format=TimeSpeczname: zname;format=GeneralizedTime: zname;format=UnixTime: zname;format=TimeSpec: zwhenCreated: 20z&whenCreated;format=GeneralizedTime: 20zwhenCreated;format=UnixTime: 1zwhenCreated;format=TimeSpec: 1zwhenChanged: 20z&whenChanged;format=GeneralizedTime: 20zwhenChanged;format=UnixTime: 1zwhenChanged;format=TimeSpec: 1z#accountExpires: 9223372036854775807z'accountExpires;format=GeneralizedTime: z accountExpires;format=UnixTime: z accountExpires;format=TimeSpec: zbadPasswordTime: 0z(badPasswordTime;format=GeneralizedTime: z!badPasswordTime;format=UnixTime: z!badPasswordTime;format=TimeSpec: z
lastLogoff: 0z#lastLogoff;format=GeneralizedTime: zlastLogoff;format=UnixTime: zlastLogoff;format=TimeSpec: zlastLogon: 0z"lastLogon;format=GeneralizedTime: zlastLogon;format=UnixTime: zlastLogon;format=TimeSpec: zlastLogonTimestamp:zlockoutTime:z&msDS-UserPasswordExpiryTimeComputed: 1z>msDS-UserPasswordExpiryTimeComputed;format=GeneralizedTime: 20z6msDS-UserPasswordExpiryTimeComputed;format=UnixTime: 1z6msDS-UserPasswordExpiryTimeComputed;format=TimeSpec: 1z
pwdLastSet: 1z%pwdLastSet;format=GeneralizedTime: 20zpwdLastSet;format=UnixTime: 1zpwdLastSet;format=TimeSpec: 1rlr�r
z"whenCreated;format=GeneralizedTimezwhenCreated;format=UnixTimezwhenCreated;format=TimeSpecz%d.000000000r�z"whenChanged;format=GeneralizedTimezwhenChanged;format=UnixTimezwhenChanged;format=TimeSpecz!pwdLastSet;format=GeneralizedTimezpwdLastSet;format=UnixTimezpwdLastSet;format=TimeSpecz%d.z
.000000000�<z:msDS-UserPasswordExpiryTimeComputed;format=GeneralizedTimez3msDS-UserPasswordExpiryTimeComputed;format=UnixTimez3msDS-UserPasswordExpiryTimeComputed;format=TimeSpec)r3rHr,r-r8r.r�r9r4�joinr:�assertNotInrmrnr�r��string_to_timerp�
assertLess�
assertGreater)r;r=r>r?r@�expected_out�
time_attrsr��ta�fm�out_msgs�out_msg�when_created_str�when_created_time�when_changed_str�when_changed_time�pwd_last_set_str�pwd_last_set_time�pwd_expires_str�pwd_expires_timerCrCrD�	test_show�
s�








�
�
��

��




�






�
�








































�









�
















��zUserCmdTestCase.test_showc
CsZ
t|j
�d
�
�
}
|�dd|
�\}}}|�|||�
|�|dd�
|�d|
|�
|jD]#}|�dd|d	|
�\}}}|�|||d
�
|�d|d	|
f|�
q+|�dd|
�\}}}|�|�

|�d
t	|j�
|�
|jD]*}d|j
�
�}|�dd|d	|�\}}}|�|||d
�
|�d|d	|f|�
ql|�dd|
�\}}}|�|||d|
�
dS)NzOU=movetest�ou�addr$z$There shouldn't be any error messagez
Added ou "%s"r=�moverzError running movezMoved user "%s" into "%s"rEzFsubtree_delete: Unable to delete a non-leaf node (it has %d children)!zCN=Users,%szFailed to delete ou '%s')r�r.r�rHr8r9r:r3r^rfr�)r;�
full_ou_dnr>r?r@r=�new_dnrCrCrD�	test_move�sJ








�


�
�



�
�




�


�
�


�zUserCmdTestCase.test_movec


Cs&|jD�
]}
d
|
d}d}d|
d}|�
|
d�
}t|�d�
�
}|�dd|
dd|d	|d
|�\}}}	|�|||	�
|�|	dd�
|�d
|�
|�
|
d�
}|�d|�d�
|�
|�d|�d�
|�
|�d|�d�
|�
|�d|�d�
d|||f�
|�d|�d�
d|||f�
|�dd|
dddd�\}}}	|�|||	�
|�|	dd�
|�d
|�
|�
|
d�
}|�|�d�
d�
|�|�d�
d�
|�|�d�
d�
|�d|�d�
|
d�
|�dd|
dd|
d|
�\}}}	|�|||	�
|�
r|�dd|
dd|�\}}}	qdS)zlrename the existing surname and given name and add missing
        initials, then remove them, for all users�new_given_name_of_r�
A�new_surname_of_r\r=�renamerP�
--initials=%srRr$r%�successfullyr[�	givenName�initials�sn�	%s %s. %s�
--surname=�--initials=�
--given-name=N�--surname=%(surname)s�--given-name=%(given-name)s�--force-new-cn=%s)r3rGr�r0rHr8r9r:)
r;r=�
new_givenname�new_initials�new_surnamer`�old_cnr>r?r@rCrCrD�&test_rename_surname_initials_givenname�s`








�






�
�



�








�


���z6UserCmdTestCase.test_rename_surname_initials_givennamec
		Cs�
|jD]�}
d
|
d}d|
d}d|
d}|�
dd|
dd|d|�\}}}|�|||�
|�|d	d
�
|�d|�
|�|�
}|�d|�d
�
|�
|�d|�d�
|�
|�
dd|d|�\}}}|�|||�
|�|�
}|�d|�d
�
|�
|�
dd|d�\}}}|�|�

|�d|�
|�d|�
|�
dd|d�\}}}|�|�

|�d|�
|�d|�
|�
dd|d|
d|
�\}}}|�|||�
qdS)z?rename and try to remove the cn and the samaccount of all users�
new_cn_of_r�new_samaccount_of_r
r=r
z--samaccountname=%sr!
r$r%r
r[r\�sAMAccountNamerPz--force-new-cn=zFailed to rename userzdelete protected attributez--samaccountname=z--samaccountname=%(name)sz--force-new-cn=%(name)sN)r3rHr8r9r:rGr0r^)	r;r=�new_cn�new_samaccountnamer$
r>r?r@r`rCrCrD�test_rename_cn_samaccountname�s\





�
�





�


�




�





�





�
��z-UserCmdTestCase.test_rename_cn_samaccountnamec

Cs�
|jD]�}
d
|
d}d|
d}d}d|
d}|�
dd|
dd|�\}}}|�|||�
|�
dd|
dd	d
d�\}}}|�|||�
|�
dd|
dd�\}}}|�|||�
|�|d
d�
|�d|�
|�|
d�
}	|�d|	�d�
|
d�
|�
dd|
dd|d|d|d|�\}}}|�|||�
|�
dd|
dd�\}}}|�|||�
|�|d
d�
|�d|�
|�|
d�
}	|�d|	�d�
d|||f�
|�
dd|
ddd
d|
d|
�\}}}|�|||�
qdS)z)reset the cn of all users to the standardr'
rr
r
r
r=r
r!
r
r
r
z
--reset-cnr$r%r
r[r\rPr
rRr
r
r 
N�r3rHr8r9r:rGr0)
r;r=r*
r"
r#
r$
r>r?r@r`rCrCrD�test_rename_standard_cns`






�



�

�







�

�



�




��z'UserCmdTestCase.test_rename_standard_cnc
	Cs$
|jD]�}
d
|
d}d|
d}|�
dd|
dd|d|�\}}}|�|||�
|�|dd	�
|�d
|�
|�|
d�
}|�d|�d�
|�
|�d|�d
�
|�
|�
dd|
ddd�\}}}|�|||�
|�|dd	�
|�d
|�
|�|
d�
}|�|�d�
d�
|�|�d
�
d�
qdS)N�new_mailaddress_of_rznew displayname of r=r
z--mail-address=%sz--display-name=%sr$r%r
r[�mail�displayNamez--mail-address=z--display-name=r-
)r;r=�new_mail�new_displaynamer>r?r@r`rCrCrD�#test_rename_mailaddress_displaynameWs8





�
�
�






�



�z3UserCmdTestCase.test_rename_mailaddress_displaynamec

CsP
|jD]�}
|�
|
d
�
}d|�d�
}|�d�
d}d|
d
|f}d|
d
}|�dd	|
d
d
|�\}}}	|�|�

|�d|	�
|�dd	|
d
d
|�\}}}	|�|||	�
|�|	dd
�
|�d|�
|�
|
d
�
}|�d|�d�
|�
|�dd	|
d
d
�\}}}	|�|�

|�d|	�
|�dd	|
d
d
|�\}}}	|�|||	�
qdS)zrename upn of all usersrr[�userPrincipalName�
@rlz	new_%s@%sz%s@invalid.suffixr=r
z--upn=%szis not a valid upnr$r%r
N)	r3rGr0�splitrHr^r:r8r9)
r;r=r`�old_upn�valid_suffix�
valid_new_upn�invalid_new_upnr>r?r@rCrCrD�test_rename_upnvsB






�
�



�
�




�



��zUserCmdTestCase.test_rename_upnc
	Cs�zd
dl}
Wnt
y


|�d�

YdSwt��}z|
�|�
}Wnty0


|�d�

YdSw|d}|dus?t|�
d
krAd}|�|d
|d
|d|d||dd	��
}|�	d
d|d|d
d|dd|dd|dd|dd|dd|dd|ddddtj
dd tj
d!tj
d"f�\}}}|�|||�
|�|d#d$�
|�
d%|d|�
|�|�

|�	d
d&|d�
|�d|d
i
�
}|�	d
d|d|d
d|dd|dd|dd|dd|dd|ddd|dd'|d(d)|d*d+|d,d-|d.ddtj
dd tj
d!tj
d"f�\}}}|�|||�
|�|d#d$�
|�
d%|d|�
|�|�

|�	d
d&|d�
dS)/Nr
z1Skipping getpwent test, no 'pwd' module availablez5Skipping getpwent test, current EUID not found in NSS�z	Foo GECOS�rbrc)r�uid�	uidNumber�	gidNumber�gecos�
loginShellr=rNrrOrPrQrRrSrTrUrVrWrXrYrZr�
--gecos=%srB
z--rfc2307-from-nssrr
rrrrr$r%r'rE�--login-shell=%srC
�--uid=%sr?
�--uid-number=%sr@
�--gid-number=%srA
)�pwd�ImportError�skipTestr,�geteuid�getpwuid�KeyErrorrfr6rHr-r8r9r:�_check_posix_user)	r;rI
r?
�
urB
r=r>r?r@rCrCrD�
test_getpwent�s~





�





�	








�	

















�





























�



zUserCmdTestCase.test_getpwentc

Cs
d
}
|�dd|
�\}}}|�
|d�
|�d|
|�
|�d|�
d}d}|�dd	|d
�
|�dd	|d
�
|�dd|ddtjd
d|d
f�\}}}|�
|d�
|�d||�
|�d|�
|�dd|�
|�dd|�
|jD]}|�dd|d�\}}}|�|||d�
|�|dd�
qodS)N�userdoesnotexistr=�unlockz)Ensure that unlock nonexistent user failszFailed to unlock user '%s'zUnable to find user�unprivilegedunlockuser�usertounlockr

�Passw0rdrr
rrz)Fail with LDAP_INSUFFICIENT_ACCESS_RIGHTSz-LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTSrErzError running user unlockr$r%)rHr^r:r,r-r3r8r9)r;�nonexistentusernamer>r?r@�unprivileged_username�unlocktest_usernamer=rCrCrD�test_unlock�s<


�







�
�







�
�zUserCmdTestCase.test_unlockcCsR|��|�
d
�
|��|��|��|��|��|jdd�
|j|jd�
}|�|
�

|S)zKcreate a user with random attribute values, you can specify base attributesr��d)
�count)
rrOrQrSrUrWrrYr#r()�
randomNamer�r]�_check_user�update)r;r�r=rCrCrDr5s









�

zUserCmdTestCase._randomUsercCsX|�i�
}|�
|
�

|��|��|��|��|��|j|jd
�}|�
|�

|�
|
�

|S)�ucreate a user with random attribute values and additional RFC2307
        attributes, you can specify base attributes)r?
rC
rB
r@
rA
r#r()r5r_
r]
�	randomXid�_create_posix_userrO
�r;r�r=�posixAttributesrCrCrDr6'�








�
	


z UserCmdTestCase._randomPosixUsercCsX|�i�
}|�
|
�

|��|��|��|��|��|j|jd
�}|�
|�

|�
|
�

|S)r`
)r@
rA
r?
rC
rB
r#r()r5r_
ra
r]
�_create_unix_user�_check_unix_userrc
rCrCrDr79re
zUserCmdTestCase._randomUnixUsercCs�|�|
d
�
}|�
d|�d
�
d|
�
|�
d|�d�
|
d�
|�
d|�d�
|
d�
|�
d|�d�
|
d�
|�
d|�d�
|
d�
d	S)
zD check if a user from SamDB has the same attributes as its template rr[z%(given-name)s %(surname)s�titlerUrrYrWN)rGr9r0�r;r=r`rCrCrDr^
Ks



zUserCmdTestCase._check_usercCs�|�|
d
�
}|�
d|�d�
|
d�
|�
d|�d�
|
d�
|�
d|�d�
d|
d�
|�
d|�d�
d|
d�
|�
d|�d�
|
d�
|�|
�

dS)	zJ check if a posix_user from SamDB has the same attributes as its template rr[rC
rB
r@
rA
r?
N)rGr9r0r^
ri
rCrCrDrO
Us




z!UserCmdTestCase._check_posix_usercCs�|�|
d
�
}|�
d|�d�
|
d�
|�
d|�d�
|
d�
|�
d|�d�
d|
d�
|�
d|�d�
d|
d�
|�
d|�d�
|
d�
|�dd|�d	�
�
|�|
�

d
S)zI check if a unix_user from SamDB has the same attributes as its
template rr[rC
rB
r@
rA
r?
z/home/test/�unixHomeDirectoryN)rGr9r0r:r^
ri
rCrCrDrg
`s


�
�

z UserCmdTestCase._check_unix_usercCsx|�d
d|
d|
dd|
dd|
dd	|
d
d|
dd
|
dd|
dddt
jddt
jdt
jdf�
S)Nr=r

rrOrPrQrRrSrTrUrVrWrXrYrZrrr
rrrr�rHr,r-�r;r=rCrCrDr]os














�zUserCmdTestCase._create_usercCs�|�d
d|
d|
dd|
dd|
dd	|
d
d|
dd
|
dd|
dd|
dd|
dd|
dd|
dd|
dddt
jddt
jdt
jd f�S)!z+ create a new user with RFC2307 attributes r=rNrrOrPrQrRrSrTrUrVrWrXrYrZrrD
rB
rE
rC
rF
r?
rG
r@
rH
rA
rr
rrrrrk
rl
rCrCrDrb
zs























�z"UserCmdTestCase._create_posix_usercCsr|�|
�

|�
d
d|
dd|
dd|
dd|
d	d
|
dd|
d
ddtjddtjdtjdf�S)z! Add RFC2307 attributes to a userr=�addunixattrsrr[r@
rH
rA
rD
rB
rE
rC
rF
r?
rr
rrrr)r]rHr,r-rl
rCrCrDrf
�s















��z!UserCmdTestCase._create_unix_usercCsDd
t�
|
�
d|j��f}|jj|j��tj|d�}|r |dSdS)Nz,(&(sAMAccountName=%s)(objectCategory=%s,%s))z$CN=Person,CN=Schema,CN=Configuration)r�r�r�r
)r��
binary_encoder.r�r�r�)r;rr�r�rCrCrDrG�s



�
zUserCmdTestCase._find_user)rbrc)%�__name__�
__module__�__qualname__�__doc__r3r.r*rFrar�r�r�r�r�r�r�r�r
r
r&
r,
r.
r4
r<
rQ
rZ
r5r6r7r^
rO
rg
r]rb
rf
rG�
__classcell__rCrCrArDr#sJ


'%

�Su&%! 54;'U$

r)r,r�r�r��samba.tests.samba_tool.baser�sambarrr�	samba.ndrr�samba.dcerpcr�samba.commonrr	�samba.testsr
rrCrCrCrD�<module>
s