Beispiel #1
0
 def test_acquire_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     assert ccache1 == os.environ['KRB5CCNAME']
     assert config1 == os.environ['KRB5_CONFIG']
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     assert ccache2 == os.environ['KRB5CCNAME']
     assert config2 == os.environ['KRB5_CONFIG']
     assert ccache1 != ccache2
     assert config1 != config2
     activate(creds1)
     assert os.environ['KRB5CCNAME'] == ccache1
     assert os.environ['KRB5_CONFIG'] == config1
     activate(creds2)
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
Beispiel #2
0
 def test_acquire_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     assert ccache1 == os.environ['KRB5CCNAME']
     assert config1 == os.environ['KRB5_CONFIG']
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     assert ccache2 == os.environ['KRB5CCNAME']
     assert config2 == os.environ['KRB5_CONFIG']
     assert ccache1 != ccache2
     assert config1 != config2
     activate(creds1)
     assert os.environ['KRB5CCNAME'] == ccache1
     assert os.environ['KRB5_CONFIG'] == config1
     activate(creds2)
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
Beispiel #3
0
 def test_search(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
Beispiel #4
0
 def test_search(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
Beispiel #5
0
 def test_naming_contexts(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     naming_contexts = client.naming_contexts()
     assert len(naming_contexts) >= 3
Beispiel #6
0
 def test_naming_contexts(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     naming_contexts = client.naming_contexts()
     assert len(naming_contexts) >= 3
Beispiel #7
0
 def test_delete(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     dn = self._create_user(client, 'test-usr')
     client.delete(dn)
Beispiel #8
0
 def test_delete(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     dn = self._create_user(client, 'test-usr')
     client.delete(dn)
Beispiel #9
0
 def test_search_configuration(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.configuration_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
Beispiel #10
0
 def test_forest(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     forest = client.forest()
     assert forest
     assert forest.isupper()
Beispiel #11
0
 def test_search_configuration(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.configuration_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
Beispiel #12
0
 def test_forest(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     forest = client.forest()
     assert forest
     assert forest.isupper()
Beispiel #13
0
 def test_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         assert domain
         assert domain.isupper()
Beispiel #14
0
 def test_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         assert domain
         assert domain.isupper()
Beispiel #15
0
 def test_acquire_password(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     principal = '%s@%s' % (principal, domain)
     assert creds.principal().lower() == principal.lower()
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
Beispiel #16
0
 def test_modify(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     mods = []
     mods.append(('replace', 'sAMAccountName', ['test-usr-2']))
     client.modify(user, mods)
     self._delete_obj(client, user)
Beispiel #17
0
 def test_modify(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     mods = []
     mods.append(('replace', 'sAMAccountName', ['test-usr-2']))
     client.modify(user, mods)
     self._delete_obj(client, user)
Beispiel #18
0
 def test_load(self):
     self.require(ad_user=True)
     domain = self.domain().upper()
     principal = '%s@%s' % (self.ad_user_account(), domain)
     self.acquire_credentials(principal, self.ad_user_password())
     creds = ADCreds(domain)
     creds.load()
     assert creds.principal().lower() == principal.lower()
     ccache, princ, creds = self.list_credentials()
     assert princ.lower() == principal.lower()
     assert len(creds) > 0
     assert creds[0] == 'krbtgt/%s@%s' % (domain, domain)
Beispiel #19
0
 def test_search_all_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         base = client.dn_from_domain_name(domain)
         result = client.search('(objectClass=*)', base=base, scope='base')
         assert len(result) == 1
Beispiel #20
0
 def test_search_all_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         base = client.dn_from_domain_name(domain)
         result = client.search('(objectClass=*)', base=base, scope='base')
         assert len(result) == 1
Beispiel #21
0
 def test_load(self):
     self.require(ad_user=True)
     domain = self.domain().upper()
     principal = '%s@%s' % (self.ad_user_account(), domain)
     self.acquire_credentials(principal, self.ad_user_password())
     creds = ADCreds(domain)
     creds.load()
     assert creds.principal().lower() == principal.lower()
     ccache, princ, creds = self.list_credentials()
     assert princ.lower() == principal.lower()
     assert len(creds) > 0
     assert creds[0] == 'krbtgt/%s@%s' % (domain, domain)
Beispiel #22
0
 def test_acquire_password(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     principal = '%s@%s' % (principal, domain)
     assert creds.principal().lower() == principal.lower()
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
Beispiel #23
0
 def test_search_gc(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)', scheme='gc')
     assert len(result) > 1
     for res in result:
         dn, attrs = res
         # accountExpires is always set, but is not a GC attribute
         assert 'accountExpires' not in attrs
Beispiel #24
0
 def test_search_gc(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)', scheme='gc')
     assert len(result) > 1
     for res in result:
         dn, attrs = res
         # accountExpires is always set, but is not a GC attribute
         assert 'accountExpires' not in attrs
Beispiel #25
0
 def test_search_rootdse(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search(base='', scope='base', server=server)
     assert len(result) == 1
     dns, attrs = result[0]
     assert attrs.has_key('supportedControl')
     assert attrs.has_key('supportedSASLMechanisms')
Beispiel #26
0
 def test_change_password_target_pdc(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     locator = Locator()
     pdc = locator.locate(domain, role='pdc')
     user = self._create_user(client, 'test-usr-4', server=pdc)
     principal = 'test-usr-4@%s' % domain
     client.set_password(principal, 'Pass123', server=pdc)
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     mods.append(('replace', 'pwdLastSet', ['0']))
     client.modify(user, mods, server=pdc)
     client.change_password(principal, 'Pass123', 'Pass456', server=pdc)
     creds = Creds(domain)
     creds.acquire('test-usr-4', 'Pass456', server=pdc)
     assert_raises(ADError,
                   creds.acquire,
                   'test-usr-4',
                   'Pass321',
                   server=pdc)
     self._delete_obj(client, user, server=pdc)
Beispiel #27
0
 def test_acquire_keytab(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     os.environ['PATH'] = '/usr/kerberos/sbin:/usr/kerberos/bin:%s' % \
                          os.environ['PATH']
     fullprinc = creds.principal()
     child = pexpect.spawn('kvno %s' % fullprinc)
     child.expect('kvno =')
     kvno = int(child.readline())
     child.expect(pexpect.EOF)
     child = pexpect.spawn('ktutil')
     child.expect('ktutil:')
     child.sendline('addent -password -p %s -k %d -e rc4-hmac' %
                    (fullprinc, kvno))
     child.expect('Password for.*:')
     child.sendline(password)
     child.expect('ktutil:')
     keytab = self.tempfile(remove=True)
     child.sendline('wkt %s' % keytab)
     child.expect('ktutil:')
     child.sendline('quit')
     child.expect(pexpect.EOF)
     creds.release()
     creds.acquire(principal, keytab=keytab)
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
Beispiel #28
0
 def test_modrdn(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.modrdn(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
Beispiel #29
0
 def test_acquire_keytab(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     os.environ['PATH'] = '/usr/kerberos/sbin:/usr/kerberos/bin:%s' % \
                          os.environ['PATH']
     fullprinc = creds.principal()
     child = pexpect.spawn('kvno %s' % fullprinc)
     child.expect('kvno =')
     kvno = int(child.readline())
     child.expect(pexpect.EOF)
     child = pexpect.spawn('ktutil')
     child.expect('ktutil:')
     child.sendline('addent -password -p %s -k %d -e rc4-hmac' %
                   (fullprinc, kvno))
     child.expect('Password for.*:')
     child.sendline(password)
     child.expect('ktutil:')
     keytab = self.tempfile(remove=True)
     child.sendline('wkt %s' % keytab)
     child.expect('ktutil:')
     child.sendline('quit')
     child.expect(pexpect.EOF)
     creds.release()
     creds.acquire(principal, keytab=keytab)
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
Beispiel #30
0
 def test_search_rootdse(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search(base='', scope='base', server=server)
     assert len(result) == 1
     dns, attrs = result[0]
     assert attrs.has_key('supportedControl')
     assert attrs.has_key('supportedSASLMechanisms')
Beispiel #31
0
 def test_paged_results(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     users = []
     for i in range(2000):
         user = self._create_user(client, 'test-usr-%04d' % i)
         users.append(user)
     result = client.search('(cn=test-usr-*)')
     assert len(result) == 2000
     for user in users:
         self._delete_obj(client, user)
Beispiel #32
0
 def test_paged_results(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     users = []
     for i in range(2000):
         user = self._create_user(client, 'test-usr-%04d' % i)
         users.append(user)
     result = client.search('(cn=test-usr-*)')
     assert len(result) == 2000
     for user in users:
         self._delete_obj(client, user)
Beispiel #33
0
 def test_modrdn(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search(
         '(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.modrdn(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
Beispiel #34
0
 def test_incremental_retrieval_of_multivalued_attributes(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     groups = []
     for i in range(2000):
         group = self._create_group(client, 'test-grp-%04d' % i)
         self._add_user_to_group(client, user, group)
         groups.append(group)
     result = client.search('(sAMAccountName=test-usr)')
     assert len(result) == 1
     dn, attrs = result[0]
     assert attrs.has_key('memberOf')
     assert len(attrs['memberOf']) == 2000
     self._delete_obj(client, user)
     for group in groups:
         self._delete_group(client, group)
Beispiel #35
0
 def test_rename(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.rename(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
     user = result[0][0]
     ou = self._create_ou(client, 'test-ou')
     client.rename(user, 'cn=test-usr', ou)
     newdn = 'cn=test-usr,%s' % ou
     result = client.search('(&(objectClass=user)(cn=test-usr))')
     assert len(result) == 1
     assert result[0][0].lower() == newdn.lower()
Beispiel #36
0
def factory(cls):
    """Create an instance of a class, creating it using the system specific
    rules."""
    from ad.core.locate import Locator
    from ad.core.creds import Creds
    if issubclass(cls, Locator):
        return _singleton(Locator)
    elif issubclass(cls, Creds):
        domain = detect_domain()
        return Creds(domain)
    else:
        return cls()
Beispiel #37
0
 def test_incremental_retrieval_of_multivalued_attributes(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     groups = []
     for i in range(2000):
         group = self._create_group(client, 'test-grp-%04d' % i)
         self._add_user_to_group(client, user, group)
         groups.append(group)
     result = client.search('(sAMAccountName=test-usr)')
     assert len(result) == 1
     dn, attrs = result[0]
     assert attrs.has_key('memberOf')
     assert len(attrs['memberOf']) == 2000
     self._delete_obj(client, user)
     for group in groups:
         self._delete_group(client, group)
Beispiel #38
0
 def test_rename(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search(
         '(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.rename(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
     user = result[0][0]
     ou = self._create_ou(client, 'test-ou')
     client.rename(user, 'cn=test-usr', ou)
     newdn = 'cn=test-usr,%s' % ou
     result = client.search('(&(objectClass=user)(cn=test-usr))')
     assert len(result) == 1
     assert result[0][0].lower() == newdn.lower()
Beispiel #39
0
 def test_cleanup_files(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert os.access(ccache, os.R_OK)
     assert os.access(config, os.R_OK)
     creds.release()
     assert not os.access(ccache, os.R_OK)
     assert not os.access(config, os.R_OK)
Beispiel #40
0
 def test_cleanup_files(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert os.access(ccache, os.R_OK)
     assert os.access(config, os.R_OK)
     creds.release()
     assert not os.access(ccache, os.R_OK)
     assert not os.access(config, os.R_OK)
Beispiel #41
0
 def test_set_password(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr-1')
     principal = 'test-usr-1@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     client.modify(user, mods)
     creds = Creds(domain)
     creds.acquire('test-usr-1', 'Pass123')
     assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321')
     self._delete_obj(client, user)
Beispiel #42
0
 def test_cleanup_environment(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert ccache != ccorig
     assert config != cforig
     creds.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
Beispiel #43
0
 def test_cleanup_environment(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert ccache != ccorig
     assert config != cforig
     creds.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
Beispiel #44
0
 def test_set_password(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr-1')
     principal = 'test-usr-1@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     client.modify(user, mods)
     creds = Creds(domain)
     creds.acquire('test-usr-1', 'Pass123')
     assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321')
     self._delete_obj(client, user)
Beispiel #45
0
 def test_change_password_target_pdc(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     locator = Locator()
     pdc = locator.locate(domain, role='pdc')
     user = self._create_user(client, 'test-usr-4', server=pdc)
     principal = 'test-usr-4@%s' % domain
     client.set_password(principal, 'Pass123', server=pdc)
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     mods.append(('replace', 'pwdLastSet', ['0']))
     client.modify(user, mods, server=pdc)
     client.change_password(principal, 'Pass123', 'Pass456', server=pdc)
     creds = Creds(domain)
     creds.acquire('test-usr-4', 'Pass456', server=pdc)
     assert_raises(ADError, creds.acquire, 'test-usr-4', 'Pass321',
                          server=pdc)
     self._delete_obj(client, user, server=pdc)
Beispiel #46
0
 def test_release_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     creds1.release()
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
     creds2.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
Beispiel #47
0
 def test_release_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     creds1.release()
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
     creds2.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig