def test_search_for_all_posix(self, group, group2):
""" Search for all posix groups """
command = group.make_command(
'group_find', **dict(posix=True, all=True)
)
result = command()
assert_deepequal(dict(
summary=u'4 groups matched',
count=4,
truncated=False,
result=[
{
'dn': get_group_dn('admins'),
'member_user': [u'admin'],
'gidnumber': [fuzzy_digits],
'cn': [u'admins'],
'description': [u'Account administrators group'],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn('editors'),
'gidnumber': [fuzzy_digits],
'cn': [u'editors'],
'description':
[u'Limited admins who can edit other users'],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn(group.cn),
'cn': [group.cn],
'description': [u'Test desc1'],
'gidnumber': [fuzzy_digits],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn(group2.cn),
'cn': [group2.cn],
'description': [u'Test desc2'],
'gidnumber': [fuzzy_digits],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
]), result)
def test_search_for_all_posix(self, group, group2):
""" Search for all posix groups """
command = group.make_command(
'group_find', **dict(posix=True, all=True)
)
result = command()
assert_deepequal(dict(
summary=u'4 groups matched',
count=4,
truncated=False,
result=[
{
'dn': get_group_dn('admins'),
'member_user': [u'admin'],
'gidnumber': [fuzzy_digits],
'cn': [u'admins'],
'description': [u'Account administrators group'],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn('editors'),
'gidnumber': [fuzzy_digits],
'cn': [u'editors'],
'description':
[u'Limited admins who can edit other users'],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn(group.cn),
'cn': [group.cn],
'description': [u'Test desc1'],
'gidnumber': [fuzzy_digits],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
{
'dn': get_group_dn(group2.cn),
'cn': [group2.cn],
'description': [u'Test desc2'],
'gidnumber': [fuzzy_digits],
'objectclass': fuzzy_set_ci(add_oc(
objectclasses.posixgroup, u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
},
]), result)
def user_npg2(request, group):
""" User tracker fixture for testing users with no private group """
tracker = UserTracker(name=u'npguser2', givenname=u'Npguser',
sn=u'Npguser2', noprivate=True, gidnumber=1000)
tracker.track_create()
del tracker.attrs['mepmanagedentry']
tracker.attrs.update(
gidnumber=[u'1000'], description=[], memberof_group=[group.cn],
objectclass=add_oc(objectclasses.user_base, u'ipantuserattrs')
)
return tracker.make_fixture(request)
def user_npg2(request, group):
""" User tracker fixture for testing users with no private group """
tracker = UserTracker(name=u'npguser2', givenname=u'Npguser',
sn=u'Npguser2', noprivate=True, gidnumber=1000)
tracker.track_create()
del tracker.attrs['mepmanagedentry']
tracker.attrs.update(
gidnumber=[u'1000'], description=[], memberof_group=[group.cn],
objectclass=add_oc(objectclasses.user_base, u'ipantuserattrs')
)
return tracker.make_fixture(request)
def test_create_without_upg_with_gid_set(self):
""" Create user without User's Primary GID with GID set """
testuser = UserTracker(name=u'tuser1',
givenname=u'Test',
sn=u'Tuser1',
noprivate=True,
gidnumber=1000)
testuser.track_create()
del testuser.attrs['mepmanagedentry']
testuser.attrs.update(gidnumber=[u'1000'])
testuser.attrs.update(description=[],
objectclass=add_oc(objectclasses.user_base,
u'ipantuserattrs'))
command = testuser.make_create_command()
result = command()
testuser.check_create(result, [u'description'])
testuser.delete()
def test_create_without_upg_with_gid_set(self):
""" Create user without User's Primary GID with GID set """
testuser = UserTracker(
name=u'tuser1', givenname=u'Test', sn=u'Tuser1',
noprivate=True, gidnumber=1000
)
testuser.track_create()
del testuser.attrs['mepmanagedentry']
testuser.attrs.update(gidnumber=[u'1000'])
testuser.attrs.update(
description=[],
objectclass=add_oc(objectclasses.user_base, u'ipantuserattrs')
)
command = testuser.make_create_command()
result = command()
testuser.check_create(result, [u'description'])
testuser.delete()
def test_create_where_managed_group_exists(self, user, group):
""" Create a managed group and then try to create user
with the same name the group has
As the UPG plugin is disabled, there is no conflict
"""
group.create()
testuser = UserTracker(name=group.cn,
givenname=u'Test',
sn=u'Tuser1',
gidnumber=1000)
testuser.track_create()
del testuser.attrs['mepmanagedentry']
testuser.attrs.update(gidnumber=[u'1000'])
testuser.attrs.update(description=[],
objectclass=add_oc(objectclasses.user_base,
u'ipantuserattrs'))
command = testuser.make_create_command()
result = command()
testuser.check_create(result, [u'description'])
testuser.delete()
def get_user_result(uid,
givenname,
sn,
operation='show',
omit=[],
**overrides):
"""Get a user result for a user-{add,mod,find,show} command
This gives the result as from a user_add(uid, givenname=givenname, sn=sn);
modifications to that can be specified in ``omit`` and ``overrides``.
The ``operation`` can be one of:
- add
- show
- show-all ((show with the --all flag)
- find
- mod
Attributes named in ``omit`` are removed from the result; any additional
or non-default values can be specified in ``overrides``.
"""
# sn can be None; this should only be used from `get_admin_result`
cn = overrides.get('cn', ['%s %s' % (givenname, sn or '')])
cn[0] = cn[0].strip()
result = add_sid(
dict(
homedirectory=[u'/home/%s' % uid],
loginshell=[u'/bin/sh'],
uid=[uid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
mail=[u'%s@%s' % (uid, api.env.domain)],
has_keytab=False,
has_password=False,
))
if sn:
result['sn'] = [sn]
if givenname:
result['givenname'] = [givenname]
if operation in ('add', 'show', 'show-all', 'find'):
result.update(dn=get_user_dn(uid), )
if operation in ('add', 'show-all'):
result.update(cn=cn,
displayname=cn,
gecos=cn,
initials=[givenname[0] + (sn or '')[:1]],
ipauniqueid=[fuzzy_uuid],
mepmanagedentry=[get_group_dn(uid)],
objectclass=add_oc(objectclasses.user,
u'ipantuserattrs'),
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)])
if operation in ('show', 'show-all', 'find', 'mod'):
result.update(nsaccountlock=False, )
if operation in ('add', 'show', 'show-all', 'mod'):
result.update(memberof_group=[u'ipausers'], )
for key in omit:
del result[key]
result.update(overrides)
return result
def get_user_result(uid, givenname, sn, operation='show', omit=[],
**overrides):
"""Get a user result for a user-{add,mod,find,show} command
This gives the result as from a user_add(uid, givenname=givenname, sn=sn);
modifications to that can be specified in ``omit`` and ``overrides``.
The ``operation`` can be one of:
- add
- show
- show-all ((show with the --all flag)
- find
- mod
Attributes named in ``omit`` are removed from the result; any additional
or non-default values can be specified in ``overrides``.
"""
# sn can be None; this should only be used from `get_admin_result`
cn = overrides.get('cn', ['%s %s' % (givenname, sn or '')])
cn[0] = cn[0].strip()
result = add_sid(dict(
homedirectory=[u'/home/%s' % uid],
loginshell=[u'/bin/sh'],
uid=[uid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
mail=[u'%s@%s' % (uid, api.env.domain)],
has_keytab=False,
has_password=False,
))
if sn:
result['sn'] = [sn]
if givenname:
result['givenname'] = [givenname]
if operation in ('add', 'show', 'show-all', 'find'):
result.update(
dn=get_user_dn(uid),
)
if operation in ('add', 'show-all'):
result.update(
cn=cn,
displayname=cn,
gecos=cn,
initials=[givenname[0] + (sn or '')[:1]],
ipauniqueid=[fuzzy_uuid],
mepmanagedentry=[get_group_dn(uid)],
objectclass=add_oc(objectclasses.user, u'ipantuserattrs'),
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)]
)
if operation in ('show', 'show-all', 'find', 'mod'):
result.update(
nsaccountlock=False,
)
if operation in ('add', 'show', 'show-all', 'mod'):
result.update(
memberof_group=[u'ipausers'],
)
for key in omit:
del result[key]
result.update(overrides)
return result
def track_create(self, **options):
super(SMBServiceTracker, self).track_create(**options)
self.attrs[u'uidnumber'] = [fuzzy_digits]
self.attrs[u'gidnumber'] = [fuzzy_digits]
self.attrs[u'objectclass'].append(u'ipaIDObject')
@pytest.fixture(scope='class')
def test_smb_svc(request, test_host):
service_tracker = SMBServiceTracker(u'cifs', test_host.name)
test_host.ensure_exists()
return service_tracker.make_fixture(request)
@pytest.mark.tier0
@pytest.mark.skipif(u'ipantuserattrs' not in add_oc([], u'ipantuserattrs'),
reason="Must have trust support enabled for this test")
class test_smb_service(KeytabRetrievalTest):
"""
Test `ipa-getkeytab` for retrieving explicit enctypes
"""
command = "ipa-getkeytab"
keytabname = None
@classmethod
def setup_class(cls):
super(test_smb_service, cls).setup_class()
try:
cls.dm_password = retrieve_dm_password()
except errors.NotFound as e: