def test_acquire_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     assert ccache1 == os.environ['KRB5CCNAME']
     assert config1 == os.environ['KRB5_CONFIG']
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     assert ccache2 == os.environ['KRB5CCNAME']
     assert config2 == os.environ['KRB5_CONFIG']
     assert ccache1 != ccache2
     assert config1 != config2
     activate(creds1)
     assert os.environ['KRB5CCNAME'] == ccache1
     assert os.environ['KRB5_CONFIG'] == config1
     activate(creds2)
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
 def test_acquire_keytab(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     os.environ['PATH'] = '/usr/kerberos/sbin:/usr/kerberos/bin:%s' % \
                          os.environ['PATH']
     fullprinc = creds.principal()
     child = pexpect.spawn('kvno %s' % fullprinc)
     child.expect('kvno =')
     kvno = int(child.readline())
     child.expect(pexpect.EOF)
     child = pexpect.spawn('ktutil')
     child.expect('ktutil:')
     child.sendline('addent -password -p %s -k %d -e rc4-hmac' %
                    (fullprinc, kvno))
     child.expect('Password for.*:')
     child.sendline(password)
     child.expect('ktutil:')
     keytab = self.tempfile(remove=True)
     child.sendline('wkt %s' % keytab)
     child.expect('ktutil:')
     child.sendline('quit')
     child.expect(pexpect.EOF)
     creds.release()
     creds.acquire(principal, keytab=keytab)
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
 def test_acquire_keytab(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = ADCreds(domain)
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     creds.acquire(principal, password)
     os.environ['PATH'] = '/usr/kerberos/sbin:/usr/kerberos/bin:%s' % \
                          os.environ['PATH']
     fullprinc = creds.principal()
     child = pexpect.spawn('kvno %s' % fullprinc)
     child.expect('kvno =')
     kvno = int(child.readline())
     child.expect(pexpect.EOF)
     child = pexpect.spawn('ktutil')
     child.expect('ktutil:')
     child.sendline('addent -password -p %s -k %d -e rc4-hmac' %
                   (fullprinc, kvno))
     child.expect('Password for.*:')
     child.sendline(password)
     child.expect('ktutil:')
     keytab = conf.tempfile(remove=True)
     child.sendline('wkt %s' % keytab)
     child.expect('ktutil:')
     child.sendline('quit')
     child.expect(pexpect.EOF)
     creds.release()
     creds.acquire(principal, keytab=keytab)
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
 def test_change_password_target_pdc(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     locator = Locator()
     pdc = locator.locate(domain, role='pdc')
     user = self._create_user(client, 'test-usr-4', server=pdc)
     principal = 'test-usr-4@%s' % domain
     client.set_password(principal, 'Pass123', server=pdc)
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     mods.append(('replace', 'pwdLastSet', ['0']))
     client.modify(user, mods, server=pdc)
     client.change_password(principal, 'Pass123', 'Pass456', server=pdc)
     creds = Creds(domain)
     creds.acquire('test-usr-4', 'Pass456', server=pdc)
     assert_raises(ADError,
                   creds.acquire,
                   'test-usr-4',
                   'Pass321',
                   server=pdc)
     self._delete_obj(client, user, server=pdc)
 def test_acquire_multi(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     assert ccache1 == os.environ['KRB5CCNAME']
     assert config1 == os.environ['KRB5_CONFIG']
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     assert ccache2 == os.environ['KRB5CCNAME']
     assert config2 == os.environ['KRB5_CONFIG']
     assert ccache1 != ccache2
     assert config1 != config2
     activate(creds1)
     assert os.environ['KRB5CCNAME'] == ccache1
     assert os.environ['KRB5_CONFIG'] == config1
     activate(creds2)
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
 def test_add(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     self._delete_obj(client, user)
 def test_delete(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     dn = self._create_user(client, 'test-usr')
     client.delete(dn)
 def test_naming_contexts(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     naming_contexts = client.naming_contexts()
     assert len(naming_contexts) >= 3
 def test_naming_contexts(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     naming_contexts = client.naming_contexts()
     assert len(naming_contexts) >= 3
 def test_search(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
Exemple #11
0
 def test_add(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = utils.create_user(client, 'test-usr')
     delete_obj(client, user)
 def test_search(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
 def test_delete(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     dn = utils.create_user(client, 'test-usr')
     client.delete(dn)
 def test_search_configuration(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.configuration_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
 def test_forest(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     forest = client.forest()
     assert forest
     assert forest.isupper()
Exemple #16
0
 def test_search(self, conf):
     pytest.skip('test disabled: hanging')
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
 def test_forest(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     forest = client.forest()
     assert forest
     assert forest.isupper()
Exemple #18
0
 def test_search_schema(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.schema_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
 def test_search(self, conf):
     pytest.skip('test disabled: hanging')
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)')
     assert len(result) > 1
 def test_search_configuration(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.configuration_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
 def test_search_schema(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     base = client.schema_base()
     result = client.search('(objectClass=*)', base=base, scope='base')
     assert len(result) == 1
 def test_domains(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         assert domain
         assert domain.isupper()
 def test_search_server(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search('(objectClass=user)', server=server)
     assert len(result) > 1
 def test_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         assert domain
         assert domain.isupper()
Exemple #25
0
 def test_search_server(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search('(objectClass=user)', server=server)
     assert len(result) > 1
 def test_search_all_domains(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         base = client.dn_from_domain_name(domain)
         result = client.search('(objectClass=*)', base=base, scope='base')
         assert len(result) == 1
 def test_acquire_password(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = ADCreds(domain)
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     creds.acquire(principal, password)
     principal = '%s@%s' % (principal, domain)
     assert creds.principal().lower() == principal.lower()
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
 def test_acquire_password(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = ADCreds(domain)
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds.acquire(principal, password)
     principal = '%s@%s' % (principal, domain)
     assert creds.principal().lower() == principal.lower()
     child = pexpect.spawn('klist')
     pattern = '.*krbtgt/%s@%s' % (domain.upper(), domain.upper())
     assert child.expect([pattern]) == 0
 def test_modify(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     mods = []
     mods.append(('replace', 'sAMAccountName', ['test-usr-2']))
     client.modify(user, mods)
     self._delete_obj(client, user)
 def test_modify(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = utils.create_user(client, 'test-usr')
     mods = []
     mods.append(('replace', 'sAMAccountName', ['test-usr-2']))
     client.modify(user, mods)
     delete_obj(client, user)
 def test_search_all_domains(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     domains = client.domains()
     for domain in domains:
         base = client.dn_from_domain_name(domain)
         result = client.search('(objectClass=*)', base=base, scope='base')
         assert len(result) == 1
 def test_search_gc(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)', scheme='gc')
     assert len(result) > 1
     for res in result:
         dn, attrs = res
         # accountExpires is always set, but is not a GC attribute
         assert 'accountExpires' not in attrs
 def test_search_gc(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(objectClass=user)', scheme='gc')
     assert len(result) > 1
     for res in result:
         dn, attrs = res
         # accountExpires is always set, but is not a GC attribute
         assert 'accountExpires' not in attrs
 def test_search_rootdse(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_user_account(), conf.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search(base='', scope='base', server=server)
     assert len(result) == 1
     dns, attrs = result[0]
     assert 'supportedControl' in attrs
     assert 'supportedSASLMechanisms' in attrs
 def test_cleanup_files(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert os.access(ccache, os.R_OK)
     assert os.access(config, os.R_OK)
     creds.release()
     assert not os.access(ccache, os.R_OK)
     assert not os.access(config, os.R_OK)
 def test_modrdn(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = utils.create_user(client, 'test-usr')
     client.modrdn(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
 def test_search_rootdse(self):
     self.require(ad_user=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_user_account(), self.ad_user_password())
     activate(creds)
     locator = Locator()
     server = locator.locate(domain)
     client = Client(domain)
     result = client.search(base='', scope='base', server=server)
     assert len(result) == 1
     dns, attrs = result[0]
     assert attrs.has_key('supportedControl')
     assert attrs.has_key('supportedSASLMechanisms')
 def test_cleanup_files(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert os.access(ccache, os.R_OK)
     assert os.access(config, os.R_OK)
     creds.release()
     assert not os.access(ccache, os.R_OK)
     assert not os.access(config, os.R_OK)
 def test_paged_results(self, conf):
     conf.require(ad_admin=True, expensive=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     users = []
     for i in range(2000):
         user = utils.create_user(client, 'test-usr-%04d' % i)
         users.append(user)
     result = client.search('(cn=test-usr-*)')
     assert len(result) == 2000
     for user in users:
         delete_obj(client, user)
 def test_modrdn(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search(
         '(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.modrdn(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
 def test_paged_results(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     users = []
     for i in range(2000):
         user = self._create_user(client, 'test-usr-%04d' % i)
         users.append(user)
     result = client.search('(cn=test-usr-*)')
     assert len(result) == 2000
     for user in users:
         self._delete_obj(client, user)
 def test_cleanup_environment(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert ccache != ccorig
     assert config != cforig
     creds.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
 def test_cleanup_environment(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds = ADCreds(domain)
     creds.acquire(principal, password)
     ccache = creds._ccache_name()
     config = creds._config_name()
     assert ccache != ccorig
     assert config != cforig
     creds.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
 def test_set_password(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = utils.create_user(client, 'test-usr-1')
     principal = 'test-usr-1@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     client.modify(user, mods)
     creds = Creds(domain)
     creds.acquire('test-usr-1', 'Pass123')
     assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321')
     delete_obj(client, user)
 def test_set_password(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr-1')
     principal = 'test-usr-1@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     client.modify(user, mods)
     creds = Creds(domain)
     creds.acquire('test-usr-1', 'Pass123')
     assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321')
     self._delete_obj(client, user)
Exemple #46
0
 def test_change_password(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = utils.create_user(client, 'test-usr-3')
     principal = 'test-usr-3@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     mods.append(('replace', 'pwdLastSet', ['0']))
     client.modify(user, mods)
     client.change_password(principal, 'Pass123', 'Pass456')
     creds = Creds(domain)
     creds.acquire('test-usr-3', 'Pass456')
     assert_raises(ADError, creds.acquire, 'test-usr-3', 'Pass321')
     delete_obj(client, user)
 def test_change_password(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr-3')
     principal = 'test-usr-3@%s' % domain
     client.set_password(principal, 'Pass123')
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     mods.append(('replace', 'pwdLastSet', ['0']))
     client.modify(user, mods)
     client.change_password(principal, 'Pass123', 'Pass456')
     creds = Creds(domain)
     creds.acquire('test-usr-3', 'Pass456')
     assert_raises(ADError, creds.acquire, 'test-usr-3', 'Pass321')
     self._delete_obj(client, user)
 def test_release_multi(self, conf):
     conf.require(ad_user=True)
     domain = conf.domain()
     principal = conf.ad_user_account()
     password = conf.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     creds1.release()
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
     creds2.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
 def test_set_password_target_pdc(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     locator = Locator()
     pdc = locator.locate(domain, role='pdc')
     user = self._create_user(client, 'test-usr-2', server=pdc)
     principal = 'test-usr-2@%s' % domain
     client.set_password(principal, 'Pass123', server=pdc)
     mods = []
     ctrl = AD_USERCTRL_NORMAL_ACCOUNT
     mods.append(('replace', 'userAccountControl', [str(ctrl)]))
     client.modify(user, mods, server=pdc)
     creds = Creds(domain)
     creds.acquire('test-usr-2', 'Pass123', server=pdc)
     assert_raises(ADError, creds.acquire, 'test-usr-2','Pass321',
                   server=pdc)
     self._delete_obj(client, user, server=pdc)
 def test_incremental_retrieval_of_multivalued_attributes(self):
     self.require(ad_admin=True, expensive=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = self._create_user(client, 'test-usr')
     groups = []
     for i in range(2000):
         group = self._create_group(client, 'test-grp-%04d' % i)
         self._add_user_to_group(client, user, group)
         groups.append(group)
     result = client.search('(sAMAccountName=test-usr)')
     assert len(result) == 1
     dn, attrs = result[0]
     assert attrs.has_key('memberOf')
     assert len(attrs['memberOf']) == 2000
     self._delete_obj(client, user)
     for group in groups:
         self._delete_group(client, group)
 def test_incremental_retrieval_of_multivalued_attributes(self, conf):
     conf.require(ad_admin=True, expensive=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     user = utils.create_user(client, 'test-usr')
     groups = []
     for i in range(2000):
         group = utils.create_group(client, 'test-grp-%04d' % i)
         utils.add_user_to_group(client, user, group)
         groups.append(group)
     result = client.search('(sAMAccountName=test-usr)')
     assert len(result) == 1
     dn, attrs = result[0]
     assert 'memberOf' in attrs
     assert len(attrs['memberOf']) == 2000
     delete_obj(client, user)
     for group in groups:
         utils.delete_group(client, group)
 def test_rename(self, conf):
     conf.require(ad_admin=True)
     domain = conf.domain()
     creds = Creds(domain)
     creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = utils.create_user(client, 'test-usr')
     client.rename(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
     user = result[0][0]
     ou = utils.create_ou(client, 'test-ou')
     client.rename(user, 'cn=test-usr', ou)
     newdn = 'cn=test-usr,%s' % ou
     result = client.search('(&(objectClass=user)(cn=test-usr))')
     assert len(result) == 1
     assert result[0][0].lower() == newdn.lower()
 def test_release_multi(self):
     self.require(ad_user=True)
     domain = self.domain()
     principal = self.ad_user_account()
     password = self.ad_user_password()
     ccorig = os.environ.get('KRB5CCNAME')
     cforig = os.environ.get('KRB5_CONFIG')
     creds1 = ADCreds(domain)
     creds1.acquire(principal, password)
     ccache1 = creds1._ccache_name()
     config1 = creds1._config_name()
     creds2 = ADCreds(domain)
     creds2.acquire(principal, password)
     ccache2 = creds2._ccache_name()
     config2 = creds2._config_name()
     creds1.release()
     assert os.environ['KRB5CCNAME'] == ccache2
     assert os.environ['KRB5_CONFIG'] == config2
     creds2.release()
     assert os.environ.get('KRB5CCNAME') == ccorig
     assert os.environ.get('KRB5_CONFIG') == cforig
 def test_rename(self):
     self.require(ad_admin=True)
     domain = self.domain()
     creds = Creds(domain)
     creds.acquire(self.ad_admin_account(), self.ad_admin_password())
     activate(creds)
     client = Client(domain)
     result = client.search(
         '(&(objectClass=user)(sAMAccountName=test-usr))')
     if result:
         client.delete(result[0][0])
     user = self._create_user(client, 'test-usr')
     client.rename(user, 'cn=test-usr2')
     result = client.search('(&(objectClass=user)(cn=test-usr2))')
     assert len(result) == 1
     user = result[0][0]
     ou = self._create_ou(client, 'test-ou')
     client.rename(user, 'cn=test-usr', ou)
     newdn = 'cn=test-usr,%s' % ou
     result = client.search('(&(objectClass=user)(cn=test-usr))')
     assert len(result) == 1
     assert result[0][0].lower() == newdn.lower()