def test_quota_pam(self): with TempFilesystem(self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: quota_policy = { "inodeSoftLimit": '10', "inodeHardLimit": '15', "spaceSoftLimit": str(1024 ** 2), "spaceHardLimit": str(2048 ** 2), "reapplyQuota": 'TRUE', "name": uts.random_name(), } self._activate_quota(tfs.loop_dev) print("Create Share") share = udm.create_object( 'shares/share', name=self.share_name, path=tfs.mount_point, host=self.my_fqdn, directorymode="0777" ) utils.wait_for_replication_and_postrun() qc.cache_must_exists(share) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False, wait_for=False) print("Create quota policy") policy = self.create_quota_policy(udm, quota_policy) print("Append quota policy") udm.modify_object("shares/share", dn=share, policy_reference=policy) utils.wait_for_replication_and_postrun() qc.check_values( share, quota_policy["inodeSoftLimit"], quota_policy["inodeHardLimit"], quota_policy["spaceSoftLimit"], quota_policy["spaceHardLimit"], quota_policy["reapplyQuota"] ) self.touch_file(tfs.mount_point) self._check_quota_settings(tfs.loop_dev)
def test_invalid_zone_names(zone): lo = utils.get_ldap_connection() with udm_test.UCSTestUDM() as udm, _ucr.UCSTestConfigRegistry() as ucr: pos = 'cn=dns,%s' % (udm.LDAP_BASE,) dn = 'zoneName=%s,%s' % (ldap.dn.escape_dn_chars(zone), pos) attrs = { 'nSRecord': ['%(hostname)s.%(domainname)s.'], 'objectClass': ['dNSZone', 'top'], 'dNSTTL': ['10800'], 'relativeDomainName': ['@'], 'zoneName': [zone], 'sOARecord': ['%(hostname)s.%(domainname)s. root.%(domainname)s. 9 28800 7200 604800 10800'], } al = [(key, [v % dict(ucr) for v in val]) for key, val in attrs.items()] print(('Creating', dn)) lo.add(dn, al) try: utils.wait_for_replication_and_postrun() check(zone) lo.modify(dn, [('dNSTTL', '10800', '10900')]) utils.wait_for_replication_and_postrun() check(zone) finally: lo.delete(dn) utils.wait_for_replication_and_postrun() check(zone, True)
def test_user_mail_alt_equals_shared_folder_mail_address(): print( "### A user has mail@shared_folder as mail_alternative_address address" ) with udm_test.UCSTestUDM() as udm: folder_name = uts.random_name() shared_folder_mail = "%s@%s" % (folder_name, DOMAIN) user = random_mail_user(udm=udm, mail_alternative_address=shared_folder_mail) token = make_token() msgid = uts.random_name() folder_dn, folder_name, folder_mailaddress = create_shared_mailfolder( udm, FQDN, mailAddress=shared_folder_mail, user_permission=['"%s" "%s"' % ("anyone", "all")]) send_mail(recipients=shared_folder_mail, msg=token, debuglevel=DEBUG_LEVEL, messageid=msgid) check_delivery(token, user.mailPrimaryAddress, True) found = imap_search_mail(messageid=msgid, server=FQDN, imap_user=user.mailPrimaryAddress, imap_folder=folder_name, use_ssl=True) if not found: utils.fail("Mail sent with token = %r to %s un-expectedly".format( token, folder_name))
def test_two_shares_on_one_mount(self, quota_policies, expected_result): with TempFilesystem(self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: self._activate_quota(tfs.loop_dev) print("Create Shares") share1_path = os.path.join(tfs.mount_point, self.share_name) share2_path = os.path.join(tfs.mount_point, self.share_name2) os.mkdir(share1_path) os.mkdir(share2_path) share1 = udm.create_object( 'shares/share', name=self.share_name, path=share1_path, host=self.my_fqdn, directorymode="0777" ) share2 = udm.create_object( 'shares/share', name=self.share_name2, path=share2_path, host=self.my_fqdn, directorymode="0777" ) utils.wait_for_replication_and_postrun() qc.cache_must_exists(share1) qc.cache_must_exists(share2) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False) print("Create quota policies") policies = [] for quota_policy in quota_policies: policies.append(self.create_quota_policy(udm, quota_policy)) print("Append quota policies") udm.modify_object("shares/share", dn=share1, policy_reference=policies[0]) udm.modify_object("shares/share", dn=share2, policy_reference=policies[1]) utils.wait_for_replication_and_postrun() self.touch_file(tfs.mount_point) self._check_quota_settings(tfs.loop_dev, expected_result)
def test_group_mail_in_mailing_list(): with udm_test.UCSTestUDM() as udm: group_members = [] group_mails = [] for i in range(2): user = random_mail_user(udm=udm) group_members.append(user.dn) group_mails.append(user.mailPrimaryAddress) group_mail = random_email() udm.create_group(set={ "mailAddress": group_mail, "users": group_members }) list_name = uts.random_name() list_mail = "%s@%s" % (list_name, DOMAIN) udm.create_object("mail/lists", set={ "name": list_name, "mailAddress": list_mail, "members": [group_mail] }, wait_for_drs_replication=True) token = make_token() send_mail(recipients=list_mail, msg=token, debuglevel=DEBUG_LEVEL) for mail in group_mails: check_delivery(token, mail, True)
def test_user_b_mail_alt_equal_user_a_mail_primary_with_mail_copy_to_self( mail_forward_copy_to_self, delivered): print( "### user_b's mail_alternative_address is equal to user_a's mail forward address" ) with udm_test.UCSTestUDM() as udm: a_user = Bunch() a_user.mailPrimaryAddress = random_email() a_user.mailHomeServer = FQDN a_user.mailForwardAddress = random_email() a_user.dn, a_user.username = udm.create_user( set={ "mailHomeServer": a_user.mailHomeServer, "mailPrimaryAddress": a_user.mailPrimaryAddress, "mailForwardAddress": a_user.mailForwardAddress, "mailForwardCopyToSelf": mail_forward_copy_to_self, }) b_user = Bunch() b_user.mailPrimaryAddress = random_email() b_user.mailHomeServer = FQDN b_user.dn, a_user.username = udm.create_user( set={ "mailHomeServer": b_user.mailHomeServer, "mailPrimaryAddress": b_user.mailPrimaryAddress, "mailAlternativeAddress": a_user.mailPrimaryAddress, }) token = make_token() send_mail(recipients=a_user.mailPrimaryAddress, msg=token, debuglevel=DEBUG_LEVEL) check_delivery(token, a_user.mailPrimaryAddress, delivered) check_delivery(token, b_user.mailPrimaryAddress, True)
def create_school_admin(self, ou_name, username=None, schools=None, firstname=None, lastname=None, mailaddress=None, is_active=True, password='******', wait_for_replication=True): position = 'cn=admins,cn=users,%s' % (self.get_ou_base_dn(ou_name)) groups = ["cn=admins-%s,cn=ouadmins,cn=groups,%s" % (ou_name, self.LDAP_BASE)] if username is None: username = uts.random_username() if firstname is None: firstname = uts.random_string(length=10, numeric=False) if lastname is None: lastname = uts.random_string(length=10, numeric=False) if mailaddress is None: mailaddress = '' kwargs = { 'school': ou_name, 'schools': schools, 'username': username, 'firstname': firstname, 'lastname': lastname, 'email': mailaddress, 'password': password, 'disabled': not(is_active), 'options': ['samba', 'ucsschoolAdministrator', 'kerberos', 'posix', 'mail'], } udm = udm_test.UCSTestUDM() dn, school_admin = udm.create_user(position=position, groups=groups, **kwargs) if wait_for_replication: utils.wait_for_replication() return school_admin, dn
def self_service_user(email=None, **kwargs): with udm_test.UCSTestUDM() as udm: password = uts.random_string() if email: kwargs['PasswordRecoveryEmail'] = email dn, username = udm.create_user(password=password, **kwargs) utils.verify_ldap_object(dn) yield SelfServiceUser(username, password)
def __init__(self, translator=None): self.args = self.parse_args() if translator is not None: translator.set_language(self.args.language) logging.basicConfig(level=logging.INFO) self.udm = udm_test.UCSTestUDM() self.selenium = selenium_test.UMCSeleniumTest( language=self.args.language)
def test_all_roles_modification_set_network(ip_subnet, ip_network, ip_netmask, ip_range): ucr = configRegistry.ConfigRegistry() ucr.load() for role in udm_test.UCSTestUDM.COMPUTER_MODULES: computerProperties = { 'mac': '01:23:45:67:89:ab', 'name': uts.random_name() } with udm_test.UCSTestUDM() as udm: dNSCn = 'cn=dns,%s' % (ucr.get('ldap/base'),) forwardZoneName = '%s.%s' % (uts.random_name(), uts.random_name()) forwardZone = udm.create_object('dns/forward_zone', zone=forwardZoneName, position=dNSCn, nameserver=uts.random_string(numeric=False)) reverseZone = udm.create_object('dns/reverse_zone', subnet=ip_subnet, position=dNSCn, nameserver=uts.random_string(numeric=False)) dhcpService = udm.create_object('dhcp/service', service=uts.random_name()) networkProperties = { 'name': uts.random_name(), 'network': ip_network, 'netmask': ip_netmask, 'dnsEntryZoneForward': forwardZone, 'dnsEntryZoneReverse': reverseZone, 'dhcpEntryZone': dhcpService, 'ipRange': ip_range, } network = udm.create_object('networks/network', **networkProperties) computer = udm.create_object(role, **computerProperties) udm.modify_object(role, dn=computer, network=network) aRecord = (utils.get_ldap_connection().getAttr(computer, 'aRecord') or [b''])[0].decode('ASCII') aaaRecord = (utils.get_ldap_connection().getAttr(computer, 'aAAARecord') or [b''])[0].decode('ASCII') # FIXME: workaround for possibly remaining locks if aaaRecord: udm.addCleanupLock('aAAARecord', aaaRecord) if aRecord: udm.addCleanupLock('aRecord', aRecord) udm.addCleanupLock('mac', '01:23:45:67:89:ab') utils.verify_ldap_object(computer, {'univentionNetworkLink': [network]}) assert aRecord or aaaRecord if aRecord: assert aRecord in ['%s.%s' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network' if aaaRecord: assert aaaRecord in ['%s:0000:0000:0000:%0.4x' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network' if aRecord: utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aRecord': [aRecord]}) utils.verify_ldap_object('relativeDomainName=%s,%s' % (aRecord.split(".")[-1], reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]}) utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [aRecord]}) if aaaRecord: utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aAAARecord': [aaaRecord]}) utils.verify_ldap_object('relativeDomainName=%s,%s' % ('.'.join(reversed(''.join(aaaRecord.split(':')[4:]))), reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]}) utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [str(ipaddress.IPv6Address(aaaRecord))]})
def user(): with _udm.UCSTestUDM() as udm: userdn, username = udm.create_user( password='******', firstname='Max', lastname='Muster', organisation='firma.de_GmbH') # mailPrimaryAddress='...@...' call(['univention-ldapsearch', 'uid=%s' % (username, )]) call(['univention-s4search', 'sAMAccountName=%s' % (username, )]) yield username
def create_global_user(self, username=None, password='******'): position = 'cn=users,%s' % (self.LDAP_BASE,) udm = udm_test.UCSTestUDM() if username is None: username = uts.random_username() kwargs = { 'username': username, 'password': password, } dn, global_user = udm.create_user(position=position, **kwargs) return global_user, dn
def test_validate_that_simpleauthaccount_are_ignore_in_license(udm): """Check whether a simple-auth-account appears in the license-check""" # bugs: [13721] license_before = subprocess.Popen(['univention-license-check'], stdout=subprocess.PIPE).communicate()[0] with udm_test.UCSTestUDM() as udm: udm.create_ldap_user() license_after = subprocess.Popen( ['univention-license-check'], stdout=subprocess.PIPE).communicate()[0] assert license_before == license_after, 'The license before creating a simple-auth user differs from the license after creating the user'
def check_login(activated_email=False): with udm_test.UCSTestUDM() as udm: testcase_user_name = udm.create_user( RegisteredThroughSelfService='TRUE', PasswordRecoveryEmailVerified='TRUE' if activated_email else 'FALSE', )[1] SamlSession = samltest.SamlTest(testcase_user_name, 'univention') SamlSession.login_with_new_session_at_IdP() SamlSession.test_login() SamlSession.logout_at_IdP() SamlSession.test_logout_at_IdP() SamlSession.test_logout()
def test_group_mail_equal_user_mail_alt(): print( "### The group's mail is identical to a users mail_alternative_address" ) with udm_test.UCSTestUDM() as udm: group_mail = random_email() user_a = random_mail_user(udm=udm, mail_alternative_address=group_mail) user_b = random_mail_user(udm=udm) udm.create_group(set={"mailAddress": group_mail, "users": [user_b.dn]}) token = make_token() send_mail(recipients=group_mail, msg=token, debuglevel=DEBUG_LEVEL) check_delivery(token, user_a.mailPrimaryAddress, True) check_delivery(token, user_b.mailPrimaryAddress, True)
def create_domain_admin(self, ou_name, username=None, password='******'): position = 'cn=admins,cn=users,%s' % (self.get_ou_base_dn(ou_name)) groups = ["cn=Domain Admins,cn=groups,%s" % (self.LDAP_BASE,)] udm = udm_test.UCSTestUDM() if username is None: username = uts.random_username() kwargs = { 'school': ou_name, 'username': username, 'password': password, } dn, domain_admin = udm.create_user(position=position, groups=groups, **kwargs) return domain_admin, dn
def test_user_b_mail_alt_equal_user_a_mail_primary(): print( "### user_b's mail_alternative_address is equal to user_a's primary mail address" ) with udm_test.UCSTestUDM() as udm: a_user = random_mail_user(udm=udm) b_user = random_mail_user( udm=udm, mail_alternative_address=a_user.mailPrimaryAddress) token = make_token() send_mail(recipients=a_user.mailPrimaryAddress, msg=token, debuglevel=DEBUG_LEVEL) check_delivery(token, a_user.mailPrimaryAddress, True) check_delivery(token, b_user.mailPrimaryAddress, True)
def self_service_user(email=None, **kwargs): with udm_test.UCSTestUDM() as udm: if 'mailPrimaryAddress' in kwargs: udm.create_object('mail/domain', ignore_exists=True, wait_for_replication=True, check_for_drs_replication=False, name=kwargs['mailPrimaryAddress'].split('@', 1)[1]) password = uts.random_string() if email: kwargs['PasswordRecoveryEmail'] = email dn, username = udm.create_user(password=password, **kwargs) utils.verify_ldap_object(dn) yield SelfServiceUser(username, password)
def test_quota_pam(self): with TempFilesystem( self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: self._activate_quota(tfs.loop_dev) print("Create Share") share = udm.create_object('shares/share', name=self.share_name, path=tfs.mount_point, host=self.my_fqdn, directorymode="0777") utils.wait_for_replication_and_postrun() qc.cache_must_exists(share) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False) print("Create quota policy") policy = udm.create_object( 'policies/share_userquota', position=self.quota_policy["position"], name=self.quota_policy["name"], softLimitSpace=self.quota_policy["spaceSoftLimit"], hardLimitSpace=self.quota_policy["spaceHardLimit"], softLimitInodes=self.quota_policy["inodeSoftLimit"], hardLimitInodes=self.quota_policy["inodeHardLimit"], reapplyeverylogin=self.quota_policy["reapplyQuota"], ) print("Append quota policy") udm.modify_object("shares/share", dn=share, policy_reference=policy) utils.wait_for_replication_and_postrun() qc.check_values(share, self.quota_policy["inodeSoftLimit"], self.quota_policy["inodeHardLimit"], self.quota_policy["spaceSoftLimit"], self.quota_policy["spaceHardLimit"], self.quota_policy["reapplyQuota"]) print("Write file on filesystem as user: {}".format(self.username)) subprocess.check_call([ "sudo", "--user", self.username, "touch", os.path.join(tfs.mount_point, "foo"), ]) self._check_quota_settings(tfs.loop_dev)
def test_mail_list_equal_user_mail_alt(): print( "### A mailing list's mail is identical with a users mail_alternative_address" ) with udm_test.UCSTestUDM() as udm: list_name = uts.random_name() mailing_list_mail = "%s@%s" % (list_name, DOMAIN) user_a = random_mail_user(udm=udm, mail_alternative_address=mailing_list_mail) user_b = random_mail_user(udm=udm) udm.create_object("mail/lists", set={ "name": list_name, "mailAddress": mailing_list_mail, "members": [user_b.mailPrimaryAddress], }) token = make_token() send_mail(recipients=mailing_list_mail, msg=token, debuglevel=DEBUG_LEVEL) check_delivery(token, user_a.mailPrimaryAddress, True) check_delivery(token, user_b.mailPrimaryAddress, True)
def test_write_event(): with udm_test.UCSTestUDM() as udm, ucr_test.UCSTestConfigRegistry() as ucr, univention.admindiary.backend.get_client(version=1) as client: d = (datetime.datetime.now() - datetime.timedelta(seconds=5)).isoformat() dn, username = udm.create_user() expected = { 'id': 33, 'date': datetime.datetime.now().strftime('%y-%m-%d %H:%M:%S'), 'event_name': 'UDM_USERS_USER_CREATED', 'hostname': ucr['hostname'], 'username': '******', 'message': None, 'args': {'username': username, 'module': 'users/user'}, 'comments': False } entries = client.query(d, event='UDM_USERS_USER_CREATED') # It is not possible to filter by args in query so we use list comprehension x = [entry for entry in entries if entry.get('args', {}).get('username') == username][0] assert x is not None expected['id'] = x['id'] expected['date'] = x['date'] expected['context_id'] = x['context_id'] assert x == expected
def udm(): with udm_test.UCSTestUDM() as udm: yield udm
def import_users_basics(use_cli_api=True, use_python_api=False): ucr = univention.testing.ucr.UCSTestConfigRegistry() ucr.load() udm = udm_test.UCSTestUDM() for singlemaster in [False, True]: for samba_home_server in [None, 'generate']: for profile_path_server in [None, 'generate']: for home_server_at_ou in [None, 'generate']: for windows_profile_server in [None, 'generate']: if samba_home_server == 'generate': samba_home_server = uts.random_name() if profile_path_server == 'generate': profile_path_server = uts.random_name() school_name = uts.random_name() if home_server_at_ou: home_server_at_ou = uts.random_name() create_home_server(udm, home_server_at_ou) create_ou_cli(school_name, sharefileserver=home_server_at_ou) else: create_ou_cli(school_name) try: if windows_profile_server: windows_profile_server = uts.random_name() create_windows_profile_server(udm=udm, ou=school_name, name=windows_profile_server) univention.config_registry.handler_set([ 'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'), 'ucsschool/import/set/sambahome=%s' % samba_home_server, 'ucsschool/import/set/serverprofile/path=%s' % profile_path_server, ]) if not samba_home_server: univention.config_registry.handler_unset([ 'ucsschool/import/set/sambahome', ]) if not profile_path_server: univention.config_registry.handler_unset([ 'ucsschool/import/set/serverprofile/path', ]) print '' print '**** import_users_basics:' print '**** singlemaster: %s' % singlemaster print '**** samba_home_server: %s' % samba_home_server print '**** profile_path_server: %s' % profile_path_server print '**** home_server_at_ou: %s' % home_server_at_ou print '**** windows_profile_server: %s' % windows_profile_server print '' create_and_verify_users(use_cli_api, use_python_api, school_name, 3, 3, 3, 3) finally: remove_ou(school_name) utils.wait_for_replication()
def create_test_user(): udm = udm_test.UCSTestUDM() username = udm.create_user(wait_for_replication=False)[1] wait_for_s4connector() return s4_user_auth(username, 'univention')
def udm(): with _udm.UCSTestUDM() as udm: yield udm
def test_filename_validation(modify, prefix, path, position, attr, ocs, name): lo = utils.get_ldap_connection() with udm_test.UCSTestUDM() as udm: pos = '%s,%s' % ( position, udm.LDAP_BASE, ) filename = filename_modify = '%s%s%s' % (prefix, name, strings.random_string()) if modify: dn_modify = '%s=%s,%s' % (attr, ldap.dn.escape_dn_chars(filename), pos) filename = filename.replace('/', '').replace('.', '') dn = '%s=%s,%s' % (attr, ldap.dn.escape_dn_chars(filename), pos) fullpath = os.path.join(path, filename) fullpath_modify = os.path.join(path, filename_modify) attrs = { attr: [filename], 'cn': [filename], 'objectClass': ['top', 'univentionObjectMetadata', ocs], 'univentionOwnedByPackage': ['foo'], 'univentionOwnedByPackageVersion': ['1'], attr.replace('Filename', 'Data'): [ bz2.compress( '\n' if modify else 'root:$6$5cAInBgG$7rdZuEujGK1QFoprcNspXsXHsymW3Txp0kDyHFsE.omI.3T0xek3KIneFPZ99Z8dwZnZ2I2O/Tk8x4mNNGSE4.:16965:0:99999:7:::' ) ], attr.replace('Filename', 'Active'): ['TRUE'], } al = [(key, [v for v in val]) for key, val in attrs.items()] print(('Creating', dn)) dn = lo.add(dn, al) or dn try: utils.wait_for_replication_and_postrun() if modify: assert os.path.exists(fullpath) if ocs == 'univentionLDAPExtensionACL': assert os.path.exists(fullpath + '.info') print(('Modifying into', dn_modify)) dn = lo.modify(dn, [ (attr, filename, filename_modify), ('cn', filename, filename_modify), ]) or dn print(('Modified', dn)) assert dn == dn_modify utils.wait_for_replication_and_postrun() # object was renamed (if modify). make sure the old files do not exists anymore. assert not os.path.exists(fullpath_modify), err(fullpath_modify) assert not os.path.exists(fullpath), err(fullpath) if ocs == 'univentionLDAPExtensionACL': assert not os.path.exists(fullpath + '.info'), err(fullpath + '.info') assert not os.path.exists(fullpath_modify + '.info'), err(fullpath_modify + '.info') # create fake files and see if the listener would remove them. with open(fullpath_modify, 'w') as fd: fd.write('TEMP') if ocs == 'univentionLDAPExtensionACL': with open(fullpath_modify + '.info', 'w') as fd: fd.write('TEMP') finally: lo.delete(dn) utils.wait_for_replication_and_postrun() assert os.path.exists(fullpath_modify), err(fullpath_modify) assert 'TEMP' in err(fullpath_modify) os.unlink(fullpath_modify) if ocs == 'univentionLDAPExtensionACL': assert os.path.exists(fullpath_modify + '.info'), err(fullpath_modify) assert 'TEMP' in err(fullpath_modify + '.info') os.unlink(fullpath_modify + '.info')