def test_quota_pam(self): with TempFilesystem(self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: quota_policy = { "inodeSoftLimit": '10', "inodeHardLimit": '15', "spaceSoftLimit": str(1024 ** 2), "spaceHardLimit": str(2048 ** 2), "reapplyQuota": 'TRUE', "name": uts.random_name(), } self._activate_quota(tfs.loop_dev) print("Create Share") share = udm.create_object( 'shares/share', name=self.share_name, path=tfs.mount_point, host=self.my_fqdn, directorymode="0777" ) utils.wait_for_replication_and_postrun() qc.cache_must_exists(share) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False, wait_for=False) print("Create quota policy") policy = self.create_quota_policy(udm, quota_policy) print("Append quota policy") udm.modify_object("shares/share", dn=share, policy_reference=policy) utils.wait_for_replication_and_postrun() qc.check_values( share, quota_policy["inodeSoftLimit"], quota_policy["inodeHardLimit"], quota_policy["spaceSoftLimit"], quota_policy["spaceHardLimit"], quota_policy["reapplyQuota"] ) self.touch_file(tfs.mount_point) self._check_quota_settings(tfs.loop_dev)
def test_udm_users_ldap_mspolicy(udm, ucr, module): # bugs: [52446] """Test mspolicy password functionality""" from univention.config_registry import handler_set handler_set(['password/quality/mspolicy=true']) attr = {'name': uts.random_username(), 'pwQualityCheck': 'TRUE'} pol_dn = udm.create_object('policies/pwhistory', wait_for_replication=True, check_for_drs_replication=True, wait_for=True, **attr) utils.wait_for_replication_and_postrun() name = "%s_test1" % (uts.random_username()) attr = { 'password': '******', 'username': name, 'lastname': 'test', 'policy_reference': pol_dn } dn = udm.create_object(module, wait_for_replication=True, check_for_drs_replication=True, wait_for=True, **attr) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object(module, dn=dn, password='******') with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object(module, dn=dn, password='******' % (name, )) if module == 'users/user': with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object(module, dn=dn, password='******')
def add_printer(name, school, hostname, domainname, ldap_base): # account = utils.UCSTestDomainAdminCredentials() # adminuid = account.binddn # passwd = account.bindpw # adminuid = 'uid=Administrator,cn=users,dc=najjar,dc=local' # passwd = 'univention' cmd_add_printer = [ 'udm', 'shares/printer', 'create', '--position', 'cn=printers,ou=%(school)s,%(ldap_base)s', '--set', 'name=%(name)s', '--set', 'spoolHost=%(hostname)s.%(domainname)s', '--set', 'uri="file:// /tmp/%(name)s.printer"', '--set', 'model=None', '--binddn', 'uid=Administrator,cn=users,%(ldap_base)s', '--bindpwd', 'univention' ] print run_commands( [cmd_add_printer], { 'name': name, 'school': school, 'hostname': hostname, 'domainname': domainname, 'ldap_base': ldap_base, }) utils.wait_for_replication_and_postrun() # give the CUPS and Samba server a little bit more time time.sleep(15)
def test_two_shares_on_one_mount(self, quota_policies, expected_result): with TempFilesystem(self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: self._activate_quota(tfs.loop_dev) print("Create Shares") share1_path = os.path.join(tfs.mount_point, self.share_name) share2_path = os.path.join(tfs.mount_point, self.share_name2) os.mkdir(share1_path) os.mkdir(share2_path) share1 = udm.create_object( 'shares/share', name=self.share_name, path=share1_path, host=self.my_fqdn, directorymode="0777" ) share2 = udm.create_object( 'shares/share', name=self.share_name2, path=share2_path, host=self.my_fqdn, directorymode="0777" ) utils.wait_for_replication_and_postrun() qc.cache_must_exists(share1) qc.cache_must_exists(share2) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False) print("Create quota policies") policies = [] for quota_policy in quota_policies: policies.append(self.create_quota_policy(udm, quota_policy)) print("Append quota policies") udm.modify_object("shares/share", dn=share1, policy_reference=policies[0]) udm.modify_object("shares/share", dn=share2, policy_reference=policies[1]) utils.wait_for_replication_and_postrun() self.touch_file(tfs.mount_point) self._check_quota_settings(tfs.loop_dev, expected_result)
def test_indirect_group_user_memberships_file_access(udm): """Access file as user of nested group of group of files owner""" # TODO: test the opposite, reading is prevented by a user not in those groups group = udm.create_group()[0] nested_group = udm.create_group(memberOf=group)[0] file_owner = udm.create_user(primaryGroup=group) another_user = udm.create_user(groups=nested_group) utils.wait_for_replication_and_postrun() utils.wait_for_replication_and_postrun() # create file as user "file_owner" and change permissions to 060 (read/write group only) with tempfile.NamedTemporaryFile("w+", dir='/var/tmp') as fd: fd.write('foo') fd.flush() os.remove(fd.name) assert not os.path.exists(fd.name) subprocess.check_call([ 'su', file_owner[1], '-c', 'touch %(file)s; chmod 070 %(file)s' % { 'file': fd.name } ]) # test reading as "another_user" subprocess.check_call( ['su', another_user[1], '-c', 'cat %s' % fd.name]) # test writing as "another_user" subprocess.check_call( ['su', another_user[1], '-c', 'touch %s' % fd.name])
def test_quota_pam(self): with TempFilesystem( self.quota_type, fs_type=self.fs_type) as tfs, udm_test.UCSTestUDM() as udm: self._activate_quota(tfs.loop_dev) print("Create Share") share = udm.create_object('shares/share', name=self.share_name, path=tfs.mount_point, host=self.my_fqdn, directorymode="0777") utils.wait_for_replication_and_postrun() qc.cache_must_exists(share) print("Create user") udm.create_user(username=self.username, check_for_drs_replication=False) print("Create quota policy") policy = udm.create_object( 'policies/share_userquota', position=self.quota_policy["position"], name=self.quota_policy["name"], softLimitSpace=self.quota_policy["spaceSoftLimit"], hardLimitSpace=self.quota_policy["spaceHardLimit"], softLimitInodes=self.quota_policy["inodeSoftLimit"], hardLimitInodes=self.quota_policy["inodeHardLimit"], reapplyeverylogin=self.quota_policy["reapplyQuota"], ) print("Append quota policy") udm.modify_object("shares/share", dn=share, policy_reference=policy) utils.wait_for_replication_and_postrun() qc.check_values(share, self.quota_policy["inodeSoftLimit"], self.quota_policy["inodeHardLimit"], self.quota_policy["spaceSoftLimit"], self.quota_policy["spaceHardLimit"], self.quota_policy["reapplyQuota"]) print("Write file on filesystem as user: {}".format(self.username)) subprocess.check_call([ "sudo", "--user", self.username, "touch", os.path.join(tfs.mount_point, "foo"), ]) self._check_quota_settings(tfs.loop_dev)
def test_container_ou_recursive_removal_with_special_characters(self, udm): """Remove an container/ou recursively with special characters""" ou_name = uts.random_name_special_characters() ou2_name = uts.random_name_special_characters() ou = udm.create_object('container/ou', name=ou_name) ou2 = udm.create_object('container/ou', name=ou2_name) ou3 = udm.create_object('container/ou', name=uts.random_name_special_characters()) utils.wait_for_replication_and_postrun() udm.move_object('container/ou', dn=ou, position=ou2) udm.move_object('container/ou', dn=ou2, position=ou3) ou = 'ou=%s,ou=%s,%s' % (ldap.dn.escape_dn_chars(ou_name), ldap.dn.escape_dn_chars(ou2_name), ou3) udm.remove_object('container/ou', dn=ou3) utils.verify_ldap_object(ou, should_exist=False)
def test_invalid_zone_names(zone): lo = utils.get_ldap_connection() with udm_test.UCSTestUDM() as udm, _ucr.UCSTestConfigRegistry() as ucr: pos = 'cn=dns,%s' % (udm.LDAP_BASE,) dn = 'zoneName=%s,%s' % (ldap.dn.escape_dn_chars(zone), pos) attrs = { 'nSRecord': ['%(hostname)s.%(domainname)s.'], 'objectClass': ['dNSZone', 'top'], 'dNSTTL': ['10800'], 'relativeDomainName': ['@'], 'zoneName': [zone], 'sOARecord': ['%(hostname)s.%(domainname)s. root.%(domainname)s. 9 28800 7200 604800 10800'], } al = [(key, [v % dict(ucr) for v in val]) for key, val in attrs.items()] print(('Creating', dn)) lo.add(dn, al) try: utils.wait_for_replication_and_postrun() check(zone) lo.modify(dn, [('dNSTTL', '10800', '10900')]) utils.wait_for_replication_and_postrun() check(zone) finally: lo.delete(dn) utils.wait_for_replication_and_postrun() check(zone, True)
def test_container_cn_rename_uppercase_rollback_with_special_characters( self, udm, ucr): """Rename a container/cn with un-moveable subobjects from lower to upper case special characters""" user_name = uts.random_string() network_name = uts.random_string() cn_name = uts.random_name_special_characters() cn_name_new = cn_name.upper() cn = udm.create_object('container/cn', name=cn_name) wait_for_drs_replication(ldap.filter.filter_format('cn=%s', [cn_name])) udm.create_user(position=cn, username=user_name) udm.create_object('networks/network', position=cn, name=network_name, network='1.1.1.1', netmask='24') with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('container/cn', dn=cn, name=cn_name_new) utils.wait_for_replication_and_postrun() new_cn = 'cn=%s,%s' % (ldap.dn.escape_dn_chars(cn_name_new), ucr.get('ldap/base')) new_user = '******' % (ldap.dn.escape_dn_chars(user_name), ldap.dn.escape_dn_chars(cn_name_new), ucr.get('ldap/base')) utils.verify_ldap_object(new_cn, should_exist=True) utils.verify_ldap_object(new_user, should_exist=True) lo = utils.get_ldap_connection() for dn, entry in lo.search( filter=ldap.filter.filter_format('cn=%s', [cn_name])): assert entry.get('cn')[0] == cn_name.encode( 'UTF-8'), 'cn = %s; expected: %s' % (entry.get('cn')[0], cn_name)
def test_filename_validation(modify, prefix, path, position, attr, ocs, name): lo = utils.get_ldap_connection() with udm_test.UCSTestUDM() as udm: pos = '%s,%s' % ( position, udm.LDAP_BASE, ) filename = filename_modify = '%s%s%s' % (prefix, name, strings.random_string()) if modify: dn_modify = '%s=%s,%s' % (attr, ldap.dn.escape_dn_chars(filename), pos) filename = filename.replace('/', '').replace('.', '') dn = '%s=%s,%s' % (attr, ldap.dn.escape_dn_chars(filename), pos) fullpath = os.path.join(path, filename) fullpath_modify = os.path.join(path, filename_modify) attrs = { attr: [filename], 'cn': [filename], 'objectClass': ['top', 'univentionObjectMetadata', ocs], 'univentionOwnedByPackage': ['foo'], 'univentionOwnedByPackageVersion': ['1'], attr.replace('Filename', 'Data'): [ bz2.compress( '\n' if modify else 'root:$6$5cAInBgG$7rdZuEujGK1QFoprcNspXsXHsymW3Txp0kDyHFsE.omI.3T0xek3KIneFPZ99Z8dwZnZ2I2O/Tk8x4mNNGSE4.:16965:0:99999:7:::' ) ], attr.replace('Filename', 'Active'): ['TRUE'], } al = [(key, [v for v in val]) for key, val in attrs.items()] print(('Creating', dn)) dn = lo.add(dn, al) or dn try: utils.wait_for_replication_and_postrun() if modify: assert os.path.exists(fullpath) if ocs == 'univentionLDAPExtensionACL': assert os.path.exists(fullpath + '.info') print(('Modifying into', dn_modify)) dn = lo.modify(dn, [ (attr, filename, filename_modify), ('cn', filename, filename_modify), ]) or dn print(('Modified', dn)) assert dn == dn_modify utils.wait_for_replication_and_postrun() # object was renamed (if modify). make sure the old files do not exists anymore. assert not os.path.exists(fullpath_modify), err(fullpath_modify) assert not os.path.exists(fullpath), err(fullpath) if ocs == 'univentionLDAPExtensionACL': assert not os.path.exists(fullpath + '.info'), err(fullpath + '.info') assert not os.path.exists(fullpath_modify + '.info'), err(fullpath_modify + '.info') # create fake files and see if the listener would remove them. with open(fullpath_modify, 'w') as fd: fd.write('TEMP') if ocs == 'univentionLDAPExtensionACL': with open(fullpath_modify + '.info', 'w') as fd: fd.write('TEMP') finally: lo.delete(dn) utils.wait_for_replication_and_postrun() assert os.path.exists(fullpath_modify), err(fullpath_modify) assert 'TEMP' in err(fullpath_modify) os.unlink(fullpath_modify) if ocs == 'univentionLDAPExtensionACL': assert os.path.exists(fullpath_modify + '.info'), err(fullpath_modify) assert 'TEMP' in err(fullpath_modify + '.info') os.unlink(fullpath_modify + '.info')
def test_settings(self, school, user, user_dn, ip_address, ucr, client): printer = uts.random_string() # Create new workgroup and assign new internet rule to it group = Workgroup(school, client, members=[user_dn]) group.create() try: global_domains = ['univention.de', 'google.de'] rule = InternetRule(typ='whitelist', domains=global_domains) rule.define() rule.assign(school, group.name, 'workgroup') self.check_internetRules(client) # Add new hardware printer add_printer(printer, school, ucr.get('hostname'), ucr.get('domainname'), ucr.get('ldap/base')) # generate all the possible combinations for (rule, printmode, sharemode) white_page = 'univention.de' rules = ['none', 'Kein Internet', 'Unbeschränkt', 'custom'] printmodes = ['default', 'all', 'none'] sharemodes = ['all', 'home'] settings = itertools.product(rules, printmodes, sharemodes) t = 120 utils.wait_for_replication() # Testing loop for i, (rule, printMode, shareMode) in enumerate(settings): period = datetime.time.strftime( (datetime.datetime.now() + datetime.timedelta(0, t)).time(), '%H:%M') print print '*** %d -(internetRule, printMode, shareMode, period) = (%r, %r, %r, %r) ----------' % ( i, rule, printMode, shareMode, period) new_settings = { 'customRule': white_page, 'printMode': printMode, 'internetRule': rule, 'shareMode': shareMode, 'period': period } self.aquire_room(client) old_settings = self.get_room_settings(client) self.set_room_settings(client, new_settings) utils.wait_for_replication_and_postrun() wait_for_s4connector() # give the CUPS and Samba server a little bit more time time.sleep(15) # check if displayed values match self.check_room_settings(client, new_settings) # old_period = old_settings['period'] partial_old_settings = { 'period': old_settings['period'], 'printMode': old_settings['printMode'], 'shareMode': old_settings['shareMode'], 'internetRule': old_settings['internetRule'] } self.check_behavior(partial_old_settings, new_settings, user, ip_address, printer, white_page, global_domains, ucr) t += 60 finally: group.remove() remove_printer(printer, school, ucr.get('ldap/base'))