diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-10 13:01:43 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-05-10 23:05:31 +0000 |
commit | e6b6186977220530a2a05319a4a121fc582170c9 (patch) | |
tree | dacb26c786cbcfaeedff45abf948b491acd7ac90 /python | |
parent | 9b0f25ec498a318111a5f4fdbba3e1ce82bc0124 (diff) | |
download | samba-e6b6186977220530a2a05319a4a121fc582170c9.tar.gz |
tests/samba-tool user: Add test for adding a user over LDAP
Ensure that we do not end up with half-created accounts.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/samba_tool/user.py | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py index 4563bb2d9a3..700cb89c968 100644 --- a/python/samba/tests/samba_tool/user.py +++ b/python/samba/tests/samba_tool/user.py @@ -23,7 +23,8 @@ from samba.tests.samba_tool.base import SambaToolCmdTest from samba import ( credentials, nttime2unix, - dsdb + dsdb, + werror, ) from samba.ndr import ndr_unpack from samba.dcerpc import drsblobs @@ -127,6 +128,44 @@ class UserCmdTestCase(SambaToolCmdTest): self.assertEqual("%s" % found.get("cn"), "%(name)s" % user) self.assertEqual("%s" % found.get("name"), "%(name)s" % user) + def test_newuser_weak_password(self): + # Ensure that when we try to create a user over LDAP (thus no + # transactions) and the password is too weak, we do not get a + # half-created account. + + def cleanup_user(username): + try: + self.samdb.deleteuser(username) + except Exception as err: + estr = err.args[0] + if 'Unable to find user' not in estr: + raise + + server = os.environ['DC_SERVER'] + dc_username = os.environ['DC_USERNAME'] + dc_password = os.environ['DC_PASSWORD'] + + username = self.randomName() + password = 'a' + + self.addCleanup(cleanup_user, username) + + # Try to add the user and ensure it fails. + result, out, err = self.runsubcmd('user', 'add', + username, password, + '-H', f'ldap://{server}', + f'-U{dc_username}%{dc_password}') + self.assertCmdFail(result) + self.assertIn('Failed to add user', err) + self.assertIn('LDAP_CONSTRAINT_VIOLATION', err) + self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', err) + + # Now search for the user, and make sure we don't find anything. + res = self.samdb.search(self.samdb.domain_dn(), + expression=f'(sAMAccountName={username})', + scope=ldb.SCOPE_SUBTREE) + self.assertEqual(0, len(res), 'expected not to find the user') + def _verify_supplementalCredentials(self, ldif, min_packages=3, max_packages=6): |