Lines 17-38
from univention.testing.udm import UCSTestUDM
|
Link Here
|
---|
|
17 |
from univention.testing.umc import Client |
17 |
from univention.testing.umc import Client |
18 |
import time |
18 |
import time |
19 |
|
19 |
|
|
|
20 |
default_password = 'univention' |
21 |
new_password = 'Univention.2' |
22 |
|
20 |
with UCSTestConfigRegistry() as ucr_test: |
23 |
with UCSTestConfigRegistry() as ucr_test: |
21 |
|
24 |
|
22 |
ldap_master = ucr_test.get('ldap/master') |
25 |
ldap_master = ucr_test.get('ldap/master') |
23 |
client = Client(ldap_master) |
26 |
umc_client = Client(ldap_master) |
24 |
role = ucr_test.get('server/role') |
27 |
role = ucr_test.get('server/role') |
25 |
|
28 |
|
26 |
##server password change |
29 |
##server password change |
27 |
univention.config_registry.handler_set(['server/password/interval=-1']) |
30 |
univention.config_registry.handler_set(['server/password/interval=-1']) |
28 |
|
31 |
|
29 |
print 'executing a server password change' |
32 |
print 'Executing a server password change' |
30 |
try: |
33 |
try: |
31 |
cmd = ['/usr/lib/univention-server/server_password_change'] |
34 |
cmd = ['/usr/lib/univention-server/server_password_change'] |
32 |
output = subprocess.check_output(cmd) |
35 |
output = subprocess.check_output(cmd) |
33 |
print 'Output of server_password_change:\n%s' % (output) |
36 |
print('Output of server_password_change:\n%s' % (output,)) |
34 |
except subprocess.CalledProcessError: |
37 |
except subprocess.CalledProcessError as exc: |
35 |
fail( 'Error running server_password_change') |
38 |
fail('Error running server_password_change: %s' % (exc,)) |
36 |
else: |
39 |
else: |
37 |
output = '' |
40 |
output = '' |
38 |
timeout = 200 |
41 |
timeout = 200 |
Lines 52-125
with UCSTestConfigRegistry() as ucr_test:
|
Link Here
|
---|
|
52 |
|
55 |
|
53 |
#create user |
56 |
#create user |
54 |
try: |
57 |
try: |
55 |
user_dn, user_name = udm.create_user(password = 'univention') |
58 |
user_dn, user_name = udm.create_user() |
56 |
except Exception: |
59 |
except Exception as exc: |
57 |
fail('Creating user failed: %s' % user_name) |
60 |
fail('Creating user "%s" failed: %s' % (user_name, exc)) |
58 |
else: |
61 |
else: |
59 |
print 'Creating user succeeded: %s' % user_name |
62 |
print('Creating user "%s" succeeded' % user_name) |
60 |
|
63 |
|
61 |
#Check if user can be authenticated with current password |
64 |
#Check if user can be authenticated with current password |
62 |
try: |
65 |
try: |
63 |
client.authenticate(user_name,'univention') |
66 |
umc_client.authenticate(user_name, default_password) |
64 |
except Exception as e: |
67 |
except Exception as exc: |
65 |
fail('user cant be authenticated') |
68 |
fail('User cannot be authenticated: %s' % (exc,)) |
66 |
else: |
69 |
else: |
67 |
print 'user authenticated' |
70 |
print('User %s could authenticate against UMC of %s' % (user_name, ldap_master)) |
68 |
|
71 |
|
69 |
#Wait for replication |
72 |
#Wait for replication |
70 |
samba_found = False |
73 |
samba_found = False |
71 |
t = t0 = time.time() |
74 |
t0 = time.time() |
72 |
timeout = 200 |
75 |
timeout = 200 |
73 |
while (not samba_found) and (t < t0 + timeout): |
76 |
while (not samba_found) and (time.time() < t0 + timeout): |
74 |
p2 = subprocess.Popen(['samba-tool user list | grep %s' %(user_name)],shell = True) |
77 |
p2 = subprocess.Popen('samba-tool user list | grep ^%s$' % (user_name,), shell=True) |
75 |
output,error = p2.communicate() |
78 |
output, error = p2.communicate() |
76 |
if output == '': |
79 |
if output == '': |
77 |
time.sleep(5) |
80 |
time.sleep(5) |
78 |
t = time.time() |
|
|
79 |
elif output != '' and error is None: |
81 |
elif output != '' and error is None: |
80 |
samba_found = True |
82 |
samba_found = True |
81 |
|
83 |
|
82 |
if not samba_found: |
84 |
if not samba_found: |
83 |
fail ('user %s could not be found in samba-tool user list'%user_name) |
85 |
fail('User %s could not be found in samba-tool user list after %d seconds' % (user_name, timeout)) |
84 |
|
86 |
|
85 |
|
87 |
|
86 |
#prepare for samba password change |
88 |
#prepare for samba password change |
|
|
89 |
min_pwd_age = None |
90 |
pwd_complexity = None |
87 |
try: |
91 |
try: |
88 |
min_pwd_age = subprocess.check_output('samba-tool domain passwordsettings show | grep "Minimum password age" | sed s/[^0-9]*/""/', shell=True).strip() |
92 |
p2 = subprocess.Popen('samba-tool domain passwordsettings show') |
89 |
pwd_complexity = subprocess.check_output('samba-tool domain passwordsettings show | grep complexity | sed "s/Password complexity: //"', shell=True).strip() |
93 |
output, error = p2.communicate() |
90 |
p3 = subprocess.Popen(['samba-tool domain passwordsettings set --complexity=off --min-pwd-age=0'],shell=True) |
94 |
min_pwd_age_key = "Minimum password age (days): " |
|
|
95 |
for line in output.splitlines(): |
96 |
if line.startswith(min_pwd_age_key): |
97 |
min_pwd_age = line[len(min_pwd_age_key):] |
98 |
p3 = subprocess.Popen('samba-tool domain passwordsettings set --min-pwd-age=0') |
91 |
p3.communicate() |
99 |
p3.communicate() |
92 |
except Exception: |
100 |
except Exception as exc: |
93 |
fail( 'could not save the samba settings for cleanup') |
101 |
fail( 'Could not save the samba settings for cleanup %s' % (exc,)) |
94 |
|
102 |
|
95 |
#samba setpassword |
103 |
#samba setpassword |
96 |
try: |
104 |
try: |
97 |
p4 = subprocess.Popen(['samba-tool user setpassword %s --newpassword=univention2' %(user_name)],shell=True) |
105 |
p4 = subprocess.Popen('samba-tool user setpassword %s --newpassword=%s' % (user_name, new_password)) |
98 |
stdout,stderr = p4.communicate() |
106 |
stdout,stderr = p4.communicate() |
99 |
except Exception: |
107 |
except Exception as exc: |
100 |
#revert samba passwordsetting changes |
108 |
#revert samba passwordsetting changes |
101 |
subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) |
109 |
fail('Could not set the user password with samba-tool domain passwordsettings: %s' % (exc,)) |
102 |
fail('could not set the user password with samba-tool domain passwordsettings') |
110 |
finally: |
103 |
|
111 |
#revert samba passwordsetting changes |
104 |
#revert samba passwordsetting changes |
112 |
if min_pwd_age: |
105 |
subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) |
113 |
subprocess.Popen('samba-tool domain passwordsettings set --min-pwd-age=%s' % (min_pwd_age,)) |
106 |
|
114 |
|
107 |
#Wait for replication |
115 |
#Wait for replication |
108 |
print 'Tries to log in with new password' |
116 |
print 'Try to log in with new password' |
109 |
password_changes = False |
117 |
new_password_worked = False |
110 |
t = t0 = time.time() |
118 |
t0 = time.time() |
111 |
timeout = 200 |
119 |
timeout = 200 |
112 |
while (not password_changes) and (t < t0 + timeout): |
120 |
while (not new_password_worked) and (time.time() < t0 + timeout): |
113 |
try: |
121 |
try: |
114 |
client.authenticate(user_name,'univention2') |
122 |
umc_client.authenticate(user_name, new_password) |
115 |
except Exception: |
123 |
except Exception: |
116 |
time.sleep(5) |
124 |
time.sleep(5) |
117 |
t = time.time() |
|
|
118 |
pass |
119 |
else: |
125 |
else: |
120 |
password_changes = True |
126 |
new_password_worked = True |
121 |
|
127 |
|
122 |
if not password_changes: |
128 |
if not new_password_worked: |
123 |
fail('drs replication does not seem to be working') |
129 |
fail('DRS replication to %s does not seem to be working after server password change' % (ldap_master,)) |
124 |
exit(0) |
|
|
125 |
|
130 |
|