|
Lines 17-38
from univention.testing.udm import UCSTestUDM
|
Link Here
|
|---|
|
|---|
| 17 |
from univention.testing.umc import Client |
17 |
from univention.testing.umc import Client |
| 18 |
import time |
18 |
import time |
| 19 |
|
19 |
|
|
|
20 |
default_password = 'univention' |
| 21 |
new_password = 'Univention.2' |
| 22 |
|
| 20 |
with UCSTestConfigRegistry() as ucr_test: |
23 |
with UCSTestConfigRegistry() as ucr_test: |
| 21 |
|
24 |
|
| 22 |
ldap_master = ucr_test.get('ldap/master') |
25 |
ldap_master = ucr_test.get('ldap/master') |
| 23 |
client = Client(ldap_master) |
26 |
umc_client = Client(ldap_master) |
| 24 |
role = ucr_test.get('server/role') |
27 |
role = ucr_test.get('server/role') |
| 25 |
|
28 |
|
| 26 |
##server password change |
29 |
##server password change |
| 27 |
univention.config_registry.handler_set(['server/password/interval=-1']) |
30 |
univention.config_registry.handler_set(['server/password/interval=-1']) |
| 28 |
|
31 |
|
| 29 |
print 'executing a server password change' |
32 |
print 'Executing a server password change' |
| 30 |
try: |
33 |
try: |
| 31 |
cmd = ['/usr/lib/univention-server/server_password_change'] |
34 |
cmd = ['/usr/lib/univention-server/server_password_change'] |
| 32 |
output = subprocess.check_output(cmd) |
35 |
output = subprocess.check_output(cmd) |
| 33 |
print 'Output of server_password_change:\n%s' % (output) |
36 |
print('Output of server_password_change:\n%s' % (output,)) |
| 34 |
except subprocess.CalledProcessError: |
37 |
except subprocess.CalledProcessError as exc: |
| 35 |
fail( 'Error running server_password_change') |
38 |
fail('Error running server_password_change: %s' % (exc,)) |
| 36 |
else: |
39 |
else: |
| 37 |
output = '' |
40 |
output = '' |
| 38 |
timeout = 200 |
41 |
timeout = 200 |
|
Lines 52-125
with UCSTestConfigRegistry() as ucr_test:
|
Link Here
|
|---|
|
|---|
| 52 |
|
55 |
|
| 53 |
#create user |
56 |
#create user |
| 54 |
try: |
57 |
try: |
| 55 |
user_dn, user_name = udm.create_user(password = 'univention') |
58 |
user_dn, user_name = udm.create_user() |
| 56 |
except Exception: |
59 |
except Exception as exc: |
| 57 |
fail('Creating user failed: %s' % user_name) |
60 |
fail('Creating user "%s" failed: %s' % (user_name, exc)) |
| 58 |
else: |
61 |
else: |
| 59 |
print 'Creating user succeeded: %s' % user_name |
62 |
print('Creating user "%s" succeeded' % user_name) |
| 60 |
|
63 |
|
| 61 |
#Check if user can be authenticated with current password |
64 |
#Check if user can be authenticated with current password |
| 62 |
try: |
65 |
try: |
| 63 |
client.authenticate(user_name,'univention') |
66 |
umc_client.authenticate(user_name, default_password) |
| 64 |
except Exception as e: |
67 |
except Exception as exc: |
| 65 |
fail('user cant be authenticated') |
68 |
fail('User cannot be authenticated: %s' % (exc,)) |
| 66 |
else: |
69 |
else: |
| 67 |
print 'user authenticated' |
70 |
print('User %s could authenticate against UMC of %s' % (user_name, ldap_master)) |
| 68 |
|
71 |
|
| 69 |
#Wait for replication |
72 |
#Wait for replication |
| 70 |
samba_found = False |
73 |
samba_found = False |
| 71 |
t = t0 = time.time() |
74 |
t0 = time.time() |
| 72 |
timeout = 200 |
75 |
timeout = 200 |
| 73 |
while (not samba_found) and (t < t0 + timeout): |
76 |
while (not samba_found) and (time.time() < t0 + timeout): |
| 74 |
p2 = subprocess.Popen(['samba-tool user list | grep %s' %(user_name)],shell = True) |
77 |
p2 = subprocess.Popen('samba-tool user list | grep ^%s$' % (user_name,), shell=True) |
| 75 |
output,error = p2.communicate() |
78 |
output, error = p2.communicate() |
| 76 |
if output == '': |
79 |
if output == '': |
| 77 |
time.sleep(5) |
80 |
time.sleep(5) |
| 78 |
t = time.time() |
|
|
| 79 |
elif output != '' and error is None: |
81 |
elif output != '' and error is None: |
| 80 |
samba_found = True |
82 |
samba_found = True |
| 81 |
|
83 |
|
| 82 |
if not samba_found: |
84 |
if not samba_found: |
| 83 |
fail ('user %s could not be found in samba-tool user list'%user_name) |
85 |
fail('User %s could not be found in samba-tool user list after %d seconds' % (user_name, timeout)) |
| 84 |
|
86 |
|
| 85 |
|
87 |
|
| 86 |
#prepare for samba password change |
88 |
#prepare for samba password change |
|
|
89 |
min_pwd_age = None |
| 90 |
pwd_complexity = None |
| 87 |
try: |
91 |
try: |
| 88 |
min_pwd_age = subprocess.check_output('samba-tool domain passwordsettings show | grep "Minimum password age" | sed s/[^0-9]*/""/', shell=True).strip() |
92 |
p2 = subprocess.Popen(['samba-tool', 'domain', 'passwordsettings', 'show']) |
| 89 |
pwd_complexity = subprocess.check_output('samba-tool domain passwordsettings show | grep complexity | sed "s/Password complexity: //"', shell=True).strip() |
93 |
output, error = p2.communicate() |
| 90 |
p3 = subprocess.Popen(['samba-tool domain passwordsettings set --complexity=off --min-pwd-age=0'],shell=True) |
94 |
min_pwd_age_key = "Minimum password age (days): " |
|
|
95 |
for line in output.splitlines(): |
| 96 |
if line.startswith(min_pwd_age_key): |
| 97 |
min_pwd_age = line[len(min_pwd_age_key):] |
| 98 |
p3 = subprocess.Popen(['samba-tool', 'domain', 'passwordsettings', 'set', '--min-pwd-age=0']) |
| 91 |
p3.communicate() |
99 |
p3.communicate() |
| 92 |
except Exception: |
100 |
except Exception as exc: |
| 93 |
fail( 'could not save the samba settings for cleanup') |
101 |
fail( 'Could not save the samba settings for cleanup %s' % (exc,)) |
| 94 |
|
102 |
|
| 95 |
#samba setpassword |
103 |
#samba setpassword |
| 96 |
try: |
104 |
try: |
| 97 |
p4 = subprocess.Popen(['samba-tool user setpassword %s --newpassword=univention2' %(user_name)],shell=True) |
105 |
p4 = subprocess.Popen(['samba-tool', 'user', 'setpassword', user_name, '--newpassword=' + new_password]) |
| 98 |
stdout,stderr = p4.communicate() |
106 |
stdout,stderr = p4.communicate() |
| 99 |
except Exception: |
107 |
except Exception as exc: |
| 100 |
#revert samba passwordsetting changes |
108 |
#revert samba passwordsetting changes |
| 101 |
subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) |
109 |
fail('Could not set the user password with samba-tool domain passwordsettings: %s' % (exc,)) |
| 102 |
fail('could not set the user password with samba-tool domain passwordsettings') |
110 |
finally: |
| 103 |
|
111 |
#revert samba passwordsetting changes |
| 104 |
#revert samba passwordsetting changes |
112 |
if min_pwd_age: |
| 105 |
subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) |
113 |
subprocess.Popen(['samba-tool', 'domain', 'passwordsettings', 'set', '--min-pwd-age=%s' % (min_pwd_age,)]) |
| 106 |
|
114 |
|
| 107 |
#Wait for replication |
115 |
#Wait for replication |
| 108 |
print 'Tries to log in with new password' |
116 |
print 'Try to log in with new password' |
| 109 |
password_changes = False |
117 |
new_password_worked = False |
| 110 |
t = t0 = time.time() |
118 |
t0 = time.time() |
| 111 |
timeout = 200 |
119 |
timeout = 200 |
| 112 |
while (not password_changes) and (t < t0 + timeout): |
120 |
while (not new_password_worked) and (time.time() < t0 + timeout): |
| 113 |
try: |
121 |
try: |
| 114 |
client.authenticate(user_name,'univention2') |
122 |
umc_client.authenticate(user_name, new_password) |
| 115 |
except Exception: |
123 |
except Exception: |
| 116 |
time.sleep(5) |
124 |
time.sleep(5) |
| 117 |
t = time.time() |
|
|
| 118 |
pass |
| 119 |
else: |
125 |
else: |
| 120 |
password_changes = True |
126 |
new_password_worked = True |
| 121 |
|
127 |
|
| 122 |
if not password_changes: |
128 |
if not new_password_worked: |
| 123 |
fail('drs replication does not seem to be working') |
129 |
fail('DRS replication to %s does not seem to be working after server password change' % (ldap_master,)) |
| 124 |
exit(0) |
|
|
| 125 |
|
130 |
|