search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / samba_tool / user_auth_policy.py
blob035a1f2941f3231e3fcd6b92a05b01718533c60c
1 # Unix SMB/CIFS implementation.
2 #
3 # Tests for samba-tool user auth policy command
4 #
5 # Copyright (C) Catalyst.Net Ltd. 2023
6 #
7 # Written by Rob van der Linde <rob@catalyst.net.nz>
8 #
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
13 #
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #
22
23 from samba.domain.models import AuthenticationPolicy, User
24
25 from .silo_base import SiloTest
26
27
28 class AuthPolicyCmdTestCase(SiloTest):
29 def test_assign(self):
30 """Test assigning an authentication policy to a user."""
31 self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "alice")
32 result, out, err = self.runcmd("user", "auth", "policy", "assign",
33 "alice", "--policy", "User Policy")
34 self.assertIsNone(result, msg=err)
35
36 # Assigned policy should be 'Developers'
37 user = User.get(self.samdb, account_name="alice")
38 policy = AuthenticationPolicy.get(self.samdb, dn=user.assigned_policy)
39 self.assertEqual(policy.name, "User Policy")
40
41 def test_assign__invalid_policy(self):
42 """Test assigning a non-existing authentication policy to a user."""
43 result, out, err = self.runcmd("user", "auth", "policy", "assign",
44 "alice", "--policy", "doesNotExist")
45 self.assertEqual(result, -1)
46 self.assertIn("Authentication policy doesNotExist not found.", err)
47
48 def test_remove(self):
49 """Test removing the assigned authentication policy from a user."""
50 # First assign a policy, so we can test removing it.
51 self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
52 "User Policy")
53
54 # Assigned policy should be set
55 user = User.get(self.samdb, account_name="bob")
56 self.assertIsNotNone(user.assigned_policy)
57
58 # Now try removing it
59 result, out, err = self.runcmd("user", "auth", "policy", "remove",
60 "bob")
61 self.assertIsNone(result, msg=err)
62
63 # Assigned policy should be None
64 user = User.get(self.samdb, account_name="bob")
65 self.assertIsNone(user.assigned_policy)
66
67 def test_view(self):
68 """Test viewing the current assigned authentication policy on a user."""
69 # Assign a policy on one of the users.
70 self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "bob")
71 self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
72 "User Policy")
73
74 # Test user with a policy assigned.
75 result, out, err = self.runcmd("user", "auth", "policy", "view",
76 "bob")
77 self.assertIsNone(result, msg=err)
78 self.assertEqual(
79 out, "User bob assigned to authentication policy User Policy\n")
80
81 # Test user without a policy assigned.
82 result, out, err = self.runcmd("user", "auth", "policy", "view",
83 "joe")
84 self.assertIsNone(result, msg=err)
85 self.assertEqual(
86 out, "User joe has no assigned authentication policy.\n")
GSS-enabled samba4