def test_create__success(self):
"""Test creating a new authentication policy."""
- self.addCleanup(self.delete_authentication_policy,
- name="createTest", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "createTest")
+ "--name", name)
self.assertIsNone(result, msg=err)
# Check policy that was created
- policy = self.get_authentication_policy("createTest")
- self.assertEqual(str(policy["cn"]), "createTest")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
self.assertEqual(str(policy["msDS-AuthNPolicyEnforced"]), "TRUE")
def test_create__description(self):
"""Test creating a new authentication policy with description set."""
- self.addCleanup(self.delete_authentication_policy,
- name="descriptionTest", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "descriptionTest",
+ "--name", name,
"--description", "Custom Description")
self.assertIsNone(result, msg=err)
# Check policy description
- policy = self.get_authentication_policy("descriptionTest")
- self.assertEqual(str(policy["cn"]), "descriptionTest")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
self.assertEqual(str(policy["description"]), "Custom Description")
def test_create__user_tgt_lifetime_mins(self):
Also checks the upper and lower bounds are handled.
"""
- self.addCleanup(self.delete_authentication_policy,
- name="userTGTLifetime", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "userTGTLifetime",
+ "--name", name,
"--user-tgt-lifetime-mins", "60")
self.assertIsNone(result, msg=err)
# Check policy fields.
- policy = self.get_authentication_policy("userTGTLifetime")
- self.assertEqual(str(policy["cn"]), "userTGTLifetime")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
self.assertEqual(str(policy["msDS-UserTGTLifetime"]), "60")
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "userTGTLifetimeLower",
+ "--name", name + "Lower",
"--user-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "userTGTLifetimeUpper",
+ "--name", name + "Upper",
"--user-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647",
Also checks the upper and lower bounds are handled.
"""
- self.addCleanup(self.delete_authentication_policy,
- name="serviceTGTLifetime", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "serviceTGTLifetime",
+ "--name", name,
"--service-tgt-lifetime-mins", "60")
self.assertIsNone(result, msg=err)
# Check policy fields.
- policy = self.get_authentication_policy("serviceTGTLifetime")
- self.assertEqual(str(policy["cn"]), "serviceTGTLifetime")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), "60")
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "serviceTGTLifetimeLower",
+ "--name", name,
"--service-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "serviceTGTLifetimeUpper",
+ "--name", name,
"--service-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647",
Also checks the upper and lower bounds are handled.
"""
- self.addCleanup(self.delete_authentication_policy,
- name="computerTGTLifetime", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "computerTGTLifetime",
+ "--name", name,
"--computer-tgt-lifetime-mins", "60")
self.assertIsNone(result, msg=err)
# Check policy fields.
- policy = self.get_authentication_policy("computerTGTLifetime")
- self.assertEqual(str(policy["cn"]), "computerTGTLifetime")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), "60")
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "computerTGTLifetimeLower",
+ "--name", name + "Lower",
"--computer-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "computerTGTLifetimeUpper",
+ "--name", name + "Upper",
"--computer-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647",
def test_create__valid_sddl(self):
"""Test creating a new authentication policy with valid SDDL in a field."""
+ name = self.unique_name()
expected = "O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AO)}))"
- self.addCleanup(self.delete_authentication_policy,
- name="validSDDLPolicy", force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "validSDDLPolicy",
+ "--name", name,
"--user-allowed-to-authenticate-from",
expected)
self.assertIsNone(result, msg=err)
# Check policy fields.
- policy = self.get_authentication_policy("validSDDLPolicy")
- self.assertEqual(str(policy["cn"]), "validSDDLPolicy")
+ policy = self.get_authentication_policy(name)
+ self.assertEqual(str(policy["cn"]), name)
desc = policy["msDS-UserAllowedToAuthenticateFrom"][0]
sddl = ndr_unpack(security.descriptor, desc).as_sddl()
self.assertEqual(sddl, expected)
def test_create__invalid_sddl(self):
"""Test creating a new authentication policy with invalid SDDL in a field."""
+ name = self.unique_name()
+
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "invalidSDDLPolicy",
+ "--name", name,
"--user-allowed-to-authenticate-from",
"*INVALID SDDL*")
+
self.assertEqual(result, -1)
self.assertIn(
"msDS-UserAllowedToAuthenticateFrom: Unable to parse SDDL", err)
def test_create__audit(self):
"""Test create authentication policy with --audit flag."""
- self.addCleanup(self.delete_authentication_policy,
- name="auditPolicy", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "auditPolicy",
+ "--name", name,
"--audit")
self.assertIsNone(result, msg=err)
# fetch and check policy
- policy = self.get_authentication_policy("auditPolicy")
+ policy = self.get_authentication_policy(name)
self.assertEqual(str(policy["msDS-AuthNPolicyEnforced"]), "FALSE")
def test_create__enforce(self):
"""Test create authentication policy with --enforce flag."""
- self.addCleanup(self.delete_authentication_policy,
- name="enforcePolicy", force=True)
+ name = self.unique_name()
+
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "enforcePolicy",
+ "--name", name,
"--enforce")
self.assertIsNone(result, msg=err)
# fetch and check policy
- policy = self.get_authentication_policy("enforcePolicy")
+ policy = self.get_authentication_policy(name)
self.assertEqual(str(policy["msDS-AuthNPolicyEnforced"]), "TRUE")
def test_create__audit_enforce_together(self):
"""Test create auth policy using both --audit and --enforce."""
+ name = self.unique_name()
+
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "enforceTogether",
+ "--name", name,
"--audit", "--enforce")
+
self.assertEqual(result, -1)
self.assertIn("--audit and --enforce cannot be used together.", err)
def test_create__protect_unprotect_together(self):
"""Test create authentication policy using --protect and --unprotect."""
+ name = self.unique_name()
+
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "protectTogether",
+ "--name", name,
"--protect", "--unprotect")
+
self.assertEqual(result, -1)
self.assertIn("--protect and --unprotect cannot be used together.", err)
def test_create__fails(self):
"""Test creating an authentication policy, but it fails."""
+ name = self.unique_name()
+
# Raise ModelError when ldb.add() is called.
with patch.object(SamDB, "add") as add_mock:
add_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name", "createFails")
+ "--name", name)
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_modify__description(self):
"""Test modifying an authentication policy description."""
- name = "modifyDescription"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
# Change the policy description.
def test_modify__strong_ntlm_policy(self):
"""Test modify strong ntlm policy on the authentication policy."""
- name = "modifyStrongNTLMPolicy"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
This includes checking the upper and lower bounds.
"""
- name = "modifyUserTGTLifetime"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Lower",
"--user-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Upper",
"--user-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647",
This includes checking the upper and lower bounds.
"""
- name = "modifyServiceTGTLifetime"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Lower",
"--service-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Upper",
"--service-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647",
This includes checking the upper and lower bounds.
"""
- name = "modifyComputerTGTLifetime"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Lower",
"--computer-tgt-lifetime-mins", "44")
self.assertEqual(result, -1)
self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647",
# check upper bounds (2147483647)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
- "--name", name,
+ "--name", name + "Upper",
"--computer-tgt-lifetime-mins", "2147483648")
self.assertEqual(result, -1)
self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647",
def test_modify__audit_enforce(self):
"""Test modify authentication policy using --audit and --enforce."""
- name = "modifyEnforce"
+ name = self.unique_name()
# Create a policy to modify for this test.
self.addCleanup(self.delete_authentication_policy,
def test_modify__protect_unprotect(self):
"""Test modify authentication policy using --protect and --unprotect."""
- name = "modifyProtect"
+ name = self.unique_name()
# Create a policy to modify for this test.
- self.addCleanup(self.delete_authentication_policy,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
self.runcmd("domain", "auth", "policy", "create", "--name", name)
utils = SDUtils(self.samdb)
def test_delete__force_fails(self):
"""Test deleting an authentication policy with --force, but it fails."""
+ name = self.unique_name()
+
# Create protected authentication policy.
- self.addCleanup(self.delete_authentication_policy,
- name="deleteForceFail", force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name=deleteForceFail",
+ "--name", name,
"--protect")
self.assertIsNone(result, msg=err)
# Policy exists
- policy = self.get_authentication_policy("deleteForceFail")
+ policy = self.get_authentication_policy(name)
self.assertIsNotNone(policy)
# Try doing delete with --force.
with patch.object(SDUtils, "dacl_delete_aces") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "policy", "delete",
- "--name", "deleteForceFail",
+ "--name", name,
"--force")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_delete__fails(self):
"""Test deleting an authentication policy, but it fails."""
+ name = self.unique_name()
+
# Create regular authentication policy.
- self.addCleanup(self.delete_authentication_policy,
- name="regularPolicy", force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name=regularPolicy")
+ "--name", name)
self.assertIsNone(result, msg=err)
# Policy exists
- policy = self.get_authentication_policy("regularPolicy")
+ policy = self.get_authentication_policy(name)
self.assertIsNotNone(policy)
# Raise ModelError when ldb.delete() is called.
with patch.object(SamDB, "delete") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "policy", "delete",
- "--name", "regularPolicy")
+ "--name", name)
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_delete__protected_fails(self):
"""Test deleting an authentication policy, but it fails."""
+ name = self.unique_name()
+
# Create protected authentication policy.
- self.addCleanup(self.delete_authentication_policy,
- name="protectedPolicy", force=True)
+ self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
- "--name=protectedPolicy",
+ "--name", name,
"--protect")
self.assertIsNone(result, msg=err)
# Policy exists
- policy = self.get_authentication_policy("protectedPolicy")
+ policy = self.get_authentication_policy(name)
self.assertIsNotNone(policy)
# Raise ModelError when ldb.delete() is called.
with patch.object(SamDB, "delete") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "policy", "delete",
- "--name", "protectedPolicy",
+ "--name", name,
"--force")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_create__single_policy(self):
"""Test creating a new authentication silo with a single policy."""
- self.addCleanup(self.delete_authentication_silo,
- name="singlePolicy", force=True)
+ name = self.unique_name()
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "singlePolicy",
+ "--name", name,
"--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
# Check silo that was created
- silo = self.get_authentication_silo("singlePolicy")
- self.assertEqual(str(silo["cn"]), "singlePolicy")
+ silo = self.get_authentication_silo(name)
+ self.assertEqual(str(silo["cn"]), name)
self.assertIn("User Policy", str(silo["msDS-UserAuthNPolicy"]))
self.assertEqual(str(silo["msDS-AuthNPolicySiloEnforced"]), "TRUE")
def test_create__multiple_policies(self):
"""Test creating a new authentication silo with multiple policies."""
- self.addCleanup(self.delete_authentication_silo,
- name="multiplePolicies", force=True)
+ name = self.unique_name()
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "multiplePolicies",
+ "--name", name,
"--user-authentication-policy",
"User Policy",
"--service-authentication-policy",
self.assertIsNone(result, msg=err)
# Check silo that was created.
- silo = self.get_authentication_silo("multiplePolicies")
- self.assertEqual(str(silo["cn"]), "multiplePolicies")
+ silo = self.get_authentication_silo(name)
+ self.assertEqual(str(silo["cn"]), name)
self.assertIn("User Policy", str(silo["msDS-UserAuthNPolicy"]))
self.assertIn("Service Policy", str(silo["msDS-ServiceAuthNPolicy"]))
self.assertIn("Computer Policy", str(silo["msDS-ComputerAuthNPolicy"]))
def test_create__policy_dn(self):
"""Test creating a new authentication silo when policy is a dn."""
+ name = self.unique_name()
policy = self.get_authentication_policy("User Policy")
- self.addCleanup(self.delete_authentication_silo,
- name="singlePolicyDN", force=True)
-
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "singlePolicyDN",
+ "--name", name,
"--user-authentication-policy", policy["dn"])
self.assertIsNone(result, msg=err)
# Check silo that was created
- silo = self.get_authentication_silo("singlePolicyDN")
- self.assertEqual(str(silo["cn"]), "singlePolicyDN")
+ silo = self.get_authentication_silo(name)
+ self.assertEqual(str(silo["cn"]), name)
self.assertIn(str(policy["name"]), str(silo["msDS-UserAuthNPolicy"]))
self.assertEqual(str(silo["msDS-AuthNPolicySiloEnforced"]), "TRUE")
def test_create__audit(self):
"""Test create authentication silo with --audit flag."""
- self.addCleanup(self.delete_authentication_silo,
- name="auditPolicies", force=True)
+ name = self.unique_name()
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "auditPolicies",
"--user-authentication-policy", "User Policy",
+ "--name", name,
+ "--user-authentication-policy", "User Policy",
"--audit")
self.assertIsNone(result, msg=err)
# fetch and check silo
- silo = self.get_authentication_silo("auditPolicies")
+ silo = self.get_authentication_silo(name)
self.assertEqual(str(silo["msDS-AuthNPolicySiloEnforced"]), "FALSE")
def test_create__enforce(self):
"""Test create authentication silo with --enforce flag."""
- self.addCleanup(self.delete_authentication_silo,
- name="enforcePolicies", force=True)
+ name = self.unique_name()
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "enforcePolicies",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--enforce")
self.assertIsNone(result, msg=err)
# fetch and check silo
- silo = self.get_authentication_silo("enforcePolicies")
+ silo = self.get_authentication_silo(name)
self.assertEqual(str(silo["msDS-AuthNPolicySiloEnforced"]), "TRUE")
def test_create__audit_enforce_together(self):
"""Test create authentication silo using both --audit and --enforce."""
+ name = self.unique_name()
+
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "enforceTogether",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--audit", "--enforce")
+
self.assertEqual(result, -1)
self.assertIn("--audit and --enforce cannot be used together.", err)
def test_create__protect_unprotect_together(self):
"""Test create authentication silo using --protect and --unprotect."""
- result, out, err = self.runcmd("domain", "auth", "silo",
- "create", "--name", "protectTogether",
+ name = self.unique_name()
+
+ result, out, err = self.runcmd("domain", "auth", "silo", "create",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--protect", "--unprotect")
+
self.assertEqual(result, -1)
self.assertIn("--protect and --unprotect cannot be used together.", err)
def test_create__policy_notfound(self):
"""Test create authentication silo with a policy that doesn't exist."""
+ name = self.unique_name()
+
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "policyNotFound",
+ "--name", name,
"--user-authentication-policy", "Invalid Policy")
+
self.assertEqual(result, -1)
self.assertIn("Authentication policy Invalid Policy not found.", err)
def test_create__fails(self):
"""Test creating an authentication silo, but it fails."""
+ name = self.unique_name()
+
# Raise ModelError when ldb.add() is called.
with patch.object(SamDB, "add") as add_mock:
add_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name", "createFails",
+ "--name", name,
"--user-authentication-policy", "User Policy")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_modify__description(self):
"""Test modify authentication silo changing the description field."""
- name = "modifyDescription"
+ name = self.unique_name()
# Create a silo to modify for this test.
- self.addCleanup(self.delete_authentication_silo,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
self.runcmd("domain", "auth", "silo", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "silo", "modify",
def test_modify__audit_enforce(self):
"""Test modify authentication silo setting --audit and --enforce."""
- name = "modifyEnforce"
+ name = self.unique_name()
# Create a silo to modify for this test.
- self.addCleanup(self.delete_authentication_silo,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
self.runcmd("domain", "auth", "silo", "create", "--name", name)
result, out, err = self.runcmd("domain", "auth", "silo", "modify",
def test_modify__protect_unprotect(self):
"""Test modify un-protecting and protecting an authentication silo."""
- name = "modifyProtect"
+ name = self.unique_name()
# Create a silo to modify for this test.
- self.addCleanup(self.delete_authentication_silo,
- name=name, force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
self.runcmd("domain", "auth", "silo", "create", "--name", name)
utils = SDUtils(self.samdb)
result, out, err = self.runcmd("domain", "auth", "silo", "modify",
"--name", "QA",
"--audit", "--enforce")
+
self.assertEqual(result, -1)
self.assertIn("--audit and --enforce cannot be used together.", err)
def test_authentication_silo_delete(self):
"""Test deleting an authentication silo that is not protected."""
+ name = self.unique_name()
+
# Create non-protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name=deleteTest",
+ "--name", name,
"--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
- silo = self.get_authentication_silo("deleteTest")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Do the deletion.
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name", "deleteTest")
+ "--name", name)
self.assertIsNone(result, msg=err)
# Authentication silo shouldn't exist anymore.
- silo = self.get_authentication_silo("deleteTest")
+ silo = self.get_authentication_silo(name)
self.assertIsNone(silo)
def test_delete__protected(self):
"""Test deleting a protected auth silo, with and without --force."""
+ name = self.unique_name()
+
# Create protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name=deleteProtected",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
- silo = self.get_authentication_silo("deleteProtected")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Do the deletion.
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name=deleteProtected")
+ "--name", name)
self.assertEqual(result, -1)
# Authentication silo should still exist.
- silo = self.get_authentication_silo("deleteProtected")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Try a force delete instead.
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name=deleteProtected", "--force")
+ "--name", name, "--force")
self.assertIsNone(result, msg=err)
# Authentication silo shouldn't exist anymore.
- silo = self.get_authentication_silo("deleteProtected")
+ silo = self.get_authentication_silo(name)
self.assertIsNone(silo)
def test_delete__notfound(self):
def test_delete__force_fails(self):
"""Test deleting an authentication silo with --force, but it fails."""
+ name = self.unique_name()
+
# Create protected authentication silo.
- self.addCleanup(self.delete_authentication_silo,
- name="deleteForceFail", force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name=deleteForceFail",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
# Silo exists
- silo = self.get_authentication_silo("deleteForceFail")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Try doing delete with --force.
with patch.object(SDUtils, "dacl_delete_aces") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name", "deleteForceFail",
+ "--name", name,
"--force")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_delete__fails(self):
"""Test deleting an authentication silo, but it fails."""
+ name = self.unique_name()
+
# Create regular authentication silo.
- self.addCleanup(self.delete_authentication_silo,
- name="regularSilo", force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name=regularSilo",
+ "--name", name,
"--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
# Silo exists
- silo = self.get_authentication_silo("regularSilo")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Raise ModelError when ldb.delete() is called.
with patch.object(SamDB, "delete") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name", "regularSilo")
+ "--name", name)
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
def test_delete__protected_fails(self):
"""Test deleting an authentication silo, but it fails."""
+ name = self.unique_name()
+
# Create protected authentication silo.
- self.addCleanup(self.delete_authentication_silo,
- name="protectedSilo", force=True)
+ self.addCleanup(self.delete_authentication_silo, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--name=protectedSilo",
+ "--name", name,
"--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
# Silo exists
- silo = self.get_authentication_silo("protectedSilo")
+ silo = self.get_authentication_silo(name)
self.assertIsNotNone(silo)
# Raise ModelError when ldb.delete() is called.
with patch.object(SamDB, "delete") as delete_mock:
delete_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "silo", "delete",
- "--name", "protectedSilo",
+ "--name", name,
"--force")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
projects / thirdparty / samba.git / commitdiff
