users: Add tests for the Samba user database

Fix: after renaming a user delete old username from the Samba password database Signed-off-by: Veiko Aasa <veiko17@disroot.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2019-12-23 15:15:51 +02:00 · 2019-12-23 15:15:51 +02:00 · aa2aa56c46
commit aa2aa56c46
parent 962e5b488f
2 changed files with 27 additions and 8 deletions
--- a/actions/users
+++ b/actions/users
@ -215,8 +215,8 @@ def configure_ldapscripts():
    # modify a copy of the config file
    shutil.copy('/etc/ldapscripts/ldapscripts.conf', LDAPSCRIPTS_CONF)

-    aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
-                        augeas.Augeas.NO_MODL_AUTOLOAD)
+    aug = augeas.Augeas(
+        flags=augeas.Augeas.NO_LOAD + augeas.Augeas.NO_MODL_AUTOLOAD)
    aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns')
    aug.set('/augeas/load/Shellvars/incl[last() + 1]', LDAPSCRIPTS_CONF)
    aug.load()
@ -240,6 +240,13 @@ def get_samba_users():
    return re.findall(r'USER_(.*)\\0', stdout)


+def delete_samba_user(username):
+    """Delete a Samba user."""
+    if username in get_samba_users():
+        subprocess.check_call(['smbpasswd', '-x', username])
+        disconnect_samba_user(username)
+
+
 def disconnect_samba_user(username):
    """Disconnect a Samba user."""
    try:
@ -268,9 +275,7 @@ def subcommand_remove_user(arguments):
    username = arguments.username
    groups = get_user_groups(username)

-    if username in get_samba_users():
-        subprocess.check_call(['smbpasswd', '-x', username])
-        disconnect_samba_user(username)
+    delete_samba_user(username)

    for group in groups:
        remove_user_from_group(username, group)
@ -286,6 +291,8 @@ def subcommand_rename_user(arguments):
    new_username = arguments.newusername
    groups = get_user_groups(old_username)

+    delete_samba_user(old_username)
+
    for group in groups:
        remove_user_from_group(old_username, group)

--- a/plinth/modules/users/tests/test_actions.py
+++ b/plinth/modules/users/tests/test_actions.py
@ -23,6 +23,7 @@ it is recommended to run this module with root privileges in a virtual machine.

 import pathlib
 import random
+import re
 import string
 import subprocess

@ -62,6 +63,13 @@ def _get_password_hash(username):
    return process.stdout.decode().strip().split()[-1]


+def _get_samba_users():
+    """Get users from the Samba user database."""
+    stdout = subprocess.check_output(
+        ['tdbdump', '/var/lib/samba/private/passdb.tdb']).decode()
+    return re.findall(r'USER_(.*)\\0', stdout)
+
+
 def _try_login_to_ssh(username, password, returncode=0):
    """Return whether the sshpass returncode matches when trying to
    login to ssh using the given username and password"""
@ -81,8 +89,8 @@ def _try_login_to_ssh(username, password, returncode=0):
 def _action_file():
    """Return the path to the 'users' actions file."""
    current_directory = pathlib.Path(__file__).parent
-    return str(current_directory / '..' / '..' / '..' / '..' / 'actions' /
-               'users')
+    return str(
+        current_directory / '..' / '..' / '..' / '..' / 'actions' / 'users')


@pytest.fixture(name='disable_restricted_access', autouse=True)
@ -140,7 +148,7 @@ def _create_user(username=None, groups=None):


 def _delete_user(username):
-    """Utility to delete an LDAP user"""
+    """Utility to delete an LDAP and Samba user"""
    _call_action(['remove-user', username])


@ -176,6 +184,7 @@ def test_create_user():
    username, password = _create_user(groups=['admin', _random_string()])
    # assert_can_login_to_console(username, password)
    assert _try_login_to_ssh(username, password)
+    assert username in _get_samba_users()
    with pytest.raises(subprocess.CalledProcessError):
        _create_user(username)

@ -212,6 +221,7 @@ def test_rename_user():
    new_username = _rename_user(old_username)
    assert _try_login_to_ssh(new_username, password)
    assert _try_login_to_ssh(old_username, password, returncode=5)
+    assert old_username not in _get_samba_users()

    new_groups = _get_user_groups(new_username)
    old_users_groups = _get_user_groups(old_username)
@ -245,6 +255,8 @@ def test_delete_user():
    # Deleted user cannot login to ssh
    assert _try_login_to_ssh(username, password, returncode=5)

+    assert username not in _get_samba_users()
+

 def test_delete_non_existent_user():
    """Deleting a non-existent user should fail."""