From aa2aa56c463ca1bd5dc70e42766e3aa81c8d64b0 Mon Sep 17 00:00:00 2001 From: Veiko Aasa Date: Mon, 23 Dec 2019 15:15:51 +0200 Subject: [PATCH] users: Add tests for the Samba user database Fix: after renaming a user delete old username from the Samba password database Signed-off-by: Veiko Aasa Reviewed-by: James Valleroy --- actions/users | 17 ++++++++++++----- plinth/modules/users/tests/test_actions.py | 18 +++++++++++++++--- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/actions/users b/actions/users index 3b26f1398..df2737eda 100755 --- a/actions/users +++ b/actions/users @@ -215,8 +215,8 @@ def configure_ldapscripts(): # modify a copy of the config file shutil.copy('/etc/ldapscripts/ldapscripts.conf', LDAPSCRIPTS_CONF) - aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD + - augeas.Augeas.NO_MODL_AUTOLOAD) + aug = augeas.Augeas( + flags=augeas.Augeas.NO_LOAD + augeas.Augeas.NO_MODL_AUTOLOAD) aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns') aug.set('/augeas/load/Shellvars/incl[last() + 1]', LDAPSCRIPTS_CONF) aug.load() @@ -240,6 +240,13 @@ def get_samba_users(): return re.findall(r'USER_(.*)\\0', stdout) +def delete_samba_user(username): + """Delete a Samba user.""" + if username in get_samba_users(): + subprocess.check_call(['smbpasswd', '-x', username]) + disconnect_samba_user(username) + + def disconnect_samba_user(username): """Disconnect a Samba user.""" try: @@ -268,9 +275,7 @@ def subcommand_remove_user(arguments): username = arguments.username groups = get_user_groups(username) - if username in get_samba_users(): - subprocess.check_call(['smbpasswd', '-x', username]) - disconnect_samba_user(username) + delete_samba_user(username) for group in groups: remove_user_from_group(username, group) @@ -286,6 +291,8 @@ def subcommand_rename_user(arguments): new_username = arguments.newusername groups = get_user_groups(old_username) + delete_samba_user(old_username) + for group in groups: remove_user_from_group(old_username, group) diff --git a/plinth/modules/users/tests/test_actions.py b/plinth/modules/users/tests/test_actions.py index 7ad3f60e0..24b441a2c 100644 --- a/plinth/modules/users/tests/test_actions.py +++ b/plinth/modules/users/tests/test_actions.py @@ -23,6 +23,7 @@ it is recommended to run this module with root privileges in a virtual machine. import pathlib import random +import re import string import subprocess @@ -62,6 +63,13 @@ def _get_password_hash(username): return process.stdout.decode().strip().split()[-1] +def _get_samba_users(): + """Get users from the Samba user database.""" + stdout = subprocess.check_output( + ['tdbdump', '/var/lib/samba/private/passdb.tdb']).decode() + return re.findall(r'USER_(.*)\\0', stdout) + + def _try_login_to_ssh(username, password, returncode=0): """Return whether the sshpass returncode matches when trying to login to ssh using the given username and password""" @@ -81,8 +89,8 @@ def _try_login_to_ssh(username, password, returncode=0): def _action_file(): """Return the path to the 'users' actions file.""" current_directory = pathlib.Path(__file__).parent - return str(current_directory / '..' / '..' / '..' / '..' / 'actions' / - 'users') + return str( + current_directory / '..' / '..' / '..' / '..' / 'actions' / 'users') @pytest.fixture(name='disable_restricted_access', autouse=True) @@ -140,7 +148,7 @@ def _create_user(username=None, groups=None): def _delete_user(username): - """Utility to delete an LDAP user""" + """Utility to delete an LDAP and Samba user""" _call_action(['remove-user', username]) @@ -176,6 +184,7 @@ def test_create_user(): username, password = _create_user(groups=['admin', _random_string()]) # assert_can_login_to_console(username, password) assert _try_login_to_ssh(username, password) + assert username in _get_samba_users() with pytest.raises(subprocess.CalledProcessError): _create_user(username) @@ -212,6 +221,7 @@ def test_rename_user(): new_username = _rename_user(old_username) assert _try_login_to_ssh(new_username, password) assert _try_login_to_ssh(old_username, password, returncode=5) + assert old_username not in _get_samba_users() new_groups = _get_user_groups(new_username) old_users_groups = _get_user_groups(old_username) @@ -245,6 +255,8 @@ def test_delete_user(): # Deleted user cannot login to ssh assert _try_login_to_ssh(username, password, returncode=5) + assert username not in _get_samba_users() + def test_delete_non_existent_user(): """Deleting a non-existent user should fail."""