nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

users: Add tests for the Samba user database

Browse Source 
Fix: after renaming a user delete old username from the Samba password database

Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Veiko Aasa 2019-12-23 15:15:51 +02:00 committed by James Valleroy
parent 962e5b488f
commit aa2aa56c46
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
2 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
actions/users
View File

@ -215,8 +215,8 @@ def configure_ldapscripts():
# modify a copy of the config file # modify a copy of the config file
shutil.copy('/etc/ldapscripts/ldapscripts.conf', LDAPSCRIPTS_CONF) shutil.copy('/etc/ldapscripts/ldapscripts.conf', LDAPSCRIPTS_CONF)
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD + aug = augeas.Augeas(
augeas.Augeas.NO_MODL_AUTOLOAD) flags=augeas.Augeas.NO_LOAD + augeas.Augeas.NO_MODL_AUTOLOAD)
aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns') aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns')
aug.set('/augeas/load/Shellvars/incl[last() + 1]', LDAPSCRIPTS_CONF) aug.set('/augeas/load/Shellvars/incl[last() + 1]', LDAPSCRIPTS_CONF)
aug.load() aug.load()
@ -240,6 +240,13 @@ def get_samba_users():
return re.findall(r'USER_(.*)\\0', stdout) return re.findall(r'USER_(.*)\\0', stdout)
def delete_samba_user(username):
"""Delete a Samba user."""
if username in get_samba_users():
subprocess.check_call(['smbpasswd', '-x', username])
disconnect_samba_user(username)
def disconnect_samba_user(username): def disconnect_samba_user(username):
"""Disconnect a Samba user.""" """Disconnect a Samba user."""
try: try:
@ -268,9 +275,7 @@ def subcommand_remove_user(arguments):
username = arguments.username username = arguments.username
groups = get_user_groups(username) groups = get_user_groups(username)
if username in get_samba_users(): delete_samba_user(username)
subprocess.check_call(['smbpasswd', '-x', username])
disconnect_samba_user(username)
for group in groups: for group in groups:
remove_user_from_group(username, group) remove_user_from_group(username, group)
@ -286,6 +291,8 @@ def subcommand_rename_user(arguments):
new_username = arguments.newusername new_username = arguments.newusername
groups = get_user_groups(old_username) groups = get_user_groups(old_username)
delete_samba_user(old_username)
for group in groups: for group in groups:
remove_user_from_group(old_username, group) remove_user_from_group(old_username, group)

18
plinth/modules/users/tests/test_actions.py
View File

@ -23,6 +23,7 @@ it is recommended to run this module with root privileges in a virtual machine.
import pathlib import pathlib
import random import random
import re
import string import string
import subprocess import subprocess
@ -62,6 +63,13 @@ def _get_password_hash(username):
return process.stdout.decode().strip().split()[-1] return process.stdout.decode().strip().split()[-1]
def _get_samba_users():
"""Get users from the Samba user database."""
stdout = subprocess.check_output(
['tdbdump', '/var/lib/samba/private/passdb.tdb']).decode()
return re.findall(r'USER_(.*)\\0', stdout)
def _try_login_to_ssh(username, password, returncode=0): def _try_login_to_ssh(username, password, returncode=0):
"""Return whether the sshpass returncode matches when trying to """Return whether the sshpass returncode matches when trying to
login to ssh using the given username and password""" login to ssh using the given username and password"""
@ -81,8 +89,8 @@ def _try_login_to_ssh(username, password, returncode=0):
def _action_file(): def _action_file():
"""Return the path to the 'users' actions file.""" """Return the path to the 'users' actions file."""
current_directory = pathlib.Path(__file__).parent current_directory = pathlib.Path(__file__).parent
return str(current_directory / '..' / '..' / '..' / '..' / 'actions' / return str(
'users') current_directory / '..' / '..' / '..' / '..' / 'actions' / 'users')
@pytest.fixture(name='disable_restricted_access', autouse=True) @pytest.fixture(name='disable_restricted_access', autouse=True)
@ -140,7 +148,7 @@ def _create_user(username=None, groups=None):
def _delete_user(username): def _delete_user(username):
"""Utility to delete an LDAP user""" """Utility to delete an LDAP and Samba user"""
_call_action(['remove-user', username]) _call_action(['remove-user', username])
@ -176,6 +184,7 @@ def test_create_user():
username, password = _create_user(groups=['admin', _random_string()]) username, password = _create_user(groups=['admin', _random_string()])
# assert_can_login_to_console(username, password) # assert_can_login_to_console(username, password)
assert _try_login_to_ssh(username, password) assert _try_login_to_ssh(username, password)
assert username in _get_samba_users()
with pytest.raises(subprocess.CalledProcessError): with pytest.raises(subprocess.CalledProcessError):
_create_user(username) _create_user(username)
@ -212,6 +221,7 @@ def test_rename_user():
new_username = _rename_user(old_username) new_username = _rename_user(old_username)
assert _try_login_to_ssh(new_username, password) assert _try_login_to_ssh(new_username, password)
assert _try_login_to_ssh(old_username, password, returncode=5) assert _try_login_to_ssh(old_username, password, returncode=5)
assert old_username not in _get_samba_users()
new_groups = _get_user_groups(new_username) new_groups = _get_user_groups(new_username)
old_users_groups = _get_user_groups(old_username) old_users_groups = _get_user_groups(old_username)
@ -245,6 +255,8 @@ def test_delete_user():
# Deleted user cannot login to ssh # Deleted user cannot login to ssh
assert _try_login_to_ssh(username, password, returncode=5) assert _try_login_to_ssh(username, password, returncode=5)
assert username not in _get_samba_users()
def test_delete_non_existent_user(): def test_delete_non_existent_user():
"""Deleting a non-existent user should fail.""" """Deleting a non-existent user should fail."""