activesambaldap 0.0.1

data/test/test_asl_groupdel.rb

@@ -0,0 +1,88 @@
+require 'asl-test-utils'
+
+class AslGroupDelTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-groupdel")
+  end
+
+  def test_run_as_normal_user
+    assert_equal([false, "", "need root authority.\n"],
+                 run_command_as_normal_user("group-name"))
+  end
+
+  def test_not_exist_group
+    assert_equal([false, "", "group 'not-exist' doesn't exist.\n"],
+                 run_command("not-exist"))
+  end
+
+  def test_exist_group
+    make_dummy_group do |group|
+      assert_equal([true, "", ""], run_command(group.cn))
+    end
+  end
+
+  def test_user_is_belonged_to
+    make_dummy_group do |group|
+      make_dummy_user do |user, password|
+        group.users << user
+        assert_equal([true, "", ""], run_command(group.cn))
+      end
+    end
+  end
+
+  def test_primary_group_of_user
+    make_dummy_group do |group|
+      make_dummy_user(:gid_number => group.gid_number) do |user, password|
+        message = "cannot destroy group '#{group.cn}' due to members "
+        message << "who belong to the group as primary group"
+        message << ": #{user.uid}\n"
+        assert_equal([false, "", message], run_command(group.cn))
+      end
+    end
+  end
+
+  def test_primary_group_of_user_with_force
+    make_dummy_group do |group|
+      make_dummy_user(:gid_number => group.gid_number) do |user, password|
+        message = "cannot change primary group from '#{group.cn}' "
+        message << "to other group due to no other belonged groups"
+        message << ": #{user.uid}\n"
+        assert_equal([false, "", message], run_command(group.cn, "--force"))
+      end
+    end
+  end
+
+  def test_primary_group_of_user_with_force_with_other_group
+    make_dummy_group do |group|
+      make_dummy_user(:gid_number => group.gid_number) do |user, password|
+        make_dummy_group do |group2|
+          group2.users << user
+          assert_equal(group.gid_number, user.gid_number)
+          assert_equal([true, "", ""], run_command(group.cn, "--force"))
+          user.reload
+          assert_equal(group2.gid_number, user.gid_number)
+        end
+      end
+    end
+  end
+
+  def test_primary_group_of_user_with_other_group
+    make_dummy_group do |group|
+      make_dummy_user(:gid_number => group.gid_number) do |user, password|
+        make_dummy_group do |group2|
+          group2.users << user
+          assert_equal(group.gid_number, user.gid_number)
+          message = "cannot destroy group '#{group.cn}' due to members "
+          message << "who belong to the group as primary group"
+          message << ": #{user.uid}\n"
+          assert_equal([false, "", message], run_command(group.cn))
+          user.reload
+          assert_equal(group.gid_number, user.gid_number)
+        end
+      end
+    end
+  end
+end

data/test/test_asl_groupmod.rb

@@ -0,0 +1,256 @@
+require 'asl-test-utils'
+
+class AslGroupModTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-groupmod")
+  end
+
+  def test_not_exist_group
+    assert_equal([false, "", "group 'not-exist' doesn't exist.\n"],
+                 run_command("not-exist"))
+  end
+
+  def test_rename
+    make_dummy_group do |group|
+      old_cn = group.cn
+      new_cn = "#{old_cn}-new"
+      ensure_delete_group(new_cn) do
+        assert(!@group_class.exists?(new_cn))
+
+        args = ["--rename", new_cn]
+        assert_asl_groupmod_successfully(group.cn, *args)
+
+        assert(!@group_class.exists?(old_cn))
+        assert(@group_class.exists?(new_cn))
+      end
+    end
+  end
+
+  def test_rename_with_members
+    make_dummy_user do |user1, password1|
+      make_dummy_user do |user2, password2|
+        make_dummy_group do |group|
+          group.users.concat(user1, user2)
+
+          old_cn = group.cn
+          new_cn = "#{old_cn}-new"
+          ensure_delete_group(new_cn) do
+            assert(!@group_class.exists?(new_cn))
+
+            args = ["--rename", new_cn]
+            assert_asl_groupmod_successfully(group.cn, *args)
+
+            assert(!@group_class.exists?(old_cn))
+            assert(@group_class.exists?(new_cn))
+
+            members = []
+            new_group = @group_class.find(new_cn)
+            new_group.member_uid(true).each do |uid|
+              members.concat(@user_class.find(:all,
+                                              :attribute => "uid",
+                                              :value => uid))
+            end
+            assert_equal([user1.uid, user2.uid].sort,
+                         members.collect {|m| m.uid}.sort)
+          end
+        end
+      end
+    end
+  end
+
+  def test_rename_with_members_primary
+    make_dummy_user do |user1, password1|
+      make_dummy_user do |user2, password2|
+        make_dummy_group do |group|
+          user1.primary_group = group
+          assert(user1.save)
+          user2.primary_group = group
+          assert(user2.save)
+
+          old_cn = group.cn
+          new_cn = "#{old_cn}-new"
+          ensure_delete_group(new_cn) do
+            assert(!@group_class.exists?(new_cn))
+
+            args = ["--rename", new_cn]
+            assert_asl_groupmod_successfully(group.cn, *args)
+
+            assert(!@group_class.exists?(old_cn))
+            assert(@group_class.exists?(new_cn))
+
+            new_group = @group_class.find(new_cn)
+            assert_equal(new_group.gid_number, user1.gid_number)
+            assert_equal(new_group.gid_number, user2.gid_number)
+          end
+        end
+      end
+    end
+  end
+
+  def test_gid_number
+    make_dummy_group do |group|
+      old_gid_number = group.gid_number
+      old_samba_sid = group.samba_sid
+      new_gid_number = old_gid_number.succ
+
+      old_rid = (2 * Integer(old_gid_number) + 1001).to_s
+      new_rid = (2 * Integer(new_gid_number) + 1001).to_s
+      new_samba_sid = old_samba_sid.sub(/#{Regexp.escape(old_rid)}$/, new_rid)
+
+      args = ["--gid", new_gid_number]
+      assert_asl_groupmod_successfully(group.cn, *args)
+
+      new_group = @group_class.find(group.cn)
+      assert_equal(new_gid_number, new_group.gid_number)
+      assert_equal(new_samba_sid, new_group.samba_sid)
+    end
+  end
+
+  def test_gid_number_non_unique
+    make_dummy_group do |group|
+      old_gid_number = group.gid_number
+      make_dummy_group do |group2|
+        new_gid_number = group2.gid_number
+
+        old_samba_sid = group.samba_sid
+        old_rid = (2 * Integer(old_gid_number) + 1001).to_s
+        new_rid = (2 * Integer(new_gid_number) + 1001).to_s
+        new_samba_sid = old_samba_sid.sub(/#{Regexp.escape(old_rid)}$/, new_rid)
+
+        message = "gid number '#{new_gid_number}' already exists\n"
+        args = ["--gid", new_gid_number]
+        assert_asl_groupmod_failed(group.cn, message, *args)
+
+        new_group = @group_class.find(group.cn)
+        assert_equal(old_gid_number, new_group.gid_number)
+        assert_equal(old_samba_sid, new_group.samba_sid)
+      end
+    end
+  end
+
+  def test_gid_number_allow_non_unique
+    make_dummy_group do |group|
+      old_gid_number = group.gid_number
+      make_dummy_group do |group2|
+        new_gid_number = group2.gid_number
+
+        old_samba_sid = group.samba_sid
+        old_rid = (2 * Integer(old_gid_number) + 1001).to_s
+        new_rid = (2 * Integer(new_gid_number) + 1001).to_s
+        new_samba_sid = old_samba_sid.sub(/#{Regexp.escape(old_rid)}$/, new_rid)
+
+        args = ["--gid", new_gid_number, "--allow-non-unique-gid"]
+        assert_asl_groupmod_successfully(group.cn, *args)
+
+        new_group = @group_class.find(group.cn)
+        assert_equal(new_gid_number, new_group.gid_number)
+        assert_equal(new_samba_sid, new_group.samba_sid)
+      end
+    end
+  end
+
+  def test_add_members
+    make_dummy_group do |group|
+      make_dummy_user do |user1, password1|
+        make_dummy_user do |user2, password2|
+          make_dummy_user do |user3, password3|
+            old_member_uids = group.member_uid(true)
+
+            new_members = [user1.uid, user2.uid]
+            args = ["--add-members", new_members.join(",")]
+            assert_asl_groupmod_successfully(group.cn, *args)
+
+            new_group = @group_class.find(group.cn)
+            new_member_uids = new_group.member_uid(true)
+
+            assert_equal(new_members.sort,
+                         (new_member_uids - old_member_uids).sort)
+          end
+        end
+      end
+    end
+  end
+
+  def test_delete_members
+    make_dummy_group do |group|
+      make_dummy_user do |user1, password1|
+        make_dummy_user do |user2, password2|
+          make_dummy_user do |user3, password3|
+            group.users.concat(user1, user2, user3)
+
+            old_member_uids = group.member_uid(true)
+
+            members_to_delete = [user1.uid, user2.uid]
+            args = ["--delete-members", members_to_delete.join(",")]
+            assert_asl_groupmod_successfully(group.cn, *args)
+
+            new_group = @group_class.find(group.cn)
+            new_member_uids = new_group.member_uid(true)
+
+            assert_equal(members_to_delete.sort,
+                         (old_member_uids - new_member_uids).sort)
+          end
+        end
+      end
+    end
+  end
+
+  def test_add_and_delete_members
+    make_dummy_group do |group|
+      make_dummy_user do |user1, password1|
+        make_dummy_user do |user2, password2|
+          make_dummy_user do |user3, password3|
+            group.users << user1
+
+            old_member_uids = group.member_uid(true)
+
+            new_members = [user2.uid, user3.uid]
+            args = ["--add-members", new_members.join(","),
+                    "--delete-members", old_member_uids.join(",")]
+            assert_asl_groupmod_successfully(group.cn, *args)
+
+            new_group = @group_class.find(group.cn)
+            new_member_uids = new_group.member_uid(true)
+
+            assert_equal(new_members.sort,
+                         (new_member_uids - old_member_uids).sort)
+          end
+        end
+      end
+    end
+  end
+
+  def test_duplicate_members
+    make_dummy_group do |group|
+      base = "there are duplicated members in adding and deleting members:"
+      assert_asl_groupmod_failed(group.cn,
+                                 "#{base} user\n",
+                                 "--add-members", "user",
+                                 "--delete-members", "user")
+
+      assert_asl_groupmod_failed(group.cn,
+                                 "#{base} user2\n",
+                                 "--add-members", "user1,user2,user3",
+                                 "--delete-members", "user2")
+
+      assert_asl_groupmod_failed(group.cn,
+                                 "#{base} user2, user3\n",
+                                 "--add-members", "user1,user2,user3",
+                                 "--delete-members", "user2,user3,user4")
+    end
+  end
+
+  private
+  def assert_asl_groupmod_successfully(name, *args)
+    args << name
+    assert_equal([true, "", ""], run_command(*args))
+  end
+
+  def assert_asl_groupmod_failed(name, message, *args)
+    args << name
+    assert_equal([false, "", message], run_command(*args))
+  end
+end

data/test/test_asl_groupshow.rb

@@ -0,0 +1,21 @@
+require 'asl-test-utils'
+
+class AslGroupShowTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-groupshow")
+  end
+
+  def test_exist_group
+    make_dummy_group do |group|
+      assert_equal([true, group.to_ldif, ""], run_command(group.cn))
+    end
+  end
+
+  def test_not_exist_group
+    assert_equal([false, "", "group 'not-exist' doesn't exist.\n"],
+                 run_command("not-exist"))
+  end
+end

data/test/test_asl_passwd.rb

@@ -0,0 +1,125 @@
+require 'asl-test-utils'
+
+class AslPasswdTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-passwd")
+  end
+
+  def test_unknown_user
+    assert_equal([false, "", "user 'unknown' doesn't exist.\n"],
+                 run_command("unknown"))
+  end
+
+  def test_change_password
+    make_dummy_user do |user, password|
+      new_password = "new#{password}"
+
+      assert_samba_password(user, password)
+
+      assert_change_password_successfully(user.uid, password, new_password)
+
+      user.reload
+      assert_samba_password(user, new_password)
+
+      assert_change_password_with_wrong_current_password(user.uid, password)
+      user.reload
+      assert_samba_password(user, new_password)
+
+      assert_change_password_successfully(user.uid,
+                                          new_password, password)
+      user.reload
+      assert_samba_password(user, password)
+    end
+  end
+
+  def test_change_password_only_unix
+    make_dummy_user do |user, password|
+      new_password = "new#{password}"
+      args = ["--no-samba-password"]
+
+      assert_samba_password(user, password)
+
+      assert_change_password_successfully(user.uid,
+                                          password, new_password,
+                                          *args)
+      user.reload
+      assert_samba_password(user, password)
+
+      assert_change_password_with_wrong_current_password(user.uid,
+                                                         password, *args)
+
+      assert_change_password_successfully(user.uid,
+                                          new_password, password, *args)
+      user.reload
+      assert_samba_password(user, password)
+    end
+  end
+
+  def test_change_password_only_samba
+    make_dummy_user do |user, password|
+      new_password = "new#{password}"
+      args = ["--no-unix-password"]
+
+      assert_samba_password(user, password)
+
+      assert_change_password_successfully(user.uid,
+                                          password, new_password, *args)
+      user.reload
+      assert_samba_password(user, new_password)
+
+      assert_change_password_with_wrong_current_password(user.uid,
+                                                         new_password, *args)
+
+      assert_change_password_successfully(user.uid, password, password,
+                                          *args)
+      user.reload
+      assert_samba_password(user, password)
+    end
+  end
+
+  private
+  def change_password(name, old_password, new_password, *args)
+    run_command_as_normal_user(name, *args) do |input, output|
+      output.puts(old_password)
+      output.puts(new_password)
+      output.puts(new_password)
+      output.flush
+    end
+  end
+
+  def assert_samba_password(user, password)
+    _wrap_assertion do
+      assert_equal(Samba::Encrypt.lm_hash(password),
+                   user.samba_lm_password)
+      assert_equal(Samba::Encrypt.ntlm_hash(password),
+                   user.samba_nt_password)
+    end
+  end
+
+  def assert_change_password_successfully(name, old_password, new_password,
+                                          *args)
+    assert_equal([true,
+                  [
+                   "Enter your current password: ",
+                   "New password: ",
+                   "Retype new password: ",
+                  ].join("\n") + "\n",
+                  "",
+                 ],
+                 change_password(name, old_password, new_password, *args))
+  end
+
+  def assert_change_password_with_wrong_current_password(name, password, *args)
+    assert_equal([false,
+                  "Enter your current password: \n",
+                  "password isn't match\n",
+                 ],
+                 run_command_as_normal_user(name, *args) do |input, output|
+                   output.puts(password)
+                   output.flush
+                 end)
+  end
+end

data/test/test_asl_populate.rb

@@ -0,0 +1,92 @@
+require 'asl-test-utils'
+
+class AslPopulateTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-populate")
+  end
+
+  def test_run_as_normal_user
+    assert_equal([false, "", "need root authority.\n"],
+                 run_command_as_normal_user)
+  end
+
+  def test_populate
+    ActiveSambaLdap::Base.purge
+    assert_equal([], ActiveSambaLdap::Base.search)
+    assert_asl_populate_successfully("Administrator")
+    base = ActiveSambaLdap::Base.base
+
+    results = ActiveSambaLdap::Base.search
+
+    config = ActiveSambaLdap::Base.configuration
+    users_suffix = config[:users_suffix]
+    groups_suffix = config[:groups_suffix]
+    computers_suffix = config[:computers_suffix]
+    idmap_suffix = config[:idmap_suffix]
+    domain = config[:samba_domain]
+    assert_equal([
+                  nil,
+                  users_suffix,
+                  groups_suffix,
+                  computers_suffix,
+                  idmap_suffix,
+                  "sambaDomainName=#{domain}",
+                  "uid=Administrator,#{users_suffix}",
+                  "uid=Guest,#{users_suffix}",
+                  "cn=Users,#{groups_suffix}",
+                  "cn=Account Operators,#{groups_suffix}",
+                  "cn=Administrators,#{groups_suffix}",
+                  "cn=Backup Operators,#{groups_suffix}",
+                  "cn=Domain Admins,#{groups_suffix}",
+                  "cn=Domain Computers,#{groups_suffix}",
+                  "cn=Domain Guests,#{groups_suffix}",
+                  "cn=Domain Users,#{groups_suffix}",
+                  "cn=Guests,#{groups_suffix}",
+                  "cn=Power Users,#{groups_suffix}",
+                  "cn=Print Operators,#{groups_suffix}",
+                  "cn=Replicators,#{groups_suffix}",
+                  "cn=System Operators,#{groups_suffix}",
+                 ].collect {|x| [x, base].compact.join(",")}.sort,
+                 results.collect {|dn, attributes| dn}.sort)
+  end
+
+  def test_wrong_password
+    ActiveSambaLdap::Base.purge
+    assert_asl_populate_miss_match_password
+  end
+
+  private
+  def assert_asl_populate_successfully(password, name=nil, *args)
+    name ||= @user_class::DOMAIN_ADMIN_NAME
+    assert_equal([true,
+                  [
+                   "Password for #{name}: ",
+                   "Retype password for #{name}: ",
+                  ].join("\n") + "\n",
+                  "",
+                 ],
+                 run_command(*args) do |input, output|
+                   output.puts(password)
+                   output.puts(password)
+                 end)
+  end
+
+  def assert_asl_populate_miss_match_password(name=nil, *args)
+    name ||= @user_class::DOMAIN_ADMIN_NAME
+    password = "password"
+    assert_equal([false,
+                  [
+                   "Password for #{name}: ",
+                   "Retype password for #{name}: ",
+                  ].join("\n") + "\n",
+                  "Passwords don't match.\n",
+                 ],
+                 run_command(*args) do |input, output|
+                   output.puts(password)
+                   output.puts(password + password.reverse)
+                 end)
+  end
+end

data/test/test_asl_purge.rb

@@ -0,0 +1,21 @@
+require 'asl-test-utils'
+
+class AslPurgeTest < Test::Unit::TestCase
+  include AslTestUtils
+
+  def setup
+    super
+    @command = File.join(@bin_dir, "asl-purge")
+  end
+
+  def test_run_as_normal_user
+    assert_equal([false, "", "need root authority.\n"],
+                 run_command_as_normal_user)
+  end
+
+  def test_populate
+    assert_not_equal([], ActiveSambaLdap::Base.search)
+    assert_equal([true, "", ""], run_command)
+    assert_equal([], ActiveSambaLdap::Base.search)
+  end
+end