mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3625d13815
)
This commit is contained in:
parent
5095476605
commit
2472d44f9c
1
selftest/knownfail.d/samba4.ldap.login_basics
Normal file
1
selftest/knownfail.d/samba4.ldap.login_basics
Normal file
@ -0,0 +1 @@
|
||||
^samba4.ldap.login_basics.python.*.__main__.BasicUserAuthTests.test_login_basics_simple
|
@ -56,17 +56,24 @@ class BasicUserAuthTests(BasePasswordTestCase):
|
||||
session_info=system_session(self.lp), lp=self.lp)
|
||||
super(BasicUserAuthTests, self).setUp()
|
||||
|
||||
def _test_login_basics(self, creds):
|
||||
def _test_login_basics(self, creds, simple=False):
|
||||
username = creds.get_username()
|
||||
userpass = creds.get_password()
|
||||
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
|
||||
if creds.get_kerberos_state() == MUST_USE_KERBEROS:
|
||||
logoncount_relation = 'greater'
|
||||
lastlogon_relation = 'greater'
|
||||
ldap_url = self.host_url
|
||||
print("Performs a lockout attempt against LDAP using Kerberos")
|
||||
elif simple:
|
||||
logoncount_relation = 'equal'
|
||||
lastlogon_relation = 'equal'
|
||||
ldap_url = self.host_url_ldaps
|
||||
print("Performs a lockout attempt against LDAP using Simple")
|
||||
else:
|
||||
logoncount_relation = 'equal'
|
||||
lastlogon_relation = 'equal'
|
||||
ldap_url = self.host_url
|
||||
print("Performs a lockout attempt against LDAP using NTLM")
|
||||
|
||||
# get the intial logon values for this user
|
||||
@ -88,7 +95,7 @@ class BasicUserAuthTests(BasePasswordTestCase):
|
||||
|
||||
# check logging in with the wrong password fails
|
||||
test_creds.set_password("thatsAcomplPASS1xBAD")
|
||||
self.assertLoginFailure(self.host_url, test_creds, self.lp)
|
||||
self.assertLoginFailure(ldap_url, test_creds, self.lp)
|
||||
res = self._check_account(userdn,
|
||||
badPwdCount=1,
|
||||
badPasswordTime=("greater", badPasswordTime),
|
||||
@ -102,7 +109,7 @@ class BasicUserAuthTests(BasePasswordTestCase):
|
||||
|
||||
# check logging in with the correct password succeeds
|
||||
test_creds.set_password(userpass)
|
||||
user_ldb = self.assertLoginSuccess(self.host_url, test_creds, self.lp)
|
||||
user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
|
||||
res = self._check_account(userdn,
|
||||
badPwdCount=0,
|
||||
badPasswordTime=badPasswordTime,
|
||||
@ -133,7 +140,7 @@ userPassword: %s
|
||||
|
||||
# for Kerberos, logging in with the old password fails
|
||||
if creds.get_kerberos_state() == MUST_USE_KERBEROS:
|
||||
self.assertLoginFailure(self.host_url, test_creds, self.lp)
|
||||
self.assertLoginFailure(ldap_url, test_creds, self.lp)
|
||||
info_msg = 'Test Kerberos login with old password fails'
|
||||
expectBadPwdTime = ("greater", badPasswordTime)
|
||||
res = self._check_account(userdn,
|
||||
@ -148,8 +155,11 @@ userPassword: %s
|
||||
badPasswordTime = int(res[0]["badPasswordTime"][0])
|
||||
else:
|
||||
# for NTLM, logging in with the old password succeeds
|
||||
user_ldb = self.assertLoginSuccess(self.host_url, test_creds, self.lp)
|
||||
info_msg = 'Test NTLM login with old password succeeds'
|
||||
user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
|
||||
if simple:
|
||||
info_msg = 'Test simple-bind login with old password succeeds'
|
||||
else:
|
||||
info_msg = 'Test NTLM login with old password succeeds'
|
||||
res = self._check_account(userdn,
|
||||
badPwdCount=0,
|
||||
badPasswordTime=badPasswordTime,
|
||||
@ -162,7 +172,7 @@ userPassword: %s
|
||||
|
||||
# check logging in with the new password succeeds
|
||||
test_creds.set_password(new_password)
|
||||
user_ldb = self.assertLoginSuccess(self.host_url, test_creds, self.lp)
|
||||
user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
|
||||
res = self._check_account(userdn,
|
||||
badPwdCount=0,
|
||||
badPasswordTime=badPasswordTime,
|
||||
@ -179,5 +189,7 @@ userPassword: %s
|
||||
def test_login_basics_ntlm(self):
|
||||
self._test_login_basics(self.lockout1ntlm_creds)
|
||||
|
||||
def test_login_basics_simple(self):
|
||||
self._test_login_basics(self.lockout1simple_creds, simple=True)
|
||||
|
||||
TestProgram(module=__name__, opts=subunitopts)
|
||||
|
Loading…
Reference in New Issue
Block a user