1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-02-05 08:37:53 +01:00 committed by Andrew Bartlett
parent 7b7d7be244
commit 26a96d2964

View File

@ -495,125 +495,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
# (Re)adds the test user "testuser" with no password atm
delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
self.ldb.add({
"dn": "cn=testuser,cn=users," + self.base_dn,
"objectclass": "user",
"sAMAccountName": "testuser"})
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=0,
badPasswordTime=0,
lastLogon=0,
lastLogonTimestamp=('absent', None),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT |
dsdb.UF_ACCOUNTDISABLE |
dsdb.UF_PASSWD_NOTREQD,
msDSUserAccountControlComputed=
dsdb.UF_PASSWORD_EXPIRED)
# SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present.
# It doesn't create "lockoutTime" = 0.
self._reset_samr(res)
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=0,
badPasswordTime=0,
lastLogon=0,
lastLogonTimestamp=('absent', None),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT |
dsdb.UF_ACCOUNTDISABLE |
dsdb.UF_PASSWD_NOTREQD,
msDSUserAccountControlComputed=
dsdb.UF_PASSWORD_EXPIRED)
# Tests a password change when we don't have any password yet with a
# wrong old password
try:
self.ldb.modify_ldif("""
dn: cn=testuser,cn=users,""" + self.base_dn + """
changetype: modify
delete: userPassword
userPassword: noPassword
add: userPassword
userPassword: thatsAcomplPASS2
""")
self.fail()
except LdbError, (num, msg):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# Windows (2008 at least) seems to have some small bug here: it
# returns "0000056A" on longer (always wrong) previous passwords.
self.assertTrue('00000056' in msg, msg)
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=1,
badPasswordTime=("greater", 0),
lastLogon=0,
lastLogonTimestamp=('absent', None),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT |
dsdb.UF_ACCOUNTDISABLE |
dsdb.UF_PASSWD_NOTREQD,
msDSUserAccountControlComputed=
dsdb.UF_PASSWORD_EXPIRED)
badPasswordTime = int(res[0]["badPasswordTime"][0])
# Sets the initial user password with a "special" password change
# I think that this internally is a password set operation and it can
# only be performed by someone which has password set privileges on the
# account (at least in s4 we do handle it like that).
self.ldb.modify_ldif("""
dn: cn=testuser,cn=users,""" + self.base_dn + """
changetype: modify
delete: userPassword
add: userPassword
userPassword: thatsAcomplPASS1
""")
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=1,
badPasswordTime=badPasswordTime,
lastLogon=0,
lastLogonTimestamp=('absent', None),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT |
dsdb.UF_ACCOUNTDISABLE |
dsdb.UF_PASSWD_NOTREQD,
msDSUserAccountControlComputed=0)
# Enables the user account
self.ldb.enable_account("(sAMAccountName=testuser)")
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=1,
badPasswordTime=badPasswordTime,
lastLogon=0,
lastLogonTimestamp=('absent', None),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT,
msDSUserAccountControlComputed=0)
# Open a second LDB connection with the user credentials. Use the
# command line credentials for informations like the domain, the realm
# and the workstation.
creds2 = insta_creds()
self.ldb2 = SamDB(url=host_url, credentials=creds2, lp=lp)
res = self._check_account("cn=testuser,cn=users," + self.base_dn,
badPwdCount=0,
badPasswordTime=badPasswordTime,
lastLogon=('greater', 0),
lastLogonTimestamp=('greater', 0),
userAccountControl=
dsdb.UF_NORMAL_ACCOUNT,
msDSUserAccountControlComputed=0)
lastLogon = int(res[0]["lastLogon"][0])
self.assertGreater(lastLogon, badPasswordTime)
self._readd_user()
# (Re)adds the test user "testuser3" with no password atm
delete_force(self.ldb, "cn=testuser3,cn=users," + self.base_dn)