1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=

This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.

This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).

This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-12-11 20:55:10 +13:00 committed by Douglas Bagnall
parent 175a13ca13
commit 2c54a75484
3 changed files with 23 additions and 17 deletions

View File

@ -38,6 +38,28 @@ source tree. While there will be some differences - due to features
chosen by packagers - comparing these lists with the build dependencies
in a package may locate other dependencies we no longer require.
samba-tool user getpassword / syncpasswords ;rounds= change
-----------------------------------------------------------
The password access tool "samba-tool user getpassword" and the
password sync tool "samba-tool user syncpasswords" allow attributes to
be chosen for output, and accept parameters like
pwdLastSet;format=GeneralizedTime
These attributes then appear, in the same format, as the attributes in
the LDIF output. This was not the case for the ;rounds= parameter of
virtualCryptSHA256 and virtualCryptSHA512, for example as
--attributes="virtualCryptSHA256;rounds=50000"
This release makes the behaviour consistent between these two
features. Installations using GPG-encrypted passwords (or plaintext
storage) and the rounds= option, will find the output has changed
from:
virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
to:
virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
REMOVED FEATURES
================

View File

@ -751,7 +751,7 @@ class GetPasswordCommand(Command):
continue
else:
continue
obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, a)
obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, vattr["raw_attr"])
def get_src_attrname(srcattrg):
srcattrl = srcattrg.lower()

View File

@ -1,16 +0,0 @@
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid