mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
860c6b1e8f
commit
73fb24c2e4
@ -502,107 +502,8 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
self.creds2 = insta_creds()
|
||||
self.ldb2 = self._readd_user(self.creds2)
|
||||
|
||||
# (Re)adds the test user "testuser3" with no password atm
|
||||
delete_force(self.ldb, "cn=testuser3,cn=users," + self.base_dn)
|
||||
self.ldb.add({
|
||||
"dn": "cn=testuser3,cn=users," + self.base_dn,
|
||||
"objectclass": "user",
|
||||
"sAMAccountName": "testuser3"})
|
||||
|
||||
res = self._check_account("cn=testuser3,cn=users," + self.base_dn,
|
||||
badPwdCount=0,
|
||||
badPasswordTime=0,
|
||||
lastLogon=0,
|
||||
lastLogonTimestamp=('absent', None),
|
||||
userAccountControl=
|
||||
dsdb.UF_NORMAL_ACCOUNT |
|
||||
dsdb.UF_ACCOUNTDISABLE |
|
||||
dsdb.UF_PASSWD_NOTREQD,
|
||||
msDSUserAccountControlComputed=
|
||||
dsdb.UF_PASSWORD_EXPIRED)
|
||||
|
||||
# Tests a password change when we don't have any password yet with a
|
||||
# wrong old password
|
||||
try:
|
||||
self.ldb.modify_ldif("""
|
||||
dn: cn=testuser3,cn=users,""" + self.base_dn + """
|
||||
changetype: modify
|
||||
delete: userPassword
|
||||
userPassword: noPassword
|
||||
add: userPassword
|
||||
userPassword: thatsAcomplPASS2
|
||||
""")
|
||||
self.fail()
|
||||
except LdbError, (num, msg):
|
||||
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
|
||||
# Windows (2008 at least) seems to have some small bug here: it
|
||||
# returns "0000056A" on longer (always wrong) previous passwords.
|
||||
self.assertTrue('00000056' in msg, msg)
|
||||
|
||||
res = self._check_account("cn=testuser3,cn=users," + self.base_dn,
|
||||
badPwdCount=1,
|
||||
badPasswordTime=("greater", 0),
|
||||
lastLogon=0,
|
||||
lastLogonTimestamp=('absent', None),
|
||||
userAccountControl=
|
||||
dsdb.UF_NORMAL_ACCOUNT |
|
||||
dsdb.UF_ACCOUNTDISABLE |
|
||||
dsdb.UF_PASSWD_NOTREQD,
|
||||
msDSUserAccountControlComputed=
|
||||
dsdb.UF_PASSWORD_EXPIRED)
|
||||
badPasswordTime3 = int(res[0]["badPasswordTime"][0])
|
||||
|
||||
# Sets the initial user password with a "special" password change
|
||||
# I think that this internally is a password set operation and it can
|
||||
# only be performed by someone which has password set privileges on the
|
||||
# account (at least in s4 we do handle it like that).
|
||||
self.ldb.modify_ldif("""
|
||||
dn: cn=testuser3,cn=users,""" + self.base_dn + """
|
||||
changetype: modify
|
||||
delete: userPassword
|
||||
add: userPassword
|
||||
userPassword: thatsAcomplPASS1
|
||||
""")
|
||||
|
||||
res = self._check_account("cn=testuser3,cn=users," + self.base_dn,
|
||||
badPwdCount=1,
|
||||
badPasswordTime=badPasswordTime3,
|
||||
lastLogon=0,
|
||||
lastLogonTimestamp=('absent', None),
|
||||
userAccountControl=
|
||||
dsdb.UF_NORMAL_ACCOUNT |
|
||||
dsdb.UF_ACCOUNTDISABLE |
|
||||
dsdb.UF_PASSWD_NOTREQD,
|
||||
msDSUserAccountControlComputed=0)
|
||||
|
||||
# Enables the user account
|
||||
self.ldb.enable_account("(sAMAccountName=testuser3)")
|
||||
|
||||
res = self._check_account("cn=testuser3,cn=users," + self.base_dn,
|
||||
badPwdCount=1,
|
||||
badPasswordTime=badPasswordTime3,
|
||||
lastLogon=0,
|
||||
lastLogonTimestamp=('absent', None),
|
||||
userAccountControl=
|
||||
dsdb.UF_NORMAL_ACCOUNT,
|
||||
msDSUserAccountControlComputed=0)
|
||||
|
||||
# Open a second LDB connection with the user credentials. Use the
|
||||
# command line credentials for informations like the domain, the realm
|
||||
# and the workstation.
|
||||
creds3 = insta_creds()
|
||||
creds3.set_username("testuser3")
|
||||
creds3.set_password("thatsAcomplPASS1")
|
||||
self.ldb3 = SamDB(url=host_url, credentials=creds3, lp=lp)
|
||||
|
||||
res = self._check_account("cn=testuser3,cn=users," + self.base_dn,
|
||||
badPwdCount=0,
|
||||
badPasswordTime=badPasswordTime3,
|
||||
lastLogon=('greater', badPasswordTime3),
|
||||
lastLogonTimestamp=('greater', badPasswordTime3),
|
||||
userAccountControl=
|
||||
dsdb.UF_NORMAL_ACCOUNT,
|
||||
msDSUserAccountControlComputed=0)
|
||||
self.creds3 = insta_creds(username="testuser3", userpass="thatsAcomplPASS1")
|
||||
self.ldb3 = self._readd_user(self.creds3)
|
||||
|
||||
def _test_userPassword_lockout_with_clear_change(self, method):
|
||||
print "Performs a password cleartext change operation on 'userPassword'"
|
||||
|
Loading…
Reference in New Issue
Block a user