sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-29 15:42:04 +03:00
Code Activity

s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"

Browse Source 
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are
used for special semantics.
"UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED"
forces password expiration.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
This commit is contained in:
Matthias Dieter Wallnöfer
2013-06-08 23:45:43 +02:00
committed by Andrew Bartlett
parent 2f7d9fddf7
commit 7f760ed84b
2 changed files with 147 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
source4/dsdb/tests/python/sam.py
View File

@ -27,7 +27,7 @@ from samba.samdb import SamDB
from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_ACCOUNTDISABLE,
UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
UF_PASSWD_NOTREQD, ATYPE_NORMAL_ACCOUNT,
UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP,
@ -1465,6 +1465,22 @@ class SamTests(samba.tests.TestCase):
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)})
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertFalse("lockoutTime" in res1[0])
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@ -1587,6 +1603,30 @@ class SamTests(samba.tests.TestCase):
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["userAccountControl"] = MessageElement(
str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE,
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@ -1707,6 +1747,22 @@ class SamTests(samba.tests.TestCase):
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
"objectclass": "computer",
"userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)})
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
scope=SCOPE_BASE,
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertFalse("lockoutTime" in res1[0])
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
try:
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
@ -1823,6 +1879,30 @@ class SamTests(samba.tests.TestCase):
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
m["userAccountControl"] = MessageElement(
str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
FLAG_MOD_REPLACE, "userAccountControl")
ldb.modify(m)
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
scope=SCOPE_BASE,
attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
self.assertTrue(len(res1) == 1)
self.assertEquals(int(res1[0]["sAMAccountType"][0]),
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)