sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

netcmd: Fix passwordsettings --max-pwd-age command

Browse Source 
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.

We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.

This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 08:03:08 UTC 2019 on sn-devel-144

(cherry picked from commit 7a410ccb5f6f2958d56fa6f16d8780c69a3830dd)

Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue May 14 17:36:28 UTC 2019 on sn-devel-144
This commit is contained in:
Tim Beale 2019-04-03 09:10:55 +13:00 committed by Karolin Seeger
parent afc2243b47
commit 893ac2a6b2
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
python/samba/netcmd/domain.py
View File

@ -1397,6 +1397,10 @@ class cmd_domain_passwordsettings_set(Command):
m.dn = ldb.Dn(samdb, domain_dn)
pwd_props = int(samdb.get_pwdProperties())
# get the current password age settings
max_pwd_age_ticks = samdb.get_maxPwdAge()
min_pwd_age_ticks = samdb.get_minPwdAge()
if complexity is not None:
if complexity == "on" or complexity == "default":
pwd_props = pwd_props | DOMAIN_PASSWORD_COMPLEX
@ -1526,8 +1530,14 @@ class cmd_domain_passwordsettings_set(Command):
ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow")
msgs.append("Duration to reset account lockout after changed!")
if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age))
if max_pwd_age or min_pwd_age:
# If we're setting either min or max password, make sure the max is
# still greater overall. As either setting could be None, we use the
# ticks here (which are always set) and work backwards.
max_pwd_age = timestamp_to_days(max_pwd_age_ticks)
min_pwd_age = timestamp_to_days(min_pwd_age_ticks)
if max_pwd_age != 0 and min_pwd_age >= max_pwd_age:
raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age))
if len(m) == 0:
raise CommandError("You must specify at least one option to set. Try --help")

1
selftest/knownfail.d/passwordsettings
View File

@ -1 +0,0 @@
samba.tests.samba_tool.passwordsettings.samba.tests.samba_tool.passwordsettings.PwdSettingsCmdTestCase.test_domain_passwordsettings_pwdage\(ad_dc_default:local\)