sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-14 00:58:38 +03:00
Code

selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm

Browse Source 
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2022-03-31 22:45:40 +13:00
parent f85f6f89f1
commit a9caf760b6
2 changed files with 31 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/dsdb/tests/python/password_lockout.py
View File

@ -80,15 +80,21 @@ class PasswordTests(password_lockout_base.BasePasswordTestCase):
username="lockout2krb5",
userpass="thatsAcomplPASS0",
kerberos_state=MUST_USE_KERBEROS)
self.lockout2krb5_ldb = self._readd_user(self.lockout2krb5_creds,
lockOutObservationWindow=self.lockout_observation_window)
self._readd_user(self.lockout2krb5_creds,
lockOutObservationWindow=self.lockout_observation_window)
self.lockout2krb5_ldb = SamDB(url=self.host_url,
credentials=self.lockout2krb5_creds,
lp=lp)
self.lockout2ntlm_creds = self.insta_creds(self.template_creds,
username="lockout2ntlm",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self.lockout2ntlm_ldb = self._readd_user(self.lockout2ntlm_creds,
lockOutObservationWindow=self.lockout_observation_window)
self._readd_user(self.lockout2ntlm_creds,
lockOutObservationWindow=self.lockout_observation_window)
self.lockout2ntlm_ldb = SamDB(url=self.host_url,
credentials=self.lockout2ntlm_creds,
lp=lp)
def use_pso_lockout_settings(self, creds):

34
source4/dsdb/tests/python/password_lockout_base.py
View File

@ -251,15 +251,26 @@ userPassword: """ + userpass + """
username=username,
userpass=userpass + "X",
kerberos_state=use_kerberos)
if simple:
fail_creds.set_bind_dn(userdn)
self._check_account_initial(userdn)
# Fail once to get a badPasswordTime
self.assertLoginFailure(ldap_url, fail_creds, self.lp)
# Succeed to reset everything to 0
ldb = self.assertLoginSuccess(ldap_url, creds, self.lp)
# Always reset with Simple bind or Kerberos, allows testing without NTLM
if simple or use_kerberos == MUST_USE_KERBEROS:
success_creds = creds
else:
success_creds = self.insta_creds(self.template_creds,
username=username,
userpass=userpass)
success_creds.set_bind_dn(userdn)
ldap_url = self.host_url_ldaps
return ldb
# Succeed to reset everything to 0
self.assertLoginSuccess(ldap_url, success_creds, self.lp)
def assertLoginFailure(self, url, creds, lp, errno=ERR_INVALID_CREDENTIALS):
try:
@ -362,23 +373,20 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
username="lockout1krb5",
userpass="thatsAcomplPASS0",
kerberos_state=MUST_USE_KERBEROS)
self.lockout1krb5_ldb = self._readd_user(self.lockout1krb5_creds)
self._readd_user(self.lockout1krb5_creds)
self.lockout1ntlm_creds = self.insta_creds(self.template_creds,
username="lockout1ntlm",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
self._readd_user(self.lockout1ntlm_creds)
self.lockout1simple_creds = self.insta_creds(self.template_creds,
username="lockout1simple",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self.lockout1simple_ldb = self._readd_user(self.lockout1simple_creds,
simple=True)
username="lockout1simple",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self._readd_user(self.lockout1simple_creds,
simple=True)
def delete_ldb_connections(self):
del self.lockout1krb5_ldb
del self.lockout1ntlm_ldb
del self.lockout1simple_ldb
del self.ldb
def tearDown(self):