mirror of
https://github.com/samba-team/samba.git
synced 2025-03-10 12:58:35 +03:00
password_lockout: Move lockoutObservationWindow tests from setUp
These should not belong in the setUp, and should be a separate test. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Garming Sam
Garming Sam
parent
a3cb12a7d8
commit
ad55cbb62c
@ -973,6 +973,31 @@ unicodePwd:: """ + base64.b64encode(new_utf16) + """
|
||||
def test_multiple_logon_ntlm(self):
|
||||
self._test_multiple_logon(self.lockout1ntlm_creds)
|
||||
|
||||
def test_lockout_observation_window(self):
|
||||
lockout3krb5_creds = self.insta_creds(self.template_creds,
|
||||
username="lockout3krb5",
|
||||
userpass="thatsAcomplPASS0",
|
||||
kerberos_state=MUST_USE_KERBEROS)
|
||||
self._testing_add_user(lockout3krb5_creds)
|
||||
|
||||
lockout4krb5_creds = self.insta_creds(self.template_creds,
|
||||
username="lockout4krb5",
|
||||
userpass="thatsAcomplPASS0",
|
||||
kerberos_state=MUST_USE_KERBEROS)
|
||||
self._testing_add_user(lockout4krb5_creds,
|
||||
lockOutObservationWindow=self.lockout_observation_window)
|
||||
|
||||
lockout3ntlm_creds = self.insta_creds(self.template_creds,
|
||||
username="lockout3ntlm",
|
||||
userpass="thatsAcomplPASS0",
|
||||
kerberos_state=DONT_USE_KERBEROS)
|
||||
self._testing_add_user(lockout3ntlm_creds)
|
||||
lockout4ntlm_creds = self.insta_creds(self.template_creds,
|
||||
username="lockout4ntlm",
|
||||
userpass="thatsAcomplPASS0",
|
||||
kerberos_state=DONT_USE_KERBEROS)
|
||||
self._testing_add_user(lockout4ntlm_creds,
|
||||
lockOutObservationWindow=self.lockout_observation_window)
|
||||
|
||||
host_url = "ldap://%s" % host
|
||||
|
||||
|
||||
@ -195,6 +195,51 @@ class BasePasswordTestCase(samba.tests.TestCase):
|
||||
userpass = creds.get_password()
|
||||
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
|
||||
|
||||
delete_force(self.ldb, userdn)
|
||||
self.ldb.add({
|
||||
"dn": userdn,
|
||||
"objectclass": "user",
|
||||
"sAMAccountName": username})
|
||||
|
||||
self.addCleanup(delete_force, self.ldb, userdn)
|
||||
|
||||
# Sets the initial user password with a "special" password change
|
||||
# I think that this internally is a password set operation and it can
|
||||
# only be performed by someone which has password set privileges on the
|
||||
# account (at least in s4 we do handle it like that).
|
||||
self.ldb.modify_ldif("""
|
||||
dn: """ + userdn + """
|
||||
changetype: modify
|
||||
delete: userPassword
|
||||
add: userPassword
|
||||
userPassword: """ + userpass + """
|
||||
""")
|
||||
# Enables the user account
|
||||
self.ldb.enable_account("(sAMAccountName=%s)" % username)
|
||||
|
||||
use_kerberos = creds.get_kerberos_state()
|
||||
fail_creds = self.insta_creds(self.template_creds,
|
||||
username=username,
|
||||
userpass=userpass+"X",
|
||||
kerberos_state=use_kerberos)
|
||||
|
||||
# Fail once to get a badPasswordTime
|
||||
try:
|
||||
ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
|
||||
self.fail()
|
||||
except LdbError, (num, msg):
|
||||
self.assertEquals(num, ERR_INVALID_CREDENTIALS)
|
||||
|
||||
# Succeed to reset everything to 0
|
||||
ldb = SamDB(url=self.host_url, credentials=creds, lp=self.lp)
|
||||
|
||||
return ldb
|
||||
|
||||
def _testing_add_user(self, creds, lockOutObservationWindow=0):
|
||||
username = creds.get_username()
|
||||
userpass = creds.get_password()
|
||||
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
|
||||
|
||||
use_kerberos = creds.get_kerberos_state()
|
||||
if use_kerberos == MUST_USE_KERBEROS:
|
||||
logoncount_relation = 'greater'
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user