sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

password_lockout: Move lockoutObservationWindow tests from setUp

Browse Source 
These should not belong in the setUp, and should be a separate test.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Garming Sam 2017-04-06 16:21:53 +12:00 committed by Garming Sam
parent a3cb12a7d8
commit ad55cbb62c
2 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
source4/dsdb/tests/python/password_lockout.py
View File

@ -973,6 +973,31 @@ unicodePwd:: """ + base64.b64encode(new_utf16) + """
def test_multiple_logon_ntlm(self): def test_multiple_logon_ntlm(self):
self._test_multiple_logon(self.lockout1ntlm_creds) self._test_multiple_logon(self.lockout1ntlm_creds)
def test_lockout_observation_window(self):
lockout3krb5_creds = self.insta_creds(self.template_creds,
username="lockout3krb5",
userpass="thatsAcomplPASS0",
kerberos_state=MUST_USE_KERBEROS)
self._testing_add_user(lockout3krb5_creds)
lockout4krb5_creds = self.insta_creds(self.template_creds,
username="lockout4krb5",
userpass="thatsAcomplPASS0",
kerberos_state=MUST_USE_KERBEROS)
self._testing_add_user(lockout4krb5_creds,
lockOutObservationWindow=self.lockout_observation_window)
lockout3ntlm_creds = self.insta_creds(self.template_creds,
username="lockout3ntlm",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self._testing_add_user(lockout3ntlm_creds)
lockout4ntlm_creds = self.insta_creds(self.template_creds,
username="lockout4ntlm",
userpass="thatsAcomplPASS0",
kerberos_state=DONT_USE_KERBEROS)
self._testing_add_user(lockout4ntlm_creds,
lockOutObservationWindow=self.lockout_observation_window)
host_url = "ldap://%s" % host host_url = "ldap://%s" % host

45
source4/dsdb/tests/python/password_lockout_base.py
View File

@ -195,6 +195,51 @@ class BasePasswordTestCase(samba.tests.TestCase):
userpass = creds.get_password() userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn) userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
delete_force(self.ldb, userdn)
self.ldb.add({
"dn": userdn,
"objectclass": "user",
"sAMAccountName": username})
self.addCleanup(delete_force, self.ldb, userdn)
# Sets the initial user password with a "special" password change
# I think that this internally is a password set operation and it can
# only be performed by someone which has password set privileges on the
# account (at least in s4 we do handle it like that).
self.ldb.modify_ldif("""
dn: """ + userdn + """
changetype: modify
delete: userPassword
add: userPassword
userPassword: """ + userpass + """
""")
# Enables the user account
self.ldb.enable_account("(sAMAccountName=%s)" % username)
use_kerberos = creds.get_kerberos_state()
fail_creds = self.insta_creds(self.template_creds,
username=username,
userpass=userpass+"X",
kerberos_state=use_kerberos)
# Fail once to get a badPasswordTime
try:
ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
self.fail()
except LdbError, (num, msg):
self.assertEquals(num, ERR_INVALID_CREDENTIALS)
# Succeed to reset everything to 0
ldb = SamDB(url=self.host_url, credentials=creds, lp=self.lp)
return ldb
def _testing_add_user(self, creds, lockOutObservationWindow=0):
username = creds.get_username()
userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
use_kerberos = creds.get_kerberos_state() use_kerberos = creds.get_kerberos_state()
if use_kerberos == MUST_USE_KERBEROS: if use_kerberos == MUST_USE_KERBEROS:
logoncount_relation = 'greater' logoncount_relation = 'greater'