mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
pytest/password_lockout: be less verbose by default
leaving the carefully constructed verbosity there for whoever choses to switch it on. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7af1326a58
commit
eab89c8e29
@ -195,11 +195,11 @@ userAccountControl: %d
|
||||
if use_kerberos == MUST_USE_KERBEROS:
|
||||
logoncount_relation = 'greater'
|
||||
lastlogon_relation = 'greater'
|
||||
print("Performs a password cleartext change operation on 'userPassword' using Kerberos")
|
||||
self.debug("Performs a password cleartext change operation on 'userPassword' using Kerberos")
|
||||
else:
|
||||
logoncount_relation = 'equal'
|
||||
lastlogon_relation = 'equal'
|
||||
print("Performs a password cleartext change operation on 'userPassword' using NTLMSSP")
|
||||
self.debug("Performs a password cleartext change operation on 'userPassword' using NTLMSSP")
|
||||
|
||||
if initial_lastlogon_relation is not None:
|
||||
lastlogon_relation = initial_lastlogon_relation
|
||||
@ -293,7 +293,7 @@ userPassword: thatsAcomplPASS2
|
||||
msDSUserAccountControlComputed=0)
|
||||
badPasswordTime = int(res[0]["badPasswordTime"][0])
|
||||
|
||||
print("two failed password change")
|
||||
self.debug("two failed password change")
|
||||
|
||||
# Wrong old password
|
||||
try:
|
||||
@ -696,7 +696,7 @@ userPassword: thatsAcomplPASS2XYZ
|
||||
for i in range(lockout_threshold):
|
||||
badPwdCount = i + 1
|
||||
try:
|
||||
print("Trying bad password, attempt #%u" % badPwdCount)
|
||||
self.debug("Trying bad password, attempt #%u" % badPwdCount)
|
||||
net.change_password(newpassword=new_password,
|
||||
username=creds.get_username(),
|
||||
oldpassword="bad-password")
|
||||
@ -730,7 +730,7 @@ userPassword: thatsAcomplPASS2XYZ
|
||||
# good or a bad password now
|
||||
for password in (creds.get_password(), "bad-password"):
|
||||
try:
|
||||
print("Trying password %s" % password)
|
||||
self.debug("Trying password %s" % password)
|
||||
net.change_password(newpassword=new_password,
|
||||
username=creds.get_username(),
|
||||
oldpassword=password)
|
||||
@ -930,7 +930,7 @@ userPassword: thatsAcomplPASS2XYZ
|
||||
with self.assertRaises(
|
||||
NTSTATUSError,
|
||||
msg='Invalid SAMR change_password accepted') as err:
|
||||
print(f'Trying correct password, attempt #{i}')
|
||||
self.debug(f'Trying correct password, attempt #{i}')
|
||||
net.change_password(newpassword=new_password,
|
||||
username=username,
|
||||
oldpassword=creds.get_password())
|
||||
@ -1024,7 +1024,7 @@ userPassword: {new_password}
|
||||
with self.assertRaises(
|
||||
NTSTATUSError,
|
||||
msg='Invalid SAMR set_password accepted') as err:
|
||||
print(f'Trying correct password, attempt #{i}')
|
||||
self.debug(f'Trying correct password, attempt #{i}')
|
||||
net.set_password(newpassword=new_password,
|
||||
account_name=username,
|
||||
domain_name=creds.get_domain())
|
||||
@ -1063,7 +1063,7 @@ class PasswordTestsWithSleep(PasswordTests):
|
||||
|
||||
def _test_unicodePwd_lockout_with_clear_change(self, creds, other_ldb,
|
||||
initial_logoncount_relation=None):
|
||||
print("Performs a password cleartext change operation on 'unicodePwd'")
|
||||
self.debug("Performs a password cleartext change operation on 'unicodePwd'")
|
||||
username = creds.get_username()
|
||||
userpass = creds.get_password()
|
||||
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
|
||||
@ -1180,7 +1180,7 @@ unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
|
||||
userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
|
||||
msDSUserAccountControlComputed=0)
|
||||
|
||||
print("two failed password change")
|
||||
self.debug("two failed password change")
|
||||
|
||||
# Wrong old password
|
||||
try:
|
||||
|
@ -20,6 +20,12 @@ import time
|
||||
|
||||
|
||||
class BasePasswordTestCase(PasswordTestCase):
|
||||
if False:
|
||||
debug = print
|
||||
else:
|
||||
def debug(self, *args, **kwargs):
|
||||
pass
|
||||
|
||||
def _open_samr_user(self, res):
|
||||
self.assertTrue("objectSid" in res[0])
|
||||
|
||||
@ -56,7 +62,7 @@ class BasePasswordTestCase(PasswordTestCase):
|
||||
msg="attr[%s]=%r on dn[%s]" %
|
||||
(name, res[0][name], res[0].dn))
|
||||
|
||||
print("%s = '%s'" % (name, res[0][name][0]))
|
||||
self.debug("%s = '%s'" % (name, res[0][name][0]))
|
||||
|
||||
if mode == "present":
|
||||
return
|
||||
@ -108,9 +114,9 @@ class BasePasswordTestCase(PasswordTestCase):
|
||||
effective_bad_password_count=None,
|
||||
msg=None,
|
||||
badPwdCountOnly=False):
|
||||
print('-=' * 36)
|
||||
self.debug('-=' * 36)
|
||||
if msg is not None:
|
||||
print("\033[01;32m %s \033[00m\n" % msg)
|
||||
self.debug("\033[01;32m %s \033[00m\n" % msg)
|
||||
attrs = [
|
||||
"objectSid",
|
||||
"sAMAccountName",
|
||||
@ -402,11 +408,11 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
if use_kerberos == MUST_USE_KERBEROS:
|
||||
logoncount_relation = 'greater'
|
||||
lastlogon_relation = 'greater'
|
||||
print("Performs a lockout attempt against LDAP using Kerberos")
|
||||
self.debug("Performs a lockout attempt against LDAP using Kerberos")
|
||||
else:
|
||||
logoncount_relation = 'equal'
|
||||
lastlogon_relation = 'equal'
|
||||
print("Performs a lockout attempt against LDAP using NTLM")
|
||||
self.debug("Performs a lockout attempt against LDAP using NTLM")
|
||||
|
||||
# Change password on a connection as another user
|
||||
res = self._check_account(userdn,
|
||||
@ -422,8 +428,8 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
lastLogon = int(res[0]["lastLogon"][0])
|
||||
firstLogon = lastLogon
|
||||
lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
|
||||
print(firstLogon)
|
||||
print(lastLogonTimestamp)
|
||||
self.debug(firstLogon)
|
||||
self.debug(lastLogonTimestamp)
|
||||
|
||||
self.assertGreater(lastLogon, badPasswordTime)
|
||||
self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
|
||||
@ -507,7 +513,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
msDSUserAccountControlComputed=0)
|
||||
badPasswordTime = int(res[0]["badPasswordTime"][0])
|
||||
|
||||
print("two failed password change")
|
||||
self.debug("two failed password change")
|
||||
|
||||
# The wrong password
|
||||
creds_lockout.set_password("thatsAcomplPASS1x")
|
||||
@ -595,7 +601,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
|
||||
# wait for the lockout to end
|
||||
time.sleep(self.account_lockout_duration + 1)
|
||||
print(self.account_lockout_duration + 1)
|
||||
self.debug(self.account_lockout_duration + 1)
|
||||
|
||||
res = self._check_account(userdn,
|
||||
badPwdCount=3, effective_bad_password_count=0,
|
||||
@ -730,11 +736,11 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
|
||||
use_kerberos = creds.get_kerberos_state()
|
||||
if use_kerberos == MUST_USE_KERBEROS:
|
||||
print("Testing multiple logon with Kerberos")
|
||||
self.debug("Testing multiple logon with Kerberos")
|
||||
logoncount_relation = 'greater'
|
||||
lastlogon_relation = 'greater'
|
||||
else:
|
||||
print("Testing multiple logon with NTLM")
|
||||
self.debug("Testing multiple logon with NTLM")
|
||||
logoncount_relation = 'equal'
|
||||
lastlogon_relation = 'equal'
|
||||
|
||||
@ -753,7 +759,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
|
||||
lastLogon = int(res[0]["lastLogon"][0])
|
||||
lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
|
||||
firstLogon = lastLogon
|
||||
print("last logon is %d" % lastLogon)
|
||||
self.debug("last logon is %d" % lastLogon)
|
||||
self.assertGreater(lastLogon, badPasswordTime)
|
||||
self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user