1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

pytest/password_lockout: be less verbose by default

leaving the carefully constructed verbosity there for whoever choses
to switch it on.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2022-09-08 14:32:13 +12:00 committed by Andrew Bartlett
parent 7af1326a58
commit eab89c8e29
2 changed files with 27 additions and 21 deletions

View File

@ -195,11 +195,11 @@ userAccountControl: %d
if use_kerberos == MUST_USE_KERBEROS:
logoncount_relation = 'greater'
lastlogon_relation = 'greater'
print("Performs a password cleartext change operation on 'userPassword' using Kerberos")
self.debug("Performs a password cleartext change operation on 'userPassword' using Kerberos")
else:
logoncount_relation = 'equal'
lastlogon_relation = 'equal'
print("Performs a password cleartext change operation on 'userPassword' using NTLMSSP")
self.debug("Performs a password cleartext change operation on 'userPassword' using NTLMSSP")
if initial_lastlogon_relation is not None:
lastlogon_relation = initial_lastlogon_relation
@ -293,7 +293,7 @@ userPassword: thatsAcomplPASS2
msDSUserAccountControlComputed=0)
badPasswordTime = int(res[0]["badPasswordTime"][0])
print("two failed password change")
self.debug("two failed password change")
# Wrong old password
try:
@ -696,7 +696,7 @@ userPassword: thatsAcomplPASS2XYZ
for i in range(lockout_threshold):
badPwdCount = i + 1
try:
print("Trying bad password, attempt #%u" % badPwdCount)
self.debug("Trying bad password, attempt #%u" % badPwdCount)
net.change_password(newpassword=new_password,
username=creds.get_username(),
oldpassword="bad-password")
@ -730,7 +730,7 @@ userPassword: thatsAcomplPASS2XYZ
# good or a bad password now
for password in (creds.get_password(), "bad-password"):
try:
print("Trying password %s" % password)
self.debug("Trying password %s" % password)
net.change_password(newpassword=new_password,
username=creds.get_username(),
oldpassword=password)
@ -930,7 +930,7 @@ userPassword: thatsAcomplPASS2XYZ
with self.assertRaises(
NTSTATUSError,
msg='Invalid SAMR change_password accepted') as err:
print(f'Trying correct password, attempt #{i}')
self.debug(f'Trying correct password, attempt #{i}')
net.change_password(newpassword=new_password,
username=username,
oldpassword=creds.get_password())
@ -1024,7 +1024,7 @@ userPassword: {new_password}
with self.assertRaises(
NTSTATUSError,
msg='Invalid SAMR set_password accepted') as err:
print(f'Trying correct password, attempt #{i}')
self.debug(f'Trying correct password, attempt #{i}')
net.set_password(newpassword=new_password,
account_name=username,
domain_name=creds.get_domain())
@ -1063,7 +1063,7 @@ class PasswordTestsWithSleep(PasswordTests):
def _test_unicodePwd_lockout_with_clear_change(self, creds, other_ldb,
initial_logoncount_relation=None):
print("Performs a password cleartext change operation on 'unicodePwd'")
self.debug("Performs a password cleartext change operation on 'unicodePwd'")
username = creds.get_username()
userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
@ -1180,7 +1180,7 @@ unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
msDSUserAccountControlComputed=0)
print("two failed password change")
self.debug("two failed password change")
# Wrong old password
try:

View File

@ -20,6 +20,12 @@ import time
class BasePasswordTestCase(PasswordTestCase):
if False:
debug = print
else:
def debug(self, *args, **kwargs):
pass
def _open_samr_user(self, res):
self.assertTrue("objectSid" in res[0])
@ -56,7 +62,7 @@ class BasePasswordTestCase(PasswordTestCase):
msg="attr[%s]=%r on dn[%s]" %
(name, res[0][name], res[0].dn))
print("%s = '%s'" % (name, res[0][name][0]))
self.debug("%s = '%s'" % (name, res[0][name][0]))
if mode == "present":
return
@ -108,9 +114,9 @@ class BasePasswordTestCase(PasswordTestCase):
effective_bad_password_count=None,
msg=None,
badPwdCountOnly=False):
print('-=' * 36)
self.debug('-=' * 36)
if msg is not None:
print("\033[01;32m %s \033[00m\n" % msg)
self.debug("\033[01;32m %s \033[00m\n" % msg)
attrs = [
"objectSid",
"sAMAccountName",
@ -402,11 +408,11 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
if use_kerberos == MUST_USE_KERBEROS:
logoncount_relation = 'greater'
lastlogon_relation = 'greater'
print("Performs a lockout attempt against LDAP using Kerberos")
self.debug("Performs a lockout attempt against LDAP using Kerberos")
else:
logoncount_relation = 'equal'
lastlogon_relation = 'equal'
print("Performs a lockout attempt against LDAP using NTLM")
self.debug("Performs a lockout attempt against LDAP using NTLM")
# Change password on a connection as another user
res = self._check_account(userdn,
@ -422,8 +428,8 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
lastLogon = int(res[0]["lastLogon"][0])
firstLogon = lastLogon
lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
print(firstLogon)
print(lastLogonTimestamp)
self.debug(firstLogon)
self.debug(lastLogonTimestamp)
self.assertGreater(lastLogon, badPasswordTime)
self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
@ -507,7 +513,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
msDSUserAccountControlComputed=0)
badPasswordTime = int(res[0]["badPasswordTime"][0])
print("two failed password change")
self.debug("two failed password change")
# The wrong password
creds_lockout.set_password("thatsAcomplPASS1x")
@ -595,7 +601,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
# wait for the lockout to end
time.sleep(self.account_lockout_duration + 1)
print(self.account_lockout_duration + 1)
self.debug(self.account_lockout_duration + 1)
res = self._check_account(userdn,
badPwdCount=3, effective_bad_password_count=0,
@ -730,11 +736,11 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
use_kerberos = creds.get_kerberos_state()
if use_kerberos == MUST_USE_KERBEROS:
print("Testing multiple logon with Kerberos")
self.debug("Testing multiple logon with Kerberos")
logoncount_relation = 'greater'
lastlogon_relation = 'greater'
else:
print("Testing multiple logon with NTLM")
self.debug("Testing multiple logon with NTLM")
logoncount_relation = 'equal'
lastlogon_relation = 'equal'
@ -753,7 +759,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
lastLogon = int(res[0]["lastLogon"][0])
lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
firstLogon = lastLogon
print("last logon is %d" % lastLogon)
self.debug("last logon is %d" % lastLogon)
self.assertGreater(lastLogon, badPasswordTime)
self.assertGreaterEqual(lastLogon, lastLogonTimestamp)