FILE *fp = NULL;
const char **gpo_update_cmd;
char **gpo_unapply_cmd;
+ char **gpo_update_force_cmd;
int minpwdcases[] = { 0, 1, 998 };
int maxpwdcases[] = { 0, 1, 999 };
int pwdlencases[] = { 0, 1, 14 };
"The pwdProperties were not applied");
}
- /* Unapply the settings and verify they are removed */
+ /* Reset settings, then verify a reapply doesn't force them back */
+ for (i = 0; i < old_message->num_elements; i++) {
+ old_message->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+ ret = ldb_modify(samdb, old_message);
+ torture_assert(tctx, ret == 0, "Failed to reset password settings.");
+
+ ret = exec_wait(discard_const_p(char *, gpo_update_cmd));
+ torture_assert(tctx, ret == 0,
+ "Failed to execute the gpo update command");
+
+ /* Validate that the apply did nothing (without --force param) */
+ ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
+ LDB_SCOPE_BASE, attrs, NULL);
+ torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+ "Searching the samdb failed");
+ /* minPwdAge */
+ torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+ result->msgs[0],
+ attrs[0],
+ "")),
+ unix2nttime(ldb_msg_find_attr_as_string(old_message,
+ attrs[0],
+ "")
+ ),
+ "The minPwdAge was re-applied");
+ /* maxPwdAge */
+ torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+ result->msgs[0],
+ attrs[1],
+ "")),
+ unix2nttime(ldb_msg_find_attr_as_string(old_message,
+ attrs[1],
+ "")
+ ),
+ "The maxPwdAge was re-applied");
+ /* minPwdLength */
+ torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+ result->msgs[0],
+ attrs[2],
+ -1),
+ ldb_msg_find_attr_as_int(
+ old_message,
+ attrs[2],
+ -2),
+ "The minPwdLength was re-applied");
+ /* pwdProperties */
+ torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+ result->msgs[0],
+ attrs[3],
+ -1),
+ ldb_msg_find_attr_as_int(
+ old_message,
+ attrs[3],
+ -2),
+ "The pwdProperties were re-applied");
+
for (itr = gpo_update_cmd; *itr != NULL; itr++) {
gpo_update_len++;
}
+
+ /* Run gpupdate --force and verify settings are re-applied */
+ gpo_update_force_cmd = talloc_array(ctx, char*, gpo_update_len+2);
+ for (i = 0; i < gpo_update_len; i++) {
+ gpo_update_force_cmd[i] = talloc_strdup(gpo_update_force_cmd,
+ gpo_update_cmd[i]);
+ }
+ gpo_update_force_cmd[i] = talloc_asprintf(gpo_update_force_cmd,
+ "--force");
+ gpo_update_force_cmd[i+1] = NULL;
+ ret = exec_wait(gpo_update_force_cmd);
+ torture_assert(tctx, ret == 0,
+ "Failed to execute the gpupdate --force command");
+
+ ret = ldb_search(samdb, ctx, &result,
+ ldb_get_default_basedn(samdb),
+ LDB_SCOPE_BASE, attrs, NULL);
+ torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+ "Searching the samdb failed");
+
+ /* minPwdAge */
+ torture_assert_int_equal(tctx, unix2nttime(
+ ldb_msg_find_attr_as_string(
+ result->msgs[0],
+ attrs[0],
+ "")), minpwdcases[2],
+ "The minPwdAge was not applied");
+
+ /* maxPwdAge */
+ torture_assert_int_equal(tctx, unix2nttime(
+ ldb_msg_find_attr_as_string(
+ result->msgs[0],
+ attrs[1],
+ "")), maxpwdcases[2],
+ "The maxPwdAge was not applied");
+
+ /* minPwdLength */
+ torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+ result->msgs[0],
+ attrs[2],
+ -1),
+ pwdlencases[2],
+ "The minPwdLength was not applied");
+
+ /* pwdProperties */
+ torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+ result->msgs[0],
+ attrs[3],
+ -1),
+ pwdpropcases[2],
+ "The pwdProperties were not applied");
+
+ /* Unapply the settings and verify they are removed */
gpo_unapply_cmd = talloc_array(ctx, char*, gpo_update_len+2);
for (i = 0; i < gpo_update_len; i++) {
gpo_unapply_cmd[i] = talloc_strdup(gpo_unapply_cmd,