import samba
from subprocess import call
from ldb import LdbError
+from samba.tests.password_test import PasswordCommon
USER_NAME = "authlogtestuser"
USER_PASS = samba.generate_random_password(32, 32)
base_dn = self.ldb.domain_dn()
print("base_dn %s" % base_dn)
- # Get the old "dSHeuristics" if it was set
- dsheuristics = self.ldb.get_dsheuristics()
+ # permit password changes during this test
+ PasswordCommon.allow_password_changes(self, self.ldb)
- # Set the "dSHeuristics" to activate the correct "userPassword"
- # behaviour
- self.ldb.set_dsheuristics("000000001")
-
- # Reset the "dSHeuristics" as they were before
- self.addCleanup(self.ldb.set_dsheuristics, dsheuristics)
-
- # Get the old "minPwdAge"
- minPwdAge = self.ldb.get_minPwdAge()
-
- # Set it temporarily to "0"
- self.ldb.set_minPwdAge("0")
self.base_dn = self.ldb.domain_dn()
- # Reset the "minPwdAge" as it was before
- self.addCleanup(self.ldb.set_minPwdAge, minPwdAge)
-
# (Re)adds the test user USER_NAME with password USER_PASS
delete_force(self.ldb, "cn=" + USER_NAME + ",cn=users," + self.base_dn)
self.ldb.add({
from samba.dcerpc.samr import DOMAIN_PASSWORD_STORE_CLEARTEXT
from samba.dsdb import UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
from samba.tests import delete_force
+from samba.tests.password_test import PasswordCommon
import ldb
import samba
import binascii
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
- # Get the old "dSHeuristics" if it was set
- dsheuristics = self.ldb.get_dsheuristics()
+ # permit password changes during this test
+ PasswordCommon.allow_password_changes(self, self.ldb)
- # Set the "dSHeuristics" to activate the correct "userPassword"
- # behaviour
- self.ldb.set_dsheuristics("000000001")
-
- # Reset the "dSHeuristics" as they were before
- self.addCleanup(self.ldb.set_dsheuristics, dsheuristics)
-
- # Get the old "minPwdAge"
- minPwdAge = self.ldb.get_minPwdAge()
-
- # Set it temporarily to "0"
- self.ldb.set_minPwdAge("0")
self.base_dn = self.ldb.domain_dn()
- # Reset the "minPwdAge" as it was before
- self.addCleanup(self.ldb.set_minPwdAge, minPwdAge)
-
account_control = 0
if clear_text:
# get the current pwdProperties
--- /dev/null
+# -*- coding: utf-8 -*-
+#
+# Common functionality for all password change tests
+#
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+from samba.samdb import SamDB
+
+class PasswordCommon:
+
+ @staticmethod
+ def allow_password_changes(testcase, samdb):
+ """Updates the DC to allow password changes during the current test"""
+
+ # Get the old "dSHeuristics" if it was set
+ dsheuristics = samdb.get_dsheuristics()
+
+ # Reset the "dSHeuristics" as they were before
+ testcase.addCleanup(samdb.set_dsheuristics, dsheuristics)
+
+ # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
+ samdb.set_dsheuristics("000000001")
+
+ # Get the old "minPwdAge"
+ minPwdAge = samdb.get_minPwdAge()
+
+ # Reset the "minPwdAge" as it was before
+ testcase.addCleanup(samdb.set_minPwdAge, minPwdAge)
+
+ # Set it temporarily to "0"
+ samdb.set_minPwdAge("0")
+
+
+class PasswordTestCase(samba.tests.TestCase):
+
+ # this requires that an LDB connection has already been setup (so is not
+ # part of the inherited setUp())
+ def allow_password_changes(self, samdb=None):
+ """Updates the DC to allow password changes during the current test"""
+
+ if samdb is None:
+ samdb = self.ldb
+
+ PasswordCommon.allow_password_changes(self, samdb)
+
import samba.tests
from samba.tests import delete_force
import samba.dsdb
+from samba.tests.password_test import PasswordCommon
parser = optparse.OptionParser("acl.py [options] <host>")
sambaopts = options.SambaOptions(parser)
def setUp(self):
super(AclSearchTests, self).setUp()
- # Get the old "dSHeuristics" if it was set
- dsheuristics = self.ldb_admin.get_dsheuristics()
- # Reset the "dSHeuristics" as they were before
- self.addCleanup(self.ldb_admin.set_dsheuristics, dsheuristics)
- # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
- self.ldb_admin.set_dsheuristics("000000001")
- # Get the old "minPwdAge"
- minPwdAge = self.ldb_admin.get_minPwdAge()
- # Reset the "minPwdAge" as it was before
- self.addCleanup(self.ldb_admin.set_minPwdAge, minPwdAge)
- # Set it temporarely to "0"
- self.ldb_admin.set_minPwdAge("0")
+
+ # permit password changes during this test
+ PasswordCommon.allow_password_changes(self, self.ldb_admin)
self.u1 = "search_u1"
self.u2 = "search_u2"
from samba.tests import delete_force
from samba.dcerpc import security, samr
from samba.ndr import ndr_unpack
+from samba.tests.password_test import PasswordTestCase
import time
-class BasePasswordTestCase(samba.tests.TestCase):
+class BasePasswordTestCase(PasswordTestCase):
def _open_samr_user(self, res):
self.assertTrue("objectSid" in res[0])
self.template_creds.set_gensec_features(self.global_creds.get_gensec_features())
self.template_creds.set_kerberos_state(self.global_creds.get_kerberos_state())
-
# Gets back the basedn
base_dn = self.ldb.domain_dn()
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
- # Get the old "dSHeuristics" if it was set
- dsheuristics = self.ldb.get_dsheuristics()
-
- # Reset the "dSHeuristics" as they were before
- self.addCleanup(self.ldb.set_dsheuristics, dsheuristics)
-
res = self.ldb.search(base_dn,
scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"])
self.ldb.modify(m)
- # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
- self.ldb.set_dsheuristics("000000001")
-
- # Get the old "minPwdAge"
- minPwdAge = self.ldb.get_minPwdAge()
-
- # Reset the "minPwdAge" as it was before
- self.addCleanup(self.ldb.set_minPwdAge, minPwdAge)
-
- # Set it temporarely to "0"
- self.ldb.set_minPwdAge("0")
+ # update DC to allow password changes for the duration of this test
+ self.allow_password_changes()
self.base_dn = self.ldb.domain_dn()
import samba
from samba.tests.subunitrun import SubunitOptions, TestProgram
+from samba.tests.password_test import PasswordTestCase
import samba.getopt as options
from samba.samdb import SamDB
import samba.tests
from samba.tests import delete_force
+from password_lockout_base import BasePasswordTestCase
parser = optparse.OptionParser("passwords.py [options] <host>")
sambaopts = options.SambaOptions(parser)
# Tests start here
#
-class PasswordTests(samba.tests.TestCase):
+class PasswordTests(PasswordTestCase):
def setUp(self):
super(PasswordTests, self).setUp()
# Gets back the configuration basedn
configuration_dn = self.ldb.get_config_basedn().get_linearized()
- # Get the old "dSHeuristics" if it was set
- dsheuristics = self.ldb.get_dsheuristics()
+ # permit password changes during this test
+ self.allow_password_changes()
- # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
- self.ldb.set_dsheuristics("000000001")
-
- # Reset the "dSHeuristics" as they were before
- self.addCleanup(self.ldb.set_dsheuristics, dsheuristics)
-
- # Get the old "minPwdAge"
- minPwdAge = self.ldb.get_minPwdAge()
-
- # Set it temporarily to "0"
- self.ldb.set_minPwdAge("0")
self.base_dn = self.ldb.domain_dn()
- # Reset the "minPwdAge" as it was before
- self.addCleanup(self.ldb.set_minPwdAge, minPwdAge)
-
# (Re)adds the test user "testuser" with no password atm
delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
self.ldb.add({
from samba.dcerpc import security
from samba.dcerpc import drsblobs
from samba.dcerpc.drsuapi import *
+from samba.tests.password_test import PasswordCommon
import samba.tests
from ldb import (SCOPE_BASE, FLAG_MOD_ADD, FLAG_MOD_DELETE, FLAG_MOD_REPLACE, Dn, Message,
self.base_dn = self.samdb.domain_dn()
self.schema_dn = self.samdb.get_schema_basedn().get_linearized()
self.configuration_dn = self.samdb.get_config_basedn().get_linearized()
- # Get the old "dSHeuristics" if it was set
- self.dsheuristics = self.samdb.get_dsheuristics()
- # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
- self.samdb.set_dsheuristics("000000001")
- # Get the old "minPwdAge"
- self.minPwdAge = self.samdb.get_minPwdAge()
- # Set it temporary to "0"
- self.samdb.set_minPwdAge("0")
+
+ # permit password changes during this test
+ PasswordCommon.allow_password_changes(self, self.samdb)
def tearDown(self):
super(RestoredObjectAttributesBaseTestCase, self).tearDown()
- # Reset the "dSHeuristics" as they were before
- self.samdb.set_dsheuristics(self.dsheuristics)
- # Reset the "minPwdAge" as it was before
- self.samdb.set_minPwdAge(self.minPwdAge)
def GUID_string(self, guid):
return self.samdb.schema_format_value("objectGUID", guid)