from samba.tests.samba_tool.base import SambaToolCmdTest
from samba.tests.pso import PasswordSettings, TestUser
+
class PwdSettingsCmdTestCase(SambaToolCmdTest):
"""Tests for 'samba-tool domain passwordsettings' subcommands"""
self.user_auth = "-U%s%%%s" % (os.environ["DC_USERNAME"],
os.environ["DC_PASSWORD"])
self.ldb = self.getSamDB("-H", self.server, self.user_auth)
- self.pso_container = \
- "CN=Password Settings Container,CN=System,%s" % self.ldb.domain_dn()
+ system_dn = "CN=System,%s" % self.ldb.domain_dn()
+ self.pso_container = "CN=Password Settings Container,%s" % system_dn
self.obj_cleanup = []
def tearDown(self):
dn = "CN=%s,%s" % (pso_name, self.pso_container)
pso_attrs = ['name', 'msDS-PasswordSettingsPrecedence',
'msDS-PasswordReversibleEncryptionEnabled',
- 'msDS-PasswordHistoryLength', 'msDS-MinimumPasswordLength',
- 'msDS-PasswordComplexityEnabled', 'msDS-MinimumPasswordAge',
- 'msDS-MaximumPasswordAge', 'msDS-LockoutObservationWindow',
+ 'msDS-PasswordHistoryLength',
+ 'msDS-MinimumPasswordLength',
+ 'msDS-PasswordComplexityEnabled',
+ 'msDS-MinimumPasswordAge',
+ 'msDS-MaximumPasswordAge',
+ 'msDS-LockoutObservationWindow',
'msDS-LockoutThreshold', 'msDS-LockoutDuration']
res = self.ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=pso_attrs)
self.assertEquals(len(res), 1, "PSO lookup failed")
# check the PSO's settings match the search results
self.assertEquals(str(res[0]['msDS-PasswordComplexityEnabled'][0]),
complexity_str)
- self.assertEquals(str(res[0]['msDS-PasswordReversibleEncryptionEnabled'][0]),
- plaintext_str)
+ plaintext_res = res[0]['msDS-PasswordReversibleEncryptionEnabled'][0]
+ self.assertEquals(str(plaintext_res), plaintext_str)
self.assertEquals(int(res[0]['msDS-PasswordHistoryLength'][0]),
pso.history_len)
self.assertEquals(int(res[0]['msDS-MinimumPasswordLength'][0]),
"pso", "show"), pso_name,
"-H", self.server,
self.user_auth)
- self.assertTrue(len(out.split(":")) >= 10, "Expect 10 fields displayed")
+ self.assertTrue(len(out.split(":")) >= 10,
+ "Expect 10 fields displayed")
# for a few settings, sanity-check the display is what we expect
self.assertIn("Minimum password length: %u" % pso.password_len, out)
self.assertIn("Password history length: %u" % pso.history_len, out)
- self.assertIn("lockout threshold (attempts): %u" % pso.lockout_attempts,
- out)
+ lockout_str = "lockout threshold (attempts): %u" % pso.lockout_attempts
+ self.assertIn(lockout_str, out)
def test_pso_create(self):
"""Tests basic PSO creation using the samba-tool"""
self.obj_cleanup.append("CN=%s,%s" % (pso_name, self.pso_container))
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("successfully created", out)
self.check_pso(pso_name, expected_pso)
self.user_auth)
self.obj_cleanup.append("CN=%s,%s" % (pso_name, self.pso_container))
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("successfully created", out)
self.check_pso(pso_name, expected_pso)
# sanity-check the cmd was successful
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("successfully created", out)
self.check_pso(pso_name, pso_settings)
pso_settings.precedence = 99
pso_settings.lockout_attempts = 10
pso_settings.lockout_duration = 60 * 17
- (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "pso", "set"), pso_name,
- "--precedence=99",
- "--account-lockout-threshold=10",
- "--account-lockout-duration=17",
- "-H", self.server,
- self.user_auth)
- self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ (res, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+ "pso", "set"), pso_name,
+ "--precedence=99",
+ "--account-lockout-threshold=10",
+ "--account-lockout-duration=17",
+ "-H", self.server,
+ self.user_auth)
+ self.assertCmdSuccess(res, out, err)
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Successfully updated", out)
# check the PSO's settings now reflect the new values
"-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Deleted PSO", out)
dn = "CN=%s,%s" % (pso_name, self.pso_container)
self.obj_cleanup.remove(dn)
# first check the samba-tool output tells us the correct PSO is applied
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "pso", "show-user"), user.name,
- "-H", self.server,
+ "pso", "show-user"),
+ user.name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
if pso is None:
self.assertIn("No PSO applies to user", out)
else:
group_name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.check_pso_applied(user, pso=test_pso)
# we should fail if we try to apply the same PSO/group twice though
user.name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.check_pso_applied(user, pso=test_pso)
# check samba-tool can successfully unlink a group from a PSO
group_name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
# PSO still applies directly to the user, even though group was removed
self.check_pso_applied(user, pso=test_pso)
user.name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.check_pso_applied(user, pso=None)
def test_pso_unpriv(self):
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "create"), "bad-perm",
"250", "--complexity=off",
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to modify PSO")
self.assertIn("Administrator permissions are needed", err)
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "delete"), pso_name,
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to delete PSO")
self.assertIn("You may not have permission", err)
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "show"), pso_name,
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to view PSO")
self.assertIn("You may not have permission", err)
"show"), "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
# check an arbitrary setting is displayed correctly
min_pwd_len = self.ldb.get_minPwdLength()
# check we can change the domain setting
self.addCleanup(self.ldb.set_minPwdLength, min_pwd_len)
new_len = int(min_pwd_len) + 3
+ min_pwd_args = "--min-pwd-length=%u" % new_len
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "set"),
- "--min-pwd-length=%u" % new_len,
+ "set"), min_pwd_args,
"-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("successful", out)
self.assertEquals(new_len, self.ldb.get_minPwdLength())
"show"), "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
- self.assertEquals(err,"","Shouldn't be any error messages")
+ self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Minimum password length: %u" % new_len, out)
-