tests: Add test for setting min/maxPwdAge

Currently setting maxPwdAge doesn't work at all.

While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/samba_tool/passwordsettings.py b/python/samba/tests/samba_tool/passwordsettings.py
index e29c76c730d40984864170c4626ac8d3843b3e20..43264b64608e30ddcb0d67f42b618ca6fb00e73b 100644 (file)
--- a/python/samba/tests/samba_tool/passwordsettings.py
+++ b/python/samba/tests/samba_tool/passwordsettings.py
@@ -444,3 +444,41 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
         self.assertCmdSuccess(result, out, err)
         self.assertEquals(err, "", "Shouldn't be any error messages")
         self.assertIn("Minimum password length: %u" % new_len, out)
         self.assertCmdSuccess(result, out, err)
         self.assertEquals(err, "", "Shouldn't be any error messages")
         self.assertIn("Minimum password length: %u" % new_len, out)

+
+    def test_domain_passwordsettings_pwdage(self):
+        """Checks the 'set' command for the domain password age (non-PSO)"""
+
+        # check we can set the domain max password age
+        max_pwd_age = self.ldb.get_maxPwdAge()
+        self.addCleanup(self.ldb.set_maxPwdAge, max_pwd_age)
+        max_pwd_args = "--max-pwd-age=270"
+        (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+                                                 "set"), max_pwd_args,
+                                                 "-H", self.server,
+                                                 self.user_auth)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEquals(err, "", "Shouldn't be any error messages")
+        self.assertIn("successful", out)
+        self.assertNotEquals(max_pwd_age, self.ldb.get_maxPwdAge())
+
+        # check we can't set the domain min password age to more than the max
+        min_pwd_age = self.ldb.get_minPwdAge()
+        self.addCleanup(self.ldb.set_minPwdAge, min_pwd_age)
+        min_pwd_args = "--min-pwd-age=271"
+        (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+                                                 "set"), min_pwd_args,
+                                                 "-H", self.server,
+                                                 self.user_auth)
+        self.assertCmdFail(result, "minPwdAge > maxPwdAge should be rejected")
+        self.assertIn("Maximum password age", err)
+
+        # check we can set the domain min password age to less than the max
+        min_pwd_args = "--min-pwd-age=269"
+        (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+                                                 "set"), min_pwd_args,
+                                                 "-H", self.server,
+                                                 self.user_auth)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEquals(err, "", "Shouldn't be any error messages")
+        self.assertIn("successful", out)
+        self.assertNotEquals(min_pwd_age, self.ldb.get_minPwdAge())

diff --git a/selftest/knownfail.d/passwordsettings b/selftest/knownfail.d/passwordsettings
new file mode 100644 (file)
index 0000000..8e94cef
--- /dev/null
+++ b/selftest/knownfail.d/passwordsettings
@@ -0,0 +1 @@
+samba.tests.samba_tool.passwordsettings.samba.tests.samba_tool.passwordsettings.PwdSettingsCmdTestCase.test_domain_passwordsettings_pwdage\(ad_dc_default:local\)