from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_ACCOUNTDISABLE,
UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
- UF_INTERDOMAIN_TRUST_ACCOUNT,
+ UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SMARTCARD_REQUIRED,
UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_ADMINS,
DOMAIN_RID_DOMAIN_MEMBERS, DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
+from samba.ndr import ndr_unpack
+from samba.dcerpc import drsblobs
+from samba.dcerpc import drsuapi
from samba.dcerpc import security
from samba.tests import delete_force
from samba import gensec
delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ def find_repl_meta_data(self, rpmd, attid):
+ for i in xrange(0, rpmd.ctr.count):
+ m = rpmd.ctr.array[i]
+ if m.attid == attid:
+ return m
+ return None
+
+ def test_smartcard_required1(self):
+ """Test the UF_SMARTCARD_REQUIRED behaviour"""
+ print "Testing UF_SMARTCARD_REQUIRED behaviour\n"
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT),
+ "unicodePwd": "\"thatsAcomplPASS2\"".encode('utf-16-le')
+ })
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT)
+ self.assertNotEqual(int(res[0]["pwdLastSet"][0]), 0)
+ lastset = int(res[0]["pwdLastSet"][0])
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), lastset)
+ lastset1 = int(res[0]["pwdLastSet"][0])
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 2)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 2)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 2)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 2)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 2)
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ def test_smartcard_required2(self):
+ """Test the UF_SMARTCARD_REQUIRED behaviour"""
+ print "Testing UF_SMARTCARD_REQUIRED behaviour\n"
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE),
+ })
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertTrue("msDS-KeyVersionNumber" in res[0])
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNone(spcbmd)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 2)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 2)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 2)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 2)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 2)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 2)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 2)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 2)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ def test_smartcard_required3(self):
+ """Test the UF_SMARTCARD_REQUIRED behaviour"""
+ print "Testing UF_SMARTCARD_REQUIRED behaviour\n"
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED|UF_ACCOUNTDISABLE),
+ })
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED|UF_ACCOUNTDISABLE)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ def test_smartcard_required3(self):
+ """Test the UF_SMARTCARD_REQUIRED behaviour"""
+ print "Testing UF_SMARTCARD_REQUIRED behaviour\n"
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED|UF_ACCOUNTDISABLE),
+ })
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED|UF_ACCOUNTDISABLE)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl",
+ "pwdLastSet", "msDS-KeyVersionNumber",
+ "replPropertyMetaData"])
+ self.assertTrue(len(res) == 1)
+ self.assertEqual(int(res[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertEqual(int(res[0]["userAccountControl"][0]),
+ UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED)
+ self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+ self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+ self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+ rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ res[0]["replPropertyMetaData"][0])
+ lastsetmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_pwdLastSet)
+ self.assertIsNotNone(lastsetmd)
+ self.assertEqual(lastsetmd.version, 1)
+ nthashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_unicodePwd)
+ self.assertIsNotNone(nthashmd)
+ self.assertEqual(nthashmd.version, 1)
+ nthistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+ self.assertIsNotNone(nthistmd)
+ self.assertEqual(nthistmd.version, 1)
+ lmhashmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_dBCSPwd)
+ self.assertIsNotNone(lmhashmd)
+ self.assertEqual(lmhashmd.version, 1)
+ lmhistmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+ self.assertIsNotNone(lmhistmd)
+ self.assertEqual(lmhistmd.version, 1)
+ spcbmd = self.find_repl_meta_data(rpmd,
+ drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+ self.assertIsNotNone(spcbmd)
+ self.assertEqual(spcbmd.version, 1)
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
def test_isCriticalSystemObject(self):
"""Test the isCriticalSystemObject behaviour"""
print "Testing isCriticalSystemObject behaviour\n"