samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviou...

This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.

This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).

This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 12dff08271cc53b337302743425a92a39ee28cb6..5131e7a935553af1c300a9400b82868080bbecc5 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -38,6 +38,28 @@ source tree.  While there will be some differences - due to features
 chosen by packagers - comparing these lists with the build dependencies
 in a package may locate other dependencies we no longer require.
 
+samba-tool user getpassword / syncpasswords ;rounds= change
+-----------------------------------------------------------
+
+The password access tool "samba-tool user getpassword" and the
+password sync tool "samba-tool user syncpasswords" allow attributes to
+be chosen for output, and accept parameters like
+pwdLastSet;format=GeneralizedTime
+
+These attributes then appear, in the same format, as the attributes in
+the LDIF output.  This was not the case for the ;rounds= parameter of
+virtualCryptSHA256 and virtualCryptSHA512, for example as
+--attributes="virtualCryptSHA256;rounds=50000"
+
+This release makes the behaviour consistent between these two
+features.  Installations using GPG-encrypted passwords (or plaintext
+storage) and the rounds= option, will find the output has changed
+
+from:
+virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
+
+to:
+virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
 
 REMOVED FEATURES
 ================

diff --git a/python/samba/netcmd/user/readpasswords/common.py b/python/samba/netcmd/user/readpasswords/common.py
index acb412b90e0c912aba96dd4287817f8ba849a26d..267c8242b8e67bf09eafd352c0565bf4204b7a57 100644 (file)
--- a/python/samba/netcmd/user/readpasswords/common.py
+++ b/python/samba/netcmd/user/readpasswords/common.py
@@ -751,7 +751,7 @@ class GetPasswordCommand(Command):
                     continue
             else:
                 continue
-            obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, a)
+            obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, vattr["raw_attr"])
 
         def get_src_attrname(srcattrg):
             srcattrl = srcattrg.lower()

diff --git a/selftest/knownfail.d/user_virtualCryptSHA b/selftest/knownfail.d/user_virtualCryptSHA
deleted file mode 100644 (file)
index 282e3e8..0000000
--- a/selftest/knownfail.d/user_virtualCryptSHA
+++ /dev/null
@@ -1,16 +0,0 @@
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match
-^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid