From: Stefan Metzmacher Date: Fri, 5 Feb 2016 07:37:53 +0000 (+0100) Subject: s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function X-Git-Tag: tdb-1.3.10~611 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=26a96d296420246f428584681485bb07de094063;p=thirdparty%2Fsamba.git s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/dsdb/tests/python/password_lockout.py b/source4/dsdb/tests/python/password_lockout.py index 1953177bb2e..396f64e19ab 100755 --- a/source4/dsdb/tests/python/password_lockout.py +++ b/source4/dsdb/tests/python/password_lockout.py @@ -495,125 +495,7 @@ lockoutThreshold: """ + str(lockoutThreshold) + """ self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) - # (Re)adds the test user "testuser" with no password atm - delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn) - self.ldb.add({ - "dn": "cn=testuser,cn=users," + self.base_dn, - "objectclass": "user", - "sAMAccountName": "testuser"}) - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=0, - badPasswordTime=0, - lastLogon=0, - lastLogonTimestamp=('absent', None), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, - msDSUserAccountControlComputed= - dsdb.UF_PASSWORD_EXPIRED) - - # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present. - # It doesn't create "lockoutTime" = 0. - self._reset_samr(res) - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=0, - badPasswordTime=0, - lastLogon=0, - lastLogonTimestamp=('absent', None), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, - msDSUserAccountControlComputed= - dsdb.UF_PASSWORD_EXPIRED) - - # Tests a password change when we don't have any password yet with a - # wrong old password - try: - self.ldb.modify_ldif(""" -dn: cn=testuser,cn=users,""" + self.base_dn + """ -changetype: modify -delete: userPassword -userPassword: noPassword -add: userPassword -userPassword: thatsAcomplPASS2 -""") - self.fail() - except LdbError, (num, msg): - self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) - # Windows (2008 at least) seems to have some small bug here: it - # returns "0000056A" on longer (always wrong) previous passwords. - self.assertTrue('00000056' in msg, msg) - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=1, - badPasswordTime=("greater", 0), - lastLogon=0, - lastLogonTimestamp=('absent', None), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, - msDSUserAccountControlComputed= - dsdb.UF_PASSWORD_EXPIRED) - badPasswordTime = int(res[0]["badPasswordTime"][0]) - - # Sets the initial user password with a "special" password change - # I think that this internally is a password set operation and it can - # only be performed by someone which has password set privileges on the - # account (at least in s4 we do handle it like that). - self.ldb.modify_ldif(""" -dn: cn=testuser,cn=users,""" + self.base_dn + """ -changetype: modify -delete: userPassword -add: userPassword -userPassword: thatsAcomplPASS1 -""") - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=1, - badPasswordTime=badPasswordTime, - lastLogon=0, - lastLogonTimestamp=('absent', None), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, - msDSUserAccountControlComputed=0) - - # Enables the user account - self.ldb.enable_account("(sAMAccountName=testuser)") - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=1, - badPasswordTime=badPasswordTime, - lastLogon=0, - lastLogonTimestamp=('absent', None), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT, - msDSUserAccountControlComputed=0) - - # Open a second LDB connection with the user credentials. Use the - # command line credentials for informations like the domain, the realm - # and the workstation. - creds2 = insta_creds() - - self.ldb2 = SamDB(url=host_url, credentials=creds2, lp=lp) - - res = self._check_account("cn=testuser,cn=users," + self.base_dn, - badPwdCount=0, - badPasswordTime=badPasswordTime, - lastLogon=('greater', 0), - lastLogonTimestamp=('greater', 0), - userAccountControl= - dsdb.UF_NORMAL_ACCOUNT, - msDSUserAccountControlComputed=0) - - lastLogon = int(res[0]["lastLogon"][0]) - self.assertGreater(lastLogon, badPasswordTime) + self._readd_user() # (Re)adds the test user "testuser3" with no password atm delete_force(self.ldb, "cn=testuser3,cn=users," + self.base_dn)