From: Andrew Bartlett Date: Mon, 11 Dec 2023 07:55:10 +0000 (+1300) Subject: samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviou... X-Git-Tag: talloc-2.4.2~244 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2c54a754842e0deb6e6a4944fde6dec37d7742a2;p=thirdparty%2Fsamba.git samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds= This will return the previous password, but the pattern is to include the option in the returned attribute name, so we need to use vatter["raw_attr"], not 'a'. This changes the behaviour for the ;rounds= option used when we hold the plaintext password (possibly under GPG encryption). This is now consistant with other parameters in the LDAP attribute, and is now included in the returned attribute name. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 12dff08271c..5131e7a9355 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -38,6 +38,28 @@ source tree. While there will be some differences - due to features chosen by packagers - comparing these lists with the build dependencies in a package may locate other dependencies we no longer require. +samba-tool user getpassword / syncpasswords ;rounds= change +----------------------------------------------------------- + +The password access tool "samba-tool user getpassword" and the +password sync tool "samba-tool user syncpasswords" allow attributes to +be chosen for output, and accept parameters like +pwdLastSet;format=GeneralizedTime + +These attributes then appear, in the same format, as the attributes in +the LDIF output. This was not the case for the ;rounds= parameter of +virtualCryptSHA256 and virtualCryptSHA512, for example as +--attributes="virtualCryptSHA256;rounds=50000" + +This release makes the behaviour consistent between these two +features. Installations using GPG-encrypted passwords (or plaintext +storage) and the rounds= option, will find the output has changed + +from: +virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF + +to: +virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF REMOVED FEATURES ================ diff --git a/python/samba/netcmd/user/readpasswords/common.py b/python/samba/netcmd/user/readpasswords/common.py index acb412b90e0..267c8242b8e 100644 --- a/python/samba/netcmd/user/readpasswords/common.py +++ b/python/samba/netcmd/user/readpasswords/common.py @@ -751,7 +751,7 @@ class GetPasswordCommand(Command): continue else: continue - obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, a) + obj[a] = ldb.MessageElement(v, ldb.FLAG_MOD_REPLACE, vattr["raw_attr"]) def get_src_attrname(srcattrg): srcattrl = srcattrg.lower() diff --git a/selftest/knownfail.d/user_virtualCryptSHA b/selftest/knownfail.d/user_virtualCryptSHA deleted file mode 100644 index 282e3e8491f..00000000000 --- a/selftest/knownfail.d/user_virtualCryptSHA +++ /dev/null @@ -1,16 +0,0 @@ -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_userPassword.samba.tests.samba_tool.user_virtualCryptSHA_userPassword.UserCmdCryptShaTestCaseUserPassword.test_no_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_both_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_rounds_stored_hashes_with_rounds_no_match -^samba.tests.samba_tool.user_virtualCryptSHA_gpg.samba.tests.samba_tool.user_virtualCryptSHA_gpg.UserCmdCryptShaTestCaseGPG.test_gpg_both_hashes_sha256_rounds_invalid