[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Thu Apr 15 22:14:35 MDT 2010


The branch, master has been updated
       via  75f5c3c... s4-net: allow a username to be displayed in setpassword errors
       via  046c582... s4-net: nicer error message (and no exception)
       via  22d7a06... s4-test: added KRB5_CONFIG to selftest-vars.sh
       via  48330c8... s4-test: check that a weak password is rejected by kpasswd
      from  a7f8c19... s4:rootdse: only return "tokenGroups", when the client asked for them

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 75f5c3cd97e90ba19dde3d3d3b3679d5e14abe8c
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Apr 15 17:15:25 2010 +1000

    s4-net: allow a username to be displayed in setpassword errors
    
    the filter is a bit too cryptic
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 046c5824e4f28d07c96e5ad21bef415cfdcf090e
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Apr 15 17:14:46 2010 +1000

    s4-net: nicer error message (and no exception)
    
    in net newuser and net setpasswd we shouldn't be throwing python
    exceptions on normal user errors like unknown user
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 22d7a06522088e86eb19b104f24cdf19e576a668
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Apr 15 17:13:37 2010 +1000

    s4-test: added KRB5_CONFIG to selftest-vars.sh

commit 48330c828e5058823c6df09736e8e8eaefdd6565
Author: Andrew Tridgell <tridge at samba.org>
Date:   Thu Apr 15 16:25:50 2010 +1000

    s4-test: check that a weak password is rejected by kpasswd
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/devel/selftest-vars.sh           |    1 +
 source4/scripting/python/samba/netcmd/newuser.py   |   10 ++++-
 .../scripting/python/samba/netcmd/setpassword.py   |   12 ++++-
 source4/scripting/python/samba/samdb.py            |    7 +++-
 testprogs/blackbox/test_passwords.sh               |   44 ++++++++++++++++++++
 5 files changed, 68 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/devel/selftest-vars.sh b/source4/scripting/devel/selftest-vars.sh
index 9a194f1..1ee9eb3 100644
--- a/source4/scripting/devel/selftest-vars.sh
+++ b/source4/scripting/devel/selftest-vars.sh
@@ -7,3 +7,4 @@ export SOCKET_WRAPPER_DIR=./st/w
 export UID_WRAPPER=1
 export NSS_WRAPPER_PASSWD=st/dc/passwd
 export NSS_WRAPPER_GROUP=st/dc/group
+export KRB5_CONFIG=st/dc/etc/krb5.conf
diff --git a/source4/scripting/python/samba/netcmd/newuser.py b/source4/scripting/python/samba/netcmd/newuser.py
index 3815219..f3babfe 100644
--- a/source4/scripting/python/samba/netcmd/newuser.py
+++ b/source4/scripting/python/samba/netcmd/newuser.py
@@ -21,6 +21,7 @@
 
 import samba.getopt as options
 from samba.netcmd import Command, Option
+import sys, ldb
 
 from getpass import getpass
 from samba.auth import system_session
@@ -61,5 +62,10 @@ class cmd_newuser(Command):
 
         samdb = SamDB(url=H, session_info=system_session(), credentials=creds,
             lp=lp)
-        samdb.newuser(username, unixname, password,
-            force_password_change_at_next_login_req=must_change_at_next_login)
+        try:
+            samdb.newuser(username, unixname, password,
+                          force_password_change_at_next_login_req=must_change_at_next_login)
+        except ldb.LdbError, (num, msg):
+            print('Failed to create user "%s" : %s' % (username, msg))
+            sys.exit(1)
+
diff --git a/source4/scripting/python/samba/netcmd/setpassword.py b/source4/scripting/python/samba/netcmd/setpassword.py
index c4a9b00..a1fe75c 100644
--- a/source4/scripting/python/samba/netcmd/setpassword.py
+++ b/source4/scripting/python/samba/netcmd/setpassword.py
@@ -22,7 +22,7 @@
 
 import samba.getopt as options
 from samba.netcmd import Command, CommandError, Option
-
+import sys
 from getpass import getpass
 from samba.auth import system_session
 from samba.samdb import SamDB
@@ -68,5 +68,11 @@ class cmd_setpassword(Command):
         samdb = SamDB(url=H, session_info=system_session(),
                       credentials=creds, lp=lp)
 
-        samdb.setpassword(filter, password,
-            force_change_at_next_login=must_change_at_next_login)
+        try:
+            samdb.setpassword(filter, password,
+                              force_change_at_next_login=must_change_at_next_login,
+                              username=username)
+        except:
+            print('Failed to set password for user "%s"' % username)
+            sys.exit(1)
+
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 790cb2b..d41b3ec 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -153,7 +153,9 @@ pwdLastSet: 0
         else:
             self.transaction_commit()
 
-    def setpassword(self, filter, password, force_change_at_next_login=False):
+    def setpassword(self, filter, password,
+                    force_change_at_next_login=False,
+                    username=None):
         """Sets the password for a user
         
         Note: This call uses the "userPassword" attribute to set the password.
@@ -168,6 +170,9 @@ pwdLastSet: 0
         try:
             res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                               expression=filter, attrs=[])
+            if len(res) == 0:
+                print('Unable to find user "%s"' % (username or filter))
+                raise
             assert(len(res) == 1)
             user_dn = res[0].dn
 
diff --git a/testprogs/blackbox/test_passwords.sh b/testprogs/blackbox/test_passwords.sh
index 9a4c191..167c1b2 100755
--- a/testprogs/blackbox/test_passwords.sh
+++ b/testprogs/blackbox/test_passwords.sh
@@ -71,8 +71,52 @@ test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`exp
 
 
 USERPASS=$NEWUSERPASS
+WEAKPASS=testpass1
 NEWUSERPASS=testPaSS at 03%
 
+# password mismatch check doesn't work yet (kpasswd bug, reported to Love)
+#echo "check that password mismatch gives the right error"
+#cat > ./tmpkpasswdscript <<EOF
+#expect Password
+#password ${USERPASS}\n
+#expect New password
+#send ${WEAKPASS}\n
+#expect New password
+#send ${NEWUSERPASS}\n
+#expect password mismatch
+#EOF
+#
+#testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+
+echo "check that a weak password is rejected"
+cat > ./tmpkpasswdscript <<EOF
+expect Password
+password ${USERPASS}\n
+expect New password
+send ${WEAKPASS}\n
+expect New password
+send ${WEAKPASS}\n
+expect Password does not meet complexity requirements
+EOF
+
+testit "change to weak user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+echo "check that a short password is rejected"
+cat > ./tmpkpasswdscript <<EOF
+expect Password
+password ${USERPASS}\n
+expect New password
+send xx1\n
+expect New password
+send xx1\n
+expect Password too short
+EOF
+
+testit "change to short user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+
+echo "check that a strong new password is accepted"
 cat > ./tmpkpasswdscript <<EOF
 expect Password
 password ${USERPASS}\n


-- 
Samba Shared Repository


More information about the samba-cvs mailing list