[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Apr 15 22:14:35 MDT 2010
The branch, master has been updated
via 75f5c3c... s4-net: allow a username to be displayed in setpassword errors
via 046c582... s4-net: nicer error message (and no exception)
via 22d7a06... s4-test: added KRB5_CONFIG to selftest-vars.sh
via 48330c8... s4-test: check that a weak password is rejected by kpasswd
from a7f8c19... s4:rootdse: only return "tokenGroups", when the client asked for them
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 75f5c3cd97e90ba19dde3d3d3b3679d5e14abe8c
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Apr 15 17:15:25 2010 +1000
s4-net: allow a username to be displayed in setpassword errors
the filter is a bit too cryptic
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 046c5824e4f28d07c96e5ad21bef415cfdcf090e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Apr 15 17:14:46 2010 +1000
s4-net: nicer error message (and no exception)
in net newuser and net setpasswd we shouldn't be throwing python
exceptions on normal user errors like unknown user
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 22d7a06522088e86eb19b104f24cdf19e576a668
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Apr 15 17:13:37 2010 +1000
s4-test: added KRB5_CONFIG to selftest-vars.sh
commit 48330c828e5058823c6df09736e8e8eaefdd6565
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Apr 15 16:25:50 2010 +1000
s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/devel/selftest-vars.sh | 1 +
source4/scripting/python/samba/netcmd/newuser.py | 10 ++++-
.../scripting/python/samba/netcmd/setpassword.py | 12 ++++-
source4/scripting/python/samba/samdb.py | 7 +++-
testprogs/blackbox/test_passwords.sh | 44 ++++++++++++++++++++
5 files changed, 68 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/devel/selftest-vars.sh b/source4/scripting/devel/selftest-vars.sh
index 9a194f1..1ee9eb3 100644
--- a/source4/scripting/devel/selftest-vars.sh
+++ b/source4/scripting/devel/selftest-vars.sh
@@ -7,3 +7,4 @@ export SOCKET_WRAPPER_DIR=./st/w
export UID_WRAPPER=1
export NSS_WRAPPER_PASSWD=st/dc/passwd
export NSS_WRAPPER_GROUP=st/dc/group
+export KRB5_CONFIG=st/dc/etc/krb5.conf
diff --git a/source4/scripting/python/samba/netcmd/newuser.py b/source4/scripting/python/samba/netcmd/newuser.py
index 3815219..f3babfe 100644
--- a/source4/scripting/python/samba/netcmd/newuser.py
+++ b/source4/scripting/python/samba/netcmd/newuser.py
@@ -21,6 +21,7 @@
import samba.getopt as options
from samba.netcmd import Command, Option
+import sys, ldb
from getpass import getpass
from samba.auth import system_session
@@ -61,5 +62,10 @@ class cmd_newuser(Command):
samdb = SamDB(url=H, session_info=system_session(), credentials=creds,
lp=lp)
- samdb.newuser(username, unixname, password,
- force_password_change_at_next_login_req=must_change_at_next_login)
+ try:
+ samdb.newuser(username, unixname, password,
+ force_password_change_at_next_login_req=must_change_at_next_login)
+ except ldb.LdbError, (num, msg):
+ print('Failed to create user "%s" : %s' % (username, msg))
+ sys.exit(1)
+
diff --git a/source4/scripting/python/samba/netcmd/setpassword.py b/source4/scripting/python/samba/netcmd/setpassword.py
index c4a9b00..a1fe75c 100644
--- a/source4/scripting/python/samba/netcmd/setpassword.py
+++ b/source4/scripting/python/samba/netcmd/setpassword.py
@@ -22,7 +22,7 @@
import samba.getopt as options
from samba.netcmd import Command, CommandError, Option
-
+import sys
from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
@@ -68,5 +68,11 @@ class cmd_setpassword(Command):
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
- samdb.setpassword(filter, password,
- force_change_at_next_login=must_change_at_next_login)
+ try:
+ samdb.setpassword(filter, password,
+ force_change_at_next_login=must_change_at_next_login,
+ username=username)
+ except:
+ print('Failed to set password for user "%s"' % username)
+ sys.exit(1)
+
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 790cb2b..d41b3ec 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -153,7 +153,9 @@ pwdLastSet: 0
else:
self.transaction_commit()
- def setpassword(self, filter, password, force_change_at_next_login=False):
+ def setpassword(self, filter, password,
+ force_change_at_next_login=False,
+ username=None):
"""Sets the password for a user
Note: This call uses the "userPassword" attribute to set the password.
@@ -168,6 +170,9 @@ pwdLastSet: 0
try:
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression=filter, attrs=[])
+ if len(res) == 0:
+ print('Unable to find user "%s"' % (username or filter))
+ raise
assert(len(res) == 1)
user_dn = res[0].dn
diff --git a/testprogs/blackbox/test_passwords.sh b/testprogs/blackbox/test_passwords.sh
index 9a4c191..167c1b2 100755
--- a/testprogs/blackbox/test_passwords.sh
+++ b/testprogs/blackbox/test_passwords.sh
@@ -71,8 +71,52 @@ test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`exp
USERPASS=$NEWUSERPASS
+WEAKPASS=testpass1
NEWUSERPASS=testPaSS at 03%
+# password mismatch check doesn't work yet (kpasswd bug, reported to Love)
+#echo "check that password mismatch gives the right error"
+#cat > ./tmpkpasswdscript <<EOF
+#expect Password
+#password ${USERPASS}\n
+#expect New password
+#send ${WEAKPASS}\n
+#expect New password
+#send ${NEWUSERPASS}\n
+#expect password mismatch
+#EOF
+#
+#testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+
+echo "check that a weak password is rejected"
+cat > ./tmpkpasswdscript <<EOF
+expect Password
+password ${USERPASS}\n
+expect New password
+send ${WEAKPASS}\n
+expect New password
+send ${WEAKPASS}\n
+expect Password does not meet complexity requirements
+EOF
+
+testit "change to weak user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+echo "check that a short password is rejected"
+cat > ./tmpkpasswdscript <<EOF
+expect Password
+password ${USERPASS}\n
+expect New password
+send xx1\n
+expect New password
+send xx1\n
+expect Password too short
+EOF
+
+testit "change to short user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
+
+
+echo "check that a strong new password is accepted"
cat > ./tmpkpasswdscript <<EOF
expect Password
password ${USERPASS}\n
--
Samba Shared Repository
More information about the samba-cvs
mailing list