[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Sat Jul 3 04:05:28 MDT 2010 

The branch, master has been updated
       via  43b0c31... s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value
       via  c0ee606... s4:pwsettings net utility - change also here the "minPwdAge" to be the real default
       via  73c69a1... s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0
       via  ec9fa90... s4:dsdb/tests/passwords.py - set and reset the "minPwdAge" properly
      from  86cde0a... Tests for user-change-password and force-password-change access rights

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 43b0c314d80efdaec17d601929d3e6b0cdebcff0
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Jul 3 10:56:14 2010 +0200

    s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value
    
    Now we should have fixed all password related tests to cooperate with this value

commit c0ee606474ffb355e7c4e8dd70c773fe8904fa4b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Jul 3 11:27:20 2010 +0200

    s4:pwsettings net utility - change also here the "minPwdAge" to be the real default
    
    Which is one day.

commit 73c69a195abc68146352da399418b9f64a6ca803
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Jul 3 11:23:39 2010 +0200

    s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0

commit ec9fa906c79c4f71d0230dd57dfde6dd67f37201
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Jul 3 11:07:10 2010 +0200

    s4:dsdb/tests/passwords.py - set and reset the "minPwdAge" properly
    
    After a patch proposal of Nadya and some reflection I think that it's really
    worth to change all tests which need a "0" "minPwdAge" to set it manually and
    reset the default afterwards.
    
    So we can finally introduce the default "minPwdAge" on provision.
    
    Patch proposal by: Nadya Ivanova

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/tests/python/passwords.py             |   23 ++++++++++++++++++-
 .../scripting/python/samba/netcmd/pwsettings.py    |    4 +-
 source4/setup/provision_basedn_modify.ldif         |    3 +-
 testprogs/blackbox/test_passwords.sh               |    4 +-
 4 files changed, 26 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index bf9e909..c288ed5 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -7,8 +7,6 @@
 # Notice: This tests will also work against Windows Server if the connection is
 # secured enough (SASL with a minimum of 128 Bit encryption) - consider
 # MS-ADTS 3.1.1.3.1.5
-#
-# Important: Make sure that the minimum password age is set to "0"!
 
 import optparse
 import sys
@@ -584,6 +582,11 @@ res = ldb.search(base="", expression="", scope=SCOPE_BASE,
                  attrs=["configurationNamingContext"])
 configuration_dn = res[0]["configurationNamingContext"][0]
 
+# Gets back the basedn
+res = ldb.search(base="", expression="", scope=SCOPE_BASE,
+                 attrs=["defaultNamingContext"])
+base_dn = res[0]["defaultNamingContext"][0]
+
 # Get the old "dSHeuristics" if it was set
 res = ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
                  + configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
@@ -600,6 +603,16 @@ m["dSHeuristics"] = MessageElement("000000001", FLAG_MOD_REPLACE,
   "dSHeuristics")
 ldb.modify(m)
 
+# Get the old "minPwdAge"
+res = ldb.search(base_dn, scope=SCOPE_BASE, attrs=["minPwdAge"])
+minPwdAge = res[0]["minPwdAge"][0]
+
+# Set it temporarely to "0"
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement("0", FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
 runner = SubunitTestRunner()
 rc = 0
 if not runner.run(unittest.makeSuite(PasswordTests)).wasSuccessful():
@@ -616,4 +629,10 @@ else:
     m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
 ldb.modify(m)
 
+# Reset the "minPwdAge" as it was before
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement(minPwdAge, FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
 sys.exit(rc)
diff --git a/source4/scripting/python/samba/netcmd/pwsettings.py b/source4/scripting/python/samba/netcmd/pwsettings.py
index f4f8270..bfec13c 100644
--- a/source4/scripting/python/samba/netcmd/pwsettings.py
+++ b/source4/scripting/python/samba/netcmd/pwsettings.py
@@ -55,7 +55,7 @@ class cmd_pwsettings(Command):
         Option("--min-pwd-length",
           help="The minimum password length (<integer> | default).  Default is 7.", type=str),
         Option("--min-pwd-age",
-          help="The minimum password age (<integer in days> | default).  Default is 0.", type=str),
+          help="The minimum password age (<integer in days> | default).  Default is 1.", type=str),
         Option("--max-pwd-age",
           help="The maximum password age (<integer in days> | default).  Default is 43.", type=str),
           ]
@@ -142,7 +142,7 @@ class cmd_pwsettings(Command):
 
             if min_pwd_age is not None:
                 if min_pwd_age == "default":
-                    min_pwd_age = 0
+                    min_pwd_age = 1
                 else:
                     min_pwd_age = int(min_pwd_age)
 
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index b4f3016..53845f7 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -35,9 +35,8 @@ lockoutThreshold: 0
 replace: maxPwdAge
 maxPwdAge: -36288000000000
 -
-# "minPwdAge" is "0" in order to let the password change tests pass
 replace: minPwdAge
-minPwdAge: 0
+minPwdAge: -864000000000
 -
 replace: minPwdLength
 minPwdLength: 7
diff --git a/testprogs/blackbox/test_passwords.sh b/testprogs/blackbox/test_passwords.sh
index 167c1b2..de7e31e 100755
--- a/testprogs/blackbox/test_passwords.sh
+++ b/testprogs/blackbox/test_passwords.sh
@@ -48,6 +48,8 @@ test_smbclient() {
 CONFIG="--configfile=$PREFIX/dc/etc/smb.conf"
 export CONFIG
 
+testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $net pwsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1`
+
 USERPASS=testPaSS at 01%
 
 testit "create user locally" $VALGRIND $newuser $CONFIG nettestuser $USERPASS $@ || failed=`expr $failed + 1`
@@ -161,8 +163,6 @@ USERPASS=$NEWUSERPASS
 
 test_smbclient "Test login with user kerberos" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1`
 
-testit "reset password policies" $VALGRIND $net pwsettings set $CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
-
 NEWUSERPASS=abcdefg
 testit_expect_failure "try to set a non-complex password (command should not succeed)" $VALGRIND $net password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ && failed=`expr $failed + 1`
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list