[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Sat Jul 3 04:05:28 MDT 2010
The branch, master has been updated
via 43b0c31... s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value
via c0ee606... s4:pwsettings net utility - change also here the "minPwdAge" to be the real default
via 73c69a1... s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0
via ec9fa90... s4:dsdb/tests/passwords.py - set and reset the "minPwdAge" properly
from 86cde0a... Tests for user-change-password and force-password-change access rights
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 43b0c314d80efdaec17d601929d3e6b0cdebcff0
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jul 3 10:56:14 2010 +0200
s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value
Now we should have fixed all password related tests to cooperate with this value
commit c0ee606474ffb355e7c4e8dd70c773fe8904fa4b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jul 3 11:27:20 2010 +0200
s4:pwsettings net utility - change also here the "minPwdAge" to be the real default
Which is one day.
commit 73c69a195abc68146352da399418b9f64a6ca803
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jul 3 11:23:39 2010 +0200
s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0
commit ec9fa906c79c4f71d0230dd57dfde6dd67f37201
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jul 3 11:07:10 2010 +0200
s4:dsdb/tests/passwords.py - set and reset the "minPwdAge" properly
After a patch proposal of Nadya and some reflection I think that it's really
worth to change all tests which need a "0" "minPwdAge" to set it manually and
reset the default afterwards.
So we can finally introduce the default "minPwdAge" on provision.
Patch proposal by: Nadya Ivanova
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/tests/python/passwords.py | 23 ++++++++++++++++++-
.../scripting/python/samba/netcmd/pwsettings.py | 4 +-
source4/setup/provision_basedn_modify.ldif | 3 +-
testprogs/blackbox/test_passwords.sh | 4 +-
4 files changed, 26 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index bf9e909..c288ed5 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -7,8 +7,6 @@
# Notice: This tests will also work against Windows Server if the connection is
# secured enough (SASL with a minimum of 128 Bit encryption) - consider
# MS-ADTS 3.1.1.3.1.5
-#
-# Important: Make sure that the minimum password age is set to "0"!
import optparse
import sys
@@ -584,6 +582,11 @@ res = ldb.search(base="", expression="", scope=SCOPE_BASE,
attrs=["configurationNamingContext"])
configuration_dn = res[0]["configurationNamingContext"][0]
+# Gets back the basedn
+res = ldb.search(base="", expression="", scope=SCOPE_BASE,
+ attrs=["defaultNamingContext"])
+base_dn = res[0]["defaultNamingContext"][0]
+
# Get the old "dSHeuristics" if it was set
res = ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
+ configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
@@ -600,6 +603,16 @@ m["dSHeuristics"] = MessageElement("000000001", FLAG_MOD_REPLACE,
"dSHeuristics")
ldb.modify(m)
+# Get the old "minPwdAge"
+res = ldb.search(base_dn, scope=SCOPE_BASE, attrs=["minPwdAge"])
+minPwdAge = res[0]["minPwdAge"][0]
+
+# Set it temporarely to "0"
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement("0", FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
runner = SubunitTestRunner()
rc = 0
if not runner.run(unittest.makeSuite(PasswordTests)).wasSuccessful():
@@ -616,4 +629,10 @@ else:
m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
ldb.modify(m)
+# Reset the "minPwdAge" as it was before
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement(minPwdAge, FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
sys.exit(rc)
diff --git a/source4/scripting/python/samba/netcmd/pwsettings.py b/source4/scripting/python/samba/netcmd/pwsettings.py
index f4f8270..bfec13c 100644
--- a/source4/scripting/python/samba/netcmd/pwsettings.py
+++ b/source4/scripting/python/samba/netcmd/pwsettings.py
@@ -55,7 +55,7 @@ class cmd_pwsettings(Command):
Option("--min-pwd-length",
help="The minimum password length (<integer> | default). Default is 7.", type=str),
Option("--min-pwd-age",
- help="The minimum password age (<integer in days> | default). Default is 0.", type=str),
+ help="The minimum password age (<integer in days> | default). Default is 1.", type=str),
Option("--max-pwd-age",
help="The maximum password age (<integer in days> | default). Default is 43.", type=str),
]
@@ -142,7 +142,7 @@ class cmd_pwsettings(Command):
if min_pwd_age is not None:
if min_pwd_age == "default":
- min_pwd_age = 0
+ min_pwd_age = 1
else:
min_pwd_age = int(min_pwd_age)
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index b4f3016..53845f7 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -35,9 +35,8 @@ lockoutThreshold: 0
replace: maxPwdAge
maxPwdAge: -36288000000000
-
-# "minPwdAge" is "0" in order to let the password change tests pass
replace: minPwdAge
-minPwdAge: 0
+minPwdAge: -864000000000
-
replace: minPwdLength
minPwdLength: 7
diff --git a/testprogs/blackbox/test_passwords.sh b/testprogs/blackbox/test_passwords.sh
index 167c1b2..de7e31e 100755
--- a/testprogs/blackbox/test_passwords.sh
+++ b/testprogs/blackbox/test_passwords.sh
@@ -48,6 +48,8 @@ test_smbclient() {
CONFIG="--configfile=$PREFIX/dc/etc/smb.conf"
export CONFIG
+testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $net pwsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1`
+
USERPASS=testPaSS at 01%
testit "create user locally" $VALGRIND $newuser $CONFIG nettestuser $USERPASS $@ || failed=`expr $failed + 1`
@@ -161,8 +163,6 @@ USERPASS=$NEWUSERPASS
test_smbclient "Test login with user kerberos" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1`
-testit "reset password policies" $VALGRIND $net pwsettings set $CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
-
NEWUSERPASS=abcdefg
testit_expect_failure "try to set a non-complex password (command should not succeed)" $VALGRIND $net password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ && failed=`expr $failed + 1`
--
Samba Shared Repository
More information about the samba-cvs
mailing list