[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Jun 27 05:17:02 MDT 2012
The branch, master has been updated
via 7e8ed7d s3-pdb_samba4: Remove dupliate profilePath handling
via 471a6b3 s4-selftest: expand passdb testing
via 0b57d36 s3-pdbtest: Initialise more elements for testing
via cb01f6c s3-pdb_samba4: Add support for lastLogon and lastLogoff
via f7c3727 s3-pdb_samba4: Fix time handling, use nt_time_to_unix()
via 46db466 lib/ldb: Print trace messages for modify correctly
via 2079844 s4-selftest: Test login with a password expired user
via 6f71878 s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it non-critical
via 165521a s4-dsdb: Remove hooks for non-directory password handling
via 4f587ff selftest: allow NSS_WRAPPER_* vars to be exported to the environment
via df899ae selftest: Add extra users to nss_wrapper
via 6acd2f2 s3-pdbtest: show mis-matching times
from dba03a6 s3:registry: change reg_import.c according to coding guidelines.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7e8ed7d68dc48dd283df649c3f75d5679f7beae9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 19:23:05 2012 +1000
s3-pdb_samba4: Remove dupliate profilePath handling
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 27 13:16:26 CEST 2012 on sn-devel-104
commit 471a6b39923f904f42794a81c5d09c581f072699
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 26 20:59:25 2012 +1000
s4-selftest: expand passdb testing
This tests pdb_samba4 in the first instance
commit 0b57d36ae32cfe3fb2d2517bdaeeb80816ba28ee
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 14:36:31 2012 +1000
s3-pdbtest: Initialise more elements for testing
If these were left as defaults, they cause issues when the backend (pdb_samba4)
returns the internal defaults from the directory, not the defaults from samu_new()
Andrew Bartlett
commit cb01f6c51ebc206c623dbd1a8f05a760f1d1ca88
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 14:34:47 2012 +1000
s3-pdb_samba4: Add support for lastLogon and lastLogoff
commit f7c372795c7fa9d45c731cc0c8fba135f8305301
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 14:56:04 2012 +1000
s3-pdb_samba4: Fix time handling, use nt_time_to_unix()
This matches 478d74fe1447c4588b14ef7040c8c13339d54026 which I failed to
merge from pdb_ads.
Andrew Bartlett
commit 46db466372b24b71094708d8e222de195482a453
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 14:33:42 2012 +1000
lib/ldb: Print trace messages for modify correctly
commit 207984464f90387472cd01a825fd7cb06ad86d12
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 12:47:59 2012 +1000
s4-selftest: Test login with a password expired user
This uses rkpty to test changing an expired password.
Andrew Bartlett
commit 6f718782634add2f8a7eb1b1d416b18ac7b3b260
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 12:45:37 2012 +1000
s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it non-critical
commit 165521a9b9b931e281ed8ab2929f78c187f15c6b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 12:42:31 2012 +1000
s4-dsdb: Remove hooks for non-directory password handling
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.
Andrew Bartlett
commit 4f587ffa553e4ad6d33bb8880eb03be48421f73c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 12:40:59 2012 +1000
selftest: allow NSS_WRAPPER_* vars to be exported to the environment
commit df899ae04069d57f5120947d9e9fd20b0af1bfd1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 17:51:55 2012 +1000
selftest: Add extra users to nss_wrapper
These will be used for a test using pdbtest and to run the client
test environment under nss_wrapper.
Andrew Bartlett
commit 6acd2f2b1a75f1779a7a27402e2d285c74781df5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 27 09:04:46 2012 +1000
s3-pdbtest: show mis-matching times
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb.c | 2 +-
selftest/knownfail | 1 +
selftest/selftest.pl | 7 ++-
selftest/target/Samba3.pm | 4 +-
selftest/target/Samba4.pm | 2 +-
source3/passdb/pdb_samba4.c | 20 +++--
source3/torture/pdbtest.c | 24 +++++-
source4/dsdb/common/util.c | 8 ++-
source4/dsdb/samdb/ldb_modules/password_hash.c | 12 ---
source4/selftest/tests.py | 1 +
testprogs/blackbox/test_kinit.sh | 33 ++++++++
testprogs/blackbox/test_pdbtest.sh | 101 ++++++++++++++++++++++++
12 files changed, 185 insertions(+), 30 deletions(-)
create mode 100755 testprogs/blackbox/test_pdbtest.sh
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index a223b87..779bed8 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -776,7 +776,7 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
ldb_debug_add(req->handle->ldb, "%s\n",
ldb_ldif_message_string(req->handle->ldb, tmp_ctx,
- LDB_CHANGETYPE_ADD,
+ LDB_CHANGETYPE_MODIFY,
req->op.mod.message));
break;
case LDB_REQ_REGISTER_CONTROL:
diff --git a/selftest/knownfail b/selftest/knownfail
index b888afc..c67915d 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -147,6 +147,7 @@
^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default
^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
+^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
^samba3.smb2.create.gentest
^samba3.smb2.create.blob
^samba3.smb2.create.open
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index cdcd2e4..b636910 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -708,7 +708,12 @@ my @exported_envvars = (
"WINBINDD_SOCKET_DIR",
"WINBINDD_PRIV_PIPE_DIR",
"NMBD_SOCKET_DIR",
- "LOCAL_PATH"
+ "LOCAL_PATH",
+
+ # nss_wrapper
+ "NSS_WRAPPER_PASSWD",
+ "NSS_WRAPPER_GROUP"
+
);
$SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub {
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 5dfafe4..149a31e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -808,7 +808,7 @@ sub provision($$$$$$)
##
my ($max_uid, $max_gid);
- my ($uid_nobody, $uid_root);
+ my ($uid_nobody, $uid_root, $uid_pdbtest);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers);
if ($unix_uid < 0xffff - 2) {
@@ -819,6 +819,7 @@ sub provision($$$$$$)
$uid_root = $max_uid - 1;
$uid_nobody = $max_uid - 2;
+ $uid_pdbtest = $max_uid - 3;
if ($unix_gids[0] < 0xffff - 3) {
$max_gid = 0xffff;
@@ -1008,6 +1009,7 @@ sub provision($$$$$$)
}
print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
+pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false";
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index af39517..c15c298 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -621,8 +621,8 @@ sub provision_raw_step1($$)
open(PWD, ">$ctx->{nsswrap_passwd}");
print PWD "
root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
-$ctx->{unix_name}:x:$ctx->{unix_uid}:@{$ctx->{unix_gids}}[0]:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
+pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
";
close(PWD);
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index c94f29c..3c44b72 100644
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -61,7 +61,7 @@ static bool pdb_samba4_pull_time(struct ldb_message *msg, const char *attr,
return false;
}
tmp = ldb_msg_find_attr_as_uint64(msg, attr, 0);
- *ptime = uint64s_nt_time_to_unix_abs(&tmp);
+ *ptime = nt_time_to_unix(tmp);
return true;
}
@@ -241,12 +241,6 @@ static NTSTATUS pdb_samba4_init_sam_from_priv(struct pdb_methods *m,
pdb_set_profile_path(sam, str, PDB_SET);
}
- str = ldb_msg_find_attr_as_string(msg, "profilePath",
- NULL);
- if (str != NULL) {
- pdb_set_profile_path(sam, str, PDB_SET);
- }
-
str = ldb_msg_find_attr_as_string(msg, "comment",
NULL);
if (str != NULL) {
@@ -516,6 +510,16 @@ static int pdb_samba4_replace_by_sam(struct pdb_samba4_state *state,
pdb_get_kickoff_time(sam));
}
+ if (need_update(sam, PDB_LOGONTIME)) {
+ ret |= pdb_samba4_add_time(msg, "lastLogon",
+ pdb_get_logon_time(sam));
+ }
+
+ if (need_update(sam, PDB_LOGOFFTIME)) {
+ ret |= pdb_samba4_add_time(msg, "lastLogoff",
+ pdb_get_logoff_time(sam));
+ }
+
if (need_update(sam, PDB_USERNAME)) {
ret |= ldb_msg_add_string(msg, "samAccountName",
pdb_get_username(sam));
@@ -564,8 +568,6 @@ static int pdb_samba4_replace_by_sam(struct pdb_samba4_state *state,
}
/* Not yet handled here or not meaningful for modifies on a Samba4 backend:
- PDB_LOGONTIME,
- PDB_LOGOFFTIME,
PDB_BAD_PASSWORD_TIME,
PDB_CANCHANGETIME, - these are calculated per policy, not stored
PDB_DOMAIN,
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index 14e28e9..c4c6bb6 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -128,13 +128,17 @@ static bool samu_correct(struct samu *s1, struct samu *s2)
/* Check logoff time */
if (pdb_get_logoff_time(s1) != pdb_get_logoff_time(s2)) {
- DEBUG(0, ("Logoff time is not written correctly\n"));
+ DEBUG(0, ("Logoff time is not written correctly: %s vs %s \n",
+ http_timestring(talloc_tos(), pdb_get_logoff_time(s1)),
+ http_timestring(talloc_tos(), pdb_get_logoff_time(s2))));
ret = False;
}
/* Check kickoff time */
if (pdb_get_kickoff_time(s1) != pdb_get_kickoff_time(s2)) {
- DEBUG(0, ("Kickoff time is not written correctly\n"));
+ DEBUG(0, ("Kickoff time is not written correctly: %s vs %s \n",
+ http_timestring(talloc_tos(), pdb_get_kickoff_time(s1)),
+ http_timestring(talloc_tos(), pdb_get_kickoff_time(s2))));
ret = False;
}
@@ -146,13 +150,17 @@ static bool samu_correct(struct samu *s1, struct samu *s2)
/* Check password last set time */
if (pdb_get_pass_last_set_time(s1) != pdb_get_pass_last_set_time(s2)) {
- DEBUG(0, ("Password last set time is not written correctly\n"));
+ DEBUG(0, ("Password last set time is not written correctly: %s vs %s \n",
+ http_timestring(talloc_tos(), pdb_get_pass_last_set_time(s1)),
+ http_timestring(talloc_tos(), pdb_get_pass_last_set_time(s2))));
ret = False;
}
/* Check password can change time */
if (pdb_get_pass_can_change_time(s1) != pdb_get_pass_can_change_time(s2)) {
- DEBUG(0, ("Password can change time is not written correctly\n"));
+ DEBUG(0, ("Password can change time is not written correctly %s vs %s \n",
+ http_timestring(talloc_tos(), pdb_get_pass_can_change_time(s1)),
+ http_timestring(talloc_tos(), pdb_get_pass_can_change_time(s2))));
ret = False;
}
@@ -382,6 +390,8 @@ int main(int argc, char **argv)
pdb_set_homedir(out, "\\\\torture\\home", PDB_SET);
pdb_set_logon_script(out, "torture_script.cmd", PDB_SET);
+ pdb_set_acct_ctrl(out, ACB_NORMAL, PDB_SET);
+
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &history);
if (history * PW_HISTORY_ENTRY_LEN < NT_HASH_LEN) {
buf = (uint8 *)TALLOC(ctx, NT_HASH_LEN);
@@ -415,6 +425,12 @@ int main(int argc, char **argv)
pdb_set_pass_can_change_time(out, time(NULL)+min_age, PDB_SET);
}
+ pdb_set_logon_time(out, time(NULL)-3600, PDB_SET);
+
+ pdb_set_logoff_time(out, time(NULL), PDB_SET);
+
+ pdb_set_kickoff_time(out, time(NULL)+3600, PDB_SET);
+
/* Create account */
if (!NT_STATUS_IS_OK(rv = pdb->add_sam_account(pdb, out))) {
fprintf(stderr, "Error in add_sam_account: %s\n",
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 6614507..e320a41 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3685,7 +3685,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
}
if (dsdb_flags & DSDB_PASSWORD_BYPASS_LAST_SET) {
- ret = ldb_request_add_control(req, DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID, true, NULL);
+ /*
+ * This must not be critical, as it will only be
+ * handled (and need to be handled) if the other
+ * attributes in the request bring password_hash into
+ * action
+ */
+ ret = ldb_request_add_control(req, DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID, false, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index c22a0b2..620de75 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2760,12 +2760,6 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
- /* If the caller is manipulating the local passwords directly, let them pass */
- if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
- req->op.add.message->dn) == 0) {
- return ldb_next_request(module, req);
- }
-
bypass = ldb_request_get_control(req,
DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
if (bypass != NULL) {
@@ -2959,12 +2953,6 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
return ldb_next_request(module, req);
}
- /* If the caller is manipulating the local passwords directly, let them pass */
- if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
- req->op.mod.message->dn) == 0) {
- return ldb_next_request(module, req);
- }
-
bypass = ldb_request_get_control(req,
DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
if (bypass != NULL) {
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index ece0325..7c34090 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -310,6 +310,7 @@ plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.pat
plantestsuite("samba4.blackbox.kinit(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient, configuration])
plantestsuite("samba4.blackbox.ktpass(dc)", "dc", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX'])
plantestsuite("samba4.blackbox.passwords(dc:local)", "dc:local", [os.path.join(bbdir, "test_passwords.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX", smbclient])
+plantestsuite("samba4.blackbox.pdbtest(dc:local)", "dc:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", smbclient, "dc", configuration])
plantestsuite("samba4.blackbox.export.keytab(dc:local)", "dc:local", [os.path.join(bbdir, "test_export_keytab.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient])
plantestsuite("samba4.blackbox.cifsdd(dc)", "dc", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
plantestsuite("samba4.blackbox.nmblookup(dc)", "dc", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup])
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh
index 0e915f0..3a74189 100755
--- a/testprogs/blackbox/test_kinit.sh
+++ b/testprogs/blackbox/test_kinit.sh
@@ -161,6 +161,39 @@ testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+cat > $PREFIX/tmpldbmodify <<EOF
+dn: cn=nettestuser,cn=users,$BASEDN
+changetype: modify
+replace: pwdLastSet
+pwdLastSet: 0
+EOF
+
+USERPASS=$NEWUSERPASS
+NEWUSERPASS=testPaSS at 911%
+
+testit "modify pwdLastSet" $VALGRIND $ldbmodify $PWSETCONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes $@ || failed=`expr $failed + 1`
+
+cat > $PREFIX/tmppasswordchange <<EOF
+expect nettestuser@${REALM}'s Password:
+send ${USERPASS}\n
+expect Your password will expire at
+expect Changing password
+expect New password:
+send ${NEWUSERPASS}\n
+expect Repeat new password:
+send ${NEWUSERPASS}\n
+expect Success: Password changed
+EOF
+
+testit "kinit with user password for expired password" $rkpty $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
+echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
+testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
KRB5CCNAME="$PREFIX/tmpccache"
export KRB5CCNAME
diff --git a/testprogs/blackbox/test_pdbtest.sh b/testprogs/blackbox/test_pdbtest.sh
new file mode 100755
index 0000000..d5b5be3
--- /dev/null
+++ b/testprogs/blackbox/test_pdbtest.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+# Blackbox tests for pdbtest
+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer at samba.org>
+# Copyright (C) 2006-2012 Andrew Bartlett <abartlet at samba.org>
+
+if [ $# -lt 2 ]; then
+cat <<EOF
+Usage: test_pdbtest.sh SERVER PREFIX SMBCLIENT ENV
+EOF
+exit 1;
+fi
+
+SERVER=$1
+PREFIX=$2
+smbclient=$3
+ENV=$4
+shift 4
+failed=0
+
+samba4bindir="$BINDIR"
+pdbtest="$samba4bindir/pdbtest"
+pdbedit="$samba4bindir/pdbedit"
+net="$samba4bindir/net"
+smbpasswd="$samba4bindir/smbpasswd"
+rkpty="$samba4bindir/rkpty"
+
+. `dirname $0`/subunit.sh
+
+test_smbclient() {
+ name="$1"
+ cmd="$2"
+ shift
+ shift
+ echo "test: $name"
+ $VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" $@
+ status=$?
+ if [ x$status = x0 ]; then
+ echo "success: $name"
+ else
+ echo "failure: $name"
+ fi
+ return $status
+}
+
+testit "pdbtest" $BINDIR/pdbtest -u pdbtest || failed=`expr $failed + 1`
+
+NEWUSERPASS=testPaSS at 01%
+
+echo "set password with pdbedit"
+cat > ./tmpsmbpasswdscript <<EOF
+expect new password:
+send ${NEWUSERPASS}\n
+expect retype new password:
+send ${NEWUSERPASS}\n
+EOF
+
+testit "create user with pdbedit" $rkpty ./tmpsmbpasswdscript $VALGRIND $pdbedit -a pdbtest --account-desc="pdbedit-test-user" $@ || failed=`expr $failed + 1`
+USERPASS=$NEWUSERPASS
+
+test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@ || failed=`expr $failed + 1`
+
+testit "modify user" $VALGRIND $pdbedit --modify pdbtest --drive="D:" $@ || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
+
+NEWUSERPASS=testPaSS at 02%
+
+echo "set password with smbpasswd"
+cat > ./tmpsmbpasswdscript <<EOF
+expect New SMB password:
+send ${NEWUSERPASS}\n
+expect Retype new SMB password:
+send ${NEWUSERPASS}\n
+EOF
+
+testit "set user password with smbpasswd" $rkpty ./tmpsmbpasswdscript $smbpasswd -L pdbtest -c $PREFIX/$ENV/etc/smb.conf || failed=`expr $failed + 1`
+USERPASS=$NEWUSERPASS
+
+test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
+
+testit "modify user - disabled" $VALGRIND $net sam set disabled pdbtest yes $@ || failed=`expr $failed + 1`
+
+testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
+
+testit "modify user - enabled" $VALGRIND $net sam set disabled pdbtest no $@ || failed=`expr $failed + 1`
+
+test_smbclient "Test login with re-enabled user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
+
+testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow pdbtest yes $@ || failed=`expr $failed + 1`
+
+testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
+
+testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp pdbtest yes $@ || failed=`expr $failed + 1`
+
+test_smbclient "Test login with no expiry (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
+
+testit "del user" $VALGRIND $pdbedit -x pdbtest $@ || failed=`expr $failed + 1`
+
+rm ./tmpsmbpasswdscript
+
+exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list