b,fddlZddlmZmZmZddlmZmZGddZGddZdS)N)FLAG_MOD_DELETE FLAG_MOD_ADDFLAG_MOD_REPLACE)DOMAIN_PASSWORD_COMPLEXDOMAIN_PASSWORD_STORE_CLEARTEXTcFeZdZd dZdZdZdZdZdZdZ d Z d Z dS) TestUserNcd}||_||_d|d|pdd|j|_|g|_|g|_|j||||jd|zd|_dS)Nz Initial12#CN=,zCN=Users)userouz(sAMAccountName=%s)) nameldb domain_dndnall_old_passwords pwd_historynewuserenable_accountlast_pso)selfusernamesamdbr initial_passwords 1/usr/lib/python3/dist-packages/samba/tests/pso.py__init__zTestUser.__init__s' #+88f.B .B.B#'8#5#5#7#7#79 #3!3,- #3FCCC  5 @AAA c2|dkrgS|j| dS)z0Returns the expected password history for the DCrN)rrhist_lens rold_invalid_passwordszTestUser.old_invalid_passwords-s& q==I ++rc|dkr|jddStt|j|}|jd| S)zAReturns old passwords that fall outside the DC's expected historyrN)rminlenrrs rold_valid_passwordszTestUser.old_valid_passwords5sQ q==)!!!, , s4+,,h77%jyj11rc||jvr|j||j|||jvr|j||j|dS)z@Updates the user's password history to reflect a password changeN)rremoveappendr)r new_passwords rupdate_pwd_historyzTestUser.update_pwd_historyCs 41 1 1  " ) ), 7 7 7 %%l333 4+ + +   # #L 1 1 1  -----rc|j|jdg}d|dvr!t|dddSdS)z=Returns the DN of the applicable PSO, or None if none applieszmsDS-ResultantPSO)attrsrN)rsearchrstr)rress rget_resultant_PSOzTestUser.get_resultant_PSORsPhoodg.A-BoCC #a& ( (s1v121566 64rc|jdS)z#Returns the user's current password)r)rs r get_passwordzTestUser.get_password[s%b))rcd|jd|d|d}|j|||dS)z$Attempts to change a user's passwordz dn: z7 changetype: modify delete: userPassword userPassword: z! add: userPassword userPassword:  N)rr3r modify_ldifr*)rr)ldifs r set_passwordzTestUser.set_password`sb www!!####\\\3 T"""  -----rct||}|dkrg|_n-|t|jkr|j| d|_|dkr"|dkr|g|_dSdSdS)ay Updates the effective password history, to reflect changes on the DC. When the PasswordHistoryLength applied to a user changes from a low setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4 won't actually have been stored on the DC, so we need to make sure they are removed them from our mirror pwd_history list. rN)r#rr$r3)r old_hist_len new_hist_lenr s rpwd_history_changezTestUser.pwd_history_changeps|\22 q==!D   D,-- - -#/ ;D  1  !1!1 $ 1 1 3 34D     !1!1rcP|j|dgtj}|dd}tj}tj|j|j|_tj|td|d<|j|dS)z>Sets a user's primaryGroupID to be that of the specified groupprimaryGroupToken)baser,scoperprimaryGroupIDN) rr- SCOPE_BASEMessageDnrMessageElementrmodify)rgroup_dnr/group_idms rset_primary_groupzTestUser.set_primary_groupshoo84G3H$'N44q6-. KMMvdh((!0;K1ACC  rN) __name__ __module__ __qualname__rr!r%r*r0r3r8r<rJrrr r s    ,,, 2 2 2 . . .*** ... 5552     rr cBeZdZdZ dd Zd Zefd Zd ZddZ d S)PasswordSettingscgd}||tj|}d|_d|_||_d|_t|dddtz|_ t|dddtz|_ t|ddd|_ t|ddd|_ t|dd d|_t|dd dtd  z |_t|dd dtd  z |_t|dd dtd  z |_t|dddtd  z |_dS)z Returns a object representing the default password settings that will take effect (i.e. when no other Fine-Grained Password Policy applies) ) minPwdAgelockoutDurationlockOutObservationWindowlockoutThreshold maxPwdAgerS minPwdLengthpwdHistoryLength pwdProperties)r@r,DefaultsNrrZrXrVrYrTcArUrSrW)r-rrrBrr precedenceintr complexityrstore_plaintext password_lenlockout_attempts history_lenlockout_durationlockout_windowpassword_age_minpassword_age_max)rrpw_attrsr/s rdefault_settingsz!PasswordSettings.default_settingss IIIll5??,,CN!)++  A'* + +.E E  A'* + +.M M A~ 6q 9:: #CF+=$>q$A B Bs1v&89!<== #CF+<$=a$@ A ASXXI M A1215 6 6#c(( B  #CF;$7$: ; ;s3xxi G #CF;$7$: ; ;s3xxi Gr Tr'FNc |||S| |} d| z} ||_d|d| |_||_||_||_| |_||_||_ | |_ ||_ ||_ ||_ | |_|j|dS)Nz+CN=Password Settings Container,CN=System,%sr r )rirrrrr]r_r`rarbrcrdrerfrgadd_ldifget_ldif)rrrr]r_rarbrdrfrgrcr` containerbase_dns rrzPasswordSettings.__init__s <((// /  oo''GEOI $ii0$$.( 0& 0/ 0 0 $--//*****rc b|jrdnd}|jrdnd}t|jdz }t|jdz }t|jdz }t|jdz }d|j|j ||j ||j |||j || }|S)NTRUEFALSEr\av dn: {0} objectClass: msDS-PasswordSettings msDS-PasswordSettingsPrecedence: {1} msDS-PasswordReversibleEncryptionEnabled: {2} msDS-PasswordHistoryLength: {3} msDS-PasswordComplexityEnabled: {4} msDS-MinimumPasswordLength: {5} msDS-MinimumPasswordAge: {6} msDS-MaximumPasswordAge: {7} msDS-LockoutThreshold: {8} msDS-LockoutObservationWindow: {9} msDS-LockoutDuration: {10} ) r_r`r^rdrerfrgformatrr]rcrarb)rcomplexity_str plaintext_strrdremin_agemax_ager7s rrpzPasswordSettings.get_ldifs#'??"&"6CG   5 =>>>d1S9:::t,4555t,4555  F47DO]D4D 4,gw  .2BDD " rctj}tj|j|j|_tj||d|d<|j|dS)zAUpdates this Password Settings Object to apply to a user or groupzmsDS-PSOAppliesToN)rrCrDrrErF)r user_group operationrIs rapply_tozPasswordSettings.apply_tos_ KMMvdh((!$!3J 4G"I"I  rc>||tdS)z6Updates this PSO to no longer apply to a user or group)r}N)r~r)rr|s runapplyzPasswordSettings.unapplys  jO <<<<rs. ??????????@@@@@@@@yyyyyyyyxw)w)w)w)w)w)w)w)w)w)r