b2bNddlZddlZddlmZddlmZmZGddeZdS)N)SambaToolCmdTest)PasswordSettingsTestUsercheZdZdZfdZfdZdZdZdZdZ dZ d Z d Z d Z d Zd ZxZS)PwdSettingsCmdTestCasez:Tests for 'samba-tool domain passwordsettings' subcommandsctt|dtjdz|_dtjddtjd|_|d|j|j|_d|j z}d |z|_ g|_ dS) Nz ldap://%s DC_SERVER-U DC_USERNAME% DC_PASSWORD-Hz CN=System,%sz!CN=Password Settings Container,%s) superrsetUposenvironserver user_authgetSamDBldb domain_dn pso_container obj_cleanup)self system_dn __class__s I/usr/lib/python3/dist-packages/samba/tests/samba_tool/passwordsettings.pyrzPwdSettingsCmdTestCase.setUps $d++11333!BJ{$;; ')z-'@'@'@')z-'@'@B==t{DNCC"TX%7%7%9%99 @9Lctt||jD]}|j|dS)N)rrtearDownrrdelete)rdnrs rr zPwdSettingsCmdTestCase.tearDown&sS $d++44666"  B HOOB      rcvd|d|j}gd}|j|tj|}|t |dd|jrdnd}|jrdnd}t|j d z }t|j d z } t|j d z } t|j d z } |t|d d d ||d d d } |t| ||t|d d d |j|t|d dd |j|t|d dd | |t|d dd | |t|d dd | |t|d dd ||t|d dd |j|t|d dd |j|dd|d|j|j\} }}|t |ddkd|d|jz||d|jz|d|jz}|||dS)z5Checks the PSO info in the DB matches what's expectedCN=,) namemsDS-PasswordSettingsPrecedence(msDS-PasswordReversibleEncryptionEnabledmsDS-PasswordHistoryLengthmsDS-MinimumPasswordLengthmsDS-PasswordComplexityEnabledmsDS-MinimumPasswordAgemsDS-MaximumPasswordAgemsDS-LockoutObservationWindowmsDS-LockoutThresholdmsDS-LockoutDurationscopeattrszPSO lookup failedTRUEFALSEgcArr+r(r)r*r,r-r.r0r/r'domainpasswordsettingspsoshowr: zExpect 10 fields displayedMinimum password length: %uzPassword history length: %uz lockout threshold (attempts): %uN)rrsearch SCOPE_BASE assertEquallen complexitystore_plaintextintlockout_durationlockout_windowpassword_age_minpassword_age_maxstr history_len password_lenlockout_attempts precedencerunsublevelcmdrr assertTruesplitassertIn)rpso_namer:r" pso_attrsrescomplexity_str plaintext_strrFrGmin_agemax_age plaintext_resresultouterr lockout_strs r check_psoz PwdSettingsCmdTestCase.check_pso,s$88T%7%7 8FFF hoobioHH S1&9:::$'>>w"%"5B7  4 <===c0C8999s+s3444s+s3444 SV$DEaHII( * * *AIJ1M  ]++];;; SV$@A!DEE/ + + + SV$@A!DEE* , , , SV$=>qABBGLLL SV$=>qABBGLLL SV$CDQGHH( * * * SV$:;A>??* , , , SV$;>c3 c3,,, b"CDDD ,c222 x.....rc d}|||dd|d|j|j\}}}||||||dd|d|d|d |j}|j | |j |tj d g | d nF#tj$r4}|j\}}||tjYd }~nd }~wwxYw|dd|d|j|j\}}}||d|d|d S)z.Tests we can delete a PSO using the samba-toolztest-delete-PSOr7r9r:r!rrfrgz Deleted PSOr$r%r&r1zPSO shouldn't existNz(Deleteing a non-existent PSO should failzUnable to find PSO)ryrOrrrprArRrrremoverr?r@failLdbErrorargsERR_NO_SUCH_OBJECTrq) rrSr[r\r]r"eenumestrs rtest_pso_deletez&PwdSettingsCmdTestCase.test_pso_deletes% """"00 > > > >rc d}||}td|j}|j|j||dd}d|d|j}|j|d|d |j|tj }tj |j||_tj |jtj d |d <|j ||d d ||d |j|j\}}} |||| || dd||||d d ||d |j|j\}}} ||d|d| |d d ||jd |j|j\}}} |||| || dd||||d d||d |j|j\}}} |||| || dd||||d d||jd |j|j\}}} |||| || dd||ddS)z+Checks we can apply/unapply a PSO to a userztest-apply-PSOz test-PSO-userN)r:ztest-PSO-groupr$r%group)r" objectclasssAMAccountNamememberr7r9r:applyrrfrgz$Shouldn't be able to apply PSO twicezalready appliesr9r:unapply)ryrrrror"rraddMessageDnMessageElement FLAG_MOD_ADDmodifyrOrrrprArqrRr&) rrStest_psor group_namer"mr[r\r]s rtest_pso_apply_to_userz-PwdSettingsCmdTestCase.test_pso_apply_to_users$##H--22 ((( t...& %::tx'9'9';';'; <  Bw(244 5 5 5 ### KMMvdh##(#2BHMM(  "00>c 6#HIII >c 6#HIII 3S999!00<@AI15t{1<>>c 6#FGGG 3S999!00>c 6#HIII 3S999!00>c 6#HIII 3S999 "00<@AE15kKKc fc3/// i%%% lC(((((rc|ddd|j|j\}}}||||||dd|j}|d|z|||jj |t|dz}d|z}|dd |d|j|j\}}}||||||dd|d ||||j|ddd|j|j\}}}||||||dd|d |z|d S) z@Checks the 'set/show' commands for the domain settings (non-PSO)r7)r9r;rrfrgzMinimum password length: %sz--min-pwd-length=%ur9r} successfulr>N) rOrrrprArget_minPwdLengthrR addCleanupset_minPwdLengthrE)rr[r\r] min_pwd_lennew_len min_pwd_argss rtest_domain_passwordsettingsz3PwdSettingsCmdTestCase.test_domain_passwordsettingss"00<9:> 15AAc fc3/// b"CDDDh//11  3kA3GGG 1;???k""Q&,w6 !00<89E15t{15AAc fc3/// b"CDDD lC((( $(";";"="=>>>"00<9:> 15AAc fc3/// b"CDDD 3g=sCCCCCrc|j}||jj|d}|dd|d|j|j\}}}||||||dd| d|| ||j|j }||jj |d}|dd|d|j|j\}}}| |d | d |d }|dd|d|j|j\}}}||||||dd| d|| ||j d S) z>Checks the 'set' command for the domain password age (non-PSO)z--max-pwd-age=270r7rrrfrgrz--min-pwd-age=271z(minPwdAge > maxPwdAge should be rejectedzMaximum password agez--min-pwd-age=269N)r get_maxPwdAger set_maxPwdAgerOrrrprArRassertNotEquals get_minPwdAge set_minPwdAgerq)r max_pwd_age max_pwd_argsr[r\r] min_pwd_agers r#test_domain_passwordsettings_pwdagez:PwdSettingsCmdTestCase.test_domain_passwordsettings_pwdagesh,,..  . <<<* !00<89E15t{15AAc fc3/// b"CDDD lC((( [$(*@*@*B*BCCCh,,..  . <<<* !00<89E15t{15AAc 6#MNNN ,c222+ !00<89E15t{15AAc fc3/// b"CDDD lC((( [$(*@*@*B*BCCCCCr)__name__ __module__ __qualname____doc__rr r_rtryr~rrrrrr __classcell__)rs@rrrsDD     :(:(:(xI/I/I/V2///0111B???*A/A/A/F>)>)>)@!D!D!DF$D$D$D$D$D$D$Drr)rrsamba.tests.samba_tool.basersamba.tests.psorrrrrrs& 88888866666666KDKDKDKDKD-KDKDKDKDKDr