diff options
author | Tim Beale <timbeale@catalyst.net.nz> | 2018-07-27 14:34:16 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2018-08-17 02:58:28 +0200 |
commit | 68f8a1c2747fd51a633b34dc4301b1f6acae5de6 (patch) | |
tree | f72534cc3e3dc0e75693a7ac79283f175f9d9836 /python | |
parent | 7065f5299f04f4a7f766f97cf90cb3c913491005 (diff) | |
download | samba-68f8a1c2747fd51a633b34dc4301b1f6acae5de6.tar.gz |
Fix PEP8 warning E501 line too long
Mostly involves splitting up long strings or comments so that they
span multiple lines. Some place-holder variables have been added in a
few places to avoid exceeding 80 chars.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/pso.py | 109 | ||||
-rw-r--r-- | python/samba/tests/pso.py | 20 | ||||
-rw-r--r-- | python/samba/tests/samba_tool/passwordsettings.py | 58 |
3 files changed, 110 insertions, 77 deletions
diff --git a/python/samba/netcmd/pso.py b/python/samba/netcmd/pso.py index e030832af7e..96f0b4f259e 100644 --- a/python/samba/netcmd/pso.py +++ b/python/samba/netcmd/pso.py @@ -19,7 +19,8 @@ import samba.getopt as options import ldb from samba.samdb import SamDB from samba.netcmd import (Command, CommandError, Option, SuperCommand) -from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX, DOMAIN_PASSWORD_STORE_CLEARTEXT +from samba.dcerpc.samr import (DOMAIN_PASSWORD_COMPLEX, + DOMAIN_PASSWORD_STORE_CLEARTEXT) from samba.auth import system_session NEVER_TIMESTAMP = int(-0x8000000000000000) @@ -136,8 +137,8 @@ def show_pso_for_user(outf, samdb, username): if len(res) == 0: outf.write("User '%s' not found.\n" % username) elif 'msDS-ResultantPSO' not in res[0]: - outf.write("No PSO applies to user '%s'. The default domain settings apply.\n" - % username) + outf.write("No PSO applies to user '%s'. " + "The default domain settings apply.\n" % username) outf.write("Refer to 'samba-tool domain passwordsettings show'.\n") else: # sanity-check user has permissions to view PSO details (non-admin @@ -234,15 +235,18 @@ def check_pso_constraints(min_pwd_length=None, history_length=None, # check values as per section 3.1.1.5.2.2 Constraints in MS-ADTS spec if history_length is not None and history_length > 1024: - raise CommandError("Bad password history length: valid range is 0 to 1024") + raise CommandError("Bad password history length: " + "valid range is 0 to 1024") if min_pwd_length is not None and min_pwd_length > 255: - raise CommandError("Bad minimum password length: valid range is 0 to 255") + raise CommandError("Bad minimum password length: " + "valid range is 0 to 255") if min_pwd_age is not None and max_pwd_age is not None: # note max-age=zero is a special case meaning 'never expire' if min_pwd_age >= max_pwd_age and max_pwd_age != 0: - raise CommandError("Minimum password age must be less than the maximum age") + raise CommandError("Minimum password age must be less than " + "maximum age") # the same args are used for both create and set commands @@ -250,21 +254,29 @@ pwd_settings_options = [ Option("--complexity", type="choice", choices=["on", "off"], help="The password complexity (on | off)."), Option("--store-plaintext", type="choice", choices=["on", "off"], - help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off)."), + help="Store plaintext passwords where account have " + "'store passwords with reversible encryption' set (on | off)."), Option("--history-length", help="The password history length (<integer>).", type=int), Option("--min-pwd-length", help="The minimum password length (<integer>).", type=int), Option("--min-pwd-age", - help="The minimum password age (<integer in days>). Default is domain setting.", type=int), + help=("The minimum password age (<integer in days>). " + "Default is domain setting."), type=int), Option("--max-pwd-age", - help="The maximum password age (<integer in days>). Default is domain setting.", type=int), - Option("--account-lockout-duration", - help="The the length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins>). Default is domain setting", type=int), - Option("--account-lockout-threshold", - help="The number of bad password attempts allowed before locking out the account (<integer>). Default is domain setting.", type=int), + help=("The maximum password age (<integer in days>). " + "Default is domain setting."), type=int), + Option("--account-lockout-duration", type=int, + help=("The length of time an account is locked out after exceeding " + "the limit on bad password attempts (<integer in mins>). " + "Default is domain setting")), + Option("--account-lockout-threshold", type=int, + help=("The number of bad password attempts allowed before locking " + "out the account (<integer>). Default is domain setting.")), Option("--reset-account-lockout-after", - help="After this time is elapsed, the recorded number of attempts restarts from zero (<integer in mins>). Default is domain setting.", type=int)] + help=("After this time is elapsed, the recorded number of attempts " + "restarts from zero (<integer in mins>). " + "Default is domain setting."), type=int)] def num_options_in_args(options, args): @@ -309,8 +321,8 @@ class cmd_domain_pwdsettings_pso_create(Command): } takes_options = pwd_settings_options + [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] takes_args = ["psoname", "precedence"] @@ -329,7 +341,8 @@ class cmd_domain_pwdsettings_pso_create(Command): try: precedence = int(precedence) except ValueError: - raise CommandError("The PSO's precedence should be a numerical value. Try --help") + raise CommandError("The PSO's precedence should be " + "a numerical value. Try --help") # sanity-check that the PSO doesn't already exist pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb)) @@ -347,14 +360,17 @@ class cmd_domain_pwdsettings_pso_create(Command): # otherwise there's no point in creating a PSO num_pwd_args = num_options_in_args(pwd_settings_options, self.raw_argv) if num_pwd_args == 0: - raise CommandError("Please specify at least one password policy setting. Try --help") + raise CommandError("Please specify at least one password policy " + "setting. Try --help") # it's unlikely that the user will specify all 9 password policy # settings on the CLI - current domain password-settings as the default # values for unspecified arguments if num_pwd_args < len(pwd_settings_options): - self.message("Not all password policy options have been specified.") - self.message("For unspecified options, the current domain password settings will be used as the default values.") + self.message("Not all password policy options " + "have been specified.") + self.message("For unspecified options, the current domain password" + " settings will be used as the default values.") # lookup the current domain password-settings res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_BASE, @@ -420,7 +436,8 @@ class cmd_domain_pwdsettings_pso_create(Command): except ldb.LdbError as e: (num, msg) = e.args if num == ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS: - raise CommandError("Administrator permissions are needed to create a PSO.") + raise CommandError("Administrator permissions are needed " + "to create a PSO.") else: raise CommandError("Failed to create PSO '%s': %s" % (pso_dn, msg)) @@ -439,7 +456,8 @@ class cmd_domain_pwdsettings_pso_set(Command): takes_options = pwd_settings_options + [ Option("--precedence", type=int, - help="This PSO's precedence relative to other PSOs. Lower precedence is better (<integer>)."), + help=("This PSO's precedence relative to other PSOs. " + "Lower precedence is better (<integer>).")), Option("-H", "--URL", help="LDB URL for database or target server", type=str, metavar="URL", dest="H"), ] @@ -464,19 +482,23 @@ class cmd_domain_pwdsettings_pso_set(Command): # we expect the user to specify at least one password-policy setting num_pwd_args = num_options_in_args(pwd_settings_options, self.raw_argv) if num_pwd_args == 0 and precedence is None: - raise CommandError("Please specify at least one password policy setting. Try --help") + raise CommandError("Please specify at least one password policy " + "setting. Try --help") if min_pwd_age is not None or max_pwd_age is not None: - # if we're modifying either the max or min pwd-age, check the max is - # always larger. We may have to fetch the PSO's setting to verify this + # if we're modifying either the max or min pwd-age, check the max + # is always larger. We may have to fetch the PSO's setting to + # verify this res = samdb.search(pso_dn, scope=ldb.SCOPE_BASE, attrs=['msDS-MinimumPasswordAge', 'msDS-MaximumPasswordAge']) if min_pwd_age is None: - min_pwd_age = timestamp_to_days(res[0]['msDS-MinimumPasswordAge'][0]) + min_pwd_ticks = res[0]['msDS-MinimumPasswordAge'][0] + min_pwd_age = timestamp_to_days(min_pwd_ticks) if max_pwd_age is None: - max_pwd_age = timestamp_to_days(res[0]['msDS-MaximumPasswordAge'][0]) + max_pwd_ticks = res[0]['msDS-MaximumPasswordAge'][0] + max_pwd_age = timestamp_to_days(max_pwd_ticks) check_pso_constraints(max_pwd_age=max_pwd_age, min_pwd_age=min_pwd_age, history_length=history_length, @@ -516,8 +538,8 @@ class cmd_domain_pwdsettings_pso_delete(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] takes_args = ["psoname"] @@ -556,8 +578,8 @@ class cmd_domain_pwdsettings_pso_list(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] def run(self, H=None, credopts=None, sambaopts=None, versionopts=None): @@ -574,7 +596,8 @@ class cmd_domain_pwdsettings_pso_list(Command): # an unprivileged search against Windows returns nothing here. On Samba # we get the PSO names, but not their attributes if len(res) == 0 or 'msDS-PasswordSettingsPrecedence' not in res[0]: - self.outf.write("No PSOs are present, or you don't have permission to view them.\n") + self.outf.write("No PSOs are present, or you don't have permission" + " to view them.\n") return # sort the PSOs so they're displayed in order of precedence @@ -600,8 +623,8 @@ class cmd_domain_pwdsettings_pso_show(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] takes_args = ["psoname"] @@ -630,8 +653,8 @@ class cmd_domain_pwdsettings_pso_show_user(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] takes_args = ["username"] @@ -666,8 +689,8 @@ class cmd_domain_pwdsettings_pso_apply(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H") + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str) ] takes_args = ["psoname", "user_or_group"] @@ -696,7 +719,8 @@ class cmd_domain_pwdsettings_pso_apply(Command): target_dn = str(res[0].dn) m = ldb.Message() m.dn = ldb.Dn(samdb, pso_dn) - m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, ldb.FLAG_MOD_ADD, + m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, + ldb.FLAG_MOD_ADD, "msDS-PSOAppliesTo") try: samdb.modify(m) @@ -725,8 +749,8 @@ class cmd_domain_pwdsettings_pso_unapply(Command): } takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H"), + Option("-H", "--URL", help="LDB URL for database or target server", + metavar="URL", dest="H", type=str), ] takes_args = ["psoname", "user_or_group"] @@ -755,7 +779,8 @@ class cmd_domain_pwdsettings_pso_unapply(Command): target_dn = str(res[0].dn) m = ldb.Message() m.dn = ldb.Dn(samdb, pso_dn) - m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, ldb.FLAG_MOD_DELETE, + m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, + ldb.FLAG_MOD_DELETE, "msDS-PSOAppliesTo") try: samdb.modify(m) diff --git a/python/samba/tests/pso.py b/python/samba/tests/pso.py index 0d37108e060..57ec03e62b3 100644 --- a/python/samba/tests/pso.py +++ b/python/samba/tests/pso.py @@ -56,8 +56,9 @@ class TestUser: if hist_len == 0: return self.all_old_passwords[:] - # just exclude our pwd_history if there's not much in it. This can happen - # if we've been using a lower PasswordHistoryLength setting previously + # just exclude our pwd_history if there's not much in it. This can + # happen if we've been using a lower PasswordHistoryLength setting + # previously hist_len = min(len(self.pwd_history), hist_len) # return any passwords up to the nth-from-last item @@ -67,8 +68,9 @@ class TestUser: """Updates the user's password history to reflect a password change""" # we maintain 2 lists: all passwords the user has ever had, and an # effective password-history that should roughly mirror the DC. - # pwd_history_change() handles the corner-case where we need to truncate - # password-history due to PasswordHistoryLength settings changes + # pwd_history_change() handles the corner-case where we need to + # truncate password-history due to PasswordHistoryLength settings + # changes if new_password in self.all_old_passwords: self.all_old_passwords.remove(new_password) self.all_old_passwords.append(new_password) @@ -102,15 +104,16 @@ add: userPassword userPassword: %s """ % (self.dn, self.get_password(), new_password) # this modify will throw an exception if new_password doesn't meet the - # PSO constraints (which the test code catches if it's expected to fail) + # PSO constraints (which the test code catches if it's expected to + # fail) self.ldb.modify_ldif(ldif) self.update_pwd_history(new_password) def pwd_history_change(self, old_hist_len, new_hist_len): """ - Updates what in the password history will take effect, to reflect changes - on the DC. When the PasswordHistoryLength applied to a user changes from - a low setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4 + Updates the effective password history, to reflect changes on the DC. + When the PasswordHistoryLength applied to a user changes from a low + setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4 won't actually have been stored on the DC, so we need to make sure they are removed them from our mirror pwd_history list. """ @@ -267,4 +270,3 @@ msDS-PasswordSettingsPrecedence: %u """ % (self.dn, new_precedence) samdb.modify_ldif(ldif) self.precedence = new_precedence - diff --git a/python/samba/tests/samba_tool/passwordsettings.py b/python/samba/tests/samba_tool/passwordsettings.py index 9c934b41dc9..e29c76c730d 100644 --- a/python/samba/tests/samba_tool/passwordsettings.py +++ b/python/samba/tests/samba_tool/passwordsettings.py @@ -31,8 +31,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): self.user_auth = "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]) self.ldb = self.getSamDB("-H", self.server, self.user_auth) - self.pso_container = \ - "CN=Password Settings Container,CN=System,%s" % self.ldb.domain_dn() + system_dn = "CN=System,%s" % self.ldb.domain_dn() + self.pso_container = "CN=Password Settings Container,%s" % system_dn self.obj_cleanup = [] def tearDown(self): @@ -48,9 +48,12 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): dn = "CN=%s,%s" % (pso_name, self.pso_container) pso_attrs = ['name', 'msDS-PasswordSettingsPrecedence', 'msDS-PasswordReversibleEncryptionEnabled', - 'msDS-PasswordHistoryLength', 'msDS-MinimumPasswordLength', - 'msDS-PasswordComplexityEnabled', 'msDS-MinimumPasswordAge', - 'msDS-MaximumPasswordAge', 'msDS-LockoutObservationWindow', + 'msDS-PasswordHistoryLength', + 'msDS-MinimumPasswordLength', + 'msDS-PasswordComplexityEnabled', + 'msDS-MinimumPasswordAge', + 'msDS-MaximumPasswordAge', + 'msDS-LockoutObservationWindow', 'msDS-LockoutThreshold', 'msDS-LockoutDuration'] res = self.ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=pso_attrs) self.assertEquals(len(res), 1, "PSO lookup failed") @@ -67,8 +70,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): # check the PSO's settings match the search results self.assertEquals(str(res[0]['msDS-PasswordComplexityEnabled'][0]), complexity_str) - self.assertEquals(str(res[0]['msDS-PasswordReversibleEncryptionEnabled'][0]), - plaintext_str) + plaintext_res = res[0]['msDS-PasswordReversibleEncryptionEnabled'][0] + self.assertEquals(str(plaintext_res), plaintext_str) self.assertEquals(int(res[0]['msDS-PasswordHistoryLength'][0]), pso.history_len) self.assertEquals(int(res[0]['msDS-MinimumPasswordLength'][0]), @@ -89,13 +92,14 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): "pso", "show"), pso_name, "-H", self.server, self.user_auth) - self.assertTrue(len(out.split(":")) >= 10, "Expect 10 fields displayed") + self.assertTrue(len(out.split(":")) >= 10, + "Expect 10 fields displayed") # for a few settings, sanity-check the display is what we expect self.assertIn("Minimum password length: %u" % pso.password_len, out) self.assertIn("Password history length: %u" % pso.history_len, out) - self.assertIn("lockout threshold (attempts): %u" % pso.lockout_attempts, - out) + lockout_str = "lockout threshold (attempts): %u" % pso.lockout_attempts + self.assertIn(lockout_str, out) def test_pso_create(self): """Tests basic PSO creation using the samba-tool""" @@ -207,14 +211,14 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): pso_settings.precedence = 99 pso_settings.lockout_attempts = 10 pso_settings.lockout_duration = 60 * 17 - (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", - "pso", "set"), pso_name, - "--precedence=99", - "--account-lockout-threshold=10", - "--account-lockout-duration=17", - "-H", self.server, - self.user_auth) - self.assertCmdSuccess(result, out, err) + (res, out, err) = self.runsublevelcmd("domain", ("passwordsettings", + "pso", "set"), pso_name, + "--precedence=99", + "--account-lockout-threshold=10", + "--account-lockout-duration=17", + "-H", self.server, + self.user_auth) + self.assertCmdSuccess(res, out, err) self.assertEquals(err, "", "Shouldn't be any error messages") self.assertIn("Successfully updated", out) @@ -259,8 +263,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): # first check the samba-tool output tells us the correct PSO is applied (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", - "pso", "show-user"), user.name, - "-H", self.server, + "pso", "show-user"), + user.name, "-H", self.server, self.user_auth) self.assertCmdSuccess(result, out, err) self.assertEquals(err, "", "Shouldn't be any error messages") @@ -363,19 +367,22 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", "pso", "create"), "bad-perm", "250", "--complexity=off", - "-H", self.server, unpriv_auth) + "-H", self.server, + unpriv_auth) self.assertCmdFail(result, "Need admin privileges to modify PSO") self.assertIn("Administrator permissions are needed", err) (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", "pso", "delete"), pso_name, - "-H", self.server, unpriv_auth) + "-H", self.server, + unpriv_auth) self.assertCmdFail(result, "Need admin privileges to delete PSO") self.assertIn("You may not have permission", err) (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", "pso", "show"), pso_name, - "-H", self.server, unpriv_auth) + "-H", self.server, + unpriv_auth) self.assertCmdFail(result, "Need admin privileges to view PSO") self.assertIn("You may not have permission", err) @@ -420,9 +427,9 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): # check we can change the domain setting self.addCleanup(self.ldb.set_minPwdLength, min_pwd_len) new_len = int(min_pwd_len) + 3 + min_pwd_args = "--min-pwd-length=%u" % new_len (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings", - "set"), - "--min-pwd-length=%u" % new_len, + "set"), min_pwd_args, "-H", self.server, self.user_auth) self.assertCmdSuccess(result, out, err) @@ -437,4 +444,3 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(result, out, err) self.assertEquals(err, "", "Shouldn't be any error messages") self.assertIn("Minimum password length: %u" % new_len, out) - |