summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorTim Beale <timbeale@catalyst.net.nz>2018-07-27 14:34:16 +1200
committerAndrew Bartlett <abartlet@samba.org>2018-08-17 02:58:28 +0200
commit68f8a1c2747fd51a633b34dc4301b1f6acae5de6 (patch)
treef72534cc3e3dc0e75693a7ac79283f175f9d9836 /python
parent7065f5299f04f4a7f766f97cf90cb3c913491005 (diff)
downloadsamba-68f8a1c2747fd51a633b34dc4301b1f6acae5de6.tar.gz
Fix PEP8 warning E501 line too long
Mostly involves splitting up long strings or comments so that they span multiple lines. Some place-holder variables have been added in a few places to avoid exceeding 80 chars. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'python')
-rw-r--r--python/samba/netcmd/pso.py109
-rw-r--r--python/samba/tests/pso.py20
-rw-r--r--python/samba/tests/samba_tool/passwordsettings.py58
3 files changed, 110 insertions, 77 deletions
diff --git a/python/samba/netcmd/pso.py b/python/samba/netcmd/pso.py
index e030832af7e..96f0b4f259e 100644
--- a/python/samba/netcmd/pso.py
+++ b/python/samba/netcmd/pso.py
@@ -19,7 +19,8 @@ import samba.getopt as options
import ldb
from samba.samdb import SamDB
from samba.netcmd import (Command, CommandError, Option, SuperCommand)
-from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX, DOMAIN_PASSWORD_STORE_CLEARTEXT
+from samba.dcerpc.samr import (DOMAIN_PASSWORD_COMPLEX,
+ DOMAIN_PASSWORD_STORE_CLEARTEXT)
from samba.auth import system_session
NEVER_TIMESTAMP = int(-0x8000000000000000)
@@ -136,8 +137,8 @@ def show_pso_for_user(outf, samdb, username):
if len(res) == 0:
outf.write("User '%s' not found.\n" % username)
elif 'msDS-ResultantPSO' not in res[0]:
- outf.write("No PSO applies to user '%s'. The default domain settings apply.\n"
- % username)
+ outf.write("No PSO applies to user '%s'. "
+ "The default domain settings apply.\n" % username)
outf.write("Refer to 'samba-tool domain passwordsettings show'.\n")
else:
# sanity-check user has permissions to view PSO details (non-admin
@@ -234,15 +235,18 @@ def check_pso_constraints(min_pwd_length=None, history_length=None,
# check values as per section 3.1.1.5.2.2 Constraints in MS-ADTS spec
if history_length is not None and history_length > 1024:
- raise CommandError("Bad password history length: valid range is 0 to 1024")
+ raise CommandError("Bad password history length: "
+ "valid range is 0 to 1024")
if min_pwd_length is not None and min_pwd_length > 255:
- raise CommandError("Bad minimum password length: valid range is 0 to 255")
+ raise CommandError("Bad minimum password length: "
+ "valid range is 0 to 255")
if min_pwd_age is not None and max_pwd_age is not None:
# note max-age=zero is a special case meaning 'never expire'
if min_pwd_age >= max_pwd_age and max_pwd_age != 0:
- raise CommandError("Minimum password age must be less than the maximum age")
+ raise CommandError("Minimum password age must be less than "
+ "maximum age")
# the same args are used for both create and set commands
@@ -250,21 +254,29 @@ pwd_settings_options = [
Option("--complexity", type="choice", choices=["on", "off"],
help="The password complexity (on | off)."),
Option("--store-plaintext", type="choice", choices=["on", "off"],
- help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off)."),
+ help="Store plaintext passwords where account have "
+ "'store passwords with reversible encryption' set (on | off)."),
Option("--history-length",
help="The password history length (<integer>).", type=int),
Option("--min-pwd-length",
help="The minimum password length (<integer>).", type=int),
Option("--min-pwd-age",
- help="The minimum password age (<integer in days>). Default is domain setting.", type=int),
+ help=("The minimum password age (<integer in days>). "
+ "Default is domain setting."), type=int),
Option("--max-pwd-age",
- help="The maximum password age (<integer in days>). Default is domain setting.", type=int),
- Option("--account-lockout-duration",
- help="The the length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins>). Default is domain setting", type=int),
- Option("--account-lockout-threshold",
- help="The number of bad password attempts allowed before locking out the account (<integer>). Default is domain setting.", type=int),
+ help=("The maximum password age (<integer in days>). "
+ "Default is domain setting."), type=int),
+ Option("--account-lockout-duration", type=int,
+ help=("The length of time an account is locked out after exceeding "
+ "the limit on bad password attempts (<integer in mins>). "
+ "Default is domain setting")),
+ Option("--account-lockout-threshold", type=int,
+ help=("The number of bad password attempts allowed before locking "
+ "out the account (<integer>). Default is domain setting.")),
Option("--reset-account-lockout-after",
- help="After this time is elapsed, the recorded number of attempts restarts from zero (<integer in mins>). Default is domain setting.", type=int)]
+ help=("After this time is elapsed, the recorded number of attempts "
+ "restarts from zero (<integer in mins>). "
+ "Default is domain setting."), type=int)]
def num_options_in_args(options, args):
@@ -309,8 +321,8 @@ class cmd_domain_pwdsettings_pso_create(Command):
}
takes_options = pwd_settings_options + [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
takes_args = ["psoname", "precedence"]
@@ -329,7 +341,8 @@ class cmd_domain_pwdsettings_pso_create(Command):
try:
precedence = int(precedence)
except ValueError:
- raise CommandError("The PSO's precedence should be a numerical value. Try --help")
+ raise CommandError("The PSO's precedence should be "
+ "a numerical value. Try --help")
# sanity-check that the PSO doesn't already exist
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
@@ -347,14 +360,17 @@ class cmd_domain_pwdsettings_pso_create(Command):
# otherwise there's no point in creating a PSO
num_pwd_args = num_options_in_args(pwd_settings_options, self.raw_argv)
if num_pwd_args == 0:
- raise CommandError("Please specify at least one password policy setting. Try --help")
+ raise CommandError("Please specify at least one password policy "
+ "setting. Try --help")
# it's unlikely that the user will specify all 9 password policy
# settings on the CLI - current domain password-settings as the default
# values for unspecified arguments
if num_pwd_args < len(pwd_settings_options):
- self.message("Not all password policy options have been specified.")
- self.message("For unspecified options, the current domain password settings will be used as the default values.")
+ self.message("Not all password policy options "
+ "have been specified.")
+ self.message("For unspecified options, the current domain password"
+ " settings will be used as the default values.")
# lookup the current domain password-settings
res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_BASE,
@@ -420,7 +436,8 @@ class cmd_domain_pwdsettings_pso_create(Command):
except ldb.LdbError as e:
(num, msg) = e.args
if num == ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS:
- raise CommandError("Administrator permissions are needed to create a PSO.")
+ raise CommandError("Administrator permissions are needed "
+ "to create a PSO.")
else:
raise CommandError("Failed to create PSO '%s': %s" % (pso_dn,
msg))
@@ -439,7 +456,8 @@ class cmd_domain_pwdsettings_pso_set(Command):
takes_options = pwd_settings_options + [
Option("--precedence", type=int,
- help="This PSO's precedence relative to other PSOs. Lower precedence is better (<integer>)."),
+ help=("This PSO's precedence relative to other PSOs. "
+ "Lower precedence is better (<integer>).")),
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
@@ -464,19 +482,23 @@ class cmd_domain_pwdsettings_pso_set(Command):
# we expect the user to specify at least one password-policy setting
num_pwd_args = num_options_in_args(pwd_settings_options, self.raw_argv)
if num_pwd_args == 0 and precedence is None:
- raise CommandError("Please specify at least one password policy setting. Try --help")
+ raise CommandError("Please specify at least one password policy "
+ "setting. Try --help")
if min_pwd_age is not None or max_pwd_age is not None:
- # if we're modifying either the max or min pwd-age, check the max is
- # always larger. We may have to fetch the PSO's setting to verify this
+ # if we're modifying either the max or min pwd-age, check the max
+ # is always larger. We may have to fetch the PSO's setting to
+ # verify this
res = samdb.search(pso_dn, scope=ldb.SCOPE_BASE,
attrs=['msDS-MinimumPasswordAge',
'msDS-MaximumPasswordAge'])
if min_pwd_age is None:
- min_pwd_age = timestamp_to_days(res[0]['msDS-MinimumPasswordAge'][0])
+ min_pwd_ticks = res[0]['msDS-MinimumPasswordAge'][0]
+ min_pwd_age = timestamp_to_days(min_pwd_ticks)
if max_pwd_age is None:
- max_pwd_age = timestamp_to_days(res[0]['msDS-MaximumPasswordAge'][0])
+ max_pwd_ticks = res[0]['msDS-MaximumPasswordAge'][0]
+ max_pwd_age = timestamp_to_days(max_pwd_ticks)
check_pso_constraints(max_pwd_age=max_pwd_age, min_pwd_age=min_pwd_age,
history_length=history_length,
@@ -516,8 +538,8 @@ class cmd_domain_pwdsettings_pso_delete(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
takes_args = ["psoname"]
@@ -556,8 +578,8 @@ class cmd_domain_pwdsettings_pso_list(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
@@ -574,7 +596,8 @@ class cmd_domain_pwdsettings_pso_list(Command):
# an unprivileged search against Windows returns nothing here. On Samba
# we get the PSO names, but not their attributes
if len(res) == 0 or 'msDS-PasswordSettingsPrecedence' not in res[0]:
- self.outf.write("No PSOs are present, or you don't have permission to view them.\n")
+ self.outf.write("No PSOs are present, or you don't have permission"
+ " to view them.\n")
return
# sort the PSOs so they're displayed in order of precedence
@@ -600,8 +623,8 @@ class cmd_domain_pwdsettings_pso_show(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
takes_args = ["psoname"]
@@ -630,8 +653,8 @@ class cmd_domain_pwdsettings_pso_show_user(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
takes_args = ["username"]
@@ -666,8 +689,8 @@ class cmd_domain_pwdsettings_pso_apply(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H")
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str)
]
takes_args = ["psoname", "user_or_group"]
@@ -696,7 +719,8 @@ class cmd_domain_pwdsettings_pso_apply(Command):
target_dn = str(res[0].dn)
m = ldb.Message()
m.dn = ldb.Dn(samdb, pso_dn)
- m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, ldb.FLAG_MOD_ADD,
+ m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn,
+ ldb.FLAG_MOD_ADD,
"msDS-PSOAppliesTo")
try:
samdb.modify(m)
@@ -725,8 +749,8 @@ class cmd_domain_pwdsettings_pso_unapply(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H"),
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ metavar="URL", dest="H", type=str),
]
takes_args = ["psoname", "user_or_group"]
@@ -755,7 +779,8 @@ class cmd_domain_pwdsettings_pso_unapply(Command):
target_dn = str(res[0].dn)
m = ldb.Message()
m.dn = ldb.Dn(samdb, pso_dn)
- m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn, ldb.FLAG_MOD_DELETE,
+ m["msDS-PSOAppliesTo"] = ldb.MessageElement(target_dn,
+ ldb.FLAG_MOD_DELETE,
"msDS-PSOAppliesTo")
try:
samdb.modify(m)
diff --git a/python/samba/tests/pso.py b/python/samba/tests/pso.py
index 0d37108e060..57ec03e62b3 100644
--- a/python/samba/tests/pso.py
+++ b/python/samba/tests/pso.py
@@ -56,8 +56,9 @@ class TestUser:
if hist_len == 0:
return self.all_old_passwords[:]
- # just exclude our pwd_history if there's not much in it. This can happen
- # if we've been using a lower PasswordHistoryLength setting previously
+ # just exclude our pwd_history if there's not much in it. This can
+ # happen if we've been using a lower PasswordHistoryLength setting
+ # previously
hist_len = min(len(self.pwd_history), hist_len)
# return any passwords up to the nth-from-last item
@@ -67,8 +68,9 @@ class TestUser:
"""Updates the user's password history to reflect a password change"""
# we maintain 2 lists: all passwords the user has ever had, and an
# effective password-history that should roughly mirror the DC.
- # pwd_history_change() handles the corner-case where we need to truncate
- # password-history due to PasswordHistoryLength settings changes
+ # pwd_history_change() handles the corner-case where we need to
+ # truncate password-history due to PasswordHistoryLength settings
+ # changes
if new_password in self.all_old_passwords:
self.all_old_passwords.remove(new_password)
self.all_old_passwords.append(new_password)
@@ -102,15 +104,16 @@ add: userPassword
userPassword: %s
""" % (self.dn, self.get_password(), new_password)
# this modify will throw an exception if new_password doesn't meet the
- # PSO constraints (which the test code catches if it's expected to fail)
+ # PSO constraints (which the test code catches if it's expected to
+ # fail)
self.ldb.modify_ldif(ldif)
self.update_pwd_history(new_password)
def pwd_history_change(self, old_hist_len, new_hist_len):
"""
- Updates what in the password history will take effect, to reflect changes
- on the DC. When the PasswordHistoryLength applied to a user changes from
- a low setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4
+ Updates the effective password history, to reflect changes on the DC.
+ When the PasswordHistoryLength applied to a user changes from a low
+ setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4
won't actually have been stored on the DC, so we need to make sure they
are removed them from our mirror pwd_history list.
"""
@@ -267,4 +270,3 @@ msDS-PasswordSettingsPrecedence: %u
""" % (self.dn, new_precedence)
samdb.modify_ldif(ldif)
self.precedence = new_precedence
-
diff --git a/python/samba/tests/samba_tool/passwordsettings.py b/python/samba/tests/samba_tool/passwordsettings.py
index 9c934b41dc9..e29c76c730d 100644
--- a/python/samba/tests/samba_tool/passwordsettings.py
+++ b/python/samba/tests/samba_tool/passwordsettings.py
@@ -31,8 +31,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
self.user_auth = "-U%s%%%s" % (os.environ["DC_USERNAME"],
os.environ["DC_PASSWORD"])
self.ldb = self.getSamDB("-H", self.server, self.user_auth)
- self.pso_container = \
- "CN=Password Settings Container,CN=System,%s" % self.ldb.domain_dn()
+ system_dn = "CN=System,%s" % self.ldb.domain_dn()
+ self.pso_container = "CN=Password Settings Container,%s" % system_dn
self.obj_cleanup = []
def tearDown(self):
@@ -48,9 +48,12 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
dn = "CN=%s,%s" % (pso_name, self.pso_container)
pso_attrs = ['name', 'msDS-PasswordSettingsPrecedence',
'msDS-PasswordReversibleEncryptionEnabled',
- 'msDS-PasswordHistoryLength', 'msDS-MinimumPasswordLength',
- 'msDS-PasswordComplexityEnabled', 'msDS-MinimumPasswordAge',
- 'msDS-MaximumPasswordAge', 'msDS-LockoutObservationWindow',
+ 'msDS-PasswordHistoryLength',
+ 'msDS-MinimumPasswordLength',
+ 'msDS-PasswordComplexityEnabled',
+ 'msDS-MinimumPasswordAge',
+ 'msDS-MaximumPasswordAge',
+ 'msDS-LockoutObservationWindow',
'msDS-LockoutThreshold', 'msDS-LockoutDuration']
res = self.ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=pso_attrs)
self.assertEquals(len(res), 1, "PSO lookup failed")
@@ -67,8 +70,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
# check the PSO's settings match the search results
self.assertEquals(str(res[0]['msDS-PasswordComplexityEnabled'][0]),
complexity_str)
- self.assertEquals(str(res[0]['msDS-PasswordReversibleEncryptionEnabled'][0]),
- plaintext_str)
+ plaintext_res = res[0]['msDS-PasswordReversibleEncryptionEnabled'][0]
+ self.assertEquals(str(plaintext_res), plaintext_str)
self.assertEquals(int(res[0]['msDS-PasswordHistoryLength'][0]),
pso.history_len)
self.assertEquals(int(res[0]['msDS-MinimumPasswordLength'][0]),
@@ -89,13 +92,14 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
"pso", "show"), pso_name,
"-H", self.server,
self.user_auth)
- self.assertTrue(len(out.split(":")) >= 10, "Expect 10 fields displayed")
+ self.assertTrue(len(out.split(":")) >= 10,
+ "Expect 10 fields displayed")
# for a few settings, sanity-check the display is what we expect
self.assertIn("Minimum password length: %u" % pso.password_len, out)
self.assertIn("Password history length: %u" % pso.history_len, out)
- self.assertIn("lockout threshold (attempts): %u" % pso.lockout_attempts,
- out)
+ lockout_str = "lockout threshold (attempts): %u" % pso.lockout_attempts
+ self.assertIn(lockout_str, out)
def test_pso_create(self):
"""Tests basic PSO creation using the samba-tool"""
@@ -207,14 +211,14 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
pso_settings.precedence = 99
pso_settings.lockout_attempts = 10
pso_settings.lockout_duration = 60 * 17
- (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "pso", "set"), pso_name,
- "--precedence=99",
- "--account-lockout-threshold=10",
- "--account-lockout-duration=17",
- "-H", self.server,
- self.user_auth)
- self.assertCmdSuccess(result, out, err)
+ (res, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+ "pso", "set"), pso_name,
+ "--precedence=99",
+ "--account-lockout-threshold=10",
+ "--account-lockout-duration=17",
+ "-H", self.server,
+ self.user_auth)
+ self.assertCmdSuccess(res, out, err)
self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Successfully updated", out)
@@ -259,8 +263,8 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
# first check the samba-tool output tells us the correct PSO is applied
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "pso", "show-user"), user.name,
- "-H", self.server,
+ "pso", "show-user"),
+ user.name, "-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
self.assertEquals(err, "", "Shouldn't be any error messages")
@@ -363,19 +367,22 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "create"), "bad-perm",
"250", "--complexity=off",
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to modify PSO")
self.assertIn("Administrator permissions are needed", err)
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "delete"), pso_name,
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to delete PSO")
self.assertIn("You may not have permission", err)
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
"pso", "show"), pso_name,
- "-H", self.server, unpriv_auth)
+ "-H", self.server,
+ unpriv_auth)
self.assertCmdFail(result, "Need admin privileges to view PSO")
self.assertIn("You may not have permission", err)
@@ -420,9 +427,9 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
# check we can change the domain setting
self.addCleanup(self.ldb.set_minPwdLength, min_pwd_len)
new_len = int(min_pwd_len) + 3
+ min_pwd_args = "--min-pwd-length=%u" % new_len
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
- "set"),
- "--min-pwd-length=%u" % new_len,
+ "set"), min_pwd_args,
"-H", self.server,
self.user_auth)
self.assertCmdSuccess(result, out, err)
@@ -437,4 +444,3 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
self.assertCmdSuccess(result, out, err)
self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Minimum password length: %u" % new_len, out)
-
View Lorry Controller Status