diff options
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/dsdb/tests/python/password_lockout.py | 24 | ||||
-rwxr-xr-x | source4/dsdb/tests/python/sam.py | 48 | ||||
-rwxr-xr-x | source4/dsdb/tests/python/user_account_control.py | 60 |
3 files changed, 85 insertions, 47 deletions
diff --git a/source4/dsdb/tests/python/password_lockout.py b/source4/dsdb/tests/python/password_lockout.py index be688475af2..72455acd04f 100755 --- a/source4/dsdb/tests/python/password_lockout.py +++ b/source4/dsdb/tests/python/password_lockout.py @@ -1069,9 +1069,9 @@ unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """ logonCount=0, lastLogon=0, lastLogonTimestamp=('absent', None), - userAccountControl=dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, + userAccountControl=(dsdb.UF_NORMAL_ACCOUNT | + dsdb.UF_ACCOUNTDISABLE | + dsdb.UF_PASSWD_NOTREQD), msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED) # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present. @@ -1084,9 +1084,9 @@ unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """ logonCount=0, lastLogon=0, lastLogonTimestamp=('absent', None), - userAccountControl=dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, + userAccountControl=(dsdb.UF_NORMAL_ACCOUNT | + dsdb.UF_ACCOUNTDISABLE | + dsdb.UF_PASSWD_NOTREQD), msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED) # Tests a password change when we don't have any password yet with a @@ -1114,9 +1114,9 @@ userPassword: thatsAcomplPASS2 logonCount=0, lastLogon=0, lastLogonTimestamp=('absent', None), - userAccountControl=dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, + userAccountControl=(dsdb.UF_NORMAL_ACCOUNT | + dsdb.UF_ACCOUNTDISABLE | + dsdb.UF_PASSWD_NOTREQD), msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED) badPwdCount = int(res[0]["badPwdCount"][0]) badPasswordTime = int(res[0]["badPasswordTime"][0]) @@ -1139,9 +1139,9 @@ userPassword: """ + userpass + """ logonCount=0, lastLogon=0, lastLogonTimestamp=('absent', None), - userAccountControl=dsdb.UF_NORMAL_ACCOUNT | - dsdb.UF_ACCOUNTDISABLE | - dsdb.UF_PASSWD_NOTREQD, + userAccountControl=(dsdb.UF_NORMAL_ACCOUNT | + dsdb.UF_ACCOUNTDISABLE | + dsdb.UF_PASSWD_NOTREQD), msDSUserAccountControlComputed=0) # Enables the user account diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py index 58d5edb7b1f..9a5e2535096 100755 --- a/source4/dsdb/tests/python/sam.py +++ b/source4/dsdb/tests/python/sam.py @@ -219,19 +219,22 @@ class SamTests(samba.tests.TestCase): ldb.add({ "dn": "cn=ldaptestuser,cn=users," + self.base_dn, "objectclass": "computer", - "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD)}) + "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD)}) res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn, scope=SCOPE_BASE, attrs=["primaryGroupID"]) self.assertTrue(len(res1) == 1) - self.assertEquals(res1[0]["primaryGroupID"][0], str(DOMAIN_RID_DOMAIN_MEMBERS)) + self.assertEquals(res1[0]["primaryGroupID"][0], + str(DOMAIN_RID_DOMAIN_MEMBERS)) delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) ldb.add({ "dn": "cn=ldaptestuser,cn=users," + self.base_dn, "objectclass": "computer", - "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT | UF_PASSWD_NOTREQD)}) + "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD)}) res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn, scope=SCOPE_BASE, attrs=["primaryGroupID"]) @@ -246,7 +249,9 @@ class SamTests(samba.tests.TestCase): ldb.add({ "dn": "cn=ldaptestuser,cn=users," + self.base_dn, "objectclass": "computer", - "userAccountControl": str(UF_PARTIAL_SECRETS_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD)}) + "userAccountControl": str(UF_PARTIAL_SECRETS_ACCOUNT | + UF_WORKSTATION_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD)}) res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn, scope=SCOPE_BASE, attrs=["primaryGroupID"]) @@ -264,7 +269,9 @@ class SamTests(samba.tests.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE, + m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | + UF_PASSWD_NOTREQD), + FLAG_MOD_REPLACE, "userAccountControl") ldb.modify(m) @@ -289,7 +296,9 @@ class SamTests(samba.tests.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE, + m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD), + FLAG_MOD_REPLACE, "userAccountControl") ldb.modify(m) @@ -300,7 +309,9 @@ class SamTests(samba.tests.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE, + m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD), + FLAG_MOD_REPLACE, "userAccountControl") ldb.modify(m) @@ -314,7 +325,10 @@ class SamTests(samba.tests.TestCase): # we have a fallback in the assertion) m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - m["userAccountControl"] = MessageElement(str(UF_PARTIAL_SECRETS_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_REPLACE, + m["userAccountControl"] = MessageElement(str(UF_PARTIAL_SECRETS_ACCOUNT | + UF_WORKSTATION_TRUST_ACCOUNT | + UF_PASSWD_NOTREQD), + FLAG_MOD_REPLACE, "userAccountControl") ldb.modify(m) @@ -676,7 +690,9 @@ class SamTests(samba.tests.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_ADD, + m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | + UF_PASSWD_NOTREQD), + FLAG_MOD_ADD, "userAccountControl") try: ldb.modify(m) @@ -1914,7 +1930,10 @@ class SamTests(samba.tests.TestCase): ldb.add({ "dn": "cn=ldaptestuser,cn=users," + self.base_dn, "objectclass": "user", - "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)}) + "userAccountControl": str(UF_NORMAL_ACCOUNT | + UF_PASSWD_NOTREQD | + UF_LOCKOUT | + UF_PASSWORD_EXPIRED)}) res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn, scope=SCOPE_BASE, @@ -2199,7 +2218,10 @@ class SamTests(samba.tests.TestCase): ldb.add({ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn, "objectclass": "computer", - "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)}) + "userAccountControl": str(UF_NORMAL_ACCOUNT | + UF_PASSWD_NOTREQD | + UF_LOCKOUT | + UF_PASSWORD_EXPIRED)}) res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn, scope=SCOPE_BASE, @@ -2464,7 +2486,9 @@ class SamTests(samba.tests.TestCase): ldb.add({ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn, "objectclass": "user", - "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)}) + "userAccountControl": str(UF_NORMAL_ACCOUNT | + UF_PASSWD_NOTREQD | + UF_ACCOUNTDISABLE)}) res1 = ldb.search("cn=ldaptestuser2,cn=users," + self.base_dn, scope=SCOPE_BASE, diff --git a/source4/dsdb/tests/python/user_account_control.py b/source4/dsdb/tests/python/user_account_control.py index dd3276add98..fc5a962b3d9 100755 --- a/source4/dsdb/tests/python/user_account_control.py +++ b/source4/dsdb/tests/python/user_account_control.py @@ -233,7 +233,8 @@ class UserAccountControlTests(samba.tests.TestCase): m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT), + m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT | + samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT), ldb.FLAG_MOD_REPLACE, "userAccountControl") try: self.samdb.modify(m) @@ -296,7 +297,8 @@ class UserAccountControlTests(samba.tests.TestCase): m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT), + m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT | + samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT), ldb.FLAG_MOD_REPLACE, "userAccountControl") try: self.samdb.modify(m) @@ -342,11 +344,15 @@ class UserAccountControlTests(samba.tests.TestCase): scope=SCOPE_SUBTREE, attrs=["userAccountControl"]) - self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD) + self.assertEqual(int(res[0]["userAccountControl"][0]), (UF_NORMAL_ACCOUNT | + UF_ACCOUNTDISABLE | + UF_PASSWD_NOTREQD)) m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT |UF_PARTIAL_SECRETS_ACCOUNT |UF_TRUSTED_FOR_DELEGATION), + m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT | + UF_PARTIAL_SECRETS_ACCOUNT | + UF_TRUSTED_FOR_DELEGATION), ldb.FLAG_MOD_REPLACE, "userAccountControl") try: self.admin_samdb.modify(m) @@ -357,7 +363,8 @@ class UserAccountControlTests(samba.tests.TestCase): m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT |UF_PARTIAL_SECRETS_ACCOUNT), + m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT | + UF_PARTIAL_SECRETS_ACCOUNT), ldb.FLAG_MOD_REPLACE, "userAccountControl") self.admin_samdb.modify(m) @@ -366,7 +373,8 @@ class UserAccountControlTests(samba.tests.TestCase): scope=SCOPE_SUBTREE, attrs=["userAccountControl"]) - self.assertEqual(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT |UF_PARTIAL_SECRETS_ACCOUNT) + self.assertEqual(int(res[0]["userAccountControl"][0]), (UF_WORKSTATION_TRUST_ACCOUNT | + UF_PARTIAL_SECRETS_ACCOUNT)) m = ldb.Message() m.dn = res[0].dn m["userAccountControl"] = ldb.MessageElement(str(UF_ACCOUNTDISABLE), @@ -417,7 +425,7 @@ class UserAccountControlTests(samba.tests.TestCase): for bit in bits: m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(bit |UF_PASSWD_NOTREQD), + m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD), ldb.FLAG_MOD_REPLACE, "userAccountControl") try: self.samdb.modify(m) @@ -491,7 +499,7 @@ class UserAccountControlTests(samba.tests.TestCase): m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(bit |UF_PASSWD_NOTREQD), + m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD), ldb.FLAG_MOD_REPLACE, "userAccountControl") try: self.admin_samdb.modify(m) @@ -517,17 +525,23 @@ class UserAccountControlTests(samba.tests.TestCase): attrs=["userAccountControl"]) if bit in ignored_bits: - self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT |UF_PASSWD_NOTREQD, "Bit 0x%08x shouldn't stick" % bit) + self.assertEqual(int(res[0]["userAccountControl"][0]), + UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD, + "Bit 0x%08x shouldn't stick" % bit) else: if bit in account_types: - self.assertEqual(int(res[0]["userAccountControl"][0]), bit |UF_PASSWD_NOTREQD, "Bit 0x%08x didn't stick" % bit) + self.assertEqual(int(res[0]["userAccountControl"][0]), + bit | UF_PASSWD_NOTREQD, + "Bit 0x%08x didn't stick" % bit) else: - self.assertEqual(int(res[0]["userAccountControl"][0]), bit |UF_NORMAL_ACCOUNT |UF_PASSWD_NOTREQD, "Bit 0x%08x didn't stick" % bit) + self.assertEqual(int(res[0]["userAccountControl"][0]), + bit | UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD, + "Bit 0x%08x didn't stick" % bit) try: m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(bit |UF_PASSWD_NOTREQD |UF_ACCOUNTDISABLE), + m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE), ldb.FLAG_MOD_REPLACE, "userAccountControl") self.samdb.modify(m) @@ -542,28 +556,28 @@ class UserAccountControlTests(samba.tests.TestCase): if bit in account_types: self.assertEqual(int(res[0]["userAccountControl"][0]), - bit |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should have been added (0X%08x vs 0X%08x)" % (bit, int(res[0]["userAccountControl"][0]), - bit |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD)) + bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)) elif bit in ignored_bits: self.assertEqual(int(res[0]["userAccountControl"][0]), - UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should have been added (0X%08x vs 0X%08x)" % (bit, int(res[0]["userAccountControl"][0]), - UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD)) + UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)) else: self.assertEqual(int(res[0]["userAccountControl"][0]), - bit |UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should have been added (0X%08x vs 0X%08x)" % (bit, int(res[0]["userAccountControl"][0]), - bit |UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD)) + bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)) try: m = ldb.Message() m.dn = res[0].dn - m["userAccountControl"] = ldb.MessageElement(str(UF_PASSWD_NOTREQD |UF_ACCOUNTDISABLE), + m["userAccountControl"] = ldb.MessageElement(str(UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE), ldb.FLAG_MOD_REPLACE, "userAccountControl") self.samdb.modify(m) if bit in priv_to_remove_bits: @@ -584,15 +598,15 @@ class UserAccountControlTests(samba.tests.TestCase): if bit in priv_to_remove_bits: if bit in account_types: self.assertEqual(int(res[0]["userAccountControl"][0]), - bit |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should not have been removed" % bit) else: self.assertEqual(int(res[0]["userAccountControl"][0]), - bit |UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should not have been removed" % bit) else: self.assertEqual(int(res[0]["userAccountControl"][0]), - UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_PASSWD_NOTREQD, + UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD, "bit 0X%08x should have been removed" % bit) def test_uac_bits_unrelated_modify_normal(self): @@ -693,7 +707,7 @@ class UserAccountControlTests(samba.tests.TestCase): computername = self.computernames[0] self.add_computer_ldap(computername, - others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT |UF_PARTIAL_SECRETS_ACCOUNT)]}, + others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)]}, samdb=self.admin_samdb) res = self.admin_samdb.search("%s" % self.base_dn, expression="(&(objectClass=computer)(samAccountName=%s$))" % computername, |