Re: [SCM] Samba Shared Repository - branch master updated

Sat, 03 Jul 2010 13:17:17 -0700 

 On 03/07/2010 14:05, Matthias Dieter WallnXXfer wrote:

The branch, master has been updated
        via  43b0c31... s4:setup/provision_basedn_modify.ldif - set "minPwdAge" 
to the right value

We'll need to see how upgradeprovision handle this ...

        via  c0ee606... s4:pwsettings net utility - change also here the 
"minPwdAge" to be the real default
        via  73c69a1... s4:blackbox/test_passwords.sh - perform also here the adaptions 
for "minPwdAge" != 0
        via  ec9fa90... s4:dsdb/tests/passwords.py - set and reset the 
"minPwdAge" properly
       from  86cde0a... Tests for user-change-password and 
force-password-change access rights

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 43b0c314d80efdaec17d601929d3e6b0cdebcff0
Author: Matthias Dieter Wallnöfer<[email protected]>
Date:   Sat Jul 3 10:56:14 2010 +0200

     s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value

     Now we should have fixed all password related tests to cooperate with this 
value

commit c0ee606474ffb355e7c4e8dd70c773fe8904fa4b
Author: Matthias Dieter Wallnöfer<[email protected]>
Date:   Sat Jul 3 11:27:20 2010 +0200

     s4:pwsettings net utility - change also here the "minPwdAge" to be the 
real default

     Which is one day.

commit 73c69a195abc68146352da399418b9f64a6ca803
Author: Matthias Dieter Wallnöfer<[email protected]>
Date:   Sat Jul 3 11:23:39 2010 +0200

     s4:blackbox/test_passwords.sh - perform also here the adaptions for 
"minPwdAge" != 0

commit ec9fa906c79c4f71d0230dd57dfde6dd67f37201
Author: Matthias Dieter Wallnöfer<[email protected]>
Date:   Sat Jul 3 11:07:10 2010 +0200

     s4:dsdb/tests/passwords.py - set and reset the "minPwdAge" properly

     After a patch proposal of Nadya and some reflection I think that it's 
really
     worth to change all tests which need a "0" "minPwdAge" to set it manually 
and
     reset the default afterwards.

     So we can finally introduce the default "minPwdAge" on provision.

     Patch proposal by: Nadya Ivanova

-----------------------------------------------------------------------

Summary of changes:
  source4/dsdb/tests/python/passwords.py             |   23 ++++++++++++++++++-
  .../scripting/python/samba/netcmd/pwsettings.py    |    4 +-
  source4/setup/provision_basedn_modify.ldif         |    3 +-
  testprogs/blackbox/test_passwords.sh               |    4 +-
  4 files changed, 26 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/tests/python/passwords.py 
b/source4/dsdb/tests/python/passwords.py
index bf9e909..c288ed5 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -7,8 +7,6 @@
  # Notice: This tests will also work against Windows Server if the connection 
is
  # secured enough (SASL with a minimum of 128 Bit encryption) - consider
  # MS-ADTS 3.1.1.3.1.5
-#
-# Important: Make sure that the minimum password age is set to "0"!

  import optparse
  import sys
@@ -584,6 +582,11 @@ res = ldb.search(base="", expression="", scope=SCOPE_BASE,
                   attrs=["configurationNamingContext"])
  configuration_dn = res[0]["configurationNamingContext"][0]

+# Gets back the basedn
+res = ldb.search(base="", expression="", scope=SCOPE_BASE,
+                 attrs=["defaultNamingContext"])
+base_dn = res[0]["defaultNamingContext"][0]
+
  # Get the old "dSHeuristics" if it was set
  res = ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
                   + configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
@@ -600,6 +603,16 @@ m["dSHeuristics"] = MessageElement("000000001", 
FLAG_MOD_REPLACE,
    "dSHeuristics")
  ldb.modify(m)

+# Get the old "minPwdAge"
+res = ldb.search(base_dn, scope=SCOPE_BASE, attrs=["minPwdAge"])
+minPwdAge = res[0]["minPwdAge"][0]
+
+# Set it temporarely to "0"
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement("0", FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
  runner = SubunitTestRunner()
  rc = 0
  if not runner.run(unittest.makeSuite(PasswordTests)).wasSuccessful():
@@ -616,4 +629,10 @@ else:
      m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
  ldb.modify(m)

+# Reset the "minPwdAge" as it was before
+m = Message()
+m.dn = Dn(ldb, base_dn)
+m["minPwdAge"] = MessageElement(minPwdAge, FLAG_MOD_REPLACE, "minPwdAge")
+ldb.modify(m)
+
  sys.exit(rc)
diff --git a/source4/scripting/python/samba/netcmd/pwsettings.py 
b/source4/scripting/python/samba/netcmd/pwsettings.py
index f4f8270..bfec13c 100644
--- a/source4/scripting/python/samba/netcmd/pwsettings.py
+++ b/source4/scripting/python/samba/netcmd/pwsettings.py
@@ -55,7 +55,7 @@ class cmd_pwsettings(Command):
          Option("--min-pwd-length",
            help="The minimum password length (<integer>  | default).  Default is 
7.", type=str),
          Option("--min-pwd-age",
-          help="The minimum password age (<integer in days>  | default).  Default 
is 0.", type=str),
+          help="The minimum password age (<integer in days>  | default).  Default 
is 1.", type=str),
          Option("--max-pwd-age",
            help="The maximum password age (<integer in days>  | default).  Default 
is 43.", type=str),
            ]
@@ -142,7 +142,7 @@ class cmd_pwsettings(Command):

              if min_pwd_age is not None:
                  if min_pwd_age == "default":
-                    min_pwd_age = 0
+                    min_pwd_age = 1
                  else:
                      min_pwd_age = int(min_pwd_age)

diff --git a/source4/setup/provision_basedn_modify.ldif 
b/source4/setup/provision_basedn_modify.ldif
index b4f3016..53845f7 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -35,9 +35,8 @@ lockoutThreshold: 0
  replace: maxPwdAge
  maxPwdAge: -36288000000000
  -
-# "minPwdAge" is "0" in order to let the password change tests pass
  replace: minPwdAge
-minPwdAge: 0
+minPwdAge: -864000000000
  -
  replace: minPwdLength
  minPwdLength: 7
diff --git a/testprogs/blackbox/test_passwords.sh 
b/testprogs/blackbox/test_passwords.sh
index 167c1b2..de7e31e 100755
--- a/testprogs/blackbox/test_passwords.sh
+++ b/testprogs/blackbox/test_passwords.sh
@@ -48,6 +48,8 @@ test_smbclient() {
  CONFIG="--configfile=$PREFIX/dc/etc/smb.conf"
  export CONFIG

+testit "reset password policies beside of minimum password age of 0 days" 
$VALGRIND $net pwsettings $CONFIG set --complexity=default --history-length=default 
--min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 
1`
+
  userpass=testp...@01%

  testit "create user locally" $VALGRIND $newuser $CONFIG nettestuser $USERPASS 
$@ || failed=`expr $failed + 1`
@@ -161,8 +163,6 @@ USERPASS=$NEWUSERPASS

  test_smbclient "Test login with user kerberos" 'ls' -k yes 
-unettestu...@$realm%$newuserpass || failed=`expr $failed + 1`

-testit "reset password policies" $VALGRIND $net pwsettings set $CONFIG 
--complexity=default --history-length=default --min-pwd-length=default 
--min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
-
  NEWUSERPASS=abcdefg
  testit_expect_failure "try to set a non-complex password (command should not succeed)" $VALGRIND $net 
password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@&&  
failed=`expr $failed + 1`






--
Matthieu Patou
Samba Team        http://samba.org

Reply via email to