HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux spn-python 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64
User: arjun (1000)
PHP: 8.1.2-1ubuntu2.20
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/samba/tests/samba_tool/__pycache__/passwordsettings.cpython-310.pyc
o

�/a2b�@s@ddlZddlZddlmZddlmZmZGdd�de�ZdS)�N)�SambaToolCmdTest)�PasswordSettings�TestUsercs|eZdZdZ�fdd�Z�fdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Z�ZS)�PwdSettingsCmdTestCasez:Tests for 'samba-tool domain passwordsettings' subcommandscsntt|���dtjd|_dtjdtjdf|_|�d|j|j�|_d|j�	�}d||_
g|_dS)	Nz	ldap://%s�	DC_SERVER�-U%s%%%s�DC_USERNAME�DC_PASSWORD�-HzCN=System,%sz!CN=Password Settings Container,%s)�superr�setUp�os�environ�server�	user_auth�getSamDB�ldb�	domain_dn�
pso_container�obj_cleanup)�self�	system_dn��	__class__��I/usr/lib/python3/dist-packages/samba/tests/samba_tool/passwordsettings.pyrs
�

zPwdSettingsCmdTestCase.setUpcs*tt|���|jD]}|j�|�q
dS)N)rr�tearDownrr�delete)r�dnrrrr&s
�zPwdSettingsCmdTestCase.tearDowncCs2d||jf}gd�}|jj|tj|d�}|�t|�dd�|jr#dnd}|jr*dnd}t|j	d�}t|j
d�}	t|jd�}
t|jd�}|�t
|d	d
d	�|�|d	dd	}|�t
|�|�|�t|d	dd	�|j�|�t|d	d
d	�|j�|�t|d	dd	�|
�|�t|d	dd	�|�|�t|d	dd	�|	�|�t|d	dd	�|�|�t|d	dd	�|j�|�t|d	dd	�|j�|�dd|d|j|j�\}
}}|�t|�d��dkd�|�d|j|�|�d|j|�d|j}|�||�dS)z5Checks the PSO info in the DB matches what's expected�CN=%s,%s)�name�msDS-PasswordSettingsPrecedence�(msDS-PasswordReversibleEncryptionEnabled�msDS-PasswordHistoryLength�msDS-MinimumPasswordLength�msDS-PasswordComplexityEnabled�msDS-MinimumPasswordAge�msDS-MaximumPasswordAge�msDS-LockoutObservationWindow�msDS-LockoutThreshold�msDS-LockoutDuration��scope�attrs�zPSO lookup failed�TRUE�FALSEg�cArr%r"r#r$r&r'r(r*r)r!�domain��passwordsettings�pso�showr
�:�
zExpect 10 fields displayed�Minimum password length: %uzPassword history length: %uz lockout threshold (attempts): %uN)rr�search�
SCOPE_BASE�assertEqual�len�
complexity�store_plaintext�int�lockout_duration�lockout_window�password_age_min�password_age_max�str�history_len�password_len�lockout_attempts�
precedence�runsublevelcmdrr�
assertTrue�split�assertIn)r�pso_namer4r�	pso_attrs�res�complexity_str�
plaintext_strr@rA�min_age�max_age�
plaintext_res�result�out�err�lockout_strrrr�	check_pso,s^	�������
��
z PwdSettingsCmdTestCase.check_psocCs�td|j�}d|_d|_d}|�dd|ddd	|j|j�\}}}|j�d
||j	f�|�
|||�|�|dd�|�d
|�|�
||�|�dd|ddd	|j|j�\}}}|�|d�|�d|�d}|�dd|dd	|j|j�\}}}|�|d�|�d|�d|_d|_d|_d|_d}d||_d||_|�dd|ddddddd	|j|j�\}}}|j�d
||j	f�|�
|||�|�|dd�|�d
|�|�
||�|�ddd	|j|j�\}}}|�
|||�|�d|�|�d|�dS)z-Tests basic PSO creation using the samba-toolNF�dztest-create-PSOr1�r3r4�create�100�--complexity=offr
r��Shouldn't be any error messages�successfully createdz)Ensure that create for existing PSO failszalready existsztest-create-PSO2z,specify at least one password policy settingT�2�i�Q��50z--complexity=onz--store-plaintext=onz--min-pwd-length=12z--min-pwd-age=11z--max-pwd-age=50�r3r4�list)rrr=rHrIrrr�appendr�assertCmdSuccessr;rLrY�
assertCmdFailr>rFrBrC)r�expected_psorMrUrVrW�day_in_secsrrr�test_pso_createhsx
�
�
�


�	
�z&PwdSettingsCmdTestCase.test_pso_createc
Cs�td|j�}||_d|_d|_|�dd|ddd|j|j�\}}}d	||jf|_	|j
�|j	�|�|||�|�
|d
d�|�d|�|�||�|S)
z$Creates a PSO for use in other testsNr7��r1r[�200z--min-pwd-length=10r
rr_r`ra)rrr rFrHrIrrrrrrhrir;rLrY)rrM�pso_settingsrUrVrWrrr�_create_pso�s"
�z"PwdSettingsCmdTestCase._create_psocCs|d}|�|�}d|_d|_d|_|�dd|ddd	d
|j|j�	\}}}|�|||�|�|dd�|�	d
|�|�
||�dS)z.Tests we can modify a PSO using the samba-toolztest-set-PSO�cr7i�r1�r3r4�setz--precedence=99z--account-lockout-threshold=10z--account-lockout-duration=17r
r_r`zSuccessfully updatedN)rqrHrGr@rIrrrir;rLrY)rrMrprOrVrWrrr�test_pso_set�s"

�z#PwdSettingsCmdTestCase.test_pso_setc	
Csd}|�|�|�dd|d|j|j�\}}}|�|||�|�|dd�|�d|�d||jf}|j�	|�z|j
j|t
jd	gd
�|�
d�Wnt
jyh}z|j\}}|�|t
j�WYd}~nd}~ww|�dd|d|j|j�\}}}|�|d
�|�d|�dS)z.Tests we can delete a PSO using the samba-toolztest-delete-PSOr1�r3r4rr
r_r`zDeleted PSOrr r+zPSO shouldn't existNz(Deleteing a non-existent PSO should failzUnable to find PSO)rqrIrrrir;rLrr�removerr9r:�fail�LdbError�args�ERR_NO_SUCH_OBJECTrj)	rrMrUrVrWr�e�enum�estrrrr�test_pso_delete�s6

�
��
�z&PwdSettingsCmdTestCase.test_pso_deletecCs�|�dd|jd|j|j�\}}}|�|||�|�|dd�|dur)|�d|�n|�|j|�|dur>|�|��d�dS|�|��|j�dS)z6Checks that the correct PSO is applied to a given userr1)r3r4z	show-userr
r_r`NzNo PSO applies to user)	rIr rrrir;rL�get_resultant_PSOr)r�userr4rUrVrWrrr�check_pso_applieds

�z(PwdSettingsCmdTestCase.check_pso_appliedc
	Csd}|�|�}td|j�}|j�|j�|j|dd�d}d||j��f}|j�|d|d��|j�|�t�	�}t�
|j|�|_t�|jtjd	�|d	<|j�
|�|�d
d||d|j|j�\}}}	|�|||	�|�|	d
d�|j||d�|�d
d||d|j|j�\}}}	|�|d�|�d|	�|�d
d||jd|j|j�\}}}	|�|||	�|�|	d
d�|j||d�|�d
d||d|j|j�\}}}	|�|||	�|�|	d
d�|j||d�|�d
d||jd|j|j�\}}}	|�|||	�|�|	d
d�|j|dd�dS)z+Checks we can apply/unapply a PSO to a userztest-apply-PSOz
test-PSO-userN)r4ztest-PSO-groupr�group)r�objectclass�sAMAccountName�memberr1�r3r4�applyr
r_r`z$Shouldn't be able to apply PSO twicezalready applies�r3r4�unapply)rqrrrrhrr�r�add�Message�Dn�MessageElement�FLAG_MOD_ADD�modifyrIrrrir;rjrLr )
rrM�test_psor��
group_namer�mrUrVrWrrr�test_pso_apply_to_usersl

�
�
�

�
�

�z-PwdSettingsCmdTestCase.test_pso_apply_to_userc
Cs�d}|�|�td|j�}|j�|j�d|j|��f}|�dd|dd|j	|�\}}}|�
|d�|�d	|�|�dd
dddd|j	|�\}}}|�
|d�|�d
|�|�dd|d|j	|�\}}}|�
|d�|�d	|�|�dd|d|j	|�\}}}|�
|d�|�d	|�|�dd||jd|j	|�\}}}|�
|d�|�d	|�|�dd||jd|j	|�\}}}|�
|d�|�d	|�|�ddd|j	|�\}}}|�|||�|�d|�|�d|�dS)z:Checks unprivileged users can't modify PSOs via samba-toolztest-unpriv-PSOztest-unpriv-userrr1rsr^r
z#Need admin privileges to modify PSOzYou may not have permissionr[zbad-perm�250z$Administrator permissions are neededrvz#Need admin privileges to delete PSOr2z!Need admin privileges to view PSOr�r�rfzNo PSOs�
permissionN)
rqrrrrhrr �get_passwordrIrrjrLri)rrMr��unpriv_authrUrVrWrrr�test_pso_unpriv]sn

�
�
�
�

�

�
�z&PwdSettingsCmdTestCase.test_pso_unprivcCs|�ddd|j|j�\}}}|�|||�|�|dd�|j��}|�d||�|�|jj	|�t
|�d}d|}|�dd	|d|j|j�\}}}|�|||�|�|dd�|�d
|�|�||j���|�ddd|j|j�\}}}|�|||�|�|dd�|�d||�dS)
z@Checks the 'set/show' commands for the domain settings (non-PSO)r1)r3r5r
r_r`zMinimum password length: %s�z--min-pwd-length=%u�r3rt�
successfulr8N)rIrrrir;r�get_minPwdLengthrL�
addCleanup�set_minPwdLengthr?)rrUrVrW�min_pwd_len�new_len�min_pwd_argsrrr�test_domain_passwordsettings�s6
�

�
�z3PwdSettingsCmdTestCase.test_domain_passwordsettingscCs*|j��}|�|jj|�d}|�dd|d|j|j�\}}}|�|||�|�|dd�|�	d|�|�
||j���|j��}|�|jj|�d}|�dd|d|j|j�\}}}|�
|d	�|�	d
|�d}|�dd|d|j|j�\}}}|�|||�|�|dd�|�	d|�|�
||j���dS)
z>Checks the 'set' command for the domain password age (non-PSO)z--max-pwd-age=270r1r�r
r_r`r�z--min-pwd-age=271z(minPwdAge > maxPwdAge should be rejectedzMaximum password agez--min-pwd-age=269N)r�
get_maxPwdAger��
set_maxPwdAgerIrrrir;rL�assertNotEquals�
get_minPwdAge�
set_minPwdAgerj)r�max_pwd_age�max_pwd_argsrUrVrW�min_pwd_ager�rrr�#test_domain_passwordsettings_pwdage�s@

�

�
�z:PwdSettingsCmdTestCase.test_domain_passwordsettings_pwdage)�__name__�
__module__�__qualname__�__doc__rrrYrmrqrurr�r�r�r�r��
__classcell__rrrrrs
<K!C@#r)r
r�samba.tests.samba_tool.baser�samba.tests.psorrrrrrr�<module>s