From: Nadezhda Ivanova <nivanova@samba.org>
Date: Thu, 8 Jul 2010 12:38:16 +0000 (+0300)
Subject: Added a test to prove by default users can change each other's pass if the old is... 
X-Git-Url: http://git.samba.org/?p=abartlet%2Fsamba.git%2F.git;a=commitdiff_plain;h=10c60f237223f805566a66293418bd1cf04a8f5e

Added a test to prove by default users can change each other's pass if the old is known
---

diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 31bcd31ae2d..471335f3426 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -1165,6 +1165,31 @@ userPassword: thatsAcomplPASS2
         else:
             self.fail()
 
+    def test_change_password7(self):
+        """Try a password change operation without any CARs given"""
+        #users have change password by default - remove for negative testing
+        desc = self.read_desc(self.get_user_dn(self.user_with_wp))
+        sddl = desc.as_sddl(self.domain_sid)
+        self.modify_desc(self.get_user_dn(self.user_with_wp), sddl)
+        #first change our own password
+        self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_pc) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')) + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')) + """
+""")
+        #then someone else's
+        self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')) + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+""")
+
     def test_reset_password1(self):
         """Try a user password reset operation (unicodePwd) before and after granting CAR"""
         try: