1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
3 # Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from samba.tests.samba_tool.base import SambaToolCmdTest
23 class UserCheckPwdTestCase(SambaToolCmdTest):
24 """Tests for samba-tool user subcommands"""
29 super(UserCheckPwdTestCase, self).setUp()
30 self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
31 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
32 self.old_min_pwd_age = self.samdb.get_minPwdAge()
33 self.samdb.set_minPwdAge("0")
36 super(UserCheckPwdTestCase, self).tearDown()
37 self.samdb.set_minPwdAge(self.old_min_pwd_age)
39 def _test_checkpassword(self, user, bad_password, good_password, desc):
41 (result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
42 "-H", "ldap://%s" % os.environ["DC_SERVER"],
43 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
44 self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
46 (result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
47 "-H", "ldap://%s" % os.environ["DC_SERVER"],
48 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
49 self.assertCmdSuccess(result, out, err, "Should succeed adding a user with good password.")
52 (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
53 "--newpassword=%s" % bad_password,
54 "-H", "ldap://%s" % os.environ["DC_SERVER"],
55 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
56 self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
58 (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
59 "--newpassword=%s" % good_password,
60 "-H", "ldap://%s" % os.environ["DC_SERVER"],
61 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
62 self.assertCmdSuccess(result, out, err, "Should succeed setting a user's password to a good one.")
66 (result, out, err) = self.runsubcmd("user", "password",
67 "--newpassword=%s" % bad_password,
68 "--ipaddress", os.environ["DC_SERVER_IP"],
69 "-U%s%%%s" % (user["name"], good_password))
70 self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
72 (result, out, err) = self.runsubcmd("user", "password",
73 "--newpassword=%s" % good_password + 'XYZ',
74 "--ipaddress", os.environ["DC_SERVER_IP"],
75 "-U%s%%%s" % (user["name"], good_password))
76 self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
78 def test_checkpassword_unacceptable(self):
80 user = self._randomUser()
81 bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
82 good_password = bad_password[:-1]
83 return self._test_checkpassword(user,
88 def test_checkpassword_username(self):
90 user = self._randomUser()
91 bad_password = user["name"]
92 good_password = bad_password[:-1]
93 return self._test_checkpassword(user,
98 def _randomUser(self, base={}):
99 """create a user with random attribute values, you can specify base attributes"""
101 "name": self.randomName(),