creds = self.creds2
other_ldb = self.ldb3
username = creds.get_username()
+ userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
res = self._check_account(userdn,
dn: """ + userdn + """
changetype: modify
delete: userPassword
-userPassword: thatsAcomplPASS1
+userPassword: """ + userpass + """
add: userPassword
userPassword: thatsAcomplPASS2
""")
add: unicodePwd
unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2x\"".encode('utf-16-le')) + """
""")
+ userpass = "thatsAcomplPASS2x"
+ creds.set_password(userpass)
res = self._check_account(userdn,
badPwdCount=0,
creds = self.creds2
other_ldb = self.ldb3
username = creds.get_username()
+ userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
res = self._check_account(userdn,
badPasswordTime = int(res[0]["badPasswordTime"][0])
# Correct old password
+ old_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+ invalid_utf16 = "\"thatsAcomplPASSX\"".encode('utf-16-le')
+ userpass = "thatsAcomplPASS2"
+ creds.set_password(userpass)
+ new_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+
other_ldb.modify_ldif("""
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(old_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
res = self._check_account(userdn,
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(old_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
msDSUserAccountControlComputed=0)
# Correct old password
+ old_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+ invalid_utf16 = "\"thatsAcomplPASSiX\"".encode('utf-16-le')
+ userpass = "thatsAcomplPASS2x"
+ creds.set_password(userpass)
+ new_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+
other_ldb.modify_ldif("""
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(old_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
res = self._check_account(userdn,
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
dn: """ + userdn + """
changetype: modify
delete: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(invalid_utf16) + """
add: unicodePwd
-unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+unicodePwd:: """ + base64.b64encode(new_utf16) + """
""")
self.fail()
except LdbError, (num, msg):
def _test_login_lockout(self, use_kerberos):
creds = self.creds2
username = creds.get_username()
+ userpass = creds.get_password()
userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
# This unlocks by waiting for account_lockout_duration
badPasswordTime = int(res[0]["badPasswordTime"][0])
# Correct old password
- creds_lockout.set_password("thatsAcomplPASS1")
+ creds_lockout.set_password(userpass)
ldb_lockout = SamDB(url=host_url, credentials=creds_lockout, lp=lp)
msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
# The correct password, but we are locked out
- creds_lockout.set_password("thatsAcomplPASS1")
+ creds_lockout.set_password(userpass)
try:
ldb_lockout = SamDB(url=host_url, credentials=creds_lockout, lp=lp)
self.fail()
# The correct password after letting the timeout expire
- creds_lockout.set_password("thatsAcomplPASS1")
+ creds_lockout.set_password(userpass)
creds_lockout2 = insta_creds(creds_lockout)
badPasswordTime = int(res[0]["badPasswordTime"][0])
# The correct password without letting the timeout expire
- creds_lockout.set_password("thatsAcomplPASS1")
+ creds_lockout.set_password(userpass)
ldb_lockout = SamDB(url=host_url, credentials=creds_lockout, lp=lp)
res = self._check_account(userdn,