The branch, master has been updated via 75f5c3c... s4-net: allow a username to be displayed in setpassword errors via 046c582... s4-net: nicer error message (and no exception) via 22d7a06... s4-test: added KRB5_CONFIG to selftest-vars.sh via 48330c8... s4-test: check that a weak password is rejected by kpasswd from a7f8c19... s4:rootdse: only return "tokenGroups", when the client asked for them
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 75f5c3cd97e90ba19dde3d3d3b3679d5e14abe8c Author: Andrew Tridgell <tri...@samba.org> Date: Thu Apr 15 17:15:25 2010 +1000 s4-net: allow a username to be displayed in setpassword errors the filter is a bit too cryptic Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 046c5824e4f28d07c96e5ad21bef415cfdcf090e Author: Andrew Tridgell <tri...@samba.org> Date: Thu Apr 15 17:14:46 2010 +1000 s4-net: nicer error message (and no exception) in net newuser and net setpasswd we shouldn't be throwing python exceptions on normal user errors like unknown user Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 22d7a06522088e86eb19b104f24cdf19e576a668 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Apr 15 17:13:37 2010 +1000 s4-test: added KRB5_CONFIG to selftest-vars.sh commit 48330c828e5058823c6df09736e8e8eaefdd6565 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Apr 15 16:25:50 2010 +1000 s4-test: check that a weak password is rejected by kpasswd Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/scripting/devel/selftest-vars.sh | 1 + source4/scripting/python/samba/netcmd/newuser.py | 10 ++++- .../scripting/python/samba/netcmd/setpassword.py | 12 ++++- source4/scripting/python/samba/samdb.py | 7 +++- testprogs/blackbox/test_passwords.sh | 44 ++++++++++++++++++++ 5 files changed, 68 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/devel/selftest-vars.sh b/source4/scripting/devel/selftest-vars.sh index 9a194f1..1ee9eb3 100644 --- a/source4/scripting/devel/selftest-vars.sh +++ b/source4/scripting/devel/selftest-vars.sh @@ -7,3 +7,4 @@ export SOCKET_WRAPPER_DIR=./st/w export UID_WRAPPER=1 export NSS_WRAPPER_PASSWD=st/dc/passwd export NSS_WRAPPER_GROUP=st/dc/group +export KRB5_CONFIG=st/dc/etc/krb5.conf diff --git a/source4/scripting/python/samba/netcmd/newuser.py b/source4/scripting/python/samba/netcmd/newuser.py index 3815219..f3babfe 100644 --- a/source4/scripting/python/samba/netcmd/newuser.py +++ b/source4/scripting/python/samba/netcmd/newuser.py @@ -21,6 +21,7 @@ import samba.getopt as options from samba.netcmd import Command, Option +import sys, ldb from getpass import getpass from samba.auth import system_session @@ -61,5 +62,10 @@ class cmd_newuser(Command): samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - samdb.newuser(username, unixname, password, - force_password_change_at_next_login_req=must_change_at_next_login) + try: + samdb.newuser(username, unixname, password, + force_password_change_at_next_login_req=must_change_at_next_login) + except ldb.LdbError, (num, msg): + print('Failed to create user "%s" : %s' % (username, msg)) + sys.exit(1) + diff --git a/source4/scripting/python/samba/netcmd/setpassword.py b/source4/scripting/python/samba/netcmd/setpassword.py index c4a9b00..a1fe75c 100644 --- a/source4/scripting/python/samba/netcmd/setpassword.py +++ b/source4/scripting/python/samba/netcmd/setpassword.py @@ -22,7 +22,7 @@ import samba.getopt as options from samba.netcmd import Command, CommandError, Option - +import sys from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB @@ -68,5 +68,11 @@ class cmd_setpassword(Command): samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - samdb.setpassword(filter, password, - force_change_at_next_login=must_change_at_next_login) + try: + samdb.setpassword(filter, password, + force_change_at_next_login=must_change_at_next_login, + username=username) + except: + print('Failed to set password for user "%s"' % username) + sys.exit(1) + diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 790cb2b..d41b3ec 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -153,7 +153,9 @@ pwdLastSet: 0 else: self.transaction_commit() - def setpassword(self, filter, password, force_change_at_next_login=False): + def setpassword(self, filter, password, + force_change_at_next_login=False, + username=None): """Sets the password for a user Note: This call uses the "userPassword" attribute to set the password. @@ -168,6 +170,9 @@ pwdLastSet: 0 try: res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=filter, attrs=[]) + if len(res) == 0: + print('Unable to find user "%s"' % (username or filter)) + raise assert(len(res) == 1) user_dn = res[0].dn diff --git a/testprogs/blackbox/test_passwords.sh b/testprogs/blackbox/test_passwords.sh index 9a4c191..167c1b2 100755 --- a/testprogs/blackbox/test_passwords.sh +++ b/testprogs/blackbox/test_passwords.sh @@ -71,8 +71,52 @@ test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`exp USERPASS=$NEWUSERPASS +WEAKPASS=testpass1 newuserpass=testp...@03% +# password mismatch check doesn't work yet (kpasswd bug, reported to Love) +#echo "check that password mismatch gives the right error" +#cat > ./tmpkpasswdscript <<EOF +#expect Password +#password ${USERPASS}\n +#expect New password +#send ${WEAKPASS}\n +#expect New password +#send ${NEWUSERPASS}\n +#expect password mismatch +#EOF +# +#testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestu...@$realm || failed=`expr $failed + 1` + + +echo "check that a weak password is rejected" +cat > ./tmpkpasswdscript <<EOF +expect Password +password ${USERPASS}\n +expect New password +send ${WEAKPASS}\n +expect New password +send ${WEAKPASS}\n +expect Password does not meet complexity requirements +EOF + +testit "change to weak user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestu...@$realm || failed=`expr $failed + 1` + +echo "check that a short password is rejected" +cat > ./tmpkpasswdscript <<EOF +expect Password +password ${USERPASS}\n +expect New password +send xx1\n +expect New password +send xx1\n +expect Password too short +EOF + +testit "change to short user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestu...@$realm || failed=`expr $failed + 1` + + +echo "check that a strong new password is accepted" cat > ./tmpkpasswdscript <<EOF expect Password password ${USERPASS}\n -- Samba Shared Repository