From 58cfa5a82519e2850cb400bb9f1e76d3dbfd3ff2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Mon, 1 Nov 2010 19:54:07 +0100 Subject: [PATCH] s4:passwords.py - test empty password attributes behaviour MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Autobuild-User: Matthias Dieter Wallnöfer Autobuild-Date: Mon Nov 8 12:09:56 UTC 2010 on sn-devel-104 --- source4/dsdb/tests/python/passwords.py | 155 ++++++++++++++++++++++++++++++++- 1 file changed, 154 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py index 19ebfb5d498..bb2fbd54527 100755 --- a/source4/dsdb/tests/python/passwords.py +++ b/source4/dsdb/tests/python/passwords.py @@ -28,7 +28,7 @@ from ldb import ERR_UNWILLING_TO_PERFORM, ERR_INSUFFICIENT_ACCESS_RIGHTS from ldb import ERR_NO_SUCH_ATTRIBUTE from ldb import ERR_CONSTRAINT_VIOLATION from ldb import Message, MessageElement, Dn -from ldb import FLAG_MOD_REPLACE, FLAG_MOD_DELETE +from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE from samba import gensec from samba.samdb import SamDB import samba.tests @@ -668,6 +668,159 @@ userPassword: thatsAcomplPASS4 "objectclass": "user", "userPassword": ["thatsAcomplPASS1", "thatsAcomplPASS1"] }) + def test_empty_passwords(self): + print "Performs some empty passwords testing" + + try: + self.ldb.add({ + "dn": "cn=testuser2,cn=users," + self.base_dn, + "objectclass": "user", + "unicodePwd": [] }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + try: + self.ldb.add({ + "dn": "cn=testuser2,cn=users," + self.base_dn, + "objectclass": "user", + "dBCSPwd": [] }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + try: + self.ldb.add({ + "dn": "cn=testuser2,cn=users," + self.base_dn, + "objectclass": "user", + "userPassword": [] }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + try: + self.ldb.add({ + "dn": "cn=testuser2,cn=users," + self.base_dn, + "objectclass": "user", + "clearTextPassword": [] }) + self.fail() + except LdbError, (num, _): + self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or + num == ERR_NO_SUCH_ATTRIBUTE) # for Windows + + self.delete_force(self.ldb, "cn=testuser2,cn=users," + self.base_dn) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["unicodePwd"] = MessageElement([], FLAG_MOD_ADD, "unicodePwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["dBCSPwd"] = MessageElement([], FLAG_MOD_ADD, "dBCSPwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["userPassword"] = MessageElement([], FLAG_MOD_ADD, "userPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["clearTextPassword"] = MessageElement([], FLAG_MOD_ADD, "clearTextPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or + num == ERR_NO_SUCH_ATTRIBUTE) # for Windows + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["unicodePwd"] = MessageElement([], FLAG_MOD_REPLACE, "unicodePwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["dBCSPwd"] = MessageElement([], FLAG_MOD_REPLACE, "dBCSPwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["userPassword"] = MessageElement([], FLAG_MOD_REPLACE, "userPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["clearTextPassword"] = MessageElement([], FLAG_MOD_REPLACE, "clearTextPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertTrue(num == ERR_UNWILLING_TO_PERFORM or + num == ERR_NO_SUCH_ATTRIBUTE) # for Windows + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["unicodePwd"] = MessageElement([], FLAG_MOD_DELETE, "unicodePwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["dBCSPwd"] = MessageElement([], FLAG_MOD_DELETE, "dBCSPwd") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["userPassword"] = MessageElement([], FLAG_MOD_DELETE, "userPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=testuser,cn=users," + self.base_dn) + m["clearTextPassword"] = MessageElement([], FLAG_MOD_DELETE, "clearTextPassword") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or + num == ERR_NO_SUCH_ATTRIBUTE) # for Windows + def tearDown(self): super(PasswordTests, self).tearDown() self.delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn) -- 2.11.4.GIT