a I_,@sLddlZddlmZmZmZddlmZmZGdddZGdddZdS)N)FLAG_MOD_DELETE FLAG_MOD_ADDFLAG_MOD_REPLACE)DOMAIN_PASSWORD_COMPLEXDOMAIN_PASSWORD_STORE_CLEARTEXTc@sVeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ dS)TestUserNcCsfd}||_||_d||pd|jf|_|g|_|g|_|jj|||d|jd|d|_dS)Nz Initial12#z CN=%s,%s,%szCN=Users)userouz(sAMAccountName=%s)) nameldb domain_dndnall_old_passwords pwd_historyZnewuserZenable_accountZlast_pso)selfZusernamesamdbrZinitial_passwordr1/usr/lib/python3/dist-packages/samba/tests/pso.py__init__s zTestUser.__init__cCs|dkr gS|j| dS)z0Returns the expected password history for the DCrN)rrhist_lenrrrold_invalid_passwords-szTestUser.old_invalid_passwordscCs6|dkr|jddStt|j|}|jd| S)zAReturns old passwords that fall outside the DC's expected historyrN)r minlenrrrrrold_valid_passwords5szTestUser.old_valid_passwordscCsH||jvr|j||j|||jvr8|j||j|dS)z@Updates the user's password history to reflect a password changeN)r removeappendr)r new_passwordrrrupdate_pwd_historyCs      zTestUser.update_pwd_historycCs<|jj|jdgd}d|dvr4t|dddSdSdS)z=Returns the DN of the applicable PSO, or None if none applieszmsDS-ResultantPSO)attrsrN)r searchr str)rresrrrget_resultant_PSORs zTestUser.get_resultant_PSOcCs |jdS)z#Returns the user's current password)r )rrrr get_password[szTestUser.get_passwordcCs.d|j||f}|j|||dS)z$Attempts to change a user's passwordzd dn: %s changetype: modify delete: userPassword userPassword: %s add: userPassword userPassword: %s N)r r$r modify_ldifr)rrldifrrr set_password`s  zTestUser.set_passwordcCsZt||}|dkrg|_n |t|jkr:|j| d|_|dkrV|dkrV|g|_dS)ay Updates the effective password history, to reflect changes on the DC. When the PasswordHistoryLength applied to a user changes from a low setting (e.g. 2) to a higher setting (e.g. 4), passwords #3 and #4 won't actually have been stored on the DC, so we need to make sure they are removed them from our mirror pwd_history list. rN)rrrr$)rZ old_hist_lenZ new_hist_lenrrrrpwd_history_changeps zTestUser.pwd_history_changecCs^|jj|dgtjd}|dd}t}t|j|j|_t|td|d<|j|dS)z>Sets a user's primaryGroupID to be that of the specified groupZprimaryGroupToken)baserscoperZprimaryGroupIDN) r r SCOPE_BASEMessageDnr MessageElementrmodify)rZgroup_dnr!Zgroup_idmrrrset_primary_groups  zTestUser.set_primary_group)N) __name__ __module__ __qualname__rrrrr"r$r'r(r1rrrrrs  rc @sDeZdZddZdd d Zd dZefddZddZdddZ d S)PasswordSettingscCs0gd}|j|tj|d}d|_d|_||_d|_t|dddt@|_ t|dddt @|_ t|ddd|_ t|ddd|_ t|dd d|_t|dd dtd  |_t|dd dtd  |_t|dd dtd  |_t|dddtd  |_dS)z Returns a object representing the default password settings that will take effect (i.e. when no other Fine-Grained Password Policy applies) ) minPwdAgelockoutDurationlockOutObservationWindowlockoutThreshold maxPwdAger6 minPwdLengthpwdHistoryLength pwdProperties)r*rZDefaultsNrr=r;r9r<r7cAr8r6r:)rr r r+r r precedenceintr complexityrstore_plaintext password_lenlockout_attempts history_lenlockout_durationlockout_windowpassword_age_minpassword_age_max)rrZpw_attrsr!rrrdefault_settingss(  z!PasswordSettings.default_settings Tr'FNc Cs|dur||S| dur*|} d| } ||_d|| f|_||_||_||_| |_||_||_ | |_ ||_ ||_ ||_ | |_|j|dS)Nz+CN=Password Settings Container,CN=System,%szCN=%s,%s)rJr r r r r?rArBrCrDrErFrGrHrIZadd_ldifget_ldif)rr rr?rArCrDrFrHrIrErBZ containerZbase_dnrrrrs& zPasswordSettings.__init__c Cs|jr dnd}|jrdnd}t|jd }t|jd }t|jd }t|jd }d|j|j ||j ||j |||j || }|S)NZTRUEZFALSEr>av dn: {0} objectClass: msDS-PasswordSettings msDS-PasswordSettingsPrecedence: {1} msDS-PasswordReversibleEncryptionEnabled: {2} msDS-PasswordHistoryLength: {3} msDS-PasswordComplexityEnabled: {4} msDS-MinimumPasswordLength: {5} msDS-MinimumPasswordAge: {6} msDS-MaximumPasswordAge: {7} msDS-LockoutThreshold: {8} msDS-LockoutObservationWindow: {9} msDS-LockoutDuration: {10} ) rArBr@rFrGrHrIformatr r?rErCrD)rZcomplexity_strZ plaintext_strrFrGZmin_ageZmax_ager&rrrrOs  zPasswordSettings.get_ldifcCs<t}t|j|j|_t||d|d<|j|dS)zAUpdates this Password Settings Object to apply to a user or groupzmsDS-PSOAppliesToN)r r,r-r r.r/)r user_group operationr0rrrapply_tos zPasswordSettings.apply_tocCs|j|tddS)z6Updates this PSO to no longer apply to a user or group)rRN)rSr)rrQrrrunapplyszPasswordSettings.unapplycCs0|dur|j}d|j|f}||||_dS)Nzh dn: %s changetype: modify replace: msDS-PasswordSettingsPrecedence msDS-PasswordSettingsPrecedence: %u )r r r%r?)rZnew_precedencerr&rrrset_precedences zPasswordSettings.set_precedence) rKTrKrrLrrMrNFN)N) r2r3r4rJrrOrrSrTrUrrrrr5s $ r5) r rrrZsamba.dcerpc.samrrrrr5rrrrs|