summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-07-08 15:38:16 +0300
committerNadezhda Ivanova <nivanova@samba.org>2010-07-08 15:38:16 +0300
commit10c60f237223f805566a66293418bd1cf04a8f5e (patch)
treea31c361a873402ce422f2ba558e292e54bfdb109
parent328f3ca103e8cd8d73e591dccce6d4dd0fc30b48 (diff)
downloadsamba-10c60f237223f805566a66293418bd1cf04a8f5e.tar.gz
samba-10c60f237223f805566a66293418bd1cf04a8f5e.tar.bz2
samba-10c60f237223f805566a66293418bd1cf04a8f5e.zip
Added a test to prove by default users can change each other's pass if the old is known
-rwxr-xr-xsource4/dsdb/tests/python/acl.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 31bcd31ae2..471335f342 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -1165,6 +1165,31 @@ userPassword: thatsAcomplPASS2
else:
self.fail()
+ def test_change_password7(self):
+ """Try a password change operation without any CARs given"""
+ #users have change password by default - remove for negative testing
+ desc = self.read_desc(self.get_user_dn(self.user_with_wp))
+ sddl = desc.as_sddl(self.domain_sid)
+ self.modify_desc(self.get_user_dn(self.user_with_wp), sddl)
+ #first change our own password
+ self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_pc) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')) + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')) + """
+""")
+ #then someone else's
+ self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')) + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')) + """
+""")
+
def test_reset_password1(self):
"""Try a user password reset operation (unicodePwd) before and after granting CAR"""
try: