diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-10-31 16:57:10 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 19:30:59 +0200 |
commit | 85f57ebda360092efd5d71744d018c4cadd6d86b (patch) | |
tree | 3e2bcc792a996493eb9f2f7c4da525bb3a554b2d /selftest | |
parent | 311de5fb4ae46536eb43178f4102728855625e20 (diff) | |
download | samba-85f57ebda360092efd5d71744d018c4cadd6d86b.tar.gz samba-85f57ebda360092efd5d71744d018c4cadd6d86b.tar.xz samba-85f57ebda360092efd5d71744d018c4cadd6d86b.zip |
torture-samr: Add testing of account lockout and password change behaviour
This is the regression test to avoid a repeat of CVE-2013-4496
This includes confirming that badPwdCount is updated on login, not just on first failure
However the badPwdCount is not updated if the account is disabled
Note: that samr_QueryUserInfo return the effective bad_password_count in level
5, 16 and 21, while it returns the raw value in level 3.
(Sadly the s3 code does not do this correctly, so a knownfail is added)
Change-Id: I4fd8ac5c3b1357e7a98386756dac2a43eb778ecf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 2 19:30:59 CEST 2014 on sn-devel-104
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index d229d12fa4e..35dba207182 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -212,6 +212,7 @@ ^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED) ^samba3.raw.session.*reauth2 # maybe fix this? ^samba3.rpc.samr.passwords.badpwdcount.samr.badPwdCount\(s3dc\) # We fail this test currently +^samba3.rpc.samr.passwords.lockout.*\(s3dc\)$ # We fail this test currently ^samba3.rpc.spoolss.printer.addprinter.driver_info_winreg # knownfail or flapping? ^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping? ^samba3.rpc.spoolss.printer.*.publish_toggle\(.*\)$ # needs spoolss AD member env |