From 862d4909eccd18942e3de8e8b0dc6e1594ec27f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 2 Sep 2018 17:34:03 +1200
Subject: [PATCH 09/17] CVE-2018-16857 selftest: Prepare to allow override of
 lockout duration in password_lockout tests

This will make it easier to avoid flapping tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit a740a6131c967f9640b19a6964fd5d6f85ce853a)

Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
---
 source4/dsdb/tests/python/password_lockout.py      |  9 ++++-----
 source4/dsdb/tests/python/password_lockout_base.py | 11 +++++++++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/source4/dsdb/tests/python/password_lockout.py b/source4/dsdb/tests/python/password_lockout.py
index ec6cf13fe66..e817e656a2a 100755
--- a/source4/dsdb/tests/python/password_lockout.py
+++ b/source4/dsdb/tests/python/password_lockout.py
@@ -616,15 +616,14 @@ userPassword: thatsAcomplPASS2XYZ
                                                           initial_lastlogon_relation='greater')
 
     def use_pso_lockout_settings(self, creds):
+
         # create a PSO with the lockout settings the test cases normally expect
+        #
+        # Some test cases sleep() for self.account_lockout_duration
         pso = PasswordSettings("lockout-PSO", self.ldb, lockout_attempts=3,
-                               lockout_duration=3)
+                               lockout_duration=self.account_lockout_duration)
         self.addCleanup(self.ldb.delete, pso.dn)
 
-        # the test cases should sleep() for the PSO's lockoutDuration/obsvWindow
-        self.account_lockout_duration = 3
-        self.lockout_observation_window = 3
-
         userdn = "cn=%s,cn=users,%s" % (creds.get_username(), self.base_dn)
         pso.apply_to(userdn)
 
diff --git a/source4/dsdb/tests/python/password_lockout_base.py b/source4/dsdb/tests/python/password_lockout_base.py
index 4a320684702..9d82e088bb8 100644
--- a/source4/dsdb/tests/python/password_lockout_base.py
+++ b/source4/dsdb/tests/python/password_lockout_base.py
@@ -323,8 +323,15 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
 """)
 
         self.base_dn = self.ldb.domain_dn()
-        self.account_lockout_duration = 3
-        self.lockout_observation_window = 3
+
+        #
+        # Some test cases sleep() for self.account_lockout_duration
+        # so allow it to be controlled via the subclass
+        #
+        if not hasattr(self, 'account_lockout_duration'):
+            self.account_lockout_duration = 3
+        if not hasattr(self, 'lockout_observation_window'):
+            self.lockout_observation_window = 3
         self.update_lockout_settings(threshold=3,
                                      duration=self.account_lockout_duration,
                                      observation_window=self.lockout_observation_window)
-- 
2.17.1