123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 |
- """A demo of using win32net.NetValidatePasswordPolicy.
-
- Example usage:
-
- % NetValidatePasswordPolicy.py --password=foo change
- which might return:
-
- > Result of 'change' validation is 0: The operation completed successfully.
-
- or depending on the policy:
-
- > Result of 'change' validation is 2245: The password does not meet the
- > password policy requirements. Check the minimum password length,
- > password complexity and password history requirements.
-
- Adding --user doesn't seem to change the output (even the PasswordLastSet seen
- when '-f' is used doesn't depend on the username), but theoretically it will
- also check the password history for the specified user.
-
- % NetValidatePasswordPolicy.py auth
-
- which always (with and without '-m') seems to return:
-
- > Result of 'auth' validation is 2701: Password must change at next logon
- """
-
- import optparse
- import sys
- from pprint import pprint
-
- import win32api
- import win32net
- import win32netcon
-
-
- def main():
- parser = optparse.OptionParser(
- "%prog [options] auth|change ...",
- description="A win32net.NetValidatePasswordPolicy demo.",
- )
-
- parser.add_option(
- "-u",
- "--username",
- action="store",
- help="The username to pass to the function (only for the " "change command",
- )
-
- parser.add_option(
- "-p",
- "--password",
- action="store",
- help="The clear-text password to pass to the function "
- "(only for the 'change' command)",
- )
-
- parser.add_option(
- "-m",
- "--password-matched",
- action="store_false",
- default=True,
- help="Used to specify the password does NOT match (ie, "
- "uses False for the PasswordMatch/PasswordMatched "
- "arg, both 'auth' and 'change' commands)",
- )
-
- parser.add_option(
- "-s",
- "--server",
- action="store",
- help="The name of the server to execute the command on",
- )
-
- parser.add_option(
- "-f",
- "--show_fields",
- action="store_true",
- default=False,
- help="Print the NET_VALIDATE_PERSISTED_FIELDS returned",
- )
-
- options, args = parser.parse_args()
-
- if not args:
- args = ["auth"]
-
- for arg in args:
- if arg == "auth":
- input = {
- "PasswordMatched": options.password_matched,
- }
- val_type = win32netcon.NetValidateAuthentication
- elif arg == "change":
- input = {
- "ClearPassword": options.password,
- "PasswordMatch": options.password_matched,
- "UserAccountName": options.username,
- }
- val_type = win32netcon.NetValidatePasswordChange
- else:
- parser.error("Invalid arg - must be 'auth' or 'change'")
-
- try:
- fields, status = win32net.NetValidatePasswordPolicy(
- options.server, None, val_type, input
- )
- except NotImplementedError:
- print("NetValidatePasswordPolicy not implemented on this platform.")
- return 1
- except win32net.error as exc:
- print("NetValidatePasswordPolicy failed: ", exc)
- return 1
-
- if options.show_fields:
- print("NET_VALIDATE_PERSISTED_FIELDS fields:")
- pprint(fields)
-
- print(
- "Result of %r validation is %d: %s"
- % (arg, status, win32api.FormatMessage(status).strip())
- )
-
- return 0
-
-
- if __name__ == "__main__":
- sys.exit(main())
|