"""A demo of using win32net.NetValidatePasswordPolicy.
Example usage:
% NetValidatePasswordPolicy.py --password=foo change
which might return:
> Result of 'change' validation is 0: The operation completed successfully.
or depending on the policy:
> Result of 'change' validation is 2245: The password does not meet the
> password policy requirements. Check the minimum password length,
> password complexity and password history requirements.
Adding --user doesn't seem to change the output (even the PasswordLastSet seen
when '-f' is used doesn't depend on the username), but theoretically it will
also check the password history for the specified user.
% NetValidatePasswordPolicy.py auth
which always (with and without '-m') seems to return:
> Result of 'auth' validation is 2701: Password must change at next logon
"""
import sys
import win32api
import win32net, win32netcon
import optparse
from pprint import pprint
def main():
parser = optparse.OptionParser("%prog [options] auth|change ...",
description="A win32net.NetValidatePasswordPolicy demo.")
parser.add_option("-u", "--username",
action="store",
help="The username to pass to the function (only for the "
"change command")
parser.add_option("-p", "--password",
action="store",
help="The clear-text password to pass to the function "
"(only for the 'change' command)")
parser.add_option("-m", "--password-matched",
action="store_false", default=True,
help="Used to specify the password does NOT match (ie, "
"uses False for the PasswordMatch/PasswordMatched "
"arg, both 'auth' and 'change' commands)")
parser.add_option("-s", "--server",
action="store",
help="The name of the server to execute the command on")
parser.add_option("-f", "--show_fields",
action="store_true", default=False,
help="Print the NET_VALIDATE_PERSISTED_FIELDS returned")
options, args = parser.parse_args()
if not args:
args = ["auth"]
for arg in args:
if arg == "auth":
input = {"PasswordMatched": options.password_matched,
}
val_type = win32netcon.NetValidateAuthentication
elif arg == "change":
input = {"ClearPassword": options.password,
"PasswordMatch": options.password_matched,
"UserAccountName": options.username,
}
val_type = win32netcon.NetValidatePasswordChange
else:
parser.error("Invalid arg - must be 'auth' or 'change'")
try:
fields, status = win32net.NetValidatePasswordPolicy(options.server,
None, val_type, input)
except NotImplementedError:
print "NetValidatePasswordPolicy not implemented on this platform."
return 1
except win32net.error, exc:
print "NetValidatePasswordPolicy failed: ", exc
return 1
if options.show_fields:
print "NET_VALIDATE_PERSISTED_FIELDS fields:"
pprint(fields)
print "Result of %r validation is %d: %s" % \
(arg, status, win32api.FormatMessage(status).strip())
return 0
if __name__=='__main__':
sys.exit(main())
|