sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-29 11:21:54 +03:00
Code
33d178767b
samba-mirror/testprogs/blackbox/test_passwords.sh

197 lines
7.4 KiB
Bash
Raw Normal View History

s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
#!/bin/sh
# Blackbox tests for kinit and kerberos integration with smbclient etc
# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
if [ $# -lt 5 ]; then
cat <<EOF
Fix commands in password tests. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-30 16:55:49 +03:00
Usage: test_passwords.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
EOF
exit 1;
fi
SERVER=$1
USERNAME=$2
PASSWORD=$3
REALM=$4
DOMAIN=$5
PREFIX=$6
shift 6
failed=0
samba4bindir="$BUILDDIR/bin"
smbclient="$samba4bindir/smbclient$EXEEXT"
samba4kinit="$samba4bindir/samba4kinit$EXEEXT"
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
samba_tool="$samba4bindir/samba-tool$EXEEXT"
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
rkpty="$samba4bindir/rkpty$EXEEXT"
samba4kpasswd="$samba4bindir/samba4kpasswd$EXEEXT"
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
newuser="$samba_tool newuser"
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
. `dirname $0`/subunit.sh
test_smbclient() {
name="$1"
cmd="$2"
shift
shift
echo "test: $name"
$VALGRIND $smbclient //$SERVER/tmp -c "$cmd" -W "$DOMAIN" $@
status=$?
if [ x$status = x0 ]; then
echo "success: $name"
else
echo "failure: $name"
fi
return $status
}
s4-testpasswords: fixed CONFIG and quoting Need to pass correct config file to tests
2009-12-31 08:52:49 +03:00
CONFIG="--configfile=$PREFIX/dc/etc/smb.conf"
export CONFIG
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $samba_tool pwsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1`
s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0
2010-07-03 13:23:39 +04:00
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
USERPASS=testPaSS@01%
s4-testpasswords: fixed CONFIG and quoting Need to pass correct config file to tests
2009-12-31 08:52:49 +03:00
testit "create user locally" $VALGRIND $newuser $CONFIG nettestuser $USERPASS $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
KRB5CCNAME="$PREFIX/tmpuserccache"
export KRB5CCNAME
echo $USERPASS > $PREFIX/tmpuserpassfile
testit "kinit with user password" $samba4kinit --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@02%
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "change user password with 'samba-tool password change' (unforced)" $VALGRIND $samba_tool password change -W$DOMAIN -U$DOMAIN/nettestuser%$USERPASS -k no $NEWUSERPASS $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
echo $NEWUSERPASS > ./tmpuserpassfile
testit "kinit with user password" $samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS
s4-test: check that a weak password is rejected by kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-15 10:25:50 +04:00
WEAKPASS=testpass1
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
NEWUSERPASS=testPaSS@03%
s4-test: check that a weak password is rejected by kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-15 10:25:50 +04:00
# password mismatch check doesn't work yet (kpasswd bug, reported to Love)
#echo "check that password mismatch gives the right error"
#cat > ./tmpkpasswdscript <<EOF
#expect Password
#password ${USERPASS}\n
#expect New password
#send ${WEAKPASS}\n
#expect New password
#send ${NEWUSERPASS}\n
#expect password mismatch
#EOF
#
#testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
echo "check that a weak password is rejected"
cat > ./tmpkpasswdscript <<EOF
expect Password
password ${USERPASS}\n
expect New password
send ${WEAKPASS}\n
expect New password
send ${WEAKPASS}\n
expect Password does not meet complexity requirements
EOF
testit "change to weak user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
echo "check that a short password is rejected"
cat > ./tmpkpasswdscript <<EOF
expect Password
password ${USERPASS}\n
expect New password
send xx1\n
expect New password
send xx1\n
expect Password too short
EOF
testit "change to short user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
echo "check that a strong new password is accepted"
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
cat > ./tmpkpasswdscript <<EOF
expect Password
password ${USERPASS}\n
expect New password
send ${NEWUSERPASS}\n
expect New password
send ${NEWUSERPASS}\n
expect Success
EOF
testit "change user password with kpasswd" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos (unforced)" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@04%
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "set password on user locally" $VALGRIND $samba_tool setpassword $CONFIG nettestuser --newpassword=$NEWUSERPASS --must-change-at-next-login $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@05%
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "change user password with 'samba-tool password change' (after must change flag set)" $VALGRIND $samba_tool password change -W$DOMAIN -U$DOMAIN/nettestuser%$USERPASS -k no $NEWUSERPASS $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@06%
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "set password on user locally" $VALGRIND $samba_tool setpassword $CONFIG nettestuser --newpassword=$NEWUSERPASS --must-change-at-next-login $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
USERPASS=$NEWUSERPASS
NEWUSERPASS=testPaSS@07%
cat > ./tmpkpasswdscript <<EOF
expect Password
password ${USERPASS}\n
expect New password
send ${NEWUSERPASS}\n
expect New password
send ${NEWUSERPASS}\n
expect Success
EOF
testit "change user password with kpasswd (after must change flag set)" $rkpty ./tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
USERPASS=$NEWUSERPASS
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
test_smbclient "Test login with user kerberos" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
NEWUSERPASS=abcdefg
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit_expect_failure "try to set a non-complex password (command should not succeed)" $VALGRIND $samba_tool password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ && failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "allow non-complex passwords" $VALGRIND $samba_tool pwsettings set $CONFIG --complexity=off || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "try to set a non-complex password (command should succeed)" $VALGRIND $samba_tool password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
USERPASS=$NEWUSERPASS
test_smbclient "test login with non-complex password" 'ls' -k no -Unettestuser@$REALM%$USERPASS || failed=`expr $failed + 1`
NEWUSERPASS=abc
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit_expect_failure "try to set a short password (command should not succeed)" $VALGRIND $samba_tool password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ && failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "allow short passwords (length 1)" $VALGRIND $samba_tool pwsettings $CONFIG set --min-pwd-length=1 || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "try to set a short password (command should succeed)" $VALGRIND $samba_tool password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ || failed=`expr $failed + 1`
s4-testpasswords: fixed CONFIG and quoting Need to pass correct config file to tests
2009-12-31 08:52:49 +03:00
USERPASS="$NEWUSERPASS"
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "require minimum password age of 1 day" $VALGRIND $samba_tool pwsettings $CONFIG set --min-pwd-age=1 || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "show password settings" $VALGRIND $samba_tool pwsettings $CONFIG show || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4-testpasswords: fixed CONFIG and quoting Need to pass correct config file to tests
2009-12-31 08:52:49 +03:00
NEWUSERPASS="testPaSS@08%"
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit_expect_failure "try to change password too quickly (command should not succeed)" $VALGRIND $samba_tool password change -W$DOMAIN "-U$DOMAIN/nettestuser%$USERPASS" -k no "$NEWUSERPASS" $@ && failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "reset password policies" $VALGRIND $samba_tool pwsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
s4:pwsettings: Added blackbox tests. The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-08 15:01:18 +04:00
s4 net: rename to samba-tool in order to not clash with s3 net Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-24 06:27:26 +04:00
testit "del user" $VALGRIND $samba_tool user delete nettestuser -U"$USERNAME%$PASSWORD" -k no $@ || failed=`expr $failed + 1`
s4: Add tests and 'must change password' flags in setpassword and newuser In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18 06:38:04 +04:00
rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache tmpkpasswdscript
exit $failed
Copy Permalink