mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
tests/user_check_password_script: add a test do disallow the username as password
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
39c1aa2857
commit
77bddbb761
@ -42,20 +42,16 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
|
|||||||
super(UserCheckPwdTestCase, self).tearDown()
|
super(UserCheckPwdTestCase, self).tearDown()
|
||||||
self.samdb.set_minPwdAge(self.old_min_pwd_age)
|
self.samdb.set_minPwdAge(self.old_min_pwd_age)
|
||||||
|
|
||||||
def test_checkpassword(self):
|
def _test_checkpassword(self, user, bad_password, good_password, desc):
|
||||||
# Add
|
|
||||||
user = self._randomUser()
|
|
||||||
bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
|
|
||||||
good_password = bad_password[:-1]
|
|
||||||
|
|
||||||
(result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
|
(result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
|
||||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||||
self.assertCmdFail(result, "Should fail adding a user with bad password.")
|
self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
|
||||||
(result, out, err) = self.runsubcmd("user", "delete", user["name"],
|
(result, out, err) = self.runsubcmd("user", "delete", user["name"],
|
||||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||||
self.assertCmdSuccess(result, out, err, "Should delete user with bad password.")
|
self.assertCmdSuccess(result, out, err, "Should delete user with %s password." % desc)
|
||||||
|
|
||||||
(result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
|
(result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
|
||||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||||
@ -67,7 +63,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
|
|||||||
"--newpassword=%s" % bad_password,
|
"--newpassword=%s" % bad_password,
|
||||||
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
"-H", "ldap://%s" % os.environ["DC_SERVER"],
|
||||||
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
|
||||||
self.assertCmdFail(result, "Should fail setting a user's password to a bad one.")
|
self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
|
||||||
|
|
||||||
(result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
|
(result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
|
||||||
"--newpassword=%s" % good_password,
|
"--newpassword=%s" % good_password,
|
||||||
@ -81,7 +77,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
|
|||||||
"--newpassword=%s" % bad_password,
|
"--newpassword=%s" % bad_password,
|
||||||
"--ipaddress", os.environ["DC_SERVER_IP"],
|
"--ipaddress", os.environ["DC_SERVER_IP"],
|
||||||
"-U%s%%%s" % (user["name"], good_password))
|
"-U%s%%%s" % (user["name"], good_password))
|
||||||
self.assertCmdFail(result, "A user setting their own password to a bad one should fail.")
|
self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
|
||||||
|
|
||||||
(result, out, err) = self.runsubcmd("user", "password",
|
(result, out, err) = self.runsubcmd("user", "password",
|
||||||
"--newpassword=%s" % good_password + 'XYZ',
|
"--newpassword=%s" % good_password + 'XYZ',
|
||||||
@ -89,6 +85,26 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
|
|||||||
"-U%s%%%s" % (user["name"], good_password))
|
"-U%s%%%s" % (user["name"], good_password))
|
||||||
self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
|
self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
|
||||||
|
|
||||||
|
def test_checkpassword_unacceptable(self):
|
||||||
|
# Add
|
||||||
|
user = self._randomUser()
|
||||||
|
bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
|
||||||
|
good_password = bad_password[:-1]
|
||||||
|
return self._test_checkpassword(user,
|
||||||
|
bad_password,
|
||||||
|
good_password,
|
||||||
|
"unacceptable")
|
||||||
|
|
||||||
|
def test_checkpassword_username(self):
|
||||||
|
# Add
|
||||||
|
user = self._randomUser()
|
||||||
|
bad_password = user["name"]
|
||||||
|
good_password = bad_password[:-1]
|
||||||
|
return self._test_checkpassword(user,
|
||||||
|
bad_password,
|
||||||
|
good_password,
|
||||||
|
"username")
|
||||||
|
|
||||||
def _randomUser(self, base={}):
|
def _randomUser(self, base={}):
|
||||||
"""create a user with random attribute values, you can specify base attributes"""
|
"""create a user with random attribute values, you can specify base attributes"""
|
||||||
user = {
|
user = {
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
set -e
|
set -e
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
|
ACCOUNT_NAME="${SAMBA_CPS_ACCOUNT_NAME-}"
|
||||||
INVALIDPW="$1"
|
INVALIDPW="$1"
|
||||||
NEWPW=`cat -`
|
NEWPW=`cat -`
|
||||||
|
|
||||||
@ -12,4 +13,9 @@ echo -n "${NEWPW}" | grep -q "^${INVALIDPW}\$" && {
|
|||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
echo -n "${NEWPW}" | grep -q "^${ACCOUNT_NAME}\$" && {
|
||||||
|
echo "Password includes ACCOUNT_NAME" >&1
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
1
selftest/knownfail.d/user_check_password_script
Normal file
1
selftest/knownfail.d/user_check_password_script
Normal file
@ -0,0 +1 @@
|
|||||||
|
^samba.tests.samba_tool.user_check_password_script.*samba.tests.samba_tool.user_check_password_script.UserCheckPwdTestCase.test_checkpassword_username
|
Loading…
Reference in New Issue
Block a user