1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

tests/user_check_password_script: add a test do disallow the username as password

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2019-01-22 10:31:52 +01:00 committed by Andrew Bartlett
parent 39c1aa2857
commit 77bddbb761
3 changed files with 32 additions and 9 deletions

View File

@ -42,20 +42,16 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
super(UserCheckPwdTestCase, self).tearDown() super(UserCheckPwdTestCase, self).tearDown()
self.samdb.set_minPwdAge(self.old_min_pwd_age) self.samdb.set_minPwdAge(self.old_min_pwd_age)
def test_checkpassword(self): def _test_checkpassword(self, user, bad_password, good_password, desc):
# Add
user = self._randomUser()
bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
good_password = bad_password[:-1]
(result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password, (result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"], "-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"])) "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdFail(result, "Should fail adding a user with bad password.") self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
(result, out, err) = self.runsubcmd("user", "delete", user["name"], (result, out, err) = self.runsubcmd("user", "delete", user["name"],
"-H", "ldap://%s" % os.environ["DC_SERVER"], "-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"])) "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdSuccess(result, out, err, "Should delete user with bad password.") self.assertCmdSuccess(result, out, err, "Should delete user with %s password." % desc)
(result, out, err) = self.runsubcmd("user", "add", user["name"], good_password, (result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"], "-H", "ldap://%s" % os.environ["DC_SERVER"],
@ -67,7 +63,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"--newpassword=%s" % bad_password, "--newpassword=%s" % bad_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"], "-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"])) "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
self.assertCmdFail(result, "Should fail setting a user's password to a bad one.") self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
(result, out, err) = self.runsubcmd("user", "setpassword", user["name"], (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
"--newpassword=%s" % good_password, "--newpassword=%s" % good_password,
@ -81,7 +77,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"--newpassword=%s" % bad_password, "--newpassword=%s" % bad_password,
"--ipaddress", os.environ["DC_SERVER_IP"], "--ipaddress", os.environ["DC_SERVER_IP"],
"-U%s%%%s" % (user["name"], good_password)) "-U%s%%%s" % (user["name"], good_password))
self.assertCmdFail(result, "A user setting their own password to a bad one should fail.") self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
(result, out, err) = self.runsubcmd("user", "password", (result, out, err) = self.runsubcmd("user", "password",
"--newpassword=%s" % good_password + 'XYZ', "--newpassword=%s" % good_password + 'XYZ',
@ -89,6 +85,26 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"-U%s%%%s" % (user["name"], good_password)) "-U%s%%%s" % (user["name"], good_password))
self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.") self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
def test_checkpassword_unacceptable(self):
# Add
user = self._randomUser()
bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
good_password = bad_password[:-1]
return self._test_checkpassword(user,
bad_password,
good_password,
"unacceptable")
def test_checkpassword_username(self):
# Add
user = self._randomUser()
bad_password = user["name"]
good_password = bad_password[:-1]
return self._test_checkpassword(user,
bad_password,
good_password,
"username")
def _randomUser(self, base={}): def _randomUser(self, base={}):
"""create a user with random attribute values, you can specify base attributes""" """create a user with random attribute values, you can specify base attributes"""
user = { user = {

View File

@ -4,6 +4,7 @@
set -e set -e
set -u set -u
ACCOUNT_NAME="${SAMBA_CPS_ACCOUNT_NAME-}"
INVALIDPW="$1" INVALIDPW="$1"
NEWPW=`cat -` NEWPW=`cat -`
@ -12,4 +13,9 @@ echo -n "${NEWPW}" | grep -q "^${INVALIDPW}\$" && {
exit 1 exit 1
} }
echo -n "${NEWPW}" | grep -q "^${ACCOUNT_NAME}\$" && {
echo "Password includes ACCOUNT_NAME" >&1
exit 1
}
exit 0 exit 0

View File

@ -0,0 +1 @@
^samba.tests.samba_tool.user_check_password_script.*samba.tests.samba_tool.user_check_password_script.UserCheckPwdTestCase.test_checkpassword_username