#!/bin/sh # Blackbox tests for different password settings # # Copyright (c) 2006-2007 Jelmer Vernooij # Copyright (c) 2006-2008 Andrew Bartlett # Copyright (c) 2016 Andreas Schneider if [ $# -lt 6 ]; then cat < $PREFIX/tmpuserpassfile $samba_kinit --password-file=$PREFIX/tmpuserpassfile $principal $@ else echo $password | $samba_kinit $principal $@ fi } UID_WRAPPER_ROOT=1 export UID_WRAPPER_ROOT CONFIG="--configfile=$PREFIX/etc/smb.conf" export CONFIG testit "reset password policies beside of minimum password age of 0 days" \ $VALGRIND $samba_tool domain passwordsettings $CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1` TEST_USERNAME="$(mktemp -u alice-XXXXXX)" TEST_PASSWORD="testPaSS@00%" TEST_PASSWORD_NEW="testPaSS@01%" TEST_PASSWORD_SHORT="secret" TEST_PASSWORD_WEAK="Supersecret" TEST_PRINCIPAL="$TEST_USERNAME@$REALM" testit "create user locally" \ $VALGRIND $newuser $CONFIG $TEST_USERNAME $TEST_PASSWORD || failed=`expr $failed + 1` ########################################################### ### Test normal operation as user ########################################################### KRB5CCNAME_PATH="$PREFIX/test_password_settings_krb5ccache" rm -f $KRB5CCNAME_PATH KRB5CCNAME="FILE:$KRB5CCNAME_PATH" export KRB5CCNAME testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` ########################################################### ### Change the users password ########################################################### testit "change user password with 'samba-tool user password' (unforced)" \ $VALGRIND $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` TEST_PASSWORD_OLD=$TEST_PASSWORD TEST_PASSWORD=$TEST_PASSWORD_NEW TEST_PASSWORD_NEW="testPaSS@02%" testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` # # These tests demonstrate that a credential cache in the environment does not # override a username/password, even an incorrect one, on the command line # testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \ $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1` testit_expect_failure "Test login with user kerberos ccache, but old password specified" \ $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1` ########################################################### ### Set the password with smbpasswd ########################################################### cat > $PREFIX/tmpsmbpasswdscript < $PREFIX/tmpsmbpasswdscript <