# Copyright (c) 2006-2008 Andrew Bartlett <abartlet@samba.org>
# Copyright (c) 2016 Andreas Schneider <asn@samba.org>
-if [ $# -lt 6 ]; then
+if [ $# -lt 7 ]; then
cat <<EOF
-Usage: test_passwords_settings.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX
+Usage: test_passwords_settings.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX CONFIGURATION
EOF
exit 1
fi
REALM=$4
DOMAIN=$5
PREFIX=$6
-shift 6
+CONFIGURATION=${7}
+shift 7
failed=0
samba_bindir="$BINDIR"
{
user=$1
newpass=$2
+ _config="$(echo "${CONFIGURATION}" | cut -d '=' -f 2)"
tmpfile=$PREFIX/smbpasswd_change_password_script
cat >$tmpfile <<EOF
send ${newpass}\n
EOF
- cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L -c $PREFIX/etc/smb.conf $user'
+ cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L -c ${_config} $user'
eval echo "$cmd"
out=$(eval $cmd)
ret=$?
UID_WRAPPER_ROOT=1
export UID_WRAPPER_ROOT
-CONFIG="--configfile=$PREFIX/etc/smb.conf"
-export CONFIG
-
testit "reset password policies beside of minimum password age of 0 days" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings set $CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings set \
+ "${CONFIGURATION}" --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=$(expr $failed + 1)
TEST_USERNAME="$(mktemp -u alice-XXXXXX)"
TEST_PASSWORD="testPaSS@00%"
TEST_PRINCIPAL="$TEST_USERNAME@$REALM"
testit "create user locally" \
- $VALGRIND $PYTHON $newuser $CONFIG $TEST_USERNAME $TEST_PASSWORD || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $newuser $TEST_USERNAME $TEST_PASSWORD \
+ "${CONFIGURATION}" || failed=$(expr $failed + 1)
###########################################################
### Test normal operation as user
###########################################################
testit "change user password with 'samba-tool user password' (unforced)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=$(expr $failed + 1)
TEST_PASSWORD_OLD=$TEST_PASSWORD
TEST_PASSWORD=$TEST_PASSWORD_NEW
###########################################################
testit "change user (non-ascii) password with 'samba-tool user password' (unforced)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NON_ASCII || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NON_ASCII || failed=$(expr $failed + 1)
TEST_PASSWORD_OLD=$TEST_PASSWORD_NEW
TEST_PASSWORD=$TEST_PASSWORD_NON_ASCII
test_smbclient "Test login with user (ntlm)" \
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=$(expr $failed + 1)
-testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=$(expr $failed + 1)
+testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME "${CONFIGURATION}" --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@04%"
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=$(expr $failed + 1)
testit "change user password with 'samba-tool user password' (after must change flag set)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@05%"
send ${TEST_PASSWORD_NEW}\n
EOF
+config="$(echo "${CONFIGURATION}" | cut -d '=' -f 2)"
testit "change user password with smbpasswd (after must change flag set)" \
- $texpect $PREFIX/tmpsmbpasswdscript $smbpasswd -r $SERVER -c $PREFIX/etc/smb.conf -U $TEST_USERNAME || failed=$(expr $failed + 1)
+ $texpect $PREFIX/tmpsmbpasswdscript $smbpasswd -r $SERVER -c ${config} -U $TEST_USERNAME || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS@06%"
rm -f $KRB5CCNAME_PATH
testit_expect_failure "try to set a non-complex password (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" && failed=$(expr $failed + 1)
testit "allow non-complex passwords" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings set $CONFIG --complexity=off || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --complexity=off || failed=$(expr $failed + 1)
testit "try to set a non-complex password (command should succeed)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_WEAK" || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_WEAK
"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=$(expr $failed + 1)
testit_expect_failure "try to set a short password (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=$(expr $failed + 1)
testit "allow short passwords (length 1)" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings set $CONFIG --min-pwd-length=1 || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --min-pwd-length=1 || failed=$(expr $failed + 1)
testit "try to set a short password (command should succeed)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_SHORT
TEST_PASSWORD_NEW="testPaSS@07%"
testit "require minimum password age of 1 day" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings set $CONFIG --min-pwd-age=1 || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --min-pwd-age=1 || failed=$(expr $failed + 1)
testit "show password settings" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings show $CONFIG || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings show "${CONFIGURATION}" || failed=$(expr $failed + 1)
testit_expect_failure "try to change password too quickly (command should not succeed)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_NEW" && failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user password "${CONFIGURATION}" -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_NEW" && failed=$(expr $failed + 1)
testit "reset password policies" \
- $VALGRIND $PYTHON $samba_tool domain passwordsettings set $CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool domain passwordsettings set "${CONFIGURATION}" --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=$(expr $failed + 1)
testit "delete user $TEST_USERNAME" \
- $VALGRIND $PYTHON $samba_tool user delete $TEST_USERNAME -U"$USERNAME%$PASSWORD" $CONFIG -k no || failed=$(expr $failed + 1)
+ $VALGRIND $PYTHON $samba_tool user delete $TEST_USERNAME -U"$USERNAME%$PASSWORD" "${CONFIGURATION}" -k no || failed=$(expr $failed + 1)
rm -f $PREFIX/tmpuserpassfile $PREFIX/tmpsmbpasswdscript
rm -f $KRB5CCNAME_PATH