python:tests: Add test for warn_pwd_expire

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug  7 19:11:02 CEST 2017 on sn-devel-144

diff --git a/python/samba/tests/pam_winbind_warn_pwd_expire.py b/python/samba/tests/pam_winbind_warn_pwd_expire.py
new file mode 100644 (file)
index 0000000..c78cf58
--- /dev/null
+++ b/python/samba/tests/pam_winbind_warn_pwd_expire.py
@@ -0,0 +1,41 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) 2017      Andreas Schneider <asn@samba.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+import pypamtest
+import os
+
+class PasswordExpirePamTests(samba.tests.TestCase):
+    def test_auth_expire_warning(self):
+        domain = os.environ["DOMAIN"]
+        username = os.environ["USERNAME"]
+        password = os.environ["PASSWORD"]
+        warn_pwd_expire = int(os.environ["WARN_PWD_EXPIRE"])
+        unix_username = "%s/%s" % (domain, username)
+        expected_rc = 0 # PAM_SUCCESS
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rc)
+        res = pypamtest.run_pamtest(unix_username, "samba", [tc], [password])
+
+        self.assertTrue(res != None)
+        if warn_pwd_expire == 0:
+            self.assertTrue(res.info == ())
+        elif warn_pwd_expire == 50:
+            self.assertEqual(res.info[0], u"Your password will expire in 42 days.\n")
+        else:
+            self.assertEqual(warn_pwd_expire, 0)

diff --git a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
new file mode 100755 (executable)
index 0000000..305633d
--- /dev/null
+++ b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+PYTHON="$1"
+PAM_WRAPPER_SO_PATH="$2"
+shift 2
+
+DOMAIN="$1"
+export DOMAIN
+USERNAME="$2"
+export USERNAME
+PASSWORD="$3"
+export PASSWORD
+shift 3
+
+PAM_WRAPPER_PATH="$BINDIR/default/lib/pam_wrapper"
+
+pam_winbind="$BINDIR/shared/pam_winbind.so"
+service_dir="$SELFTEST_TMPDIR/pam_services"
+service_file="$service_dir/samba"
+
+mkdir $service_dir
+
+PAM_WRAPPER="1"
+export PAM_WRAPPER
+PAM_WRAPPER_SERVICE_DIR="$service_dir"
+export PAM_WRAPPER_SERVICE_DIR
+LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH"
+export LD_PRELOAD
+
+PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="2"}
+export PAM_WRAPPER_DEBUGLEVEL
+
+# TEST with warn_pwd_expire=50
+#
+# This should produce a warning that the password will expire in 42 days
+#
+WARN_PWD_EXPIRE="50"
+export WARN_PWD_EXPIRE
+
+echo "auth        required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file
+echo "account     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "password    required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "session     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+
+PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire
+exit_code=$?
+if [ $exit_code -ne 0 ]; then
+       rm -rf $service_dir
+       exit $exit_code
+fi
+
+# TEST with warn_pwd_expire=0
+#
+WARN_PWD_EXPIRE="0"
+export WARN_PWD_EXPIRE
+
+echo "auth        required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file
+echo "account     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "password    required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "session     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+
+PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire
+exit_code=$?
+if [ $exit_code -ne 0 ]; then
+       rm -rf $service_dir
+       exit $exit_code
+fi
+
+rm -rf $service_dir
+
+exit $exit_code

diff --git a/selftest/tests.py b/selftest/tests.py
index 40ae20b587d62ae471a0ab583cf9b48eb84dfae5..a9e01ee94173e5e67ac01c6c13e24b708c7af71f 100644 (file)
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -148,6 +148,10 @@ if with_pam:
                   [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"),
                    valgrindify(python), pam_wrapper_so_path,
                    "$DOMAIN", "$DC_USERNAME", "$DC_PASSWORD"])
+    plantestsuite("samba.tests.pam_winbind_warn_pwd_expire(domain)", "ad_member",
+                  [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_warn_pwd_expire.sh"),
+                   valgrindify(python), pam_wrapper_so_path,
+                   "$DOMAIN", "alice", "Secret007"])
 
 if with_cmocka:
     plantestsuite("samba.unittests.krb5samba", "none",